20 Episode results for "Siem"

COVID: Systematic Career Documentation - Part 2

Manager Tools

26:45 min | 7 months ago

COVID: Systematic Career Documentation - Part 2

"Welcome vintage tools and career tools. Today we've got the second half of our guidance on systemic Korere documentation. I'm just going to say it again. Guys you gotTa have your Ducks Monroe. You gotTa keep your powder dry because you never know to spite even if you're a good performer. In light of covert nineteen. I think we can safely assume that unfortunately the actual cut deeper than it ever has before. This is the worst economic event I've ever seen in my nearly sixty years. And so we need to keep our powder dry and have our ducks in a row and all those other a presence to make sure that we can take care of our families. If for some reason we end up unemployed so here we go part two okay so then once you have this document and then initially it's GonNa take a little bit of time. Then you need to keep it updated and so how do we? How do we do that? Assuming for your prison job. You've got the responsibilities paragraph. Pretty Good Folks. Look your your present job from from now on you. I know most of your thinking. Oh Gosh. Crew Management Document. Go to go back into my past. I don't have good stuff. Okay in your current job. You actually note responsibility. Yeah but it's a good. It's a good start anyway right. Some of you are sitting there thinking. Gosh you know I gotta go back and dredge up all this old stuff and you know if you're Mike and is h you got thirty years of the stuff and remember something you don't want to be having the same thought five years from now about the previous five years. Maybe you can't go back and make your history perfect. You can make it pretty good and you'll make it good enough to deliver to a one page resume when you need it and it's true right if you're thirty years into your career the last five years which you did yeah. It's important than the previous doing. Well I don't know the last five more important than proves twenty-five all I would say there's sort of looked at more but the the last five or always assuming you have thirty years are certainly more valuable than the I mean. They're likely rolling exact near absolutely. Yeah so yeah so okay. Many of you again are looking back to the past kind of groaning but look. We're talking here about looking for competence monthly. But we're making an assumption that you'll make sure you get your responsibilities right now for every job you have get your darn job description that the company creates. If you need didn't know how to write a job description we actually did so. In our how to give an annual review how to prepare and then delivered annual review is a four part series. It was in January of four or five years ago and basically what we did was. We were helping. Prepare an annual review. If you didn't have job description and it helps to know what the basic job description. Isn't it says here here. Three or four questions to ask yourself that will cause you to develop a good basic solid job tuition. Maybe it's only five or six sevens but that's really almost job. Descriptions are so we assume as we're here talking to you about getting your conscience squared away because those things are changing whereas the job you're in isn't changing jobs. Driven isn't changing that much that you're going to spend some time getting a solid job description if you need to create one go back to the cast and create it if you have one somewhere in. Hr or for that matter on an internal job posting it. They're hiring other people to do your job. You've got it right there and just cut and paste and put it right now. Let's talk about a confidence if you've ever had to create a resume on short notice you know it's an incredibly hard document to to put together. Fast Right. We want not only be be able to create a resume on short notice but to be able to do it at high quality level. Okay I recently put in one of our newsletters that the amount of work required to fix a broken process or destroyed relationship is much bigger than the little work required to maintain those things along the way our guidance here is for you to carry out to actions one of which you only have to do once and the other will take you fifteen minutes a month fifteen minutes a month right and these things will allow you to maintain your documentation systematically and increase the probability that you're going to have a quality resume on short notice. Okay so the first thing here if your work right now do do things right now. If you're not at work do them the first thing when you get to work first thing? You do is make a folder in outlook or lotus notes. Or whatever e mail client you have and you call it. C- MD then go into your calendar and make counter important for fifteen minutes. Recurring monthly also called seemed eight K. Each time you get an email from your boss with a well done a note from your customers saying thank you. You know who who from your peer well-done thanks a lot appreciate it. Copy those males into your CNBC folder in your email client as well as whatever filing system you might use if you want to print them out and put them in a Manila folder right called CD. Lucky good for you right. You may be of the school thought that the search function in your email client is sufficiently advanced in email. Now that you can find a single email later and therefore you don't need the folder please created anyway yeah email. You're searching for to find it from a from a pure. Well Yeah exactly. Please created anyway. We've done this both ways and we know this way works and the other way is very frustrating right. Having the folder they're visible daily is going to remind you to drag emails to it. It's GonNa make that collection more comprehensive. You know we tell people all the time to schedule one on ones when you start scheduling one on ones with your direction and the manager tools. Cast three weeks out because everybody's busy this week next week but resume calendar essentially empty three weeks from now. It's amazing and we ask them. What were you doing? Two weeks ago. Nobody remembers it. Burns up the idea that you would look back for weeks ago. Remember what you were doing on on February second or something like that you know what is GonNa Happen. You need a reminder. It needs to be sitting there and when you get something it needs to go into into the NBA folder. Right don't censor yourself right. Just just stick it in there if if you think just like brainstorming. If you think it's good if you think it's going to be useful later on as confident you put it in half. Moore's best yourself later yeah Each time you're counter item comes up you review the emails. You Review your notes decide which ones will make good accomplishments and either print them out or send them to yourself at home and place them in a folder. Ready for you at the end of the quarter that you're going to essentially add to update in the document. I assume we're going to do something at the end of each quarter. Then yeah exactly. E- each quarter. You're you're you're so smart smart like you right. So we're going to update our crew management document quarterly at the end of each quarter. Please again on your calendar. Take the printouts take the emails? Take their notes. Take the filing guards whatever they are and add them to your CD and you could do this monthly. But it's likely that a lot of your projects your activities are not going to complete within a month and so it's going to be harder to update the ears. Emt with the competence which obviously by definition or finished each month again. Mike said I've said it don't be tempted to censor yourself by looking at your compliments and ranking them and decided to leave some off. This is not a resume it could be that minor competition or that project is one that demonstrates a particular essential skill for your next role. Your seemed he can be five ten fifteen pages. It just doesn't matter it really doesn't matter it's raw material. Its first draft stuff. It's only for you and more is better. More is better more is better. It's like brainstorming and cash. More is better okay. So now we have the career management document. We've we've filed stuff monthly. We're GONNA UPDATED QUARTERLY. And now we get to the fun part the whole purpose of having to see him in the first place creating the resin in fact. Here's a way to think about your resume and your Siem de Occur Management Document when your boss asks you. What do you think about ax? You probably come up with you know what you the plan but you come up with a couple of alternatives and then you pick one and you execute the one right you brainstorm a little bit. You try to think. Creatively within the time limits. You've gotten and then you move forward. You have an internal dialogue about what's going on and then you state something externally. I think we should do. Xyz That's the connection between the and the resume the Siem de is your internal career management document and the resume is your external career management document. And if you don't have an internal one your external one is gonNA suffer or put differently if you only have an external one from two years ago and you consider that to be your career story. It's a really we history and if it's two years old and you have to create a new one quickly. I would argue that. It's like putting matches on top of one another and the targets too tall and too too unstable because your previous resume got you this job so it was good for this job. But who's to say that? Is that what you have on it for? Your previous history is good for the next job and you're not to come up quickly with stuff that you did it over the last two years you're GonNa have to find responsibilities. You're going to probably do it at home with the weekend. You're not gonNA have accessed. Hr'S FILES ABOUT JOB. Descriptions and responsibilities and so on it's really frustrating because all too often when? Windy R- are you get calls about resume? It's because people are panicking right and the first thing you say is don't panic right. It's like that line in the American president. Were the the press around in the White House and the press. Secretary's is I think the first thing we should do is appear not to panic and the President says gee that's funny. I think the first thing that you do is not panicked and people panic they like. Oh my gosh greed interview and I don't have a resume and look at them and go and what part of that is not your responsibility. So don't you listen to our right? We want to help. It's free so every time you need your resume from now on you're GONNA be able to go back to your D in Korea resume that's I- quality and fast and that's the key with resumes high quality and fast. You look at the job description what you know the company the Industry and the environment for the job. You're in room four. And you pare down each of those responsibility paragraphs and pare down your list of accomplishments until you have a one page resume and it really becomes a qualitative decision. Making process is bullet a or B and the great thing about this is if you have a lot when you look at the job description of the job. They're hiring you for. You can say which ones of these best. Show me for that one. And you narrow the number of things you have to prepare interviewing answers behavioral interview. Answers four zero. You start off with a ten page. Amd You get to a one page resume. You have a chance desmond. Good work. Densely dense sponsor believes that. Apply to this job and accomplishment. That would be useful or interesting to the recruiter or the manager of can we were interviewing. Yeah Yeah so now folks. You probably go on this. I get a little tickle in the back of my head. I think they're saying something I don't want to want to hear and you're right. We're clarify now. We are suggesting you create a new resume for each application. You make for each job. You go after differen- okay so you may be thinking. What are they talking about? I've only got one resume. And that's one of the inherent problems saluting to regarding resumes instead of using the same one for every application you need to be tailoring your resume to the applications. You make the jobs you apply for. Because you're seem has everything you ever did on it easy to use that as a basis for your resume and to take out everything. That isn't relevant. It's much easier to do this. Then start from a basic resume and add more relevant things. Not only because you have to remember what they are. Because you're now having to write parts your resume under a deadline and that whole speed thing just totally decimates the quality thing you end up with sloppy work right. I WANNA take a little bit of an aside here and I want to make a case for the market in General K. No matter whether you're listening to this and In Twenty Ten or twenty twelve or twenty thirteen. There's going to come a time if you if you're in a down market you want to do this work now because when the market is hot things speed isn't advantage okay. When the market is hot you have to do it. Because if you don't do it then you're losing ground on win because the market is hot. Your probably achieving the most achieving people tend to do to into high level accomplishments when the market is doing really well that means the economy's expanding that means there's more responsibilities that means you're getting stretched in many different ways and it doesn't matter whether the marketers good or bad you need to do this now for those of you who are listening in in two thousand ten which is probably win. This'll be released. The market is going to start improving. If you do this now it will make it so much. Easier to not be panicky. Think about it works starts to pick up. You've gotten used to whether you like it or not and everyone tells me it's not true but you know after thirty years. I finally got in a sense of I may begin to know something and and you know when the mark when the market starts to get hot for hiring people that means people are busier at work and they have established new cadence at work in the Slower Times. That is slower than their cadence. When it's fast you've slowed down a little bit and now things are heating up. You're being given more work to do. And now you have an unsolicited opportunity in front of you. Right when you're delivering on a very important project. Most of us do a poor job on the resume in part because the operational tempo is working incest. We want you to have a strong high fast. Operational tempo work. But it works against you. You need to have the raw material already in place and so I encourage you whether the market's faster slow pleasing to do this now build the baseline so that all you're doing is maintaining So that moving forward you can move quickly and produce high-quality Kate. Look if you're wondering what to include go through the requirements of the role want and include any responsibilities and accomplishments which are directly APP. Okay then think for a little bit about the wider environment. Is the company going to be in a cost cutting mode then? Maybe you need to include cost reduction of confidence if you know. They're exploring outsourcing right and you have experienced outsourcing included if there's a push to go overseas and you have expert experience definitely bring that up or bring up a foreign language springs for instance. The more hard work you do. Now the more you'll be able to focus on. What are they really wanting in this job rather than trying to write a resume and it'll be the difference between trying to sell a car and trying to because you have it on the lot and trying to understand what it is? The customer wants and making sure that the customer chooses to buy. They're going to have chosen something. That is exactly right for their needs. Because you'll have known what their needs are okay to more thoughts on what to include on your document you've got to include include at least one accomplishment which demonstrates you can successfully carry out the core responsibility of your role or your job. We see hundreds of RESUMES FOR PROJECT MANAGERS. Which don't include anything about on time on budget delivered within scope deliver projects to me. This is a red flag. This is like putting a responsibility bullet. I immediately think Luke didn't have any good accomplishments might have gotten fired from the job. Wants to hide the fact that he got fired so he's just going to list responsible because he cleared nominee accomplishments right software developer but never developed any software. You know what what they would say. Well of course a lot of software. But it's not on here. I know but it's but I did it. I said well. How do we know well? I mean everybody knows and how much how fast and this goes to horses laws about interviewing you. Don't get credit for the things you've done you get credit for the things that recruiter. The hiring manager knows you've done and unless you get an interview where you get a chance to talk about yourself. More all your credit floors. What's on your resume? And if your primary jobs project management then you ought to have one two three four FI- bullets about project management right. And that's the great thing about the crew. Management document is when you have a crew management argument. You don't miss those basic job things. Now what people always have on their resumes are the special assignments. The unique situations the unusual situation that people remember because memory of you know memory works that way but the day to day grind delivering projects and meeting things on time and on budget. That isn't team doesn't tend to come. Well Yeah and of course offer. Developer has developed lots of soffer. But if you wanted to talk about that and you need to then why not pick the pieces off or several pieces of software that demonstrated You know your abilities in the best light exactly. Yeah fast higher-quality. Six Month Project Zero bugs found in system test or so. You know there's going to be fair to those you're like Gosh. This is harder than I thought. We see. Resumes from CEOS or forget to include the increase shareholder value or there were profitable or that increase profit margins or the company by XYZ. In line with the board's expectations look the first bullet in your accomplishment list. And your list of bullets needs to be the most important and generally it's this one which demonstrates your voted do what you're paid to do. Make sure that first bullet is the strongest and and hopefully also primarily related to your major responsibility and your job. How about things like important surly to the individual who Who did them but raising money for charity. You know. Boats rowed across oceans leadership of the company. Baseball League team. Kind of stuff. You know. It's funny. We do see a trend. Candidates telling hiring managers what the candidate wants them? Now and I I've been trying to avoid. I've been trying to hit it this with the car salesman thing. Look those those things are important right your your your community involvement but I think in the last twenty years community involvement is taking a bigger people say oh companies want a whole person. Yeah they do right they do ya. So when somebody winning olen? You're listening and you're saying the company's telling me they want the whole person and I'm telling you yes they do and what companies really want is all person who can do their job better than anybody else on the planet Noah. Look if they have two people to hire two people who can do the job so bang-up it's awesome and one's a whole person. They're going to hear the whole person if the choice between somebody who can do the job really really well who doesn't really have indications of being person and somebody who's totally old person and shapes and forms and totally great member of the community totally great volunteer and so on and maybe only on job. Sorry sorry you know Stan community. Because the company won't hire you it is important. We know it's important to you but they're really rarely relevant to the role that you're being interviewed for. Hiring managers are not looking for just well rounded people with outside interests. They're looking for people who achieved things in an efficient and effective way. And oh by the way if you do that and it comes down to a tiebreaker. Maybe the person who has been well rounded without interest gets an extra look. It's really going back to that kind of used car salesman analogy your thinking about the resume from the point of view of what the hiring manager wants to know right now. I've been telling him what you want him to know. Tell him what he needs to do. It will increase. Its effectiveness dramatically. Yeah the thing that one of the things I learned when I was selling at proctor and gamble was a phrase features. Tell benefits sell now. An example on a car would be a feature is something that a product has or is for instance. Most cars come with a bumper right and the feature of the car is it has a bumper right and most people would say well. Yes I definitely want that feature on my car. But actually people really don't care about the feature. What they want is the benefit the feature provides if it saves them in an accident if it reduces injuries in an accident or reduces damage to the vehicle and repair cost of vehicle because it has some shock absorption built into it. That's a benefit to the buyer. You don't sell products. Based on the features you sell products based on the benefits to the buyer. You have the same features somebody else but they do a better job of showing that person. The hiring manager of how their features are a benefit to that company. And you can't get to the benefits discussion unto you. Think about what it is. The company wants. I don't say to myself I want feature acts. What I want is benefit. Why and I don't care if you have feature XYZ. I want benefit. Why and if somebody rear has been as feature a but they show me how it benefits. My the my you know has benefit of why to me. That's the person I'm GonNa hire even if it doesn't make sense to you even if you think it's obvious they should hire you. The question is do they believe. You have the right benefit that you provide the benefit whatever your features might be and if you're if you're creating a resume quickly and you're just doing off the top of your head you're probably only focusing on your features and you're not thinking about how to sell yourself. There's also another thing if you want to sell. Ask Don't tell meaning you have to find out what the customer wants before you can give them what they want. You don't just tell them what you have. You find it what they want and you only tell them those parts of you that benefit them so I think that's it right. Okay good so look quick. Roundup you've got to create your crewmen document your Crm d look for those accomplishments monthly. Get them on your get them scheduled k. Repetitive are recurring calendar. Control Shift G. R. Control G to make something recurring update your c. m. d. quarterly again. Control g they're an outlook. And then you create your resume from your criminal document when you need it. You've already brainstormed and now you're deciding you've got a really high quality very fast one page resume. Look if you have an effective resume. It's not just folks about words on the page. It's about having a systematic approach to capture all the stuff that allows you to put those words on the page. You've gotTA capture that stuff you've got to store it and you get to be really use it effectively and efficiently when it's required like so many things this activity the creation of the D. and the maintenance Siem de responds very well to the little and often approach as opposed to the big and rare approach. Right if you fall the guidance in this cast you'll be able to leverage minimal. A little bit of work into an effective representation of your career when you need it and not a lead to a better career for you anything you can do to get more of your skills. Used by more of the world makes the world a better place and that's a good thing. Yeah it was before we go there. We should mention. We try not to push products paid products. No on on the podcast but given the topic here we feel like we should mention a folks. We do have a paid product the interviewing series on the website. That is if you like this stuff. There's a lot more that takes all tailoring of yourself to an interviewer and come to think of it and we also have the resume ru service right for one hundred bucks you get you get a chance to have your resume reviewed and you get seven or eight or nine or ten pages of detailed guidance about. Here's your resume. Here's what we think it should be. And here's I need to change it to make highly professional effective resume and I think we do have a pretty good record of staying away from pitching our stuff Because this stuff is free. We want our podcast to be free no matter where you are in the world we know. Some of you can't afford management development Guidance on your own. And so that's why we do this and yet for those who can't afford it. We only put together products that are high value and is lower cost as we can We can make it in keeping with what manager tools incorrigibles are all about what you tell people national so. Www dot manager tools dot com? If you're interested all right that's that's that's about as much marketing we're never going to six more months. Not another word to see you. Thanks everyone we'll see you all next week. So that's it for guidance on systemic career documentation guys come back tomorrow because we're GONNA talk about handling exit interviews see them.

Mike salesman Siem de Occur Management Docum White House NBA Siem CNBC C- MD Korea Moore president desmond Amd Secretary software developer Luke Developer President
COVID: Systematic Career Documentation - Part 1

Manager Tools

29:52 min | 7 months ago

COVID: Systematic Career Documentation - Part 1

"Welcome to manager tools and career tools. Today's guidance systemic career documentation part one too many of us get in a situation where were laid off cove. Nineteen comes to mind and we don't have in terms of background documents in preparation. We need to conduct an effective search. This will allow the things you need to do. Now if you haven't already lost your job so that if unfortunately that happens you will have the right stuff in the right place to be able to make a good first step on your job. Search things are tough right now. We know it. We're doing everything we can. We're surging these cast daily rather than weekly and if you need further help email us customer service at manager tools DOT COM. Here we go with part one of systemic career documentation folks. If you're lockdown is going to continue a little longer but you've discovered that you need to invest in your managerial skills. We highly recommend the virtual effective manager conference which we put together. I already sold out. Starts on May Fourteenth There are a few slots left. We know we've gotTA figure out a way to get you this stuff and the virtual conference over five. Different sessions is the best way we can do it. Check it out on the website. We've talked about the career management document before the bunch right all times right. We've never really gone through it in any great amount of detail and given how important it is as the first place you'd start when putting your resume together and the fact that you you really don't want to be working on this stuff when you need to resume. What do you need a resume? You need it so we need to rectify that by talk a little bit more about it and really there are a couple of reasons for this cast first of all. We started getting lots of questions. And and attorney can answer people individually right. We'll get answering the forms but you know we all have a few thousand people in the forms. We don't have fifty thousand right and and the second reason is because it's our invention we just want to be clear about the right. We we invented it. We it is a it is a career tools manager tools creation in order to help people organize their career history and is designed to specifically address the fact that people have a resume that they may have created a couple of years ago for a specific job which created for specific job and because it got them that job it is therefore somehow a good resume but by definition. We said this before we said it in the. I'm sure we sit in the resume asked. We've said many other times places. The idea that you could you can Distill your life down to a one page. Document is a joke right. It reminds me of that that painting that I referred to four before the like so much which is a picture of a pipe and the title of the painting is. This is not a pipe because it's a painting of a pipe. Same thing your resume is not your life and people rebel against the idea of a one page document and rightfully so wha- understand completely. Why is just that? There's a difference between what you feel when you're putting your life on paper and what recruiters want to read when they want to read about your background. So the Career Management Document essentially says we need someplace to capture everything so so that that can be the repository from which we create resumes. And we've alluded to it many many times before but you've got to have multiple resumes for multiple job applications because if you've had it particularly if you've had ten or fifteen years worth of your career you've got a number of different experiences which looked different ways to different people and can be sold in different ways to different opportunities but an important point is that each job requires a different set of experiences a different set of skills and you want to build your resume in a way that speaks to that particular need for that particular position. In fact I've told people before just friends of mine. I said resumes remind me of the pain of the used car salesman and and that always gets sort of a funny. Look so if you're listening and you have a funny look on your face. Welcome the crowd. But but what I mean is this Taking the time if your crew used car salesman taking the time to find out what it is a person wants. Who's on a lot you know or any car sales from that or not new or use. What color what type what style. What's the use? What's the you know what kind of mileage you want? All those kind of things spending time get it. Oh a customer is much harder because it requires a great deal of uncertainty and probing and good listening skills. It's much harder than simply selling what you have a lot. What you hope for what most car sales people do. And most salespeople in general do sell the features of their vehicles right and that is pushing product rather than finding out what the customers need is will people get frustrated that that resumes aren't a full representation themselves because it is they are trying to push a product they want their resume to be easy and be simple and they are not willing to spend the time to understand what it is the client the customer the HR manager of the recruiting manager. The HARA manager wants and that's really where great sales people live is in the minds of the customer. What does the customer want? What does the customer need? And how can I help them get what they want? And if you really ethical you're good enough to say and if what they want is not what I have. I can walk away from that. But if you're pushing product the no you don't walk away from anything so literally the resume the one page resume or even any resume without some good background some some more depth than simply one page might have or or without a good analysis of what your customer wants. What you're hiring manager wants what the HR person ones is really a very biased way to go into the transaction In on bad days. So if you're if you're ethical you'll try to figure out what the customer wants to see whether or not you can make them convince them that you have what they want. But if you're going out there this is me. This is me. This is me getting lucky whether or not the the the the fit is right rush and I've studied our customers and I've I've actually surveyed our customers and one thing I know is that they want us to get on the show and talk about the. Yeah so look so. In essence the career management document is where you keep the record of your career. It's never seen by anybody that you It's not your resume k. It is a document that might be five six seven pages long as you get further along in your career. That shows everything you did and everything you achieved in every job you've ever had okay and at the same time having a DA. -CREMENTO document is not enough and it is part of a larger system of career documentation. Which allows you to create and to have an effect resume when you need it so four parts to this show today and this is about career management document within that larger career management system. Step one you've got to create the de que step to. You've got to look for your accomplishments. Monthly step three. You've got to update your career management document quarterly. We talked about this resume. Cast right You've got to spend some time only half an hour once a quarter just reviewing what happened to me. What's going on? What do I need to add to this growing burgeoning document so that when I need to call it down to one page all have all this stuff I've ever done? And then lastly step four courses create that resume from the crewmate. Okay so step. One create your crew management documentary. They seem several times in today's Today's show we know it's kind of the center of the whole crew management process but before we go on and talking about how to create it once you give us a little peak behind the curtain here terms of what does it. What does it look like? I have one in front of them. What does it look likes? Could clear on that. It looks like an overly detailed overly minutia Feld resume. It's seven eight nine ten pages and in fact it might actually have electronic addenda associated with it. It's a document with title for each role you've held the date. She had it the company. Name the location you were out when you were in it right underneath. That is a paragraph of all of your responsibilities. Now think about it. You might have forgiven job. Eight or nine. Ten even sentences of responsibilities forgiven job. You're not going to have that much. Remind your resume. You're only ended up with three but you may choose on one job to bring out the first second and fifth and for another job bring out the first third and fourth as a way of highlighting different responsibilities from your background that sell you better for job versus job. Be Okay now so so for those of you who have seen our sample resumes and we encourage you to go get it. It's free. It's on the website right. You'll be thinking this looks a lot like that and you'd be right it does. It's basically a resume on crack a resume on a little bit because now You know it occurs to me. There are people are going to be saying. Oh good this is what I think. My resume is two or three pages folks. That's not true. The can be as long as it needs to be. It's a complete record. It's not a resume. Resume is by definition and complete the Siyam D for a job you held for two years. Might that jobs intrigue your Siem De Might Be an entire page? There's somebody WHO's been in. The workforce as twenty years could have twenty twenty page list and the problem is people think. Well I only WanNa five-page because I wanted to be a long. Well no what you want is to have captured everything in one place remember. We did the cast on layoff immunization. And we said you've got to have your contacts written down you've got to have them all in one place. In the event you get laid off. Having electronic version at work is not going to be people wrote to us and said we were luddites and they complained and we understand that I mean look. It's much easier being digital nowadays right often said thank you very much. I actually had it and I didn't have access to my. They took my work cell phone. Which was my cell phone right. Why have a personal cell phone of worse going to give me one for free and then make personal calls on right? They literally took away his entire connection to his entire business say for his written his type type a contactless which we and then somebody else that own. Oh by the way I'm opposed for the exact opposite that took everything away. I didn't have a printed version and I'm regretting it now right so in in in a sense it's like that because people are GonNa be saying well. I only wanted to page resume so I'll just have three pages. Whatever no this is really complete. It's really detailed. It's one document now. You don't have to have a printed version. You can have it on your home. Computer provided your own computer is yours but look. Let's get into the details. How do you create if you haven't created one before if you didn't do that based on our resume guidance from you know four or five years ago start with your current resume? It's a great starting point right now to be fair. This is not. Were not about to recommend one sitting. Get it all done in an hour. Kind of job right. You're going to need a couple of hours folks and I know. Sometimes they're those you say you know if. I did all the things you told me to do. I'd really busy as well. Yeah he would be and you'd be a lot more effective to. You're gonNA need several hours. You're probably GONNA need some extra time rooting around in your system. You'RE GONNA have to find some old information. Look be smart. Spread it out over a week or two. I reminded once of the the Getting Ready for your own personal review and we tell people you had a twelve week process right half an hour over twelve weeks only six hours once a year which is not that much to ask in terms of your own career management relative to the big document that that determines your success. Which is your annual review so spread it out over. We could to once you start thinking about your career spreading it over. A period of time is actually good. Because as you start thinking about your career your brain remind you of stuff. That happened six months a year or two ago. You're GonNa read an old job description. Oh my gosh I completely forgot about that and now. I'm thinking about a couple of projects that I wish. I were brought up in this job in this interview for this job. We'll great that's great. Don't ever have to say that again. Write down something that captures what you need to have captured about that thing. You did five or seven years ago folks. This is particularly important for those of you. Who were interviewing internally. Internal interviews often tend to be light on external experience. What have you done here? Tell me about your experience working for Joe. My Buddy tell me about your first job here in this and so forth. There tends to be among large corporations An insularity to to interviewing where the focus is myopic. A little bit on the world doesn't exist outside of apple labs or proctor and gamble or Coca Cola or IBM or Pebble Beach Corporation or whatever. It's just just here. And and so having good details from something. A couple of years ago is very helpful to review getting ready for an internal interview. The really really effective people who interview. Well internally are the ones who prepare as if it were an external interview. And if you get a couple of promotions on these internal interviews your career management document and your resume have gotten seriously atrophied and then you do external interview. You don't have the stuff you need. You're not ready and if you don't take some time to build a solid big heavy document and I say that's probably the wrong word but but long detailed document that you can call from the future that maybe you don't use some of the stuff on your resume but you know you can pull from it in an interview later in order to get ready if you take the time to do it now. It'll benefit unanimously. Later managers grills were all about wellness. We're not about we love prevention. We love wellness. We don't want you to go to the doctor right. The great thing about this now may take a couple or several hours even to do it the first time if you don't have one already but once you do it yeah I can about. You're talking no more than an hour. Once a quarter to maintain it probably even probably more likely thirty minutes once a quarter and it will save you hours later and not only. Will it save you hours later? It'll save you hours when you will be panicking to produce resume and you might very well avoid. The chances are good. You will avoid becoming the Cliche of the person who sends me a resume with typographical errors. Because you had to do it quote quickly unquote okay. So look you take each will you've had in your career and it wanted a time and you consider I you responsibilities. Look I is mentioned before instead of reducing that responsibilities paragraph to the three or four lines it needs to be in order for you to fit your resume onto one page. It's okay for it to go on for half a page or even longer if you need to every report you're responsible for every person you manage. If you managed three different people doing three different levels of stuff include that level of detail. It may very well come back to be important later. Everything your manager has ever held you accountable for goes on your seemed de que. Now again we'd call it a Siem de because we want you to get in your head. This is less about your memory or less about your resume and more about your memory. What we want you to do is drudge. Everything up and get it captured one time so you don't have to pay around rows going. What else might have done that would fit? I don't remember I don't remember. I don't remember and look. Your memories are fallible just like ours are if we get it onto the page. What allows us to do. Is We create our resume for a particular role. We will have a lot more of the information at hand that we need. Maybe only improve your resume by ten percent but hopefully many of you are listening to remember the purpose of a resume. It's to get you an interview and you combine that with the manager tools guerrillas law which is in the land of the blind. The one I man is king. You don't have to be super excellent at this. You simply have to be one percent better than the vast majority of people who were dead on the median. And so this is the kind of work that makes ten percent better than gets you fifty percent more interviews because you've got to tell her to resume because you took the time to build a gigantic or longer Siham date or remember. The CAD is not your resume so you don't get to wrap them details like spelling and granted. There's like no one's ever GONNA see they're going to see the resume that comes from the now it makes sense over time to go back. Sure and fixing ham grammar have written well so that when you do create the resume simply lifting second. What if they don't have something? Maybe they did some work for the government or for an unusual job or small company. They didn't have reviews or anything. Jobseeker's okay with handwritten you keep stapling a couple of noble pages. Baxter yeah as long as you're capturing write a twenty page document six pages of with real cards. It could be good onboard. Yeah exactly it's almost you call it a document but really it's a compilation right. It ends up being a single document but the form of it might be a little bit different than what we think of his documents on computers. Absolutely right nobody's ever going to see this all they're gonNA see their resume create from it and there's a case to be made. It's a bit like brainstorming. Where some of our when when we bring folks to conferences and they brainstorm about things they're looking for the right answer and the first brainstorm they do at one of our conferences. They get like six or eight in a group in two minutes and the next time when they heard one group at eighteen sudden. Everybody's getting twenty five right. It's because they're looking for the right answer. The Khurram is to brainstorming in decisions. is much more like brainstorming. They make a decision to resumes. The decision that comes out of the brainstorm the crew management document and that makes sense. Yeah absolutely fact it can be messy. One of the challenges. Folks have is there. Is there ten years into the career there? They've never done a career management document for pulling together and they can't remember what the responsibilities were in the job. They had five years ago. Yeah you're right so so again you don't have to be perfect. You don't have any documentation that spells it out for you go to monster or indeed or one of the other career sites out there and see what see what other people have responsibilities for John. Acid worked on you. Had you'd be amazed at how many things come flooding even if it's only eighty percent it's still eighty percent of jobs as opposed to zero. Which is what you had before and look. If you don't have a job that caused you to have to Jobson's that's okay. Use other people's right you'd literally you can google. You can google. You could probably Google project manager description and find a million of them. Monster would agrees. Better right careerbuilder is another one. That's better as well. I'm sure Walter Journal. Same thing somewhere in the Wall Street Journal career page There's that kind of it's almost like. It's almost like brainstorming. Right go out there and see what you'll speaking people five of them together. You Get Ninety. Five percents go. Yeah that's me. That's me that's me that's that's me. I'm missing this little part domer- what it was but that's okay. I've got ninety percents. That's all you need okay. So no so. That's building. The responsibilities paragraph never remember if folks. This is a little bit harder for you if you haven't listened to resume cast but resumes are a particular animal. They have a particular format reverse chronological job. History it you listen administrative stuff around the job dates you had it months and year and title and Location Company and then you have to key things for every job. You have responsibilities paragraph which lists what you're responsible for responsible for sales and marketing in a region. Or what have you? And then and that's pros and it's it's written like a normal paragraph in the sense that there are sentences with periods and then sentences after them the next section though and this is where so many of you make mistakes is now you get two accomplishment bullets and for some reason because the word got out that bullets are what recruiters managers and higher mentors look at. Somehow we've gotten rid of the responsibilities paragraph everything bullets and what we do nowadays what we see and probably ninety percent of the resumes. We get I'd have to ask Wendy precisely but I would be willing to bet. It's ninety percent higher. The bullets are a mishmash of responsibilities and accomplishments. Now Look if you say responsible for new market new marketing programs great. That's a reasonable job description. Respon- responsible people that's an accomplishment for. Gosh that's a harder. That's all another cash right but think about that for senior responsible for acts. I've said this before. I'm going to say it again if you've put a bullet that says you're responsible for acts. Here's what happens in the mindset of the recruiter. The bullet to them is meant to mean. This is something you accomplished. If you put a responsibility in their remember responsibility is something that you and anybody else who that job was responsible for the fact that you think it was a really cool. Responsibility is irrelevant. The fact that you're responsible for it to the only matters insofar as they get to find out how well you delivered on your responsibility and so here's what happens. The recruiting manager says A. He didn't do that well in this job. Because we're he had a bullet and he could have listed in accomplishment. Something he did. Well that would have excited me telling me how well he did his job. He chose instead to insert a responsibility which everyone has sheer function of showing up the job on day one. So that's the first way. Okay the second way me and this is a a a sort of a harder one to to convince people of is if you put that down there is a danger that they will assume you were fired because think about the person who got fired from a job and had to put up with. Put some bullets on the resume. What will they do? They'll list their responsibility for his bullets because they don't have confidence if they got fired right. I mean there are plenty of people who get fired after years and years agreed service. Don't get me wrong. But in the abstract in the basic principle putting a responsibility says I didn't I don't have a conference and in fact I'm doing what people who were fired do and it's two strikes almost immediately so folks we've already talked about responsibilities and now we're talking about compliments and we don't want you to miss for those you haven't listened to the resume cast responsibilities and accomplishments or even things responsibilities that pros paragraph that that starts every job and then the accomplishments are bullets. That happen after that. That come after it for each role on your crew management document. You've got to have accomplishments what we're looking for. Here is the quantified result of your work. We don't and this is a key point Windy spends a lot of time talking to you about this. We don't list activity which arguably would be responsibilities. Right for example project managed so so project with ten staff and budget of two million dollars is activity. The result of that activity is what you delivered on time on. Budget similarly created process for incoming. Mail is an activity the result. And that's what bullets are about results achievements. The result is the time saved or the reduction lost male or some other benefit to the organization beyond just the creation of a process on your Siem De. It doesn't matter how you write the accomplishment but it will save you time if you need a resume in a hurry in fact we ought to podcast called resume in a hurry resume. Box resume in thirty minutes If you have put the accomplishments into the right format for your resume which is result verb method humane example for instance achieved four million additional revenue by selling follow on maintenance contract customer customer a k. That was the result. Four MILLION ADDITIONAL REVENUE. The verb was by selling and the method was follow on maintenance contract customer right the project name or the customer or something identifiable after the accomplishment on the page. That's going to help you with remembering But of course you. You'll probably need to remove that when you actually go to creating your resume. Okay courses certificates totally got include courses and strip against this mistake that that a lot of folks make particularly we see it in the technical ranks that people want to list it partly. It's because technical ranks value intellect and value experience. But but not really work as much as it is academic accomplishment knowledge and so we want qualification or or proof of knowledge and so we often see technical resumes. They'd have half a page. Three quarters of page with all the courses people took all the certifications they got all the SQL and DB two classes and all the cobol this that and everything and so you know pm this and BMI that and so on and look folks. We're not suggesting we don't want to see that but the idea that you just put it in a big glop somewhere first of all it gets lost and and I know there are people who will tell you. Oh you have to write your resume for the scanning systems. You'd be surprised how the scanning system will pick up the things you put put on your resume. Even if they're not all together in one place. Believe me if you're recruiting manager your eyes glaze over when you look at all those those Caucasians so what you do. Is You include those qualifications. Those certifications any courses you took any classes you took and so on as accomplishments in the job you were in at the time so if you get you know an sql query course completed when you are You know a database manager or database program or something like that you put it in there as one of the bottom bullets and that job description. You don't lump it all together with everything you did at the bottom. One of the things is important is If you put everything altogether at the bottom we don't know when you took it or if you expect us to read the years or months you took it then we have to go through and say okay did this then and then and this there so on whereas if you tell us within the context of the jobs you had first of all believe it or not it takes up less room and secondly it gives us context for why you're taking that class and if you just listed a bunch of things if you're if you're taking a bunch of classes that really don't make sense or that don't help us and you mix it in with classes. Do help us or you mix in old classes with new and we only read the old classes. Then you don't get any credit for the new classes right and probably the newer classes will be later in. Your car is part. It's part of customizing to the position looking for us. Or you're not GonNa Have Zach Thomas Certification informix. Okay informix. That shows how old I am. But if you're if you're applying for a job as a DA in Oracle for example. Yeah exactly good so yes. You'll totally include courses certifications and so on and get it helps putting it in with the job helps you with chronology and it makes you look like you're staying current rather than just. I take a lot of stuff. Also don't folks don't censor yourself on your c m d everything if you ever doubt about whether it on their on their if there's a doubt on your one page resume and you're at a page and a half right but I'm GonNa see him d you want a big pile. This is your career brainstorm. Okay it's the record of your brainstorm. It's everything you possibly can get back to our time in the army and I've got all my. Oh yeah ours. All my officer efficiency reports right I would go back. And and there was great job descriptions on there. There's not great ratings of course great job descriptions So okay so that's the creation of the criminal document and again it may take you two weeks. It may take you a couple of weekends our to make getting up early before the kids get out for a couple of evenings. Seven to eight o'clock at night or nine o'clock at night after the kids who've gone to bed thanks everyone. That's it will conclude this one next week. In the meantime aggregrate one sola past the tip report. One guys come back tomorrow for part to see then.

google Monster salesman HR manager attorney Siem De Might HARA Zach Thomas Wall Street Journal Oracle Joe officer drudge Siem De project manager Baxter Jobson careerbuilder
QD 13: Best of Siem Reap

Extra Pack of Peanuts Travel Podcast

23:34 min | 7 months ago

QD 13: Best of Siem Reap

"Hello Travel nerds and welcome to the extra pack of peanuts travel. Podcast show teaches you how to travel more while spending less joining me. Today is someone who needs her Second Cup of Coffee. It is after noon. It's not late afternoons. Just right after noon. When we're recording twelve fifty four. Okay so you're go for a second cup of Coffee Cup of Coffee Day. It certainly is. I don't know why maybe it's having two kids but I'm feeling a little bit tired today and a cup for each kid. Sure so we are going to be talking about a country that we have been to twice and I did have a good coffee there okay. It's not a country that it's really known for. Its good coffee. Not But the second time we went we were able to find a very cute coffeeshop. Yeah we're talking about Cambodia. So if you guys are joining us for the first time to our Corinthian. Diaries unedited off-the-cuff Short Dir podcasts. That we have on ITV's so you can watch us. Hi or you can. Of course listen to it on the podcast feed and we are doing many many destinations. Basically the best of these destinations and we have been Cambodia twice but the first time we went was eight years ago and the second time we went was five years ago. So it's been a little while so it's fun for us to take a jog back memory lane because Cambodia was one of the very first countries that we ever to on our first backpacking trip. No wrong we did not go. To Cambodia first backpacking second line. Third one travel seriously went to Thailand and Malaysia. On our first backpacking trip. Then we went to Australia. Yeah I didn't answer that backpacking backpacks and we bumped around and then we went to Cambodia. Thailand again Gotcha. Okay so on our third trip within the first year of US becoming quote unquote backpackers. We did hold go to Cambodia and it is a bit of a run down memory lane. So you've got your cards here. I always I was hoping maybe you would do the card so that I could drink my coffee. I'll do the cards on. It was just mother's Day. I'm still demanding things out of trav- I never knew that stopped. Oh so here we go first question about Cambodia. Half is the most beautiful sight start off. Yeah well I mean. I think that everybody knows what the most site is in Cambodia and when we talk about Cambodia we've only been to see 'em reap so this is actually a reap. Yes thirty Majett Specif- scenery we've never been to any of the pen or the beaches cities through the beaches down south. So we're just basically talking about seeing and obviously the most beautiful sight is anchor. What however that is thousands of temples. I'm not sure how many temples there are in that whole complex but it's humongous. You can export for days. You mean you need a couple of days if you want to see all of it or most of it so the main temple obviously I would say is. I don't know if it's the most beautiful but it's definitely the most striking sunrise the very first time and wow. It was really incredible and the first time we went there weren't as many tourists so back in two thousand twelve. We were there. We went for sunrise. I would say maybe there were a couple hundred people me and then when we win a years later we went for sunrise. There were probably some of people I would say maybe triple. I don't know ten at people 'cause when we were first exploring that first time that we went there were parts of the main temple complex where we were the only people there was. The main temple complex is called anchor. What the name of the whole area but also the main temple and I would second. Obviously if you're going to him reap you're you're probably going to see Angkor Watt and. It is absolutely amazing. We'll talk a little bit about this later on in this little show here. I think when we talk about most beautiful site the beauty of anchor. What is getting in ahead of the crowd? So there's already going to be a lot of crowds but wake up early. Gopher Sunrise but as soon as the sun starts to rise over anchor. What run inside because you will get because everyone else will be milling around outside taking pictures waiting for the sun to come all the way out if you get inside before that then you you can have the temple a little bit to yourself. Which is what we did both times so even five years ago we got in pretty early and yeah obviously a site like that. That's has a ton of tourists is way more beautiful when less people around so we tried to get ahead of it you could obviously go the other temples to in the beginning of the day because if people were going for just one day they'll start an anchor what they'll go for sunrise and they'll make their way around the circuit so if you go to. Angkor Wat temple for Sunrise the First Day. Go somewhere else to second day and you'll have some stuff pretty alone which will be pretty neat. Yeah and I mean I. We haven't been there in a few years. I feel you can find some of the more far removed temples that will have less crowds unless tourists and especially. You should hire a driver. That's what we did and we head of ourselves here. Is that a question higher drive. No there's going to be other thing. Okay I won't say anything. Most beautiful sight anchor Wa. Yes all right best memory boy so my best memory. Oh you have something that will stick out for a long time and Heather. Speaking about hiring a driver. The very first time we went we got a driver from an airport from the airport. His name was Berlanti and he then was our driver for the next two days to drive us around. Anchor Watt with our friends. He was so nice so kind. Just the literally the nicest human we've ever met on our travels that we we stay in touch with him and we put up on extra pack peanuts and said you should hire Bundy and a lot of people did and I remember hearing from people in the comments. Go AHEAD BURNT. Bundi here so amazing but then one day I got an email and this wasn't we weren't actually in Cambodia. We're at home but I got an email from Boondi and it was about four paragraphs long. His English is pretty good. Spoken English is really good written English. You can understand it but it's about four paragraphs long and he just went into this huge email thanking us of how many people had sent his way who had read our site and then hired him and he said because of you. I've been able to send my kids to English school. I've I've gotten to more vehicles and I have my two best friends helping drive it so he basically it said. I went from just being a driver with one car to now being able to have a legitimate business just because the amount of people that you've sent our way and it really it just broke our hard. We that sounds negative filled me with such a joy because that had always been our goal with extra peanut was just to help people when we found someone amazing or an amazing place to eat or anything that to get the word out there and to help are the people who found. Us support those people and have worked with Monty. And so that's my best memory. Hashtag epoch says yeah there was a time when our top ten things to do in Repr- was rated number one in Google for a couple of years so I think that the hatch traffic got tons of traffic and therefore helped. Booties BUSINESS. Grow and you know. He's facebook friends with us. Now he comments and all of our pictures and we haven't been back since we've had children but I know that would love to meet her children because the last time we were in Cambodia. We went and met his family and his. I think he has three children. Now is three when area to yes so that is a great. A great memory and mine is pretty much the same. I mean the first time that we went there and we were sitting at the airport and we you know I think we were getting a snack or something waiting to figure out what to do or how to get to our hotel or Hostel Guest House and we decided to take a taxi and Boone. T was the taxi driver and then when he dropped us off at the guests and it was not a very long ride. Maybe ten minutes. When he dropped us off he said okay. Do you want me to pick you up to get you to the temples tomorrow and we were like Oh. I don't know should we do that? We're kind of talking amongst ourselves. It was me and our friends corden Kalem and he's like a pick you up at sunrise and traffic y you know look. I really wanted to do some research about the best way. And like how you should get to the temples. And Courtney like yeah. We'll do it because we only have like three days in Cambodia and we didn't really have time to be like researching a million things about the best time or how to get there good price. How much did you spend to get a taxi to explore the temples? And Courtney and I were just like nope we're doing okay. We'll see you at four. Am so that was just so incredible that we decided to do that. Boondi ended up being one of the nicest humans in the world and he showed us around the whole complex that day and it's he wasn't just a driver. He gave us information about almost like a tourist guide. And Yeah that first time we were. There was just epic now the second time. We were there with chefs parents and talk about epic. His mom had just had foot surgery about a month before that so she was still in a boot you know like one of those medical walking walking boot and she hobbled around Angkor Wat like a champion and was just the best sport possible and that was really fun to share that experience with traps parents. Yes just going on the boon to story a little bit further is when we came back and said Bundi. We're coming back because he writes us. Probably once every couple months when you coming back can't wait to see you all this like we're coming back and he books up early so you have to. You can't just arrive in request him anymore. Because he's so busy and there was only about three weeks and I'm like come back to. I will clear my schedule so okay so we arrive at the airport and no joke. This is the closest we've ever come to being celebrities. We arrive at the airport. And we'd get off and there's plenty and comes running up with him and he had a sign. It's said traffic. And he comes running up with this with friend. Plenty and there are other friend and like grab the bags. They won't even barely off the airplane and and all these other drivers like no no. No you have to wait in line because usually when you get there like there's a line and you just go with every in front of you know. These are the ones I told you about all the Oh like they knew us. Could you told them about us? So they're just like caring in all at us. It's like okay and my parents like what is going on. It was like being many celebrities in that little part of the world and so then on top of that then we asked if we could go to see his house and if we can meet his family and we did with my parents and that was just a super special time they had over for dinner. And I'm just really getting a super authentic feeling of it so Boondi and the experience with one of my favorite experiences we've ever had travelling at all. He's just an incredible human and so anyone who's going to see him Rupe. Make sure you go to our post. Find Boone number. Hit him up. Tell them trapped sent you. He will treat you just like he's the best if he's the best so we love. Yeah all right best. Drink drink drink has to be and this is going to sound really silly but it was a Margarita and no of course Margarita is not a very authentic Cambodian drink not at all however at the time the first time we went to Cambodia. We'd been living in Japan for a year and a half so we weren't really drinking many Margaritas. They don't really have Margaritas in Japan. And we got to reap again with Courtney Kalem and I think we had spent some time doing the temple complex got up early and we were wandering around the city of CMU which is a really fun activity. Do there's lots of shops and restaurants and bars and just things to do and walk around in see and we came upon this place. It was like a Mexican restaurant and they advertise. These really cold market street in Samri is like a hokey backpacker. Streep when when you want that you want so it's most authentic authentic but at the time that I just remember thinking. Oh my gosh. We're going to get a cold drink. It was so hot we'd spent a Lotta time just out of exploring and yeah having lived in Japan and just not being mercury going there. I wouldn't I wouldn't say like Oh if you're you live in America and then you're going to reap on your vacation. That might not be your best drink ever but for the circumstance that we were in at the time drinking school. Margarita was really special. So here's what interest what's interesting. I thought you were going to say when we had Margaritas. My parents probably have that same place on paltry went back because it was. Yeah so when we my parents. I don't remember actually the Margarita. We had that first time. I do remember the second time when we were there with my parents again. It was like hot and dusty dirty and we've been out at the temples all day and we go back. Let's go to pub- streaks. They just have all these restaurants and you get this feeling and we went there and we end up sitting at a Mexican restaurant. Whether it's they want I mean. How many can there be drinking a huge Margarita? There and I just remember my mom being so happy down this Margaritas so Margaritas and a very unusual choice but best activity. Obviously I think we have to say just exploring. The temple. Complex is the best activity. It is an incredible place. I mean when I was a child. That's one image that I'd seen in a book that I just found to be so amazing and I thought to myself I'll go. They're not even really knowing. I guess where Cambodia was or much history and I was a kid and so just going there and seeing that is so special in my mind because it was such an iconic thing that I had always wanted to. I mean it's it's a very major wonder of the world to the point I think it was ranked number one. I have a book of like Lonely Planet. Or now yeah. Lonely Planet voted on by readers. And on I think it ends up being number one on that entire list. So I'm with you anchor. What but I would say getting if we had more time. Because someone asks us this like why. Don't you put this in the quarantine? Diaries time what would you do? If I had more time I would spend more time going to the altar temples as well now tau. Prom is very famous too. It's like three really famous ones anchor. Wad is the main one you see that then the the other one kind of right around from that and then Tau Prom which is famous because it's called the Tomb Raider Temple and that's where the trees are actually growing in the temples and stuff like that. I would do all three of those. They're they're amazing for a reason but hey I would try to get ahead of the crowd so again go at sunrise and go pretty quick through them maybe and then try to get to some of the outer temples but yeah best activity and reap even if they're crowded even if they're overly crowded. The temples are just stunning stunning. Saw Yet I would say. Get Their sunrise than getting quick then. That would be what I recommend definitely and definitely do problem. I mean I think that was the tomb. Raider temple was even cooler than the main one. I mean the trees it ruined is pretty cool is really neat. Best meal I know mine okay. What does it eight a frog news delicious? I don't know the second time we went to. It was also so grilled frog. I just had to try because it was unique but then I ate it and thought. Wow this is really actually very good. And I'm not just talking about frog legs. It's a whole grilled frock. I mean we went to the a few restaurants that were very traditional Cambodian restaurants and the one that we like to think it's in our blog. Post is marketing kitchen. Yeah and that was. That was really good. They have a special dish. That's fish dish with a broth. It's not really like it's kind of like a very spicy like basically. It's not like a Thai curry but it's a fish dish with broth and with rice and I mean it's it's very good. I would say that that's probably the only thing that really stands out in my mind as a best meal your kitchen right on the street. I mean there there. There will be other authentic restaurants. Nc. Depends how off the beaten path yet. But if you're going for one that's right there on pub street kitchen from what we were recommended and then you know after having gone is going to have authentic Cambodian food but it's not hard to get to that being said. There was a restaurant that we ate at that was in a bathtub. And I don't exactly remember what that was called but we went to a place that was like it was a restaurant had bathtub sitting outside the bath. I think it's a different blog post. We have a couple on Cambodia but that was the one that was eight years ago. So I'm really sorry I don't remember. It might not be there. Yeah that's true because even the Guest House that we stayed in both times now. I think it's still there but it has a different name so obviously things change a lot in. Siem Reap especially the smaller local places. I mean obviously the chain hotels always going to be the same but the local guest houses that are run by actual Cambodian people those I feel like. They just changed their name or they change. Ownership that yeah. I'm GonNa just give a few names out here. These are post but we just had it up here so I wanted to make sure we had Cambodian soup. Was the place on Pub Street right the frog and I did a lot of research about the best frog and then Viva Mexican plus the name of the Mexican Deaf Dollar Fifty Margaritas so again five years ago. Maybe they're still there. You got to go check it out for yourself if not. I'm sure they've been replaced by equally kitschy places on puppetry. All right. Last question for Siem Reap the most surprising thing. Well I don't know I'm trying to remember something that would be the most Cambodian people are very nice. I I think that in Thailand you just people are smiling lot more. So what I'm going to say is I don't know that Cambodian people necessarily are Smiley as tie people are but they were all very nice but the most surprising thing for me was the level of children trying to con you on the street. You remember how that was the big thing the first time we were there and it was really challenging for me because they do this little scam where like a young child will have a baby brother or sister might not even be actually their baby brother or sister but they're carrying them around asking for money for milk and so you think okay. You need to give this child money because this baby needs milk from the convenience store but they don't it's such a scam and ours remember like this child held my hand and walk with me down the street asking for money for milk and I almost gave it to them. Which was like no you candidates scam. Someone told me they're like milk. Scamming Kimbro off the are still doing that in Cambodia. That was really hard for me because I just wanted to give them all my money so I don't know I mean obviously there scams in other countries as well I guess maybe similar to this but it was just really prominent in Siem Reap So. That was kind of a surprising thing for me. I'm going to end with a weird one. Anchor was absolutely amazing and so even though we had I- expectations it exceeded those again. Geologists keep hammers. Get in the temple early because it's infinitely better than if you're in there were hordes of crowds but I would say the most surprising thing for me was how weird it felt to get a fish massage and so the fish massages when you stick your feet in a tub of goldfish and they eat the dead skin off your feet. I thought this won't be that weird like everyone's sitting there doing it. I could not keep my feet in there. It felt so odd. I thought you would just feel like a tiny little sensations and it was tickly. It was very quickly. It's like they were like you could feel the fish sucking on your feet. It was very very odd. We have a video of it. I thought okay. I'm going to do this for the video. You know. I'll put my feet in. There might feel weird for a second. I'll Keep Min. I could not keep my feet in that water. So that was the most surprising thing for me. Goofy but Yeah that and how good the frog was so you guys have it? That's that is our quarantine. Diaries on Sam Reef our best of obviously the big overarching theme. When it comes to see him reap is going to see anchor Watt and even though it keeps getting more recognition and even their keeps being more tourists. We highly recommend going and checking out. If you're in that part of the world it really is a can't miss place to go and Anchor Watt and definitely. If you're going look up Boondi you can find it on extra pack of peanuts Dot Com just search damn reap find are posted on his phone numbers on both of those emails on. They're having a good driver. Makes all the difference in the world and Boone is the best of the best so one of our favorite people in the world. Go corentin diary. Yeah I a little faster. I thought because I wasn't holding the car. I didn't even realize that was originally. Keep it to fifteen minutes so we still went over but if you guys are listening and you like the show we we did a mean reviews show a couple shows ago where we read the Muse. That people would post on itunes. We said we wanted to get to a thousand reviews on itunes. We had five hundred eleven at that time right now we have drum roll heff five hundred eighty one so seventy of awesome people and review the show. Thank you we. WanNa get two thousand so now we need four hundred and nineteen more of you. If you're listening to show to go leave review we love to get to a thousand people and don't forget the quarantine dyers. We'll be coming out on and the podcast on Monday Wednesday Friday and then our regularly scheduled podcast comes out on Tuesday as well. So thank you guys for listening. You're awesome stay safe. And we'll keep the quarantine dyers coming.

Cambodia Boone Thailand Second Cup Courtney Kalem US Australia Anchor Watt Angkor Wat temple Japan ITV Angkor Watt facebook Boondi Majett Specif Margarita English school Boondi Angkor Wat Google
Johnathan Stock

Human Factor Security

59:05 min | 10 months ago

Johnathan Stock

"Welcome to the human factor podcast hosted by the People Hacker Jenny Radcliffe warning. Thank you may reveal more than you think. This episode of the human factor security podcast is kindly sponsored by the scarily. Good folks wchs a Finland Dot D. E. Helping your faithful defend your company. Hi everyone welcome back to this late Steph. Say to the human factor. Where I'm I'm delighted to have well? Someone has a massive stalls. Sue someone if you need treatment for the death style this guy. Welcome to the show. Jonathan Stock Doc. Thank you very much by a very very way to try to help find. Its way it but I mean you say that you help. Companies Fide will cease to build the rebel alliance. Exactly yeah so I suppose it's just me trying to be a little bit different but my full unfold son has probably watch more star wars also most people. Now you've got to be careful at this site that's built statement sue that cybersecurity. You do that. Yeah absolutely affect by. It's fine about myself amount Saturdays. He's out now. You Jonathan you insightful. John just give us a little bit about what it is easy for them. Yeah so I worked for offering to people where a recruitment agency focus on nineteen engineering. We've been going for twenty five years since I joined free and a bit eight years ago. I have been focused on the cybersecurity. It security information security industry helped companies across the UK and candidate candidates to define the roles looking for that sounded style was as well. It didn't it. Yeah been working hip free and obvious. majority Georgie roles across the UK. My job is to help find people a new role I wanted to speech. E U K. I mean we knew each other anyway anyway but Jonathan. An interval actually helped me out guys because I found this wonderful info graphic with lots of different roles in the cybersecurity into she for a talk. Okay I was doing a Liverpool and I asked Jonathan if it was okay if I could use an you guys really happy to let to help and let me use it rather than me. Just use it though asking. I might attack so I wanted to say that and also just it's good thing it's to see the industry so to help each other out and stuff so I wanted to say thanks to that and I also wanted to talk to you for Awhile Jonathan. Because he was supposed off this huge cybersecurity skills gap and yet recruits his. Get a really bad rap. I see seventy posts saying a new recruits is off block recruiters and stuff like that and I just wanted to talk about the state of the industry the and and all of those things because strikes me that people are looking for way within saying they don't want us to recruit his. I mean what's it like out there at the moment. I mean if it gets. It's an interesting industry to be in business for the first time by Eve evola improvement Joined to be. I think nobody wakes up as a seven. When you're old and says that mom when I grow up I want to work in recruitment something to a lot of people in industry full into An? I think the Watts Watts Jim really happening at the moment. Is that it lots of competition as a lot of choice that has a lot of recruitment agencies out there in the UK alone beds forty thousand recruitment agencies faint faulty thousands. And he's not going to be obviously not all I take is that would be ridiculous but I think as a a Lotta Alta companies from the huge street brands and think what generally happens and what we tend to say ministry is it only takes eggs a few bads stories a few bad experiences to have a knock on effect across every company and you can imagine with forty thousand different agencies best bound to be some horror stories of in I think we've in Cybersecurity verison agencies all that who know best stuff I mean I wear name any names because directors would kill me best people doubted in Cheltenham who putting on events that companies who live and breathe industry and the the difference with a specific agency compared to a high street brand that's coal them days all laser MHM and if you have to really rating or your industry and you have to be Biden's wit if you'll know having not been bellboys issue I think I looked today just before gave on head of seventeen hundred people like me who are focused on the cyber security industry recruitments rice ice which is a lot of people as not as many roles. You know it's not a huge pool whom to choose from the company's not huge pool of companies actively looking speak to agencies like I said I think we've been some bad practices over of years and it has not knock on effect. I think recrimination disease about his estate agents by some people which is not very nice being to ban but again I think it comes down. Whoever you take an interest in your industry will webby watches looking as a numbers game? It seems strange to me this because I think the cyber skills graphic traffic I mean I'm just trying to think of some of the stats that that I need. But what is it that I'm am guess you'd know the motor. They reckon. The gap is by twenty one. Twenty twenty one not two hundred million positions something globally. Something like that. Yeah I think in the U. K. by effing is around the is in a couple of hundred thousands From the difficulty as as a cybersecurity as industry obviously needs very very talented people need people experience and now Alva- every company from a bakery through to a huge multinational conglomerate needs security people and it is all about competition for places that everyone's the best and I think the problem with the skills shortage as the Vez a lot to be done at the ground around levels of the the entry level roles at the schools amid education universities to help fill gap. But I think is companies need to work with them a lot more will closely as well to help Soba shortage because you get the top of the moment. Ns Fifty companies in London. Probably as a minimum looking looking for a security analyst with five years of experience Amezaga select few people who've got by experience in London so it's a becomes adult quite the best talent but really from my point of view it should only be looking younger generation when they can kind of away it's get us outweighed groom them to security analysts. You know if you work with people from when sixteen seventeen eighteen progressing for university so you still maintain contact with them when they finish that degree. You've got somebody WHO's actually Industry ready for your company. Yeah I two guests guest on here not too long ago new coast and he was saying he didn't believe that even laws of Skills Skopje It's the way that the jobs are written I am two things festival that the specifications for some of these jobs are unrealistic in the to be I mean I think I saw something on on twisted twisted. That was like this is Jesus knighted like many things for just you know junior on the one hundred overstocked Anani says eh what. Daniel's point was more that you've just mentioned to jump in and you said to be in London but remote way possible for jobs as well and it seems like the industry needs to catch compete with that and then they took the pool that I mean this is a good point she thank absolutely. I think it's it's a weird one. Isn't it ready because there's so much talent out bad. People don't identifying find Expectations I think I might have said nuts. Wait supposed folks. Well then you put candidates off straight away and they woman applying for it because they does. This event is nothing as humans. We sit there. If I can't do this can put my hat in the ring like really if the ascents gills ascendant technology you can poke okay if you're very intelligent you hard working and you know what you'll doing in general you could probably pick it up like it is. Technology is a skill this nobody of a spider a lot of people who are very very different You could probably pick up of the skills as well and you could cross over from a particular. It roll into security security. Because you've got by interest. I think companies miss out a lot because of that like you said like Daniel said. It's if you've got an advocate with a junior security analysts with five years experience in the certification and a minister expectations again Candidates look at it and go like Conti about so. I'M NOT GONNA apply. Yeah on your company doesn't really give the best example that you as a company they know while security is what bandaids is in an end. It becomes a huge issue as well. I mean we've seen in the past like helped helping under the find his role as a pen. Tester at sixty s experiences the blue team so uneven defense side of it But wanted to go and be more offensive and being the Red Sea when we were helping salary wise he was looking at fifty five grand and for the operates for six months with experience and his industry. A very big company called mention any names Nell came in and gave him fifty K.. As like an entry level appentice thorough and then that creates a huge issue of the skills gap never gonNA got sold. Because you're paying fifty cases seventy just because they've got security is a title. I think the big companies do buy quite a lot. Which van has an issue with the smaller companies? Because if you've got Kinda looking at a huge conglomerate whose paying ten in Grimoldby and a low starts up that's always issue becomes a potentially Bill Gates but big a company enough develop skills in about level of experience going to hold this vicious circle than though isn't it could friends and contacts on on social you. You say that the ghetto the not technical awful. They've not experienced off like all the time and I just I just wonder Ju- speak to companies when they send you you guys back this is. This is a great opportunity speaking to you to sort of bit of a view of this because I think that it. It's necessary to talk about it. And I wanted to g you sometimes look at a specification for a company that when they sent you it and say this is like clearly not written by someone really stands the Royal Law. This is overdoing it. I I mean how delicately do you have to try it with your clients very vague and it is an issue on the one side of it. If you've got a security focused company nine times out of ten the SPEC that comes through is accurate the job and the level and the experience. What going to be doing I think again? The issue comes when a company example isn't focused on security but needs to bring in security security professionals style bad posture and we see a lot MELBA. We've we've recently again of a company with helping them find the director of information security. Now I know about level when you're a sea level bowl dream level you'll not going to be technically hands on anymore because you're gonna be doing a lot. The strategy work and allow initial architecture. They wanted somebody who could sit at boulder level whilst also today goal the nitty gritty configuration of Siem Solutions. Because this was the first high of insecurity which then becomes a big issue because you're actually taking potentially two free full jobs sticking him into a wall and I suppose that doesn't help on the skill Solti side of it because as one person the multiple jobs vary that today. If you looked at bringing in a security team you could actually bring more people into the industry and have a nice segregation the segregation is probably a bad way saying the a nice split between each individual role within that company And as you probably knows well the more people you have security focused the stronger your security posture is is a company one guy on his own condo. Everybody if you've got a team of twenty Beca a stronger van that one is a one guy won't go on their own. If that makes sense it also it does make sense. I think it's probably but a lot of the time obviously is going going to be a budget issue or a lack of understanding but also I guess this danger because people are going to take jobs. They're going to be well paid shortly. It's like a fairly narrow pool of somebody fill that real. Well I would imagine but then you've got issues aban out and stuff as well surely if someone's doing like that multiple multiple roles within one job and I think that's a love while I read recently Few interesting articles on the burn out of Ceasar's there's nothing. Electorate becomes a a out because of stress fighters on the warriors having that whole security on your shoulders however is because is a C.. So is demanded to do so many different jobs within an organization especially small among Out Cakes in I mean it's it is is a very interesting time because every company wants a security professional. That's great you know. Everyone is now taking security a lot more seriously. The the the impacts of hate us a buzzword GDP ours are the real big influence and factor across the whole all of any industry. Any company has to take it seriously though But van that becomes a bigger issue because those companies main of looks for people love live is before may be looking for that skill set is unrealistic and not finding a not focusing on talent. The could do job in six six months or years. Time a growing role. The somebody who's been doing it for twenty years which again doesn't help the skill shortage in any way because it's the people that the Taupe are going to be a common van. Merry go round of different roles different companies whereas down with maybe five is less experienced. You could do that job but they never opportunity to commit because they want somebody who's more experienced. If I make sense it is interesting a A. It's a very weird time. The whole of the society. I suppose in much has more breaches breeches Publicity about said more responsibility for people. causes massive issues later down the line when they're trying trying to find the right song persons outsold that situation. I suppose the things come into this as well. What about cultural fits like like the payers analogy? The candidate faces Kinda like type company. Because obviously we talk about that in a way in us that you have to wait within the culture. That's in the organization. What do they pay attention into? Maybe a finance company be completely different from like a startup company. or or whatever and I know that's true from a social engineering With that silly I is that start to come more into this new people starting to look at cultural fit or is it purely skills still. Did you think I think it's I think the cultural aspect is becoming a lot more prevalent because again. It's a WANNA build permanent teams. I think that Contract and the way that works as great but it doesn't help build on the company culture. I think what's interesting is again. I suppose it foles down to like a novel. Way of recruiting industry gets a bad reputation is bats that might be a higher level of Chin for example because dozen agency. Maybe doesn't Company while they come much a person to culture and within six months they believe as falling Al's all the horror stories of them going somewhere else rebound same recruitment company But think it becomes an issue van on recruitment in general. Whether it's an agency ever is in house is if you're not looking at the culture of somebody and how they're gonNA fit within not white a team company as well as skills again you're going to be looking like in six up's a year's time full them when they leave the company again at bats wearing all comes down to is if people don't know what a candidate on a client wants guests to marry them Cut The gamma as a real big big issue. I mean again. As you hit horror stories of company culture like people going into companies and not fitting in leaving straight away and leaves a hole in the budget has been spent and then they conch anyone else and it just keeps his stories constantly. And I'm sure you have as well back. Culture is so important companies. Now if you don't know the Industry Doug David Company so you don't have a client you dynamic candidate. How can you help somebody to fill that role? How can you find the right sole person? Full van and build a long term relationship attention to the issue of recruitment times in the backdrop against. It seems like it's a numbers game Many people speak to so many kinds and you try and filling pillowy positions just how it should work. It should be about building relationships with the long term. If you can help them great if you can be honest and tell them and say what you are looking at skills. Point of view isn't around like unrealistic expectations. We can find somebody with some of those with a really good company. Any cultural fits and then you could help to develop them in grove a more and I think that's a again a big issue of why roles they would it take so long carole's to be filled with some companies. Don't see that kind of potential with people and Yeah I mean not makes sense to me because countering choose to you. Obviously there's a lot of towns out there. There's a lot of 'em positions out there and yet does the GOP. It must be something like that must be problems with retention and chain because otherwise it'd be solved just when you look at it. It's like the two things don't make sense. Lots of people want to the industry lots of positions on yet. We've got the GOP. It must be something other than just what I'm trying to say. It's a more difficult thing and this is what you're saying. It's a much more involved volved process than just matching set of qualifications. Say to a position and I think that is. I think you're right. I think that is why the industry gets about name because I think there's a lot of people just I mean shit like it's recruitment anyways Choon the whole in with throughout all industries. There's an awful lot of kind of keywords on CV's much just a positions. I mean I've got stuff years ago. I did smoke and procurement before it was acceptable to say that you would beg Genetic in procurement right and I still get from certain agencies that might be on the high street myself familiar. Names might have already been alluded to on this toll that say things like junior by physician. That in Aberdeen. How did you interview? Did you go. They think they've not looked at all the much. And if I did go imagine if I just said you know what yes I'll take that junior by position now and and then I added They did some research or whatever. No one told you about that as well but you know it seems. I think that's that's the thing that's got in the industry I didn't botany he but swipe people get so cross Tend to be quite public about it. You know this is the wave home. Isn't it because Part of the reason why people get a bad rap and why I think an issue from recruitment in general is if you don't know the industry or it and you know the technical I don't know how configure a Siem Solution by waving. Seems you got spunk. Alien Vault you've got curate out you've got different seems positions and they all have different functionalities charities in work in different ways. I know that you can cross over from one to another which is fine the anti now how to do it myself. I would never say I could because I be completely align but you say look at somebody's C v Vanik comes down to like recruitment Hennessy's where it gets a radio by reputation. Like you said Said is is keyboard. Matching you better. Still some agencies will do keyword matches on. TV's if you don't have a seventy five percent match. Magic instance jobs back as a company they interview which is Agnes Radio when you think of it when you have subtle difference of using eighty volt vote or curator which you it's like it's different paint. Isn't it the same to pay but you just do a different color. That's a really bad analogy. Bad thing to say but the the culture and the vibe of those companies a difference until you need to look at the candidate in and say right who's who would fit without progress in progress. The company is interesting to me. They said I wondered what sort of best practices out there. Who's doing it right? What sort of things from? Let's let's look successful from the corporate point of view of the company point of view. And let's let's see if we can get your picky brains obey for candidates about getting it right so from a corporate point if you who's doing it right what sort of thing or maybe not say names but things best practice g think in the recruitment side of it. Fool this industry I think I suppose. From a recruitment agencies I go to companies thrill I think recruitment agencies who are getting it right People who get involved with the Community Game Bowl of any industry in trying to develop that recruitment consultants to know more about that specific sector various developmental ever is infrastructure. Waiver is slowing the security. If you don't know the differences between development languages to develop those Uil you'll just end basically doing a keyword match and you don't Know How oh you can sell a particular role to a candidate. A candidate doesn't trust you to present them in the best way and then it becomes a very big numbers game that you just spam CB's and hopefully not one of them sticks and yeah. Hey It's all good fun and I think a agencies are doing it well take a real big interest in what they do as I said there is one on down in Cheltenham mentioned the names. They do setup toll to the security industry they they teach back recruitment consultants about the industry and about the skills and may develop about way not swear. I've been quite lucky. Here is I've been able to pick an industry but I have a love interest in because it was just after the toll toll breached I joined into people a huge press coverage of eight. Let me developed my own skills. We've insecurity so. I know I could talk two candidates about inclines about yeah and it makes it easier. You can help to sell the company because you know they are what they do in bad at tech stock and they know exactly what's candidate once and you can marry them up a lot better I think companies that are doing it. Well I suppose oppose they again. They're industry security companies a great finding security people. They know what are after I think companies are outside of the security industry convention also also find talent by tapping into the security community mentioned. Cj Self Eddie. As somebody who are ready ready like Brady Gal with is Nikola at Titania ahead. Nikola Aside that's exactly so I'm the nickel for a while. She slept she was really nice. Came to my rescue ones and did a toll cats logic and cardiff. And that's where I got to know it from now. But with the bay Eh accompanied Titania is really really interesting. But the way they handle ever Krugman policies strategies really good too so they look and and they Advocates hiring neuro diverse candidates What's really good about? But is the tapping into somewhere. Why companies may not look for because they add diesel again is not a as opposed to thing? People don't look at that as a particular area of candidates pool of candidates might light fits him about company culture is might not want to go out and my novels and be like a bully people who are like in the office all the time. That's a really good skill sets a half no but the people down in the ice is me yeah so MFL Paul. They've created by neuro diverse. SOCK which again it really really helped to plug the skills Something really ready. Good companies lie. Plays a big Logic if the radi without hiring they have a really solid strategy. I think it's the security companies know what they're after the band really really good at finding security people I think sometimes it falls down on a corporate level away from industry because yes they might not know as much again because the hiring staff within that bringing that security knowledge in yeah. It's really really good. Something gets the stump companies which are just not getting it at all. I think recruitment in general for some companies whether there may be a bit I suppose and this is gonNA sound bites a cake in the way they do. Recruitment so nowadays opposites on mobile will is mobile. I everyone does everything for Mobile. If you'll I love targeting people on different social media channels all looking at building at first company brands. You don't get to approve candidates anymore specially especially insecurity. I mean like you say everyone knows each other all like you know a lot of people know each other and kind of I think we watch watch. What the brand in a what? The messages are online a lot of the time you know. There's everyone has opinions on all the different companies if I if I do talk for a company and so it was a pleasure to work with or whatever I will get the full spectrum of us about working with any what a small what you said about Nicholas John Because actually that's happening to it gives them competitive Asif vantage. Exactly I suppose maybe an issue there and this is me just thinking out loud is not many people. Shout about what they do as well so that sounds again a bit wit but you think of so Levian. CSC SCHEME DECIPHER SCHEME. If you've heard about yeah yeah so busy MRI bad for anyone who doesn't they that letting companies sponsor events since get younger people in security now was really good about paragraph is the you can have a huge coal company event consent tasks Access to a young generation when that coming through the ranks security and I usually get is technically like grooming. Some of these come with you'll companies like doing a placement year in university whether they can radi does somebody and help to get them in finance. Another area of company struggle with is the now rav of looking at the five year plan will the even in the year plan of Riva's person has his experience competitive. It's past two and a half years but when they go home that playing Folks acclaimed bone humpback. Poppy Bob massive labs. They are so focused on security or the guy's been doing capacity has been doing it for five streets as Joan so bad missing. Sing out on radio talent because of that also dubbed kind of fixation on the Pacific person nor is it can open up site and finds brady not really good person who might be really good fit. I mean this is one of the reasons like when people say oh you know some of the events to venda focus by even the besides events events recruitment arm from small vendors besides Liverpool and there are a lot of vendors there to look for talent. I mean that was why they sponsored. That's why they showed off its why ran. CF programs because they really are looking for just to see people at way into see that passion and everything Mitch because otherwise it's drinking from a hosepipe isn't it. I mean we're so prolific as an industry online. It's hard I guess you need to see someone clips in personal personal sometimes just to save face as well as the talents. I mean this talent. This way Catholic Events and stuff like that. I mean that's to me that's always the best way of finding not the highest plays the best people. I've invitation Eh. But it's you find people passionate about will they. Do they going to to industry events and not just looking a role a role is more about them being insecurity in having passion and then you can you can develop by if you got somebody somebody with eighteen months experience who goes to many events as possible than is constantly looking at news feeds in. RSS Fades in tinkering around the lab and breaking stuff and fixing it to see the security issues. Are you can find some really really good people. I mean we know as a company who say any name because this might initially. They hired today looking for an intense come a bold which is a great way of doing it again having you grady develop but had this incentive for an interview and he turned up a narrow security focused company and he said that I need found the abilities of one of back clients and aboard the service providers that used and brawlers listed them abilities to into Alao. I'm not saying that's a good thing by is probably the last probably from the poll gamble gamble but how cold out like as an intent going. Doing that again advocating atoll Turned up and he was passionate about industry. He'd gone the net and they said that's really not what you should do. Probably Frown upon that. But do you want a fulltime job. Instead of an internship. densify right there men. He had Rayo Passion the security and you know he was doing. I mean I saw him to cross site scripting hack. I can do a live demonstration of ages. Seventeen may not really go but again. It's just finding a talent from somewhere else so little bit passionate and helping them to develop. I've been wrong with the industry generalists and again probably probably a will right here right now. That may it's never we bring this first non in six months or A. Give a be exactly what we're looking for a little bit help. It's more we need. Somebody can do this straightaway. And they've also gone to work also. This is is interested in terms of what people do. Stand out because I'm guessing receive e awhile ago and I was like I I haven't done a CV for twelve years or something. I mean because I'd because away from myself now and I'm not looking for positions. It's not really the type thing but also if someone wants to know what I'm like to it. Complaints linked in point them to the website and the blogs installed. Here is that something I guess what to believe not too is. How can candidates on dates distinguish themselves? I mean obviously going looking at someone's customers and food bills. These might not be the best strategy. Now that's the gamble you need to. You need to know that could go the wrong way. But all companies looking at things like online presence to do a bit of Oh sent and find out about candidate are they looking. I'm full volunteer. Experience Projects What's things can people do to stand out to make themselves look like like a potential candidate for some? The biggest fans is interesting when you Google allowing says Health Roy Levy is two pages. Keep into two pages in Joel Berry. Professional laid out a wage roy C v Nowadays in while I kind of look for why figures radio address thing when somebody puts a little bit of that personality in our a little. Bit of like project. So long they will do and has a little bit of individuality. I suppose it's different from point of view because I like reading about stuff like that. If if I was in a huge company that was two hundred applicants benefit. Come Horvat kiewit matching you fill to fruit down which is probably. Why don't find the right? So Oh people it's not true even insecurity though yes like a big company gets two inches Africans for whatever you say an analyst. I mean they've got to do an initial safe. Does that what they the initial safe stamp. I think some do still. You can't help in some do when some don't I think a lot of big companies nowadays may probably go recruitment urban teams and fifty fifty bibles of huge companies and they will have some dedicated to each sector. So I think that's a lot back to way of doing it. Just generalists in like I will keep up much. Send it to the hiring managers who don't have time to sift through and make sure that that Sol- people I think yes some companies still do the for us. It's all about. Finding with amazed. Specially slightly people are interesting and you Nova. They really like what they do. And I think we've online presence residents with it's all about putting your personal brand of that similar to how a company create our brand than they will be drawn to it. You'd have been security as well. So how much how much said goes on. I how much to they say narrow it down to five or six people. I mean typically right so not naming any names and really get into the locker there. FACEBOOK's linked in and twitter today look for anything that might look you know. I don't know extreme stream political views or I mean how much typically goes on. Give this dish. The the secrets are quite a bit but goes on me. They'll get talk about the news but I never thought of as a company again narrow up a security consultancy Bay do pen testing liberty. You get audited made you some real offensive with some of the candidates against Vestige Vince today giving me about ticket this because I don't have a ability to going selected doc weapon the Quebec background. So they do that companies. Do I will send in the candidates do as well which is radiating wig thing for in in into the situation so we had recently a guy hits a done his background To do the company which is roads but they need go real deep into beyond GOP And a sentence As maybe a bit too far like a deep dive guidances personal life because it hides the facebook all born of the interviews and what he does what he does a home in his family and his wife and in his kids names. And you think Oh. That's a bit too far. Maybe do your research led to. That guy thinks that he could impress them by saying. Oh you the dogs names fluffier Oversee student because that was a vigorous mall to impress them. That it's really great. Be a fine fine line of Amway invading. Somebody's personal life or am I doing research to get roll. Like a suppose that point of view if he'd had done research into is linked de adjust and his latent profile at all you would hit him at him and I know so-and-so who went to this person I see that as okay okay I think when you deep dive in somebody's personal life is Brady really kind of an issue but bettas posted to security professionals. You might need to do that. Because because Walt Online is online presence might not be the true version event. Save everywhere isn't really. I say it's creepy now. I'm with Doeth Dwarf Relieving Right but we you've after now even on a on a human based pen test on psychological parentis. You have to know where to draw alive. And it's not enough to say what they should have account lockdown or or anything. That's we have to draw the line as professionals national soup to do it in an interview again. It's the gamble isn't it. You WanNa show that you've done some research and capable of doing it before going to safety to a case study that number I say to people and I didn't go this vices but I honestly pick a case study because you can obstacles Identities companies and everything else. You you know you don't have to prove you don't have to show proof of it. You can just say no typically. I would look for these things in this situation because it becomes incredibly invasive and then the people I'm surely the interviews GonNa say well let's just going to be mentally against because yes we expect you to be able to do so mason like you've just you've just just looked at the reflection in the mirror and the face from my living room for ten years. Yeah exactly like research light of. It's such a fine line because I mean I suppose. Research into companies is a fine line. Because you can research too much like black candidate who found vulnerabilities not doing enough and you. You don't stand out to them as if you care about working for that company as well. We'll recruitment candidates recent out company story. Research against Canada's lives are fine linebacker bat. I think a lot more research does need to be done. Probably with him. Recruit mini general. Like I think companies need to research candidates mall in any theresa recruitment consultancies with more as well. Because there's no like a this is a good or bad thing has no vaccine that goes on. There's no like in a way way when you you start working with a company. I didn't ask for references for people like we have in the past. I'd be happy for him. But a new company who I install work Look into like people have in the past state they know you've I can do but if you're asking for candidates to give references when they join you as a company why did you ask a recruitment company via working with references of what they've done that's as a bit way it as well as a lack of research goes on ask when you get ten agencies making on the same role for a company. How would you pay them like? Why did you picked blind you to lose them is what can they bring you as a company to add value? That's really way while maybe we don't get reference to like a particular company about sees a bit bizarre. That wall probing. Nobody needs Criminal Industry because so many people claiming to be security specialists within the recruitment industry won the really awe. Aw as well right in anything at fistful. Identical to stand got the way the and secondly have spoken to people in the recruitment industry it would be sides was I mean I mean I mean you know. That's something that like. If you're looking for young talent particularly or you're looking for I I suppose most is it more special than generalists but you don't have people in the industry report the community Lifelong Landon then. A new tone even know what that is. I mean you have to go so we should know that such thing as security visa just the same we should know that this blackout odor death. Call if you don't even know the day I don't know how like recruiting chefs as well like you do chef on a Monday security analysts on a Tuesday he stays on Wednesday. A AH I did say one of my research and looking at how many agencies are in the UK focus on security. One of the people I found he he was a cybersecurity specialist for side twelve months eighteen months kind Amo Java script specialist also I mean that's like us fine and us. I don't know the person they might be completely genuine done courses. Within both of our Radio Java script unraveling like helping people find front enrolled rolled by. How can you cross that like again? I was looking area. That's ninety if you take a pen. TESTA penetration testers tight on only the nineteen people in London with that skill set will win by title is a joke. That's five hundred. Nineteen recruitment consultant me in Cyber Security. It security information security says what's up five hundred percent. Mole recruited recruit consultants. Van Penetration test is led. The knowing. diepen test is gonna be called something else but while I was about to say I mean I wouldn't Pentastar night profile but I do know about wife. I assume that people attacked the Never thought about it but it's really strange but then if you know the industry you know that you might WanNa put in insist engineer offensive security already as well ask security consultant all look with skill. Sell the tech stack of what they would quibble win. Whether they use like Kelly Moore whether they go more for like ideas like yes systems and I think again that comes down to like a research side incoming in again because if you know what the tech stack is offensive defensive. Then you're GONNA be bombarding people with emails that out to the like asking. Can you if you want to be a junior buyer again. But you're going to be talking. People are way if you'll Into two sold at background and we'll be looking for how can can you help. Find them a new job like it's really really whiz. They is found Harry's volume into perceptible recruitment consultant specialising security Nothing that comes down to the the competition side of again. The lack of Has a real big issue in. This is a supplier with whatever again. The industry has a real bad reputation. Is You get candidates. No weather details being sent and they stick to an agency that very vague about the company by working with they say I'll we'll we'll see if we can get you in front of them guy for marrying. It's a two minute coal just to find almost salary personal incentives. WHOA company is big guy? It was widely in identity. Access management specialists in their details. SET agency Hell. He'll aw like why would you not learn that. Just bizarre horror stories by the law. Good stories I love hearing hearing good stories of the horror because yeah the horror is just not Marin Speaking of the one thing just before I let again with like I wanted speech about the horror stories about the daft interview practices that you must have had over the years because I can't believe some of the stuff among yeah. I kinda can't believe it you know. I didn't undercover job for recruitment company home month. You know okay if you use goes undercover for for for an insider the threat. Oh my God well nest of Vipers. It wasn't security by the way and it's one that we've mentioned but you just kind of have my God God but you know in terms of interviews the swan the came of this was onto his. Maybe sort of the five candidates and they asked him to go in a ten ten o'clock and then they didn't interviews until four o'clock in like three the mid left and they said patience was the key that I mean. That's bizarre. It's like that was one that we had when we had nice one ahead about but that was a it was a developer role and one of the questions in there was if if a negative developments and they said it was all about like jal practices and how they could be like Super Job Lean and follow methodologies legit and they set off on one you to paint VAT wall. How do you do it and so they had this? What will I stop picking up the brush? They were explaining it. I know I the Brash I put in the paint cad. Stop doing illegal and the Guy I think. They said no none of the kindness Gosse right because what they wanted a here was somebody picked up the pain kind. A Little Dab on the wall went away came back daylight to sword. It looked like so I look like in different lights than decided by a different color of paint. Then they came back and painted the different Different colored different shades thing came back to their get it. They just bizarre. Like best is your that is psychosis his mind exercise. Something like that. It really is. I know the classic on a sales job. I want you to sound his padded. Somebody picks up the Panama Then they answer the phone and then they ring them back and say can you bring my pen back and you say yeah you can have it for twenty pounds. Let me just some really Brady Bizarre always doing I think what we just send soon like. Yeah I'd like a long drawn out interview processes like you don't need seven stages printing to you called identify. Somebody's but he's right In seven stages you probably doing it completely wrong and asking ridiculous things and if you give them a technical tasks which is supposed to take a week's worth of work they've got their other job going on all of the commitments. You don't WanNa find somebody because it's just too much to Alaska. People Anatole say free consultancy which which which is the epidemic levels in the industry certainly for you know. Can you commit enough to chat with us. Anything I've come in has a child tells you a few things and now you know I to me still happens to me I usually and then they just run with it. I think Moorefield me coming in to be than honest conversation but I think mentally doesn't I mean makes companies onto and they saw the nut lovebirds companies. Some of them. Do It really buy it again if it comes down to partnerships Michigan they make as well like if you if you already ready goods intenal direct recruitment team. And they know what they're doing and you've got people Novi Industry you don't the need seven stages because they can help sift out to relevant people get into the higher manages and they could probably do a stage because they know. The front-load work has been done. saintly procurement consultancies. If you working with somebody who's not sending you right people you're gonNA take between two people because they don't know what you you need. I love hearing Athens. Pride says I love the things in interview. I think it's brilliant. We had a device to guys sang company at have one of them spent most of interviews spinning on a chat because he'd never signed a speech before God and answering some of the West behind like like facing out the window fence who I was talking about. How much beloved Lennox after the interview? INARA Complete Lennox House. He got the job really bizarre interview practice but they knew a decent potential another guy who said company with walking around with full interview testing the Chaz to see how bouncing they were. How could sit? A Wary would sail cherries like reading Nolan interview and nobody liked him because it was just a really Wade said. What's going on here? I think it's it's bizarre like the amount of stories you had again the amount things on TV. I have seen some crazy stuff on. CV's might up. I get to analyze them from it sort of a slight relevant in the in the recruitment treatments industry because we analyzed. CV's for deception. Sometimes if it for very senior level jobs analyze the candidate's to deception. I like some of the things that come on these I think you can really get it wrong. Trying to be unique. You know you could try and let you don't pay snotty Shantou other and that people try and do that Very bizarre things like well. I've seen I've seen 'em The most bizarre couldn't even say okay because the criminal. But I've seen things like like one guy I like. I like to play Donnels Haha. My hobbies as taxidermy with wow a no one picked gone three to director. Maybe not seeing efficiency committee responsible position. So I've seen things like that and one lady said you know it as a question as a response to a question on an interview they he said to the the the way can be cyclical can be very busy. Then it can be a low. What would you do if you know? It seemed very quiet. Quiet you know. What would you do on a quiet time in in in the row? And she said am I mode entrusted in my amateur matic's so I practice my part okay and and drastic and stuff and then and then Lou to them our interview when when you ask things like some of the questions is a great question for any interviews it is you know what else just thought what else and the guy says. Well I pay my debt to society the end of it. Oh okay so tell me more about that on your knee at a conviction for very serious violent crime which nobody nobody. He was picking up on. But he tells you so in deception where people will say it but I just find that the recruitment side of it and the jobs you know interviews and things. This is a place where people just you see you see all of humanity. Some of his great. I love a weird entrust entrusts or Wade Hobby at the Boston. Because way maybe a bad thing a unique interest unique Albay because again it like helps to give somebody a little bit more personality. I I think you can take it too far with that animals vice-like ridden ridden theater masochistic this horizontal taxidermy was sufficient but like we have everything. Say quidditch department seavy. What's today brilliant? Let me find out more about is he's fat brilliance China. I liked by because it shows I mean is something. Go Bit. Different every person's going to have but you call go into Yukon apply for a job based on your love of quitted unless you get into a quidditch tournament Kevin but each unit quits isn't real it. What a I was watching it last night? And they're all of. It is a big big thing nowadays. How can it be same as NFL? Volleyball is just full. Has Been Made Up. MM-HMM I love. That's brilliant and if he's passionate about go for some on laugh city yes Komo's it's the gamble business it's Ju- I love Ilya Insights into this week. You know there are people genuinely you might not. You might not know how to do. It might be the first time that the five things might just be twenty years since the down and wouldn't you want to say what would you give. You probably ask this all the time I do appreciate you coming on Kinda help clarify Thank device. Would you give to candidates then. We should be specialists generalists generalists. How did they be saved roles? I think I think it's difficult. La would never class anyone as a specialist. All we'll Baby very very very harsh to say. call twenty five years experience in probably could really specialist. Yeah but but something new every day so you know. I think that's what I would try and stay away from his saying. I'm a specialist in this. I wouldn't mind advice to people is always to be on this to be self Adzic a little bit of personality within. I think you come be robot when you apply for a job because nobody wants to hire a robot even I is. You do need a little bit personality you might need to raise it infests sophisticates months the only honest in your background and your skills anew you give a very good view of yourself of what you none somebody will find you and will offer you a job. A MAC company is probably the best one for you if you lie and a company picks you up inevitable workout. We've had somebody before who again went for. A technical tasks went through like interviews as scholar developed a didn't know scholar but the ball. I'll try to be ended it because they go. We don't have how they did it but a they had A. They had a book amid Dascomb a second day saying how how to Code in scholar a knew nothing about how to do it battle Basma example of how not to be honest But like again if you if he lied you're GONNA get found out later down the line whether it's in the interview process but it sinks bugs into a job and ask you to do something you said you could do any interview you're GonNa get found. Dow How is going to have a real negative impact on you and on your career and I think it is just about being a little bit more passionate about what you do. The right logs tied talk about buying this evening toll masses about it but Elaine's mice battle. I might do this too. Little VIP has not if you have your lab and you set like a vigil machine you play around did a bunch on Hubbell. You're doing certificates and you're trying to To get your passionate sue something practical Sokolova if it is quidditch and you convince every day or quidditch skill into why all you'd be good as a security analyst back because I guarantee nobody else is doing it but he needs to back it up with whether you can't be a security throughout just a quidditch who avoided security. I think it's I think it to me. The recruitment industry is a little bit tie overcrowded crowded it may be the best food not of research goes on from accompanying despite the candidates perspective or crew agencies perspective. It seems very very fast. We need to move fast. We need to get this person hired fast. We need to find a new job fast because I love mccarroll or they took no very such on. on-site thousand this is what we need wet. Can we look at this basis while they won't do. What kind of companies do this really? Rainy took time. You'd find people would stain jolts. The longer you'd find you'd find a recruitment industry became a little bit better place to be and then everyone like the comes talk about reputation goes it becomes a much easier process to be in laughing. That's well for meal comes down to. Is that research side of it but knowing what you want to do in life maybe the next is cheesy Miss America kind of statements today. I think it's just true. I think Anna I really appreciate you coming on about this but also just to say that you did not come on push into people for obviously. I'm GonNa do it now right. This is is not sponsored or anything but when I've ever spoken to Jonathan on read some of this is what you get. You just got an honest opinion of the industry. I think that's really. We still have people wanted his enemy. You probably get a lot of people concept. You have to this Jonathan a day all right to do that. If we poster may be linked in links and twitter handles install install yet said is valid wherever industry drink to be honest. I probably go way too many times. brain works six goes off a little directions than it probably should. Lie is just about trying to help people and trying to be honest and it's the same for web you're looking for a job. Open securities same if you're trying to highest London security same lev you do in life. Dad Always said as long as you're happy and you're trying to make people happy doesn't matter what you do in life ultimately isn't it really. Maybe that's a bit too easy to say but as Monday morning so wind up Chilton cheese. Yeah well you know. I think it's billion John Really. Thanks so much for coming on and talking about the industry because as a site it's a huge topic at the Bay wins and I'm sure aww finds Waits on the rarely rarely useful seventh-row massively appreciate you coming on the show. And thanks for being a guest on the human factor. Thank you. I don't know how to build just chatting to me toys quite nice. If you'd like to sponsor an episode of the human factor security podcast cast. His is often inquiries at human factors. Security Darko Dot. UK and get your message to all of our lovely listeners. Thank you aw and see you again. Next time song

UK Jonathan Stock Doc London GOP analyst Liverpool Nicholas John Siem Solutions director Brady Finland Wade Hobby Red Sea Cybersecurity Daniel consultant Jenny Radcliffe Eve evola Twenty twenty
MBA1436 Sharing Your Long Term Strategic Plan With Your Team

The $100 MBA Show

14:33 min | 11 months ago

MBA1436 Sharing Your Long Term Strategic Plan With Your Team

"Hey will Welcome to the show. Good business strategies in your ear every day with their daily Tim. Business lessons for the real world. I'm your host. Your coach teacher Omar's at home. I'm also the CO founder of the one hundred dollar MBA business training in community online. And in today's episode. You will learn why it's important to share your your long term strategic plan with your whole team. Recently in our company. We shared our strategic plan with the whole team. We're talking the year ahead three years from now and ten years from them. What our goals as a company? We're talking details revenue growth profitability the size of the business and our employees the type of initiatives. We want to launch for the longest time we haven't shared harshest she plan with every single employee every single teammate. On on the team it was more of an upper management discussion variously encouraged to share it with every single personal team and in today's lesson I'm gonNA share. Why life what impact? What positive impact does that have on your business? Why share these grand plans with every single person for garlic? Garlic of oppositions are in what are the benefits and how will it help you actually achieve those goals and actually implement the plan on a day to day basis this this could be a difficult task for many people. Especially if they've been solo per nuring for some time they're the ones making all the decisions and as building a team they forget to include them them in the decisions that been made sharing. Hey this is what we're going to be doing for the next year. Three years ten years the whole the cards really close to the chest in today's lesson I'm going to share why that's a mistake. And what are the benefits for sharing your strategic plan with your entire team and also how to do it how to actually roll this L. and presents to your team so let's get into it. Let's get down to business. Today's episode over one hundred dollars Show is supported by podium putting it helps thousands of creators earn money from their passion. It's an all in one digital storefront that you can sell horses sources memberships and digital downloads in one place. It's the most creator friendly platform on the market with zero transaction views. A super friendly twenty four seven life support team no matter what plan you're on so they're going to take care of you even if you're just getting started from scratch cody is that it eliminates all the technical headaches that takes care of every aspect of selling your course or membership or digital download. If you've got video courses they do the video hosting for you to charge your members on a reoccurring basis for a membership ship. PUTTY takes care of it. You want secure way for people to download your products when they pay for them they take care of that to the also offer free migrations on their Shaker plan festival. PORTIA puts their money. Where their mouth is? They have a thirty day free trial with no credit card required. See if you don't love it you don't pay a penny when you're looking at a online course sell any kind of digital product or start a membership site. Check them out and support the show by GONNA PORTIA DOT COM slash. NBA That's P. O.. Dia Dot com slash MBA before we get into details of why you want to share your long term strategic plan plan with your team the benefits of it and had to do it. Let's talk about what a strategic plan is. It's basically a very simple document. This could be five or six pages and I. It's simply a Google Doc. We prefer Google dunk because everybody on our company has a company email and we can easily share here this dock with anybody with a company email and the doc is basically an overview of what our mission our vision is with a company is all about what we do who who our customers are how we actually acquire these customers but then he goes into the details of what we want to accomplish in the next year in the next six three years and in the next ten years and it actually starts with a ten year plan. And I like that because this actually gives you a broader perspective on what you're trying to achieve in the long term a ten year plan a really allows you to see where the company is going what the ambitions is our and also sells your police when they read it. Hey this company is here to stay and actually has a plan for the next ten years that really inculcates a lot of confidence but but even just for you as the leader you understand. Hey this is where we see ourselves in ten years when you have a ten year plan or a- tenure vision you really start to realize wow I gotta think big I think a how M- really going to influence the marketplace and really help our users than the people that we serve serve customers and this plan has detailed numbers like how much revenue you're gonNA make every month will your profitability goals. What's the size of your your company? How many employees? What some of the products or features your products will half what are some milestones or? Maybe there are certain people you're trying to connect with in your business people that are that you would love to have his users or clients who's on that wishlist for your clients. So that's the ten year plan but you're under the same thing for three years as well as the next year two thousand twenty and then you break down that year that you have head into quarterly goals. Quarter one two three and four. What you you're going to achieve in each quarter? What's the focus? What are the outcomes? What are the deadlines so you understand? What the focus is for the next three months? It's a very very clean and straightforward strategic. Plan that looks ahead as far as ten years as well as the next three months onces nears three months shouted Dan Martell. Dan Martell DOT COM our business coach. Who shared this Strategy with us the strategic plan we implemented it And it's thanks to him so now that you have your should planet and by the way it took us a good to full working days to put together there are strategic plan. A lot of discussion a lot of No taking and writing down and really just trying to figure out where we're heading and this is a group exercise anybody who is in upper management. You know we met with me. WHO's the CEO the COO Nicole as well as our CTO Taylor and we really went through the whole document? point-by-point made sure that we were happy with the answers that we knew without a shadow of a doubt. Some clarity to where we're we're going in the next ten years three years year each quarter. Now once we nailed our strategic plan it was time to share with the team and this is the leap. A lot of people. Don't take Jake we decided. Hey why are we just keeping this to ourselves. Let's share with every single person that works on the team to the understand what they're working towards the also so can see how they can contribute towards those goals in whatever role they're in this is incredibly helpful and I'll share some of the things that I learned through sharing drink the strategic plan with the team. So how do we do this. Well we do an all hands meeting this meeting with every single employee every single month and it's a video call because we're a remote team team and there's people around the world that work for us so we wanted to make sure that we address this strategic plan in that meeting so we dedicate about twenty minutes into the meeting. We went through the document. Would you go into super detail. But we went through enough for them to understand the highlights but then after the meeting we said we're GONNA share this document with everybody was shared in the Google doc and we said Hey. Do you have any questions. Please let us know. Want you to take your time and read this in detail but we went over the highlights at the meeting itself. We didn't get a big agree action or a lot of feedback. I think we'll just kind of absorbing what they heard but afterwards I got a lot of private messages and on meetings or on calls got a lot of great positive feedback from the team saying hey I really found that useful. I now understand why we're doing what we're doing. I understand our wise accompany more of the things I was really surprised by how inspiring it was inspired. Wow this is where we're going in ten years is what we're going to do with somebody's GonNa look like this is incredible. I WANNA be part of it. It also instills confidence in your team. Like hey this team. This management team has it together. You could be doing this. And if you don't share they don't no no it. They don't know what you do behind the scenes but when you share they're like Oh wow. The Siem actually has a plan for us and that management really has our backs and sharing sharing what they've decided with us so that were in the know so it gives them confidence in management in you but most of all what this does by sharing your your strategic plan with your team it gives them the blueprint of how to win the understand. What winning looks like this is what winning? Looks like at my Mike Company and this company. If you feel like you're winning these are the things that we have to accomplish. Managing you're playing a sport but you didn't know how to score your know what would get you points on the scoreboard. That'd be incredibly frustrating. And that's how things are in a lot of companies people show up to work. The do the tests are told but they're not really sure if they're doing well or not with a strategic plan could say. Hey you know what I'm doing things towards the plan towards the goals we have in the near future and in the long term future now even though we shared this this strategic plan. This is not the end. It's GonNa take more iterating more time more discussion. We're going to have to refer back to it in our next all hands meeting we're GONNA have to talk about it in our retreats people need reminders and we all need to be reminded of what the prizes what we're trying to work towards so this has got to be something that it's not just shared once and just forgot about has referred back to it's got to be like the scoreboard. Look at the score. How we doing have we hit our goals for the quarter for the second quarter for the third quarter for the fourth for the year? How far are we ahead? When it comes to our three year goals? This has got to be something that is opened over over and over again and referred to constantly because it will remind people. Hey this is what we're working towards. Let's not forget so this is just the beginning for us. We're going to continue continued. Refer to this document and something that we're always going to be reminding. Our team of the next thing is this is a working document. Yes you want to make sure the you know the the majority of it is intact and followed but you may need to make some adjustments as you grow. You might be a head of time you might be a little bit behind and things. Things need to be carried over from one quarter of the next. This needs to be clear to the team that this may change. You gotTa keep on looking at it because hey this is the plan but but we may need to adjust course as we move closer to the destination. Guys I'm more on today's topic before that. Let me give love to sponsor support for today's show comes from Motley fool if you ever wondered how to invest or struggle to understand how to make your money work for you. The Motley fool is just what you need started by two brothers. Tom and David Gardner. The Motley Fool provides advice and guidance that cut through the noise of standard business sections and websites in offer simple easy to use analysis to help you understand stand the market. Their Flagship Service Stock Advisor provides to stark recommendations every month with daily analysis and coverage designed to help you beat the market. They've become well known analyst identifying the leaders and trends before they become everyday aspects of life. They recommended Amazon in Nineteen ninety-seven Netflix in two thousand four four and marvel which is now dizzy in two thousand four to Kick Start Your twenty twenty financial goals Motley Fool's offering five of their favorite stocks for free two hundred dollars a listener. I just go to fool dot com slash. NBA again. That's fool dot com slash. NBA To wrap up. Today's lesson. One thing thing I want to pass onto you if you resisting sharing your long term strategic plan with all the details of all the numbers all financial metrics with the whole team if you were assisting this you feeling Hamas sure of this the right move. You're uncomfortable that ask yourself this question. What harm does it do? What are you really worried about? What negative negative impact will have on your business? You might be surprised that you can't really articulate it because there's really nothing to worry about and even if there are wait. I'm against all the positive things I mentioned in today's episode. You'll find that the positives will outweigh the nicotine or the negative reasons or are the things that you're worried about these. Probably you don't know for sure are even real these people that you hired your team members they are in it with you. They are building this dream with you. Give them a roadmap. Give them something to allow to understand where they're going so they can do a better job for you so they can help help you achieve those goals. Thank you so much for listening to hundred If you'll hear hit subscribe right now on whatever. You used to listen to podcasts. Whether it's apple podcasts stitcher radio spotify overcast or on 'em all by hitting subscribe. You're telling the APP. Hey when the knicks episodes available let me know nobody ready right on your device before a goal. WanNa leave you with this. Planning is one of those things you need to make time for Nicole our. CEO and my co-founder offenders may time in the calendar for us to create our strategic. Plan to make it happen. If it wasn't in the calendar I would have been busy with something else. I would have found something else to do. So so if you don't make time for it it just doesn't happen. Make time for planning planning is so important because hard work is important but if you're working on the wrong things you're really spinning in your wheels and wasting your time your money or energy planning allows you to find out what you really want angle for social listening and I'll check you in tomorrow's episode. I'll see you then take care

Motley Fool Google NBA Nicole CEO Tim Dan Martell Omar CO founder knicks PORTIA cody apple Mike Company Jake Siem nicotine Flagship Service Stock Advisor spotify
"Love & Bananas" - Rescuing Elephants with Actress, Director Ashley Bell

Green Connections Radio - Insights on Innovation, Sustainability, Clean Energy, Leadership, Entrepreneurship, and Careers w Top Leaders, Women

21:22 min | 1 year ago

"Love & Bananas" - Rescuing Elephants with Actress, Director Ashley Bell

"Today, you're going to meet starve stage and screen who was putting her fame and talents where her values are she's using them to shine the light on a huge environmental issue that frankly, is also quite cute. What you may not know about me, even as an avid listener to green connections radio is at one of my favorite parts of being in Kenya. And Tanzania was the elephants they in the drafts as well as all the animals are so magical, and frankly, even mystical they move so gracefully. They communicate with each other in fascinating ways. They look after each other, and even the babies are huge compared to us. I pictures of many of them in my home, too, but elephants are desperately endangered by poachers and other threats they were somewhat protected for awhile with President Obama's regulations. But those regulations were lifted by his successor. This star is leveraging her creativity to tell the story of these endangered and beloved animals from Asia and in a clever way. Welcome to green connections radio where we bring you insights, and tips from remarkably innovative women, particularly about corporate responsibility energy and sustainability related issues. I'm John Michaelson? We talk about innovation leadership technologies and careers. Always bringing a new perspective. Find us anywhere you like to listen to podcasts on green connections radio dot com and through my Forbes blog as well. And please pass it onto your friends. We are live here at the Earth Day network climate leadership gal in Washington DC, so you will hear probably ambient sound. And I'm delighted to introduce this fascinating woman. Her name is Ashley bell. She's an actress renowned across film television in theater. She's most recognizable for her critically acclaimed roles in the last exercise them for, which she want an independent spirit award. It was nominated for an MTV movie award. And I wish you could see your cushy looks quite elegant. But this is radio. After all, she has also starred in films that have been Staples in the independent film festival circuit premiering at Sundance south, by southwest Tribeca and TIFF, which I believe is the Toronto. International film festival. What brings her to green connections radio today? However, is that she directed wrote and produced her first feature documentary called love and bananas and elephants story, which qualified to be in consideration for the Academy Awards, which was great, and she's currently executive producer of global docu series entitled elephant chronicles, welcome to green actions radio. Ashley, and thank you for joining us. Thank you so much for having me really an honor to be here. Oh, you're welcome. You're welcome. So I must confess. I don't see a straight line from the last exercise to elephants accepted. There's a lot of horror and how these majestic animals are being treated. Tell us how you came to focus on the plight of elephants in particular, in the first place, for sure. A close family friend of mine. David. Sleman owns the Cambodia wildlife sanctuary, and they were looking for ten years to rescue Asian elephants, and release them onto the sanctuary. And when I heard these elephants were being released said, I gotta go. That's a short story. It's a happily ever after story and intrude documentary form. It was anything, but we got there and it was it was a disaster. The elephants were covered in abscesses and severely malnourished. The forest was on fire, and it's, it's a shock to actually I'd never seen. What deforestation looked like until I saw just clear, cutting across the land, but through it all there were these elephants e you know, the tie from acting to directing writing producing his telling a story, and I wanted to accompany lecture world, renown Asian elephant conservationist rescued those elephants, I wanted to accompany, her on an Asian elephant rescue and film, and take people frontline on an action adventure story. That's what we did where exactly were you? I was about an hour. Fifteen minutes north of Siem Reap Coolum prompt. That's the name of the province, I was in, in Cambodia, and then for the actual rescue that takes place in the film. We rescued an elephant. It's really dependent on where that next rescue is going to be, and we weren't going to be picky with an elephant. You know, it's who's ever isn't next. We're going to be on that plane to catch that story. So we film, the actual rescue, you see in the film in contronting, Bary Thailand, which is in the southernmost part that shares a border with neon mar. Yeah. I thought you were in Thailand, the yet and the trailer is in Thailand. So is that how love and bananas came to be? I mean that you saw the plight of these animals. And by the way, I love the title, we can talk about that in a minute, but you just embarked on a story spontaneously being there. Or did you have an idea that you would craft it before you go because doing production like this is not something that happens have hazards, as you know, better than ninety percent of the population. So were you prepared to do? A production when you left on this journey or did it just kind of evolve out of the moment. Right. So in the initial trip, the goal was strictly short film. And then when I saw the truth about what was happening elephants in met lecture there, then I seen footage on her ipad of an elephant rescue, and it was just this ipad captured footage. It was the most terrifying exhilarating hopeful footage. There was so much hope in it. And I asked her if I could win the next time came and from that point was actually two and a half year long. Wait with several false starts of an elephant would seem like it would be a pa- rescue up for rescue, and would message me and say, can you be here tomorrow, and I was like let me try the gallery buddy in call change for balance, combing team, and then it would be sold to attract and camp or sold to a circus. So when we finally got the call that Noah, who's the elephant on, we rescue, in the film was neck. And this looks like it was happening. We had a week to get everybody together, and go to go to Thailand. It was myself and three guys two guys from change for balance in one sound guy. Swing. And I jokingly say, I took three guys into the jungle on this is what I got skewed. That's great. That's great story. Why Asian elephants and said of African ones which are hunted by poachers here. You that you were inspired by this particular story. But if you want, we're going to step back and look at the threats African elephants are being killed for the ivory in their tusks, which also horrible. So if you're really going to go and tell the story of elephants, I mean is that something else that you're going to pursue or menu? We're just focused on what you were seeing at that moment, the situation, African elephants are facing his horrendous and African elephant dies is slaughtered every fifteen minutes. But in looking at this, there's been a significant amount of coverage in there's never enough, but. Lot of people are educated on the plight of African elephants when I was during the story and looking around not many documentaries or videos, exist on Asian elephants. So I found there to be a space for the story to tell there was an opening for us. It's funny talking kind of in the conservation world. Asian elephants have the rap of being overlooked yet. They're kinda like the frumpy younger, brother her, and it's because this situation is so complicated. Because Asian elephants are the elephants were most familiar with definitely in the states around the world, because they're the elephants we see zoos, and circuses. There the elephants that if you go for an elephant ride or by an elephant painting that will be done by an Asian elephant because at first they seem more docile due to their temperament, what happens is when an Asian elephant is crushed, which is the process that turns them from wild elephants into a service animal. Their demeanor is different than African elephants. So once they're crushed Asian elephants still snap all the time riders will be thrown or there will be attacks out of defense, but it's after a buildup of instances, African elephants are more where their emotions on their sleeve, so to speak. They're more. They're plays more if you're in their area, they'll confront you about it immediately. That's not the behavior of an Asian elephant, which is why they're kind of used for more service until that elephant has had enough of us. Also the number speak to there are around in the numbers have changed. Surprisingly, since the film, that's come out. But I wanna say around four hundred thousand African elephants left in the world, but only forty thousand Asian elephants, a third of them in captivity, which makes Asian elephants the endangered of the species. Wow. So I did see in your trailer quickly that you mentioned that these elephants are crushed. Explain what hap-. In being crushed all when I saw the visual, it will look like they were put in an open, bamboo box. But I couldn't really tell yes, so the footage, we got was filmed by lecture misses her work, the world renown Asian elephant conservationist week work with that. She went undercover sometimes, and then filmed in plain sight, other times, this is also the one bit of graphic content you show in the film, a little bit of it to contextualized what these animals have had to endure. So to crush an elephant in elephant is taken away from its mom as a baby. It's putting a box and hide up on all four legs in beach straight for twenty four hours for a week until the bond between the baby. And the mother is broken and replaced by the fear of man and the fear of whatever tool man is using if it doesn't work after the first week it's repeated again, they're in this box, and they're beaten in this box. Yes. Yeah. Most of the times, it's the box sometimes they're tied up with rope. They are a wild animal. Elephants cannot be domesticated. It's a wild creature. So the bond has to be broken if you see an Asian elephant in the wild and you try to ride one that's gonna be the last thing you do. I don't mean to laugh about that. But to give you a context of the power of these creatures, and that also gives you the context of how much the elephants that are in the circus have been through not just training. But how much they've been through in order to be tained. That is correct. So after that process than they go into a training camp where they're taught to paint and give rides do tricks and play basketball or play soccer. So that's all that's all taught to them again through accrual method. And when you rescue them where they go when you rescue, right? So this rescue I was working with child. So this elephant was brought literally five hundred miles across Thailand from contra berry to Chiang Mai at elephant nature park, which is Lexcen Schweri. And I think there there's a lot of elephants now. So they they're acquiring more and more land, and they have satellite sanctuaries, some, which are way, more wild in a sense where there's no human elephant. Ttacked you watch on an observation bridges. They rummage through the jungle and scavenge for food. I know lack is turning elephant nature park into that more observations model where it's no hands on elephants. Can really just be elephants, but elephant nature park. Interestingly is the number one tourist destination in northern Thailand. So people crave being with elephants as elephants what you do. There is you work for the elephants or you go and you cut corners and cut grass and shovel elephant poo and every elephant the been through so much abuse or some teeth. Some don't some old so they all have digestive problems just like humans. You know, so they all have their special menu that you cook for them of watermelon a rice balls are everybody every elephant has their favorite foods. They like they don't like some don't like to Merrick balls. You know what I mean? So you work for the elephant, people love it. And it's fabulous model of ecotourism. Wow. Aiding what? Is the series about? And how is it different from love and bananas, by the way tie read how the name came about, but explain the name love the okay, cool, love and bananas is when you visit elephant nature park. Lack doesn't believe needless to say doesn't believe you should use bull hooks or any tools of force to guide elephants. She believe you can guide elephants with love and bananas. And a lot of bananas and a lot more banana, a lot of big divas on the set just tons of an Anna yet, so love and bananas. And we also wanted to title that would be approachable for kids and families to see 'cause other than that crush box footage, which is we really edit it down to just the dose that you need to contextualized situation. It's an action adventure film, and it's been so exciting kind of touring with it. So many kids have come. I think our youngest was eight years old. And he said, this isn't a film about elephants. It's a film about all animals. Yeah. And after I utterly cried and gave him a hug. I. Oh, tell us about the docu. So the docu series very excited about it, it's a project. I'm developing with a company called silent crow arts and what it is. It's a show called elephant chronicles, and it features the world's really dives into the matriarchal world of elephants. So every episode is a different country, a different elephant chronicle, a special kind of relationship issue, or situation, or interaction, that's happening within the herd. So we're filming the world's largest matriarchial society elephants hosted by three female hosts a rotating cast female directors and female executive producer show runner and DP. Because interestingly, what I learned was in the elephant world eighty percent of the conservationists are female. So we were like, as we are putting it together. What's going to serve the story best a having this very female Centric team. So we're really excited to try something different. Oh, that's very cool. So I have to ask you, a couple quick. Questions you took a huge risk in the midst of a thriving career to go off into this journey. Did you have to put aside other roles talk about the transition making that choice not at all actually flow during during the process during the making of this film? I did ten movies and a Broadway show. Yeah. Features. Yeah. In L. I'm from LA there's downtime. And it is the worst the worst is the time in between jobs and you have to stay creative. So the fact that it was still under the realm of art. You know, directing writing producing working with cameras working with lenses working with color, palettes working with score gathering inspiration pieces gathering concepts ideas, it was all kind of housed under this umbrella constant creativity, which I find the only way to serve in that city. So I really I want to ask you towards the end of the trailer. There's a marvelous photograph or footage of you enveloppe by three or four elephants. How did that come about was at staged? How did that happen? What did you feel about it were you ever scared? I mean talk about that, for sure. Well, courage. Everyone to check it out in the film, just quick plug available on stars all the time and also available almost globally on itunes and Amazon and YouTube. Download and you'll be at the DC environmental film festival and more. And I'll be hopefully going back to the DC environmental film festival in March. But no, it was not stage. It was literally a magic moment that happened with lack. We brought out a bunch of Yuki knees as an offering to put out on the grass and lex sat cross-legged, and I sat next to her and before we knew there was one elephant, and then another one eight over. Were you. I mean they were they were literally over you like they formed a tent. No. We were waterfall by their trunks, and it just was absolutely. When, when you see it, it's the footage is, like real time, so you can see definitely the surprise in my eyes because one tap from them as like whiplash. You know, but then I looked lack and I just that way that lack has. And I mean I took a deep breath and just flowed just flowed with them. It was incredible trust them, and I trusted them. So you didn't feel threatened. I definitely nervous at first. Yeah, 'cause I could've just been. Yeah, I'm a redhead. So just a red splat but, but no, the trust that they trust in lack and lack said, you're my family. So they see you as my heard, and I just like that was well, I think also with animals, if you demonstrate fear, they pick up on. Yeah. Around lack and she treats elephants with such dignity and such respect that somehow these elephants that have been through so much are able to somehow forgive somebody in human form and learn to love again. It's unbelievable. The worksheet does, and you instantly feel that when you go volunteer or around her elephants. Yeah. Wow image. So what vice would you have for woman in mid career who, like you wants to use her education experience to make a difference? When you've done is you've used your creativity in a way to make a difference. Right. So not everybody does that not everybody finds a way to use what they're already doing to make a difference. So what would you suggest Trustor gut? Tell your story and you will get everyone in the world saying not you and all those people will be the first caulk you are successful. Yeah, it was a complete uphill battle to do this film, except for the team that believe in. Me from the beginning and the team worked with and it's gonna be terrifying. They're going to be moments where you don't know what you're doing, and they're going to be moments where it's scary to do something a little bit different. But I so encourage people to blend their advocacy with their passion, because then something truly incredible happens. And I learned that from watching lack constantly put her energy out out out gift forgive forgive forward and the people I've been lucky enough to meet. I attribute elephants in helping me find my voice as a writer as director, even as an actress tell me find a stronger voice. So I encourage you no matter how scary to, to trust in that. Don't give up at beautiful. Thank you so much. So thank you so much for joining us today on green sections radio. Ashley bell, and thank you for keeping a focus on one of the most important issues. And as you pointed out that often gets overlooked is there anything else you want to add before we close. I did want to say really quickly that just last week. It was announced that the Highland department of foreign trade, I believe just overturned a Bill that's going to allow elephants and elephant parts to be exported, and that was a ten year ban on that. So currently there's a petition that people are signing that Lek is championing. So please go on. I think it's a change dot org. Petition. You can find it through any of lex Facebook through any of the Lovin bananas sites. We have the link so sign that and tell your friends and keep a tune. So are they lifting the ban? Is that what they're going to lift the band? Yeah. That's what lack is say. Yeah. So if you wanna take action signing that you really healthy great. Yes. So tweet to us how you will support saving these majestic animals, including maybe signing that petition. The elephants who are so at risk in both Africa and Asia, you can post it at green connections, radio dot com, you can post it to my Twitter account, which is at John Michaelson are on our Facebook page, you can Email to us. Green connections, radio dot com. Us on anywhere. You listen to podcasts. I tune Spotify. I heart radio tune Institure. You know, the choices and bring connections dot com. I'm John Michaelson? Thank you for joining us to. Checkout. Some podcasts from one of our new sponsors about a dozen great shows focused on lifestyle industries on mouth media network with top brand executives industry leaders, and innovators in fashion, beauty travel, real estate content creation, and even spirituality industries and more checkout mouth media network powered by Sennheiser on itunes Google play and mouth media network dot com.

elephant nature park Thailand Ashley bell John Michaelson executive producer Asia MTV Academy Awards Cambodia Tanzania Kenya Washington President Obama Toronto itunes Sundance Siem Reap Coolum Tribeca pa Highland department of foreign
Crisis On Infinite Earths Parts 4 & 5

Channel 52: The DC Podcast

52:35 min | 11 months ago

Crisis On Infinite Earths Parts 4 & 5

"This episode of Cape Some Lunatic Sidekicks is brought to you by tweak Danica get awesome headphones get tweaked audio dot com and use the coupon code. Southgate get thirty percent off reshipping tipping in a lifetime warranty where can get there through the link on our website southgate media groups dot com and they still Parak- annual listing vacation Luna take sidekicks. podcast sweet sweet. Love to the time running appropriately. I Yeah I know. It's time to the multi verse anyway. That's right we're we interrupt. His regularly the rescheduled before the bath. To bring you the last two parts of crisis led to the verse. I am filled joining me as always the newest resident of Earth Prime Alpha. David Hay sewn took one day shipping. It's like picking a racist letter fool's gold versa. Shortcut and eh one again. I think they were hampered by one. It's the CW budget to time constraints. Three three they had way less characters than the original comic book series. Had Yes so yes the son of a gun so yes start off a flat at vanishing point. Yeah you know Tony Stark's recording his message. I mean Brian Choice recording his message. Or renting it down I am shame at is just like oh can we keep Hickey. Kick off waiting for captain more will become and just pick up that whole vanishing point always introduced blue beetle and booster Butch van where they had the chance. If only the criers luther. So good they said well no you you know sure comparatively shore I mean the paraphrase. What choice that? It's like. Yeah he he plays a really good Dodoo Shbak not playing the plot twist if if they really wanted to get better they would act. Charlie Siem somewhere will that he's under a piano. No Ashton Kutcher that that would be the. That's what the kids like the Ashton Kutcher yes acted Ashton Kutcher other. His name's Christopher. So you know Chris Cooper grace with Christopher Tuesday as a whole thing. Yes but that seventies known go kagan seventies and that's a that's a good something a good twitter handle or something that's seventy Charlie. Though all ULTA aalto cow Zieger Alpha Count Seventies. Are It can you. Can you explain to me where they thought they were going to teleport to that. Hilmi teleport or they're trying to make it gave me you on lake flash back like this doesn't seem like it was all planned Out Very well but again the universe is gone. The multi versus going. Where you're going to tell you to your own little like you do A- although I love Melissa stained with the Easy Universe Akmal you other Melissa? We can't lose any more good people. Thanks Volunteer inlex resembled that count. Yes yes yes I will say that. Let's heaven won me over but it's been good. It's been bearable. I appreciate still very hammy again again. INSIST CW. I mean I think for that Smallville was on this you gotTa be before. CW had a real budget and Rosenbaum. There was nothing nothing hammy except for maybe laxness except for maybe laxness is the only handy performance in all eight seasons so whatever them and then now it seems like maybe they're arguing like the comic book route where he was just like. You know the master supervision before crisis now after crisis either gonNA be a businessman. or He's he's going to be president. Maybe one wins the Nobel Prize. Exactly that there's enough for Tyler's also so yeah by the way Tyler Heckman Superman. Lois has lingering lit so that happening. I really do feel like much is GonNa that John Acquires. Here's lex is going to be there. Oh Yeah Oh yeah. This is all foreshadow. We prelude it's fine if you like. Cryer congratulations okay. Here's here's the big questions. Since I we I mean supergirl godly one more season. They renewed it for at least one asked about women's review. Everything's we're seeing A renewed that super interesting. But that's GonNa be the last season does so let's just what this was it on the borderline it'd be like they gotta make rooms at Riverdale Universe and That Dollars Universe Dislo bad lead them. He's actually doing pretty good and they want they want younger that Riverdale universe star girls coming. Yeah Matt excited about that saying you need room for that to be out Saturday night. Twelve it's fine affiliate programming. It's fine we now. Oh no I just had a thought knife baby wall. We'd have a yeah a girl girls night with supergirl about women. What if they do star girl on the same night whenever it is with Green Arrow and the canaries clam fake off? All people love it. Yeah it's just starting to climb fast which you originally the CW. It's kind of funny because originally so w actually. When Don shop was headed the program before my pets gaming it was all about winning eighteen? The thirty six. And we'RE GONNA turn that tide right back you eero convince we need dos ruined in here. You know supernatural been hanging by a thread for fifteen fever resolves Yama Supernova man. Don't ask me we ought not to expel. It's really funny. How the tide is turning right back into that really W so? Let's make it more aren't Ida thought on apple will get the green in the canaries So Oh yes oh yes berry tries to do something with the speed force his unsuccessful and that's when Oliver Or the Specter has the second I hate. They hate it like adults. I don't like these choices. Would you rather have just dead dead honest man rest in peace rest in peace will get. I think they did this. So it's like. Oh Hey you know. He can return to do another crossover they did. It got it sucks. It kind of defeats the purpose of that true ultimate heros sacrifice thing. You know what I mean. Yeah I know Um but I did. I did like did like what they did. Was Katie. Lots in these two episodes yes. Oh my God thank God I me relaxes on legends. I could not stand her. I'm glad you know it it. It was a problem. Well it was the Mona Shell last season. Yeah yeah she that. Boil down to her heaven slowly being down to caricatures of their former selves Rebecca. And it's good to see them bet. Yeah Dr Ferret Mick. I'm just saying really. I know you're backing up. I mean I really enjoyed her in these in these two episodes like I was thinking we really I mean. I'm willing to give the green air in the canaries a chance unlike tyler. But I'm I was thinking we really didn't need Oliver's kid I mean we one new Green Julia Hockey Day we get ahead. Katie Lutts in Britain are Haiti. cassie forget Rogers. There will no. I think he's GonNa divorce divorce. I saw our thought I saw somewhere like a week or two or at least a week together. I guess she's getting the worst already. Says can be Katie calf. Yeah yeah he on the dry well you now. I'd like I'd like to make the trip of their given my last name. I don't know ooh ooh Nice. Yes Katie Cassidy can apple gobble inappropriate first off. Can you videotape that anyway But no like I was saying I just I don't know if I thing Zingani Green Air and the Canaries this whole future thing. I'm like do we really do really need future like they don't. They didn't want to commit to start. You know twenty forty two writer. It's Kinda sorta combat that whole thing just like justice for baby. Sierra baby fear like that that would hurt Hurt the most. It's like Oh but kanner but we could. It's just the whole Bain. I'm very upset. Well we'll get there too KUPA stroke and whatnot change will they. I mean they should have continued with I mean they should have continued food with the present story I even though he probably doesn't want it. I was like there's they should have been only two characters have should've had to choose from the replace Oliver. Either diggle will or Sarah. Yeah so yeah you know we you. We kept holding onto to probably best opened up for. Oh Katie like that and I was GonNa say that David Ramsay the Green Lanza. Dave Ramsey's gonNA move onto either not been on Showtime Bureau Moon. Well actually I really like. CBS Kovacs he had a contract on-track tedious choose. So he wants to launch tomorrow. And Hey man what's more steady than a procedural. CBS let's just been then on older. Say put him on Picard. Obviously that that's good it's steady work and you don't have to worry about doing something true or do a Mo- cat and all that other stuff that all that have bigger plans for navy ran. Sorry a good lawyer show or something you know where exactly. Yeah Amy Redo who I don't I don't know I don't know but I'm working on one of the most people shows. So what did you think about when they were like stuck in the speed force. We the memory flashbacks. It wasn't late. I don't know like supposedly your tearjerker. Says it didn't do anything for me. UH-HUH I. I wasn't here first time. We saw you know Audi will ever be able to recapture that. I where he's running through. We see all the little Lazaga. Not GonNa you know like you just can't recapture that and I felt that that's what they were trying to do. I mean I kind of felt did kind of something similar to the girl in that in that memory. You know he's like Yeah I. It was just regular guys met humans. Now aliens brainwashed in Washington the alien ship. Yeah that that that's definitely a Meta commentary on Shows of all the universe so yeah well it all came from that era. Yeah who would have thought I mean the whole thing I did I did. I do flashes coming late for a long time. But yeah it's cozy before other Mattioli legislation before Lou. The whole memory was Sarah on the table. You know right after. She died the first time. You know that that was getting me a little bit but you know the real tearjerker. I thought came in the last episode when You know you see all these like the failed him you know. He died twice rather them it. Hit Me Yeah. It goes on and we didn't you know after the end of the day after Spoilers us you know the specter supposedly sacrifices himself at the end the part four. We don't see Oliver again. And here's my thought his final death and the only time where to begin his series finale. That's what I figured. There's only two episodes drug. Can you reasons. The the canaries is is the ultimate episode. Stupid it's still being Barsha Gatien suits. Here's my thought in the series finale. It's going to be like the spectres GonNa let Oliver Comeback The earth for like a day or something he's going to you know it's going to be like okay. You can say eager goodbyes. But then once you're done relieving. Yeah so that's like it's good. It's going to be him going around saying the by felicity and maybe tingle and it would be nice. Yeah it'd be like. Oh what goes the Russia in a totally Vega by Anatoly that would destroy me drink a little packet. No not ready for that they do. They're stupid toasted toast in Russian. They need to be net. Net Writers Renewed Research Guy. All you know how we could really get a human emotion out of Hellfire if if like a portal opens for him to go to a higher plane at the end of the La La land it'll last episode and WHO's standing on the other side of that Portal Quinton Quinten Queen Quinton. Now I need to see my board queen. Just like heaven his mom and his dad in an Quinton. That's fine there. Malcolm show the Tommy. I was really your father the whole time. They won't let you know true for one is well. They switched it because they didn't want it to be so avi. But I don't know I I kinda. I just notable let now last year I I just feel like it was a really big mistake having it so far after everything else. I feel like the hype bag. Now people for guy I mean. I've thoroughly enjoyed the two parts last night. But yeah even coming up to it. I was just are a lot more like I'm just going to be so weird. Oh Oh yeah. 'cause you China Bebo yes. Of course it's like it's not going to believe this sweetie we're so pastors not funny Boorda Oda Heart for. What do you think that battle at the dawn of Pine Hills? Okay what they had. I can appreciate it I think it is. I think one of those crisis specials after like part one or three or something I I Jon. Cryer was talking to Kevin Smith. I think and he was like he's like. Oh yeah we were like in a chorea will hurt really started raining and like thunder lightning from somebody in check the weather for their like realism. Take honestly rain. Look so much better on set though although I don't know why it has to be called I'm allowed to use cold water that irritates To be can be room temperature but they choose to make Oh. I don't know an okay speaking of cold today like Alter Sarah sued and while it's a new season I just her chest. Lapatin may look a little cleaner so that it would pat more or something. Well it looks like something was popping says is I mean hard. GotTa get the teenage boys a year. That's right that's why they're putting been slow the the let me tell you. Remember her canary outfit. That was maybe we're paying too much to the original Canaria. We're going back to their because maybe by the end of this season. Yeah it's going to open that BOOB WINDOWS GONNA open up you know that. That's the biggest disappointment. No power girl was like all only cars are guru unless she shows up on us or girl or something up on stars wrote. That looks like that's where we're getting. Jay Yeah I wonder nobody cares. Nobody cares about selling. I don't care about what can make you care maybe about sobral if it's JSA birth to WSB R.. J. Eric over there that literally is the only way I would get episodes. You get warned it will be pretty dope getting a hoax. Okay so is that a new earth too. That's not the in order to obviously the new one so okay so the question. So Harry and Jessie are gone wiped from existence. You know it's Kinda like what they give it superman we gotta clean up all these speedsters end too. I mean we see. She's GonNa be in that canaries episode next week Black Siren. Is She now from Earth One did they. Kind of combined. Earth One and earth. Two Laurel No she just it is what it is on that one. Oh that was. She's going back to Earth one zero. We just can't do. It will not allow. is she going to be like countries from the original crisis on inflators I have the earth. Yes that's exactly what it is now. So That's interesting actually. They won't explore it so I don't care well let's see green arrows honestly on they don't care bouquet any character that Katie cassidy played in. The Green Arrows would've killed some time during green. Aaron the CANARIES. It's going to be all girls McNamara McNamara yeah. Yeah it's GonNa be a cut because like she's from like Seattle hunters she's at supposedly a really big fan base pushes the last year baby. We'll see how it all works out the phone. Ted could be terrible. Horrible decision really gets tired. She's an attractive young lady. So not your type. Yeah I guess if you watch it with the sound off if they you know the zipper comes down a little more. Oh what she she did train from without all well now actually trained with the other one Nisa so doesn't work doesn't try ZIP or knows how to work. You're trading your cheap on Katie Cassidy. Already she could spice it men women. Whoever you are you'll be out win an open relationship with Wolf Hellfire like it I mean? I assumed everybody. Listen to podcasts. Already knew that but yeah all in all relationship Hashtag deal with. I'M GONNA make gas trough it'd be like warring if you're in Religion Hellfire you will be an open relationship you will. Oh no late late. Alleged episode overlap. One Erawan just Kinda underst- shocker. Denial I don't know what it is so close to the end and I'm just I'm refusing to acknowledge but I love it. I mean we caught think we called it. It's you know you know super girls. Earth collect folded in the you know. Yeah the only way that they can do it it. It's a pain Any other way. Do you know what I mean but interesting enough. They'd informed in starter or they wait and see if that flops or not asthma. Big Fat Five. I feel like they don't have any debate than it. So if you don't show that you have faith better property that would what kind of seventy expect you're supposed to have for within like. Oh it's going to ear for free. The damp drop for Y ou in another country eligible. Like maybe. Maybe that's why it's one on the new earth prime is because it's a original. CW thing it's coming from what these universe Earth Earth. Yeah maybe that's why they didn't because we see an odd choice because we did see the titans and the do patrol are both on different. Earths it feels like different are on the DC universe. Hey the they the at different chiefs they can get away with exactly and swamp things on what's going on over there like honestly I don't know what's going on. Honor Swan things on his owner. You Know Earth One season only now movie all that with auto come on legends. You have traveled a swamp thing's earth for one episode. At least we can get that. Constantine in swamp thing seemed come on if only that would be that would be interesting instead of like time. Travel like they do every season of the legends. Like explore the new multi verse out. I'll be so I assume Because at the end skipping ahead to the end I mean we did see that you know Brandon routh superman still there That was an interesting choice like I said I don't care I've ever had rented kingdom come. Hey Kingdom come superman well. He's leaving legends. Maybe he's he's just done with the whole thing though. Maybe that's why all the all the kingdom come superman still out there he could it easily slide. Popular people absolutely loved that bridge fails at this point. I heard on the air. Oh I saw a bunch of people online under the shared ours opinion. They're like oh just give it the brand yes it is. I don't know something about Superman of lights. The lowest just like I don't believe it. I don't believe you is dismayed when I remember. I saw the first pitcher TERI hatcher indeed candidates that even though it does kind of superman here for the first major go I was like yes. ABC You have me or whatever night it was. I can't remember Sunday. Goes Sunday nights. Wasn't it can whatever like Sundays at nine. Yeah I think at least in the beginning. Yeah I I watch yeah got in on season to go out there and we had to have the TV from Manhattan added to that particular Hashtag. Still bitter I hold grudges but anyway I'm proud of the unpiloted. Cw for what they did did with this. They accomplished a lot with crisis. Different herbs We had such an amazing lifting. cameos on story Sir. Oh Cameo as as a happy show like everybody goes has flesh. Why would you do you know? I don't know maybe trying to burn interest spur interest in that flash movie when it comes on Twenty thirty twenty fifty. ooh Twenty sixty nine. That's coming up but no I just I mean even like you know we were watching last night and Daniel who has no doesn't care one way or another. She was just like why she had look unofficial. Why they do that? I'm like I don't know then like it's GonNa blow their faces like just give degree get great and then like I said not too long before we jumped on Charlie. I was watching crisis now. He's like. Hey it's that other guy from those movies these being weird at people and I was like CRTV flashes better. And he's like Lissi around they could have been like you know Jewish together. Oh defining trade okay Charlie your m-word okay. Honestly that's how they made the flashing Ashen. That don't don't guy is not good for trail that I'm calling out hold on. I Love Charley early again. He's another one doesn't have any skin in this game. He's a big marvel guy because I said Oh see what. TV flashes better. He's like well. Yes I'm just surprised. They rubbed his nose in it. I mean that was rough. It was like wow. Apparently they didn't give screeners for this very specific reasons to a a lot of to exit interview. I was reading. I don't know what the W or one of those and they were like. Yeah we we didn't get screeners so we didn't know about Ezra ahead of time. They had to put like a little disclaimer at the bottom. or whatever like Damn Beth was like hell. This surprised surprised or something. Gee thanks I hated and again it was like it made no sense because the multi verse was gone at this point unless Ezra was stuck in the sea with because he's awkward awkward. He doesn't know how to do. Battle is how to do you know before so weird says very weird Based on you know that weighs three Spiderman spider-man's vitamins point eight tyler. That one too but they actually like that. I mean that's been going on since Azar debuted ass flash ashtray grids better. Oh yeah but they were just like pokemon others costumes and you know he's like oh he's like he toned grant his costume so comfy. I'm like you're damn right. They of course Korean. How do you feel like you're suit? Looks calm like no it doesn't you know is very sweet. And Hey our our boy named the the flash over Yo flow or you'll need to name thousand one point two while on the phone like out of the Gabby Regatta. We have time about the flash. Okay okay on. Oh forget this I was going to ask. So we're getting one more season a supergirl or getting superman and Lois so for all on earth prime now what are we giving a super bowl prime at some point you shut your mouth. Fila a wall Chris whole why we had to rebooting actor written after cons of Stupor. Boy Oh what they WANNA do with. WHO's dead working there who's dead? WHO's dead that we can bring back with the wall punch he? Just give me bring Jason into this world with wealth later. Won't make sense Bringham. 'cause they actually happened so yeah. I'm here for quantum bears. Roy's half brother for no reason I don't know anyth- on now you can be uncle band of this universe. No no no no no originally Harrison wealth. Actually Ronnie Raymond Past that with Killer Frost or frost skis me okay. So here's the other. We're fine Jefferson. Actually yes I kinda miss firestorm like get they were oak in. The budget was ridiculous. The misfires I do I do personally on legends. Yeah we need that care yeah meet some actual occur insult figure around because they need it all right and then like this. The whole time line is very weird. Although I did like that we got a kid too hard about Thatta rule number one. I do like that gave us a cameo by Marv Wolfman hey did you read that Italian comic book from No Yeah so 'cause marv actually wrote that arise from Jefferson episode. They actually have a two part comic book. That goes Jose more detail and yeah marv actually wrote it so sociology figures is so the late night. TV show going to be exactly the same except now he's on earth wanting can mentioned people it may be have. Maybe they. Yeah I think they're going to have a little cameo eighty wrote a really anybody. Anybody would boost those radio. Yeah let you can be made from legends. I will sparkles but I was GonNa say if nothing else he has to be like the next crossover coming. They got the table. Now come on finally but am I just I mean me. We have the hall of Justice. Either we run a lot of call the Hollis's but it's going to be like the table justice Louis Just a ways and we'll forget about it stand now still bitter. Don't judge we gather at the table. Every cross once like Thanksgiving giving once a year will get justice. Or did they move the on a really cool a little piece in Arizona. Slight all. We're never gonNA talk talk about it again. That's fine you know. They should shoot some outside footage than little just bovi inside on a sound stage. You know exactly I do like I said maybe every crossover that's where they're all convene I don't care about the crossovers now all of those not that that back the pooling guys I don't care now why that invested in verse I mean I like legends on that Ryan wants to do that. Let's ask you that. I guess I'm watching so so in two weeks will do a special episode on the Arrow Finale and then we will quote on air over for a while. What is due are Batman will will scan on legendary co episode expected? You alleged episode. Oh okay or something actually. Drastic happens on the flash adult. No no definitely the fanatics though. We'll do aero- finale. The era verse finales in Premiers Role Messed up. I'm more excited about. Pr Seasons you. You are the awhile watchmen season to actually the few if we get it. I'm pretty sure we're getting it. That might be the only other season but British Oregon. You May Charlie's Day. Yeah but all those nominations and awards and stuff. They'RE GONNA THEY'RE GONNA have to catch up on Pennyworth. Yeah I avenue. That's the kind of show that I don't necessarily WanNa Watch tweak see them. I'm the worst the worst kind of you're again but I spent money about abide merge you are but I could see by the way you pretty worth borrowed some atmosphere Funchal. Ball's in your court worship worship it a plastic thing. You're mold but it was very weird is like on the we undo at at least some of flash point because again with you said baby. Sarah's back yeah at justice for it's weird we can't be too much about it so. Jj is gone. It's it's baby Sarah again. And then he was saying connors but does not just mean the kids are back in the future. Yeah yeah I kind of figured that was going to happen. You know. We rebooted the universe they was just going to put them back in the future or at least the version of that future. Yeah it doesn't make sense. That's not how it works. Works some pretty sure original crisis. Didn't they do that are most. Everyone went back to their proper times or didn't make sense either. That was with having your cake and eat it too and then you know voting some new ideas mayor you know. They were only in the present because the monitor brought them. Here exactly I what it was. But I'd like to lighting on a multi in the forest that like purple road ever like like. Yeah like they call the cool visuals definitely across the scoring with Luke. Listen so washy show called you and I was like I couldn't put my I figure on it because I don't want but I'm like wait ever ebbing sweet. That's all I wait. neely doesn't sleep some but he might be vampire guys. I'm just saying he's got like a al-Din shells doesn't know. How are you might be hanging out together we can? I don't know all you. We know what Earth we didn't we didn't see are we saw Ezra Miller but they they never put. Then they didn't put a number on DC. Did no no no. It's awed juggle zero sneaky. Windsor Ville what they they could have said crisis. Wipe that universe out. I mean basically. They didn't come back. Ah Out it's done in the new the new multi. It's it didn't come back. What been wonder woman gets itchy? They get washed down down the drain on wonder woman. Do you think they're going to be a shame. I was GONNA say. Do you think any of them were can pass the second movie. I'll wonder woman Eddie. Plays the Alexa Receive Yoga door wonderful. Twist reports that relief I nobody told that the rocks going to kill him in the adver mood the event. We're actually doesn't Stop Scotch. Nobody's Zachary Levi. Nobody tallow but that's mark. My words both going to get like locked in the rocket maternity. Yeah Pretty Much Margaret. They're like we're died. We're GONNA take two years off reththy. Oh did you did you see. I do think I just saw that today. I saw the headline but I guess on. Hbo Max doing like an Aquaman animated series. I did not see that but out. Let's just say well wouldn't be surprised. She knows exact service material might be using. If that's the case 'cause I'm yeah they the whole thing with Apple Mary now they need to get a move on reset him to not Jason. Mola's would not surprise again like honestly truly outrages low key my favorite Apple Loki Burned with fire. I'm telling you we're going to build everything from From the Batman you know honestly Brave in the bowl was way better than Batman Raven the ball. And it's like so underrated. Though I mean brought rob patents the Batman. Yes they still Susan Collins that as far as I know I mean The working title. But that'll be disconnected from here on out. They are trying to tie everything together. 'cause if anything they were quitting joker universe overall be honest Hobby Hobby University. They would try to spend everything out from. I mean tooker is an okay movie but y eleven nominations. You know why why. Why don't don't take this the wrong way? The mediocrity of white male privilege wherever Hashtag me at. We don't care that is the truth. But no there are so many more deserving movie the bidding to get nominated and not happy for DC. It's a win for me now. You know what the other thing though is too because it's like they have a thing against comic book movies. Because I mean you could have nominated Robert Downey junior or somebody you know. But no. I'm Sam Philip GROWNUP. I'm sorry he didn't have any nomination me at me. I don't know it is what it you know. I don't even think so much. The white man thing I think it's like they're like Can nominate one of these comic book movies but like you the walking he elevated above the script but admitted short admitted except for him being being the joker quote unquote. It's really not a super You know there's nobody. There's exactly if those nominated exactly exactly it's it's it's like that is a comic book movie for people who are not what it was a loose interpretation of a column if that's why they got super those. We nominate wait a minute. So basically the only conical character who really wins like Oscars joke. I mean honestly. He is a useful idiot him. They don't understand that he's not meant to be clung to you. Know by idolizing him. You missed the point starter. Pack of Hello Oh my Lord nominate versions of the joker so yeah they rarely really go with white does. I'm just being capitals GAWKER director. I don't care and don't care. His Dramatic Interpretations Pass Him Comedy Director. Perfect I love it I mean again I just I I mean the Joe Choke movie was fine. Penalty needs eleven you know. I don't think it's the scoring line was amazing. Hannity was beautiful but direction. The writing super basic do big writing so many people could klink do it Wa. Twilight was so popular because Bella the blank slate Teenage girl you project yourself on her and that's kind of that. The left leg babies for Bros.. That's with joker is wait. That's bitcoin upset about Bitcoin to I don't but yeah you know the win for DC in waters in I needed honestly if they ever want their movies finance again from outside sources they needed okay so so back to this crisis all right I have. This universe is weird now. 'em Over and yet hits. I guess we can only have so many people especially when it's not there show but it's like it was weird that we came back. There is no Irish. There's NO CISCO like Caitlin was there but there was though Cisco that was very weird to me. I was Kinda glad I needed a break from your kind of annoying well is. He confirmed to be in the second half of the season. Could I was gonna say I I mean with the universe rebooted they could have been like. Oh yeah you know the time I've been altered. He didn't come back after last season. I don't know that I'm pretty sure he is. It might have just been busy doing something else. Maybe filming at the new contract when you decided to come back. He gets a little more retirement. I'm just wondering how much flash point caught red Khan and I was like okay associate powers away because that's the least interesting thing about her to be honest. Yeah well I if if boring I'M GONNA say if not take your powers way maybe. Even even the the reboot didn't do it. Ah Maybe when the Martian manhunter came and gave her those memories again if he kicked kind of Kono emerge them so it's not like a split personality anymore. She just has powers powers. That would be great. Because I'm like that's not hard coded process any of this dad's very annoying plus. She just had a baby maybe right so I think he's still. She had the baby. I don't know it seems like she's Forever they hadn't damn baby while at least maybe the episodes were watching. She might still be pregnant in those episodes. Yeah so that. That's the next season she'll probably be like probably have Cisco will have to pick up the load from casino or worse yet. You Know Ralph Izzo was going to say unless You'll see a you know. Let's have chester coming. Home will help out. Hope Chester dies in a dumpster. Fire where he belongs. I'm telling them. Adding people mcpeek socking King. Where's wally you? Don't WANNA come back. They probably would have had them. You could have fixed breath. I'm Fan Laura. How but no you know? They adopted him from the other universe. That was dying caters. They say they want another kid. So damn there you go now. You can work on your balance. Hey Hey right. Do you like they do do with wally. Now his iris's mom had a a baby with some red headed to San extolled fire coaches. It's fine I get it anyway. All I will give this crisis Abi plus yes over the five episodes The just honestly the be plus for all the cameos if they manage to pull off all the prizes they gave us a didn't get league league Yes usually the big thing because men are those Paparazzi super nosy in Vancouver. No you don't understand put again to all the nerds gas. Give me more information. Yeah so I'm proud of them. I'm I'm I'm looking forward to going back to like low key smaller scale. Cross auger that that makes sense. I'm burned out on the big crossovers Downer. Sandy desert the black lightning in Vancouver so they can have more more like mini crossovers. I literally don't care about life. I literally don't care anymore anymore. It's too little too late. Homeowner finish out the season piece about is black me. Oh I need to write to Lasak is black lightning dumb. We're not like I need to know. It might put it too much in the light. Yeah but I'd like what him in Cranston. We're doing crossover and like the you know. We'll see more crossover between him and honestly with Oliver out of the picture potentially could be fun. I mean the first verse doesn't have shock record with black actors and characters development. I mean just like it on his own show oh his daughters and his wife still more developed. His Taylor feels more than he asked him. So bitter in waiting more than he is something that they are just not good at. This can be so weird when the show is exactly the same. It's just on this new earth. That's the I swear Melissa. Not Show of Musso upset. 'cause leather superhero the very first one that they call it out. I think so athletic. Yeah so I feel like chat show up at her and him would have a very interesting dynamic they should be dropped more named drop more names. Although it's GonNa be weird now if the stuff still going on free land it's GonNa be like well now you have friends. Why isn't the flash? You're showing up or super girl or somebody. Well that's like any other. Show those villains true you now. Hey everybody sadder freeland. He's Batman now deal with it. relievers his permission to come up in his city boy awake so yeah on that note I guess on that note yes the mic as Rebecca. Yes yeah that's weird anyone bring it up. I don't know why but it works for going to question it. I did like that in the Cave Rene is trying to what does that. Champagne is poured mix. What is alcohol? It was so continues to be my spirit animal alcohol. You know Kinda meeting like a funeral see like like unity with everybody Kinda carrying his coffin conveying like I said I wonder little superheroes. I wonder if we're going to get goodbyes. In that final episode. You know like I said he's GonNa Inspector GonNa let them come back for like twenty four hours or something. Yeah if he because that I wanted to the listening that they go and all that but I wonder if he's GonNa they'll show him saying goodbye to like the flash and stuff if he doesn't that's going to be like a gaping being loaned I want I want flashes last him to be cool. Bring it full circle. That's what he said that Yeah Col- Yes. Yeah Oh yeah Oliver takes ought takes off into the sky. Yeah yeah he's like critical in if you're listening. They didn't let let him be passed. That idea all right so we don thinks oh back nightfall now role for a week and then the US in two weeks. Come back here and while will do the final episode of Era on that Ready Philip that that especially actually cried. Oh no you have to be on Camera Kevin Smith come on no. I'm not a cry baby like that but uh-huh but if you shed a tear I one might get us some extra views to how proof come on. It might not my dog actually come come play with us But anyway yeah it must be ready by the by in two weeks. I should be on Camera Studio Aka. Spare office the noise so I met note. Charlie yes so next week nightfall continuer nightfall than the week after like you said will cover the final episode of era which has special meaning the me and low of then yes. We'll be doing Batman for a while now and then like we said we'll come back air overs for finales and premieres and stuff but the peace outlets. Okay so let us know what you think of crisis yeah right to us. I'm Again the Arrow finale you know with that retrospectives can be to our our so. We'll probably do it. What the next night? So yeah the night you watch Arrow the final episode email us let us know who can read it on the episode. The next night the email us keeps an lunatics at. Go Dot Com. Call the voicemail. Six one four three eight two two seven three seven then six one four thirty capes Follow all of our social media all that it's all in one convenient place at linked tree that's Lan KTAR dot ee slash keeps lunatics and remember to support the sponsors tweaked audio hunter killer pod. Life the book now digital amp paperback. Think Oh do I. It was on it was when it was on sale for ninety nine cents for digital article. What are you the back cover? Bet You know. Mama loves kindle. Yes I just by. My parents want to eat copy so I hope upturn more so yes. Follow that and check the show notes for the Amazon link. For Southgate Media Group Charlie earliest says use that link for Amazon. Go by yourself pod life. The book kill two birds with one stone and making Masoom extra happy setup book in his pocket Anyway Yati. It's a cup of coffee offi anyway. Little file where can people talk to you about this new earth. You're you're so anything that I've said you WANNA fight me on the Internet please. You spoke redefined me on twitter at little fire or on instagram. At loophole. Fire sixty nine. Hello Megan nerd. We need we need. If Marsh emerge get on that young young justice march many Miss Marcia also say legends. But Hey we'll on legend throw one earth now anything can happen. That's true you all right so that has been your crisis on said that the next week in two week's episode of Arrow we've we've been together. What season two? I can't believe you're welcome. I know dragged kicking and screaming the last PC other this season. It is near remember the Batman in two weeks the end of the journey service city. This podcast and you have not failed this universe.

Oliver Sarah Katie Cassidy Tyler Heckman Melissa twitter DC apple Ashton Kutcher Charlie Ezra Miller Cryer Lois Rebecca Sam Philip GROWNUP Don shop Charlie Siem Nobel Prize Chris Cooper Specter
Crisis On Infinite Earths Parts 4 & 5

Capes & Lunatics: Sidekicks

52:35 min | 11 months ago

Crisis On Infinite Earths Parts 4 & 5

"This episode of Cape Some Lunatic Sidekicks is brought to you by tweak Danica get awesome headphones get tweaked audio dot com and use the coupon code. Southgate get thirty percent off reshipping tipping in a lifetime warranty where can get there through the link on our website southgate media groups dot com and they still Parak- annual listing vacation Luna take sidekicks. podcast sweet sweet. Love to the time running appropriately. I Yeah I know. It's time to the multi verse anyway. That's right we're we interrupt. His regularly the rescheduled before the bath. To bring you the last two parts of crisis led to the verse. I am filled joining me as always the newest resident of Earth Prime Alpha. David Hay sewn took one day shipping. It's like picking a racist letter fool's gold versa. Shortcut and eh one again. I think they were hampered by one. It's the CW budget to time constraints. Three three they had way less characters than the original comic book series. Had Yes so yes the son of a gun so yes start off a flat at vanishing point. Yeah you know Tony Stark's recording his message. I mean Brian Choice recording his message. Or renting it down I am shame at is just like oh can we keep Hickey. Kick off waiting for captain more will become and just pick up that whole vanishing point always introduced blue beetle and booster Butch van where they had the chance. If only the criers luther. So good they said well no you you know sure comparatively shore I mean the paraphrase. What choice that? It's like. Yeah he he plays a really good Dodoo Shbak not playing the plot twist if if they really wanted to get better they would act. Charlie Siem somewhere will that he's under a piano. No Ashton Kutcher that that would be the. That's what the kids like the Ashton Kutcher yes acted Ashton Kutcher other. His name's Christopher. So you know Chris Cooper grace with Christopher Tuesday as a whole thing. Yes but that seventies known go kagan seventies and that's a that's a good something a good twitter handle or something that's seventy Charlie. Though all ULTA aalto cow Zieger Alpha Count Seventies. Are It can you. Can you explain to me where they thought they were going to teleport to that. Hilmi teleport or they're trying to make it gave me you on lake flash back like this doesn't seem like it was all planned Out Very well but again the universe is gone. The multi versus going. Where you're going to tell you to your own little like you do A- although I love Melissa Stain with the Easy Universe Akmal you other Melissa? We can't lose any more good people. Thanks Volunteer inlex resembled that count. Yes yes yes I will say that. Let's heaven won me over but it's been good. It's been bearable. I appreciate still very hammy again again. INSIST CW. I mean I think for that Smallville was on this you gotTa be before. CW had a real budget and Rosenbaum. There was nothing nothing hammy except for maybe laxness except for maybe laxness is the only handy performance in all eight seasons so whatever them and then now it seems like maybe they're arguing like the comic book route where he was just like. You know the master supervision before crisis now after crisis either gonNA be a businessman. or He's he's going to be president. Maybe one wins the Nobel Prize. Exactly that there's enough for Tyler's also so yeah by the way Tyler Heckman Superman. Lois has lingering lit so that happening. I really do feel like much is GonNa that John Acquires. Here's lex is going to be there. Oh Yeah Oh yeah. This is all foreshadow. We prelude it's fine if you like. Cryer congratulations okay. Here's here's the big questions. Since I we I mean supergirl godly one more season. They renewed it for at least one asked about women's review. Everything's we're seeing A renewed that super interesting. But that's GonNa be the last season does so let's just what this was it on the borderline it'd be like they gotta make rooms at Riverdale Universe and That Dollars Universe Dislo bad lead them. He's actually doing pretty good and they want they want younger that Riverdale universe star girls coming. Yeah Matt excited about that saying you need room for that to be out Saturday night. Twelve it's fine affiliate programming. It's fine we now. Oh no I just had a thought knife baby wall. We'd have a yeah a girl girls night with supergirl about women. What if they do star girl on the same night whenever it is with Green Arrow and the canaries clam fake off? All people love it. Yeah it's just starting to climb fast which you originally the CW. It's kind of funny because originally so w actually. When Don shop was headed the program before my pets gaming it was all about winning eighteen? The thirty six. And we'RE GONNA turn that tide right back you eero convince we need dos ruined in here. You know supernatural been hanging by a thread for fifteen fever resolves Yama Supernova man. Don't ask me we ought not to expel. It's really funny. How the tide is turning right back into that really W so? Let's make it more aren't Ida thought on apple will get the green in the canaries So Oh yes oh yes berry tries to do something with the speed force his unsuccessful and that's when Oliver Or the Specter has the second I hate. They hate it like adults. I don't like these choices. Would you rather have just dead dead honest man rest in peace rest in peace will get. I think they did this. So it's like. Oh Hey you know. He can return to do another crossover they did. It got it sucks. It kind of defeats the purpose of that true ultimate heros sacrifice thing. You know what I mean. Yeah I know Um but I did. I did like did like what they did. Was Katie. Lots in these two episodes yes. Oh my God thank God I me relaxes on legends. I could not stand her. I'm glad you know it it. It was a problem. Well it was the Mona Shell last season. Yeah yeah she that. Boil down to her heaven slowly being down to caricatures of their former selves Rebecca. And it's good to see them bet. Yeah Dr Ferret Mick. I'm just saying really. I know you're backing up. I mean I really enjoyed her in these in these two episodes like I was thinking we really I mean. I'm willing to give the green air in the canaries a chance unlike tyler. But I'm I was thinking we really didn't need Oliver's kid I mean we a new Green Julia hockey day we get ahead. Katie Lutts in Britain are Haiti. cassie forget Rogers. There will no. I think he's GonNa divorce divorce. I saw our thought I saw somewhere like a week or two or at least a week together. I guess she's getting the worst already. Says can be Katie calf. Yeah yeah he on the dry well you now. I'd like I'd like to make the trip of their given my last name. I don't know ooh ooh Nice. Yes Katie Cassidy can apple gobble inappropriate first off. Can you videotape that anyway But no like I was saying I just I don't know if I thing Zingani Green Air and the Canaries this whole future thing. I'm like do we really do really need future like they don't. They didn't want to commit to start. You know twenty forty two writer. It's Kinda sorta combat that whole thing just like justice for baby. Sierra baby fear like that that would hurt Hurt the most. It's like Oh but kanner but we could. It's just the whole Bain. I'm very upset. Well we'll get there too KUPA stroke and whatnot change will they. I mean they should have continued with I mean they should have continued food with the present story I even though he probably doesn't want it. I was like there's they should have been only two characters have should've had to choose from the replace Oliver. Either diggle will or Sarah. Yeah so yeah you know we you. We kept holding onto to probably best opened up for. Oh Katie like that and I was GonNa say that David Ramsay the Green Lanza. Dave Ramsey's gonNA move onto either not been on Showtime Bureau Moon. Well actually I really like. CBS Kovacs he had a contract on-track tedious choose. So he wants to launch tomorrow. And Hey man what's more steady than a procedural. CBS let's just been then on older. Say put him on Picard. Obviously that that's good it steady work and you don't have to worry about doing something true or do a Mo- cat and all that other stuff that all that have bigger plans for navy ran. Sorry a good lawyer show or something you know where exactly. Yeah Amy Redo who I don't I don't know I don't know but I'm working on one of the most people shows. So what did you think about when they were like stuck in the speed force. We the memory flashbacks. It wasn't late. I don't know like supposedly your tearjerker. Says it didn't do anything for me. UH-HUH I. I wasn't here first time. We saw you know Audi will ever be able to recapture that. I where he's running through. We see all the little Lazaga. Not GonNa you know like you just can't recapture that and I felt that that's what they were trying to do. I mean I kind of felt did kind of something similar to the girl in that in that memory. You know he's like Yeah I. It was just regular guys met humans. Now aliens brainwashed in Washington the alien ship. Yeah that that that's definitely a Meta commentary on Shows of all the universe so yeah well it all came from that era. Yeah who would have thought I mean the whole thing I did I did. I do flashes coming late for a long time. But yeah it's cozy before other Mattioli legislation before Lou. The whole memory was Sarah on the table. You know right after. She died the first time. You know that that was getting me a little bit but you know the real tearjerker. I thought came in the last episode when You know you see all these like the failed him you know. He died twice rather them it. Hit Me Yeah. It goes on and we didn't you know after the end of the day after Spoilers us you know the specter supposedly sacrifices himself at the end the part four. We don't see Oliver again. And here's my thought his final death and the only time where to begin his series finale. That's what I figured. There's only two episodes drug. Can you reasons. The the canaries is is the ultimate episode. Stupid it's still being Barsha Gatien suits. Here's my thought in the series finale. It's going to be like the spectres GonNa let Oliver Comeback The earth for like a day or something he's going to you know it's going to be like okay. You can say eager goodbyes. But then once you're done relieving. Yeah so that's like it's good. It's going to be him going around saying the by felicity and maybe tingle and it would be nice. Yeah it'd be like. Oh what goes the Russia in a totally Vega by Anatoly that would destroy me drink a little packet. No not ready for that they do. They're stupid toasted toast in Russian. They need to be net. Net Writers Renewed Research Guy. All you know how we could really get a human emotion out of Hellfire if if like a portal opens for him to go to a higher plane at the end of the La La land it'll last episode and WHO's standing on the other side of that Portal Quinton Quinten Queen Quinton. Now I need to see my board queen. Just like heaven his mom and his dad in an Quinton. That's fine there. Malcolm show the Tommy. I was really your father the whole time. They won't let you know true for one is well. They switched it because they didn't want it to be so avi. But I don't know I I kinda. I just notable let now last year I I just feel like it was a really big mistake having it so far after everything else. I feel like a lot of hype bag now. People for Guy I mean. I've thoroughly enjoyed the two parts last night. But yeah even coming up to it. I was just are a lot more like I'm just going to be so weird. Oh Oh yeah. 'cause you China Bebo yes. Of course it's like it's not going to believe this sweetie we're so pastors not funny Boorda Oda Heart for. What do you think that battle at the dawn of pine needles? Okay what they had. I can appreciate it I think it is. I think one of those crisis specials after like part one or three or something I I Jon. Cryer was talking to Kevin Smith. I think and he was like he's like. Oh yeah we were like in a chorea will hurt really started raining and like thunder lightning from somebody in check the weather for their like realism. Take honestly rain. Look so much better on set though although I don't know why it has to be called I'm allowed to use cold water that irritates To be can be room temperature but they choose to make Oh. I don't know an okay speaking of cold today like Alter Sarah sued and while it's a new season I just her chest. Lapatin may look a little cleaner so that it would pat more or something. Well it looks like something was popping says is I mean hard. GotTa get the teenage boys a year. That's right that's why they're putting been slow the the let me tell you. Remember her canary outfit. That was maybe we're paying too much to the original Canaria. We're going back to their because maybe by the end of this season. Yeah it's going to open that BOOB WINDOWS GONNA open up you know that. That's the biggest disappointment. No power girl was like all only cars are guru unless she shows up on us or girl or something up on stars wrote. That looks like that's where we're getting. Jay Yeah I wonder nobody cares. Nobody cares about selling. I don't care about what can make you care maybe about sobral if it's JSA birth to USB R. J. Eric over there that literally is the only way I would get episodes. You get warned it will be pretty dope getting a hoax. Okay so is that a new earth too. That's not the in order to obviously the new one so okay so the question. So Harry and Jessie are gone wiped from existence. You know it's Kinda like what they give it superman we gotta clean up all these speedsters end too. I mean we see. She's GonNa be in that canaries episode next week Black Siren. Is She now from Earth One did they. Kind of combined. Earth One and earth. Two Laurel No she just it is what it is on that one. Oh that was. She's going back to Earth one zero. We just can't do. It will not allow. is she going to be like countries from the original crisis on inflators I have the earth. Yes that's exactly what it is now. So That's interesting actually. They won't explore it so I don't care well let's see green arrows honestly on they don't care bouquet any character that Katie cassidy plays neighbors. Greenery would've killed some time during green. Aaron the canaries it's going to be all girls McNamara McNamara yeah. Yeah it's GonNa be a cut because like she's from like Seattle hunters she's at supposedly a really big fan base pushes the last year baby. We'll see how it all works out the phone. Ted could be terrible. Horrible decision really gets tired. She's an attractive young lady. So not your type. Yeah I guess if you watch it with the sound off if they you know the zipper comes down a little more. Oh what she she did train from without all well now actually trained with the other one Nisa so doesn't work doesn't try ZIP or knows how to work. You're trading your cheap on Katie Cassidy. Already she could spice it men women. Whoever you are you'll be out win an open relationship with Wolf Hellfire like it I mean I assumed everybody listened to the podcast already knew that but yeah all in all relationship Hashtag deal with? I'M GONNA make gas trough it'd be like warring if you're in religion you will be an open relationship you will. Oh no late late alleged episode. Overlap one Erawan. Just Kinda underst- shocker. Denial I don't know what it is so close to the end and I'm just I'm refusing to acknowledge but I love it. I mean we caught think we called it. It's you know you know super girls. Earth collect folded in the you know yeah and the only way that they can do it it. It's a pain Any other way. Do you know what I mean but interesting enough. They'd informed in starter or they wait and see if that flops or not asthma. Big Fat Five. I feel like they don't have any debate than it. So if you don't show that you have faith better property that would what kind of seventy expect you're supposed to have for within like. Oh it's going to ear for free. The damp drop for Y ou in another country eligible. Like maybe. Maybe that's why it's one on the new earth prime is because it's a original. CW thing it's coming from what these universe earth earth. Yeah maybe that's why they didn't because we see an odd choice because we did see the titans and the do patrol are both on different. Earths it feels like different are on the DC universe. Hey the they the at different chiefs they can get away with exactly and swamp things on what's going on over there like honestly I don't know what's going on. Honor Swan things on his owner. You Know Earth One season only now movie all that with auto come on legends. You have traveled a swamp thing's earth for one episode. At least we can get that. Constantine in swamp thing seemed come on if only that would be that would be interesting instead of like time. Travel like they do every season of the legends. Like explore the new multi verse out. I'll be so I assume Because at the end skipping ahead to the end I mean we did see that you know brandon routh superman still there That was an interesting choice like I said I don't care I've ever had rented kingdom come. Hey Kingdom come superman well. He's leaving legends. Maybe he's he's just done with the whole thing though. Maybe that's why all the all the kingdom come superman still out there he could it easily slide. Popular people absolutely loved that bridge fails at this point. I heard on the air. Oh I saw a bunch of people online under the shared ours opinion. They're like oh just give it the brand yes it is. I don't know something about I was superman of lights. The lowest just like I don't believe it. I don't believe you is dismayed when I remember. I saw the first pitcher TERI hatcher indeed candidates that even though it does kind of superman here for the first major go I was like yes. ABC You have me or whatever night it was. I can't remember Sunday. Goes Sunday nights. Wasn't it can whatever like Sundays at nine. Yeah I think at least in the beginning. Yeah I I watch yeah got in on season to go out there and we had to have the TV from Manhattan added to that particular Hashtag. Still bitter I hold grudges but anyway I'm proud of the unpiloted. Cw for what they did did with this. They accomplished a lot with crisis. Different herbs We had such an amazing lifting. cameos on story Sir. Oh Cameo as as a happy show like everybody goes has flesh. Why would you do you know? I don't know maybe trying to burn interest spur interest in that flash movie when it comes on Twenty thirty twenty fifty. ooh Twenty sixty nine. That's coming up but no I just I mean even like you know we were watching last night and I'm Daniel who has no doesn't care one way or another. She was just like why she had look unofficial. Why they do that? I'm like I don't know then like it's GonNa blow their faces like just give degree get great and then like I said not too long before we jumped on Charlie. I was watching crisis now. He's like. Hey it's that other guy from those movies these being weird at people and I was like CRTV flashes better. And he's like Lissi around they could have been like you know Jewish together. Oh defining trade okay Charlie your m-word okay. Honestly that's how they made the flashing Ashen. That don't don't guy is not good for trail that I'm calling out hold on. I Love Charley early again. He's another one doesn't have any skin in this game. He's a big marvel guy because I said Oh see what. TV flashes better. He's like well. Yes I'm just surprised. They rubbed his nose in it. I mean that was rough. It was like wow. Apparently they didn't give screeners for this very specific reasons to a a lot of to exit interview. I was reading. I don't know what the W or one of those and they were like. Yeah we we didn't get screeners so we didn't know about Ezra ahead of time. They had to put like a little disclaimer at the bottom. or whatever like Damn Beth was like hell. This surprised surprised or something. Gee thanks I hated and again it was like it made no sense because the multi verse was gone at this point unless Ezra was stuck in the sea with because he's awkward awkward. He doesn't know how to do battle he is you know how to do. You know before so. Weird says very weird Based on you know that weighs three Spiderman spider-man's vitamins point eight tyler. That one too but they actually like that. I mean that's been going on since Azar debuted ass flash ashtray grids better. Oh yeah but they were just like pokemon others costumes and you know he's like oh he's like he toned grant his costume so comfy. I'm like you're damn right. They of course Korean. How do you feel like you're suit? Looks calm like no it doesn't you know is very sweet. And Hey our our boy named the the flash over Yo flow or you'll need to name thousand one point two while on the phone like out of the Gabby Regatta. We have time about the flash. Okay okay on. Oh forget this I was going to ask. So we're getting one more season a supergirl or getting superman and Lois so for all on earth prime now what are we giving a super bowl prime at some point you shut your mouth. Fila a wall Chris whole why we had to rebooting actor written after cons of Stupor. Boy Oh what they WANNA do with. WHO's dead working there who's dead? WHO's dead that we can bring back with the wall punch he? Just give me bring Jason into this world with wealth later. Won't make sense BRINGHAM. 'cause they actually happened so yeah. I'm here for quantum bears. Roy half brother for no reason. I don't know anyth- on now you can be uncle band of this universe. No no no no no originally Harrison wealth. Actually Ronnie Raymond Past that with Killer Frost or frost skis me okay. So here's the other. We're fine Jefferson. Actually yes I kinda miss firestorm like get they were oak in. The budget was ridiculous. The misfires I do I do personally on legends. Yeah we need that care yeah meet some actual occur insult figure around because they need it all right and then like this. The whole time line is very weird. Although I did like that we got a kid too hard about Thatta rule number one. I do like that gave us a cameo by Marv Wolfman hey did you read that Italian comic book from No Yeah so 'cause marv actually wrote that arise from Jefferson episode. They actually have a two part comic book. That goes Jose more detail and yeah marv actually wrote it so sociology figures is so the late night. TV show going to be exactly the same except now he's on earth wanting can mentioned people it may be have. Maybe they. Yeah I think they're going to have a little cameo eighty wrote a really anybody. Anybody would boost those radio. Yeah let you can be made from legends. I will sparkles but I was GonNa say if nothing else he has to be like the next crossover coming. They got the table. Now come on finally but am I just I mean me. We have the hall of Justice. Either we run a lot of call the Hollis's but it's going to be like the table justice Louis Just a ways and we'll forget about it stand now still bitter. Don't judge we gather at the table. Every cross once like Thanksgiving giving once a year will get justice. Or did they move the on a really cool a little piece in Arizona. Slight all. We're never gonNA talk talk about it again. That's fine you know. They should shoot some outside footage than little just bovi inside on a sound stage. You know exactly I do like I said maybe every crossover that's where they're all convene I don't care about the crossovers now all of those not that that back the pooling guys I don't care now why that invested in verse I mean I like legends on that Ryan wants to do that. Let's ask you that. I guess I'm watching so so in two weeks will do a special episode on the Arrow Finale and then we will quote on air over for a while. What is due are Batman Lee will scan on legendary co episode expected? You alleged episode. Oh okay or something actually. Drastic happens on the flash adult. No no definitely the fanatics though. We'll do aero- finale. The era verse finales in Premiers Role Messed up. I'm more excited about. Pr Seasons you. You are the awhile watchmen season to actually the few if we get it. I'm pretty sure we're getting it. That might be the only other season but British Oregon. You May Charlie's Day. Yeah but all those nominations and awards and stuff. They'RE GONNA THEY'RE GONNA have to catch up on Pennyworth. Yeah I avenue. That's the kind of show that I don't necessarily WANNA watch tweak. Yeah I could see them. I'm the worst the worst kind of you're again but I spent money about abide merge you are but I could see by the way you pretty worth borrowed some atmosphere Funchal. Ball's in your court worship worship it a plastic thing. You're mold but it was very weird is like on the we undo at at least some of flash point because again with you said baby. Sarah's back yeah at justice for it's weird we can't be too much about it so. Jj is gone. It's it's baby Sarah again. And then he was saying connors but does not just mean the kids are back in the future. Yeah I kind of figured that was going to happen. You know we rebooted the universe that was just going to put them back in the future or at least the version of that future. Yeah it doesn't make sense. That's not how it works. Mark some pretty sure original crisis. Didn't they do that are most. Everyone went back to their proper times or didn't make sense either. That was with having your cake and eat it too and then you know voting some new ideas mayor you know. They were only in the present because the monitor brought them. Here exactly I what it was. But I'd like to lighting on a multi in the forest that like purple road ever like like. Yeah like they call the cool visuals definitely across the scoring with Luke. Listen so washy show called you and I was like I couldn't put my I figure on it because I don't want but I'm like wait ever ebbing sweet. That's all I wait. neely doesn't sleep some but he might be vampire guys. I'm just saying he's got like a thousand shells doesn't know how are you might be hanging out together we can. I don't know all you. We know what Earth we didn't we didn't see are we saw Ezra Miller but they they never put. Then they didn't put a number on DC. Did no no no. It's awed juggle zero sneaky. Windsor Ville no you know what they they could have said crisis. Wipe that universe out. I mean basically. They didn't come back. Ah Out it's done in the new the new multi. It's it didn't come back. What been wonder woman gets itchy? They get washed down down the drain on wonder woman. Do you think they're going to be a shame. I was GONNA say. Do you think any of them were can pass the second movie. I'll wonder woman Eddie. Plays the Alexa Receive Yoga door wonderful. Twist reports that relief I nobody told that the rocks going to kill him in the adver mood the Scotch. Nobody's Zachary Levi. Nobody tallow but that's mark. My words both going to get like locked in the rocket maternity. Yeah Pretty Much Margaret. They're like we're died. We're GONNA take two years off reththy. Oh did you did you see. I do think I just saw that today. I saw the headline but I guess on. Hbo Max doing like an Aquaman animated series. I did not see that but out. Let's just say well wouldn't be surprised. She knows exact service material might be using. If that's the case 'cause I'm yeah they the whole thing with Apple Mary now they need to get a move on reset him to not Jason. Mola's would not surprise again like honestly truly outrages low key my favorite Apple Loki Burned with fire. I'm telling you we're going to build everything from From the Batman you know honestly Brave in the bowl was way better than Batman Raven the ball. And it's like so underrated. Though I mean brought rob patents the Batman. Yes they still Susan Collins that as far as I know I mean The working title. But that'll be disconnected from here on out. They are trying to tie everything together. 'cause if anything they were quitting joker universe overall be honest Hobby Hobby University. They would try to spend everything out from. I mean tooker is an okay movie but y eleven nominations. You know why why. Why don't don't take this the wrong way? The mediocrity of white male privilege wherever Hashtag me at. We don't care that is the truth. But no there are so many more deserving movie the bidding to get nominated and not happy for DC. It's a win for me now. You know what the other thing though is too because it's like they have a thing against comic book movies. Because I mean you could have nominated Robert Downey junior or somebody you know. But no. I'm Sam Philip GROWNUP. I'm sorry he didn't deserve any nomination me at me. I don't know it is what it you know. I don't even think so much. The white man thing. I think it's like they're like oh I guess we gotTa Whitlam Eight One of these comic book movies but like you the walking he elevated above the script what admitted short admitted except for him being being the joker quote unquote. It's really not a super You know there's nobody. There's exactly if those nominated exactly exactly it's it's it's like that is a comic book movie for people who are not what it was a loose interpretation of a column if that's why they got super those. We nominate wait a minute. So basically the only conical character who really wins like Oscars joke. I mean honestly. He is a useful idiot him. They don't understand that he's not meant to be clung to you. Know by idolizing him. You missed the point starter. Pack of Hello Oh my Lord nominate versions of the joker so yeah they rarely really go with white does. I'm just being capitals GAWKER director. I don't care and don't care. His Dramatic Interpretations Pass Him Comedy Director. Perfect I love it I mean again I just I I mean the Joe Choke movie was fine. Penalty needs eleven you know. I don't think it's the scoring line was amazing. Hannity was beautiful but direction the writing super basic super big writing so many people could klink do it wa. Twilight was so popular because Bella the blank slate Teenage girl you project yourself on her and that's kind of that. The left leg babies for Bros.. That's with joker is wait. That's bitcoin upset about bitcoin to I don't but yeah you know the win for DC in waters in I needed honestly if they ever want their movies finance again from outside sources they needed okay so so back to this crisis all right I have. This universe is weird now. 'em Over and yet hits. I guess we can only have so many people especially when it's not there show but it's like it was weird that we came back. There is no Irish. There's NO CISCO like Caitlin was there but there was though Cisco that was very weird to me. I was Kinda glad I needed a break from your kind of annoying well is. He confirmed to be in the second half of the season. 'cause I was GONNA say I I mean with the universe rebooted they could have been like. Oh yeah you know. The time has been altered. He didn't come back after last season. I don't know that I'm pretty sure he is. It might have just been busy doing something else. Maybe filming at the new contract when you decided to come back. He gets a little more retirement. I'm just wondering how much flash point caught red Khan and I was like okay associate powers away because that's the least interesting thing about her to be honest us well if boring. I'M GONNA say if not take your powers way maybe. Even even the the reboot didn't do it. Ah Maybe when the Martian manhunter came and gave her those memories again if he kicked kind of Kono emerge them so it's not like a split personality anymore. She just has powers powers. That would be great. Because I'm like that's not hard coded process any of this dad's very annoying plus. She just had a baby maybe right so I think he's still. She had the baby. I don't know it seems like forever. They hadn't damn baby while. At least maybe the episodes were watching. She might still be pregnant in those episodes. Yeah so that. That's the next season she'll probably be like probably have Cisco will have to pick up the load from casino or worse yet. You Know Ralph Izzo was going to say unless You'll see a you know. Let's have chester are coming. Home will help out. Hope Chester dies in a dumpster. Fire where he belongs. I'm telling them adding people. Keith socking King. Where's wally you? Don't WANNA come back. They probably would have had them. You could have fixed breath. I'm Fan Laura. How but no you know? They adopted him from the other universe. That was dying caters. They say they want another kid. So damn there you go now. You can work on your balance. Hey Hey right. Do you like they do do with wally. Now his iris's mom had a a baby with some red headed to San extolled fire coaches. It's fine I get it anyway. All I will give this crisis Abi plus yes over the five episodes The just honestly the B pluses for all the cameos if they manage to pull off all the prizes they gave us a didn't get league league Yes usually the big thing because men are those Paparazzi super nosy in Vancouver. No you don't understand put again to all the nerds gas. Give me more information. Yeah so I'm proud of them. I'm I'm I'm looking forward to going back to like low key smaller scale. Cross auger that that makes sense. I'm burned out on the big crossovers. Downer say needs Turtleneck the black lightning in Vancouver so they can have more more like mini crossovers. I literally don't care about life. I literally don't care anymore anymore. It's too little too late. Homeowner finish out the season piece about is black me. Oh I need to write to Lasak is black lightning dumb. We're not like I need to know. It might put it too much in the light. Yeah but I'd like what him in Cranston. We're doing crossover and like the you know. We'll see more crossover between him and honestly with Oliver out of the picture potentially could be fun. I mean the first verse doesn't have shock record with black actors and characters development. I mean just like it on his own show oh his daughters and his wife still more developed. His Taylor feels more than he asked him. So bitter in waiting more than he is something that they are just not good at. This can be so weird when the show is exactly the same. It's just on this new earth. That's the I swear Melissa. Not Show of Upset 'cause leather superhero. The very first one that they call it out. I think so athletic. Yeah so I feel like chat show up at her and him would have a very interesting dynamic they should be dropped more named drop more names. Although it's GonNa be weird now if the stuff still going on free land it's GonNa be like well now you have friends. Why isn't the flash? You're showing up or super girl or somebody. Well that's like any other. Show those villains true you now. Hey everybody sadder freeland. He's Batman now deal with it. relievers his permission to come up in his city boy awake so yeah on that note I guess on that note yes the mic as Rebecca. Yes yeah that's weird anyone bring it up. I don't know why but it works for going to question it. I did like that in the Cave Rene is trying to what does that. Champagne is poured mix. What is alcohol? It was so continues to be my spirit animal alcohol. You know Kinda meeting like a funeral see like like unity with everybody Kinda carrying his coffin conveying like I said I wonder little superheroes. I wonder if we're going to get goodbyes. In that final episode. You know like I said he's GonNa Inspector GonNa let them come back for like twenty four hours or something. Yeah if he because that I wanted to the listening that they go and all that but I wonder if he's GonNa they'll show him saying goodbye to like the flash and stuff if he doesn't that's going to be like a gaping being loaned I want I want flashes last him to be cool. Bring it full circle. That's what he said that Yeah Col- Yes. Yeah Oh yeah Oliver takes ought takes off into the sky. Yeah yeah he's like critical in if you're listening. They didn't let let him be passed. That idea all right so we don thinks oh back nightfall now role for a week and then the US in two weeks. Come back here and while will do the final episode of Era on that Ready Philip that that especially actually cried. Oh no you have to be on Camera Kevin Smith come on no. I'm not a cry baby like that but uh-huh but if you shed a tear I one might get us some extra views to how proof come on. It might not my dog actually come come play with us But anyway yeah it must be ready by the by in two weeks. I should be on Camera Studio Aka. Spare office the noise so I met note. Charlie yes so next week nightfall continuer nightfall than the week after like you said will cover the final episode of era which has special meaning the me and low of then yes. We'll be doing Batman for a while now and then like we said we'll come back air overs for finales and premieres and stuff but the peace outlets. Okay so let us know what you think of crisis yeah right to us. I'm Again the Arrow finale you know with that retrospectives can be to our our so. We'll probably do it. What the next night? So yeah the night you watch Arrow the final episode email us let us know who can read it on the episode. The next night the email us keeps an lunatics at. Go Dot Com. Call the voicemail. Six one four three eight two two seven three seven then six one four thirty capes Follow all of our social media all that it's all in one convenient place at linked tree that's Lan KTAR dot ee slash keeps lunatics and remember to support the sponsors tweaked audio hunter killer pod. Life the book now digital amp paperback. Think Oh do I. It was on it was when it was on sale for ninety nine cents for digital article. What are you the back cover? Bet You know. Mama loves kindle. Yes I just by. My parents want to eat copy so I hope upturn more so yes. Follow that and check the show notes for the Amazon link. For Southgate Media Group Charlie earliest says use that link for Amazon. Go by yourself pod life. The book kill two birds with one stone and making Masoom extra happy setup book in his pocket Anyway Yati. It's a cup of coffee offi anyway. Little file where can people talk to you about this new earth. You're you're so anything that I've said you WANNA fight me on the Internet please. You spoke redefined me on twitter at little fire or on instagram. At loophole. Fire sixty nine. Hello Megan nerd. We need we need. If Marsh emerge get on that young young justice march many Miss Marcia also say legends. But Hey we'll on legend throw one earth now anything can happen. That's true you all right so that has been your crisis on said that the next week in two week's episode of Arrow we've we've been together. What season two? I can't believe you're welcome. I know dragged kicking and screaming the last PC other this season. It is near remember the Batman in two weeks the end of the journey service city. This podcast and you have not failed this universe.

Oliver Sarah Katie Cassidy Tyler Heckman Melissa Stain twitter apple Ashton Kutcher Charlie DC Ezra Miller Katie Cryer Lois Rebecca Sam Philip GROWNUP Don shop Charlie Siem Nobel Prize Chris Cooper
Feelings Week Night Song

Chompers

03:43 min | 1 year ago

Feelings Week Night Song

"Jumpers is produced by Gimblett and brought to you by good night's. Welcome Chompers your morning night eight tooth-brushing show stop rushing on the top of your mouth and make little circles with your brush around each tooth for Siem of feelings wheel. It's a big circle with lots of different feelings on it like happy or mad and if you're having trouble telling exactly what you're feeling looking at a feelings wheel can help you figure it out today. We've got a song long about the feelings on the feelings wheel but I switch. You're brushing to the other side of the top of your mouth and remember to listen for the bells the tell he went to switch you're brushing as a million failings million zillion mailings. Alma feeling aw man. I got sad. The House just at the end of the is all gone way. Sometimes I feel a little bored and I get into sopping door. Get into Makarov and what a joy joy the feeling the switch. You're brushing to the bottom of your mouth. It's always it's always get anxious soon. You'll feel the jealous combs go soon. You'll just be laughing. Give the feeling wheelspin and then you're next thing oh round. It feels That's all for jumpers tonight but I hope you feel great three to two one chompers is a production of Gimblett Media Chompers is brought to you by good night's the number one night time underwear delivering protection children need it the most grownups you've been preparing all summer and back to school is finally here that means new supplies and brand new clothes but if your kid experiences nighttime wedding there's one more item you might want to add to their wardrobe and that's good night's. Good night's have a brand new look with new character designs to bring more fun to your kids nighttime routine plus good night's deliver outstanding Pajama Protection so your kids wake up the next morning dry and worry free so grownups at good night's your shopping cart because nightime wedding shouldn't get in the way of childhood grownups good a good night's dot com to learn more.

Gimblett Media Chompers Gimblett Makarov Alma combs
Investing in Marketplaces with Sarah Tavel and Nabeel Hyatt

Venture Stories

1:01:55 hr | 1 year ago

Investing in Marketplaces with Sarah Tavel and Nabeel Hyatt

"Hey everybody it's Eric. Torbert co-founder Partner village global aid network driven venture firm and this is metro stories. A podcast ask covering topics relating to tech business with world leading experts. Hey everybody welcome to another episode adventure stories with village global. I'm here today with Bill. hiatt of spark capital Sarajevo of benchmark. Sarah Nabeel welcome to the podcast cast. Thanks as always good to be here. So here to talk about marketplace's why don't we start with a brief background on your personal history with marketplace's why are you so excited about marketplaces is in two thousand eighteen. And what brings you in the PUCK. Let's talk about background. Marketplace's spark my partner former partner. Andrew Parker back in two two thousand ten wrote a post called the unbundling of craigslist which is now famous post where he outlined in that really prototypical early marketplace race. What was going to happen over the next three or four five years out of there in his little graph as early as like airbnb indeed red fin except for benchmark companies is an spark companies on that list? Five years later another colleague. David Haber kind of updated that list and and we just watched marketplace's since the very beginning of the firm. I think they've changed over time. which talk about today? But it's just been a longtime love for me. Personally I'm on the board at Post Mates Zoom Insta- work and as a firm in more recent time period invested in companies like. Get Your Guide and rover as well so deep background in it and while the space awesome. Yeah I think I've always been a student of network effects. And when I was at Bessemer of network effects that we focused on investing vested as a firm were were more on the side like the social networks the things like the yelps a link dens and then and then eventually the pincher s and then when I joined pinterest trust like was there and working on the product and the discovery experiences just realized more and more that what pinterest was was actually a marketplace it just instead of a the transaction that used dollars it was having consumers find content that they were looking for and then you know when I joined gray. Lock Doc in the started to focus more on transactional businesses and just consumer more broadly. And just you know. Social was a hard place to continue to invest in and focus on and and and you saw a lot of emerging trends happening on the transactional side just got more excited to think about how do you create great consumer transactional businesses says and and the kind of the Union of those two things is you've got the the transactional business plus a network effect. That's where you land with the marketplace and so when I joined benchmark mark you know. Obviously benchmark has quite the history with marketplace's ebay being really the first kind of consumer marketplace and one of the early investments investments that that benchmark may not to mention no uber and open tables zillow bunch of others. I start to really spend more and more time marketplace's And so now. I'm on the board of to marketplace companies one on the consumer side while and they'd be side that's not yet announced but continue to be a student because it is these. These businesses are so difficult to build so nuanced. But if you get them right. They're incredibly valuable totally. Let's zoom out a little bit and talk about the evolution of marketplace's marketplace's In the last decade or so came out with this post detailing the different areas there was the unbundling craigslist area. What you flew to be able to Uber for X. era the managed marketplace as our than they've sort of services marketplace era? How do you sort of see the last decade marketplace's as it's played out has as how you've seen it evolve? I I read that post. I think it's good to try and contextualize everything that's happened. I think that might be a little bit to clean of a break line. The overall trend. That's true the first wave of marketplace businesses. If you think about the GRUB hubs of the world are and in fact open tables aromas lead Gen businesses very early on and I think what you have seen is lean. Jed businesses make way to to marketplace businesses. Where now you're in the middle of the transaction from beginning to end and now kind of manage marketplaces and the trend overall is just getting closer to the transaction getting closer to both sides of the customer and getting more and more full service us the benefit of that is obviously you have more revenue flow coming to you? The negative is these are more and more increasingly more complicated businesses to run as you have to be really careful that you're getting involved evolved in in the right kind of business with the right cutting economics and ultimate obviously like the record of net profit profiles. Yeah I mean just to build on that one thing I've been thinking about a lot is that it felt like the the first wave of lobster upset That happened it was it was The why now was these external factors. So is the Internet coming being you know Faster connectivity on a mobile phone and Wi fi and then of course you know the iphone and mobile phones just generally and now like like what us. VC's try to do is be searched for the next why now the next catalyst create a real opportunity for dynamism animism an industry which creates chain which creates opportunity for a company to come in and disrupt it. And so much of what I. I feel like it's happening right now. Is that the. Why now is is really really the founder and the founders kind of hitting coming to a market like to what Nabil said one that probably has been overlooked but because of their unique experience someone I think once described as like an urn secret they have an ability to see a Siem market? That other people have been missing because there hasn't yet been the founder. Who has that unique collection of experiences that lets some see that opportunity and then there are some tailwinds behind then that like let them open up that market? But I think there's just a lot of examples of hip campus in a company that I'm involved with and Elissa. You know what had camp is. You could say like that could have been created over the last decade like why why now and it's because there wasn't a founder like Elissa circa who started in the space had a particular perspective on how you know what was Dina in the market create. Something and then be able to ride would really is the wind in her sales which is just a secular trend towards people wind to get out of their urban lives and connect with nature. And so I think that's why alive what you're seeing people getting getting into. What can feel grungy and grandeur verticals but that are real opportunity to just? We haven't had a founder fireman. Is that sort of represents a shift from horizontal to more vertical. Marquis I definitely. I think we're seeing a lot of that. I also think you know I. I don't know about new bill that I see a lot of Consumer to be to be marketplaces marketplace's disabled like one of the things that I know. I haven't spent a lot of time looking at an and I as I alluded to. I'm on a board of a company. That's that's building beeby. Marketplace is like you just see more and more founders that are uncovering opportunities in a B. Two B. context to create a marketplace. And so we're on the Board Board of Bill Land Investment Vehicle Hacker one which is like a marketplace for bug bounties. We've got solved self health which is building a marketplace for convenient convenient. Care same day like starting with urgent cares as the seam and then kind of more broadly. There's companies like you know power which is building a marketplace for financial financial. Professionals are even have things happening in like ocean freight so there's just more and more of these marketplaces are starting in places where where they've just been really hard to penetrate yeah. Why didn't Uber for X.? Take off perhaps people thought you had some. Yeah I mean this is the so many dozens and dozens and dozens deals for those that eighteen month two year period so like my my reflection on that was IOS APP yet there is there is a period of time where it was the thing that people want to build was the accident and the insight that people realize from Eber was that there was this remote control for allies which was our spark. Phones are iphones or androids and Uber. Unlocked was 10x experience. Where you could have a car come to you that so much better than what? The alternative was which was waiting on a on a street corner waiting for a taxi But I think what people miss at the time was that it wasn't what was magical. That Uber was not just a better product. But that they use technology to recast cost structures and provide that better product cheaper. And I think what what so many people got wrong. During that Hooper for blank you know stage was that they they were just trying to do the ten acts and they weren't doing the hard work of doing that and for the an cheaper and so it was. You know just an extra cost it was you know the For Parking Uber. Dry cleaning over for lot. Like there's just so many of these and it's when you're creating a new cost there's a smaller smaller more segment of people who can actually afford that and and so it's it's It was very few companies that were actually a success that in order for it to be positive have network affect business at scale you need frequency. You need really high frequency and more importantly you need variable frequency if you want something on demand that you're willing to pay premium for than one in order for the network effects to work on both supply and demand side. It's something that I might use a couple times a day and it's high end which just dry cleaning. I'm never going to use twice a day and two it can't completely regular or else might as well have a subscription to the product and not pay variable higher costs. So if it's parking most of my parking happens when I go to work every single day so so why do I need to be on demand if I happen to be on demand. How often do I need to be once a month once a week but maybe I take four weeks off and so I think there's a reason why food and humans humans are the two things that have risen to the top and it's because the things that have those that I can order it very very frequently and I have like real variability? I always say parking has a lot of those traits. I mean like if you think you own a car and so you're going back and forth to work to wherever you're going a there's the people who want to do that with their car and there's people who don't do that with an Uber just the differences like the cost of providing that service is you're just never gonNA ability do a cheaper than what it would cost without like the intermediary and so that's our thing in parking. That's super weird is that it is in direct conflict super rise right right and so is it bad time to me during that company for sure. Yeah so Frequencies save more guys about what you what what makes great marketplace wha- great marketplace business what the KPI's that you evaluator when you sort of you know if I were marketplace's what's important have in sort of negative things to have that. Hey this this may look good but it's not sustainable or or you know that goes something which is that. I think we often marketplaces in general. The reason especially as as investors and founders were attracted to it. Because a lot of time what you're doing that in particular market is removing the middleman or moving the rent seeker from the market and saying there's he said if people that really are adding value if I can if I can remove an automate a lot of that process I will accrue benefit to both sides of that market so those people should take the profit not the middle person and I think that's great but it's just that the question is how is the product actually experience actually better and I think you only get long-term innovation and a long-term sustaining sustaining business. If you've actually made that product five or ten x better in the process of introducing that removing them. Yes yes that so like in terms of like look for I find myself always trying to really understand what the red hot center is of marketplace. And I think one the things that I see a lot of entrepreneurs make the mistake of confusing which race there in and there's kind of two races that you can run on one race and I think it's a race that has been rewarded by the market Incorrectly so is the race to growth But the real race that marketplace's ace is running. It's not how quickly you can grow. But as how quickly you can build equity and what that means is getting to a red hot center and just getting there's something really freaking right and so what I find myself asking about a lot is described to me like you know who is the person that's transacting his acting right. Now that's getting the most value out of your out of your marketplace right now and really trying to understand what that looks like what that transaction looks like how the value is on both sides where the marketplaces need to step into. Maybe kind of pro like prop it up a little bit in the beginning whether that's trust or economics economics you know there's all types of not scalable things I'm marketplaces have to do in the beginning to get that flywheel starting to spin and so it's really just like under saying that red hot hot center under saying how the Entrepreneur thinks about building the system that supports and then expands at red hot center and being less oriented towards the bigger picture numbers to how did you get conviction on on hip camp. I'm curious because it doesn't seem like you know Uber's thing that hey use multiple times a they are. Everyone uses it. How often are you going on on trips? Not everyone wants to. Although you grow the market significantly how does that become you know. A decorator like a giant company one of the things I loved about his campaign. It's a there's a lot of things and I'll explain but just taking a step back just on the on the last the question like one of the things that I love is finding marketplace's at other people underestimate from the outside and we tend to be optimistic when other people are are less so And I think that you know particularly in areas where it's so easy for competitor succumb in To find like something that other people easily overlook look and by the way I made the mistake I met Eliza for the seed and I passed I passed for a couple of reasons. I wasn't quite convinced that she'd figured out how to how to grow supply. It was super early. I mean I think it was maybe a dozen or so host at the time And the second thing that I wasn't yet convinced that there was the market was big enough to sustain build a big company and then as I kind of kept in touch with Elissa and we would talk product every once in a while I started to realize that a few things which is one that she had figured out how to unlock supply and there was this incredible dynamic that was happening with camp which is at Ashley grew supply demand followed and. That's that's such a strong signal in a marketplace. Where like there's something there's a supply base that hasn't been put online and as she did bring it online? It unlocked demanding. There is demand there that was looking for that and just didn't have a place for it and so that was like number one number two was that there is an incredible dynamic. That when she did on lock these these landowners these hosts you know they would often start by just listing their land on his camp. And so you'd have like the camper. Come you know the person who is definitely not me. Maybe more veal but definitely not me as a New Yorker who like you you know can put has a tent and sleeping bag and knows how to drink water from like a stream like that is definitely not me. Cook Cook on a fire. If there's not overeats I'm in trouble And so they like you know what would happen is that the landowner would start that way and they'd make a little bit of money. And then they take that money and then the invested vessel money and their land they would out a structure or a fire pit or whatever it was and that would start to open up the addressable demand side so there were people Paul more like me who then would see. Oh there's a yurt or there's a treehouse are. There's a bathroom and so you start. And then they would kind of keep on doing that reinvesting which would would grow the what the revenue was at that host what made and also the demand side value proposition so there was like something really interesting happening there and the third thing is just a list I mean I just think she's a fantastic founder vision. That she has for the company is is like very clear. And she just understand Stan at. There's this real secular trend happening where people want to get outside and connect with nature generally just kind of wrapping at like look less sensitive to the Tam Calculus in the beginning because just believe that with the right founders. They'll keep on unlocking new opportunity. My quick shot shoutout to say that when I told her about village global she said Oh Global Village Marshall McLuhan and she's the only person who has who identified that. I'm curious you AIRBNB. The at the time was sort of a new behavior was banking on behavior that they hoped would exist. An I've been at my request for startups. I I'm curious about a homeschool marketplace. I'm I'm curious about a marketplace like I think a marketplace for listeners as a alternative to therapists fifty dollars an hour or two thousand our customer service or college students students. How do you think about marketplace's around sort of new behaviors or new categories or or things that don't exist at at scale yet eric? You just you ask the question the little bit ago about what means Sarah look for marketplace businesses and I would argue that if you had ten or twenty. VC's on you're having a conversation. I think you probably would've heard eight of the ten. Say Tam in the first couple of answers that they were going to give and you didn't hear it from the two of us it's a it's era where both of our firms actually have pretty strong conviction action that is against most of the rest of the venture market where we are very happy to invest ahead of time and believed that a really amazing founder. That has an insight to a really next generation product is can grow market that you could have never had some associate excel spreadsheet their way into and and so on our side. I think we're an investor in a company called Cameo which is a marketplace between consumers and celebrities which is something. I don't know five or ten years ago. If you talk to me about that I would be very very hard to believe that that marketplace would work but in a world where celebrities getting closer and closer to the consumers understand the authenticity fantasy of their voices. Important that relationship in that community. It is a time where that product can create a market that how how large is that market. have absolutely no idea to be honest honest but you just look at the relationship that that company is creating with the consumer and it's something unique and really special so I would go back to. What is the relationship ship? That's being created what of the marketplace dynamics around that product and try to take it in and of itself. This is not like as much as we're here to talk about. You know some some playbook guedes looking at at this world like it's just building. Startup is not a playbook your little things you can take from one or the other. There's there's no direct road when I see can't first response was so dumb and successful yet so brilliant which is the perfect sodium? And says I wouldn't have seen it and I built something like that in the past that didn't work out obviously and A and So brilliant of like Oh of course you know. Of course it works. So how would you analyze the two examples I just gave sort of homeschool is not mainstream behavior. But maybe there's some latent demand for it Because you'd be professionally alternatives and you know people do out there because they can't afford it e Mc some people might enjoy listening fifteen twenty dollars. How would you sort of have? Yeah I love the homeschool example like you know back to the red hot center like people. I myself have wasn't homeschool that I've talked to the people who were in like an we see this. All the time on Pinterest like education was a huge vertical on pinterest and like people were always posting the content that they were creating the lesson plans. You know and like a real thirst for information and so it's you think about education generally it's it's a pervasive pervasive. Need for everybody in. It's felt most acutely like it's a red hot center for people who are trying to create curriculum for their own children and so I love the idea. Actually that home schooling is that red hot center and then there's all these positive externalities of getting that really right they can let you you grow beyond that red hot center and start to like having knock on effects of being a stronger and stronger value proposition for broader and broader group of people. And we're usually right out center. You referring to sort passionate early adopter base late into this is the place where it is spelt. The pain is felt most acutely the needs felt more securely because those are the people who we will go through the hoops that you'll have an earliest stage marketplace when you don't have the quantity of like digging for the information that they need like going through spending more time like finding the right supplier in that case like they're just they're just and they're gonNA find you like they're the ones that are gonna find you so it's always a to what I mentioned earlier. It's always about like building liquidity. And you're going to have the best chance of doing that with a group of people who have that's need I need most acutely childcare's may be another example. Have you looked at childcare marketplace. Yeah that one's tough. That's when tougher and it's tough talking about care because the good example I love. You do have an early entrant in the marketplace business in Care Dot com which sat on the lead Gen side of this arc of marketplace is and what we haven't really seen is childcare transition into manage marketplace model. We haven't seen somebody usurp the way that say Jordache post made so usurping grub hub and. I think it's an interesting question to ask why that's not happening. My worry is that if you find a good childcare provider you you want that person to be with you at all times and so it's very it's not a fungible good in the way that say. A good driver is a good utility for you. To get from pointed at point be just doesn't feel like that kind of dynamic. I think that's exactly right like there's been these kind of twofold problems. Just that for the you know you're trying to find your your nanny the person who takes care of your kid. That's a monogamous relationship. And so that's why it's kind of biased towards what what Nabil was articulating leading than there's been an another generation of companies have tried to build that more on-demand care and the Chat Lynch has been just supply constraint ain't and so it's like it's very very hard to find enough nannies who have enough quality trusted and there was actually one of these companies was called. Don't trust at me was or was I don't know if it's still around today But it's been really hard and Marketplace's don't function without trust and if you can imagine like what's the highest trust needing transaction at someone taking over your Like taking care of your kid and and so it's just been really really hard for them to figure out how to scale supply. It's the same thing with them with daycare. So spin of bunch of companies. I've come into the space in. It's absolutely huge. There's a huge imbalance between supply and demand. Because you've got this new generation of parents that are new like like newly dual income Not No plan to like not be that way and and we haven't had the daycares childcare to to meet that demand but it's still such a hard problem to get people to open acres. That weren't already doing it. The so due to variations of the same question when you see a marketplace at seed like you saw hip campaign seed you see lots of other companies. It's either you're like. Hey this is interesting. I'm going to watch this. Watch for the A. What sort of signals from a metrics perspective or business objectives are market perspective? Are you looking for to see. Oh they've hit this now. They're ready variation of that is is. I'm curious their examples. Were about where you saw it and you just didn't see it. You know hitting scale for whatever reason like I don't know if you and these companies won't be offended because they're big right now but if he looked at dump tack back in the day apartment list and a bunch of marketplace businesses. That had a tough time raising raising a but are doing quite well right now now. You're you're digging everything up for me ERC right now so I I looked at the seat or the A for them. Tax that fifty. VC's past. Yeah so. Marco is fantastic. I actually I joked I named my. I joked that my son after him but he you you know he's just. He's a fantastic entrepreneur. I think he's a great person. The the concern I had in the beginning was when I when I met him was at he was clearly doing in something right he was growing. You know I could've articulated before the wrong race. I worried that he wasn't building liquidity that he was going super super super broad and not getting the density that I really hunger for when I look at a company and you know the thing that I think I missed was that he you know he had to do it that way. Because those transactions weren't repeat enough repeat a nature. Yeah you need you need to create frequency and so the way to create it was to to own a bunch of categories but those are you know sometimes you get actually get it wrong a lot totally. I mean it sparked. We definitely believe leave as I said before there is no playbook for how startups they're to be built. We tried to focus a lot on frankly listening to the founder and listening to the problems that they have identified in their business. And so. If you're asking what do I see a seed that then I give as guidance to the a that comes out of a very specific conversation with the founder about their business and where they see the hiccups. Because the truth is that we're ten thousand feet away. We may see patterns across dozens of startups that we worked with. But we're not inside building these companies every single day. So if there's somebody who's going to be able to evaluate where the weaknesses in the business just sparked which truly believe that the founders actually the right person to do that the red flag would actually be a founder conversation at the seed where. They're not uncovering the grizzly horrible things about their business us because we all know that an early stage company frankly seed series a-series be they are all not in great shape on the inside like you're you're still building the machine to make it work and so we can have a really clear in this conversation about the areas of that marketplace business where things are not really working right now and that they're trying to work on that insight from the founder. Might on the one hand help you gain comfort and confidence that it's the time to get involved right now. They know what the problems are there tackling problems or or it sets up the conversation for look there. There's an area here that I think really needs to get solved that we just agreed on. And let's stay in touch and let's talk through it and let me try and ideally connect you to one or two people who may have gone through something similar and help you work through that problem solving which then very much leads into into next round. I mean it. Just add to that. I I absolute agree like I. I think it's marketplace as there isn't one flavor of marketplace. I mean we talk about talk about out. Just open door. I mean sorry open table as marketplace. But it's not like a consumers making transaction like there's there's just so many different flavors flavors I would say tenders a marketplace like and so again there's so many different flavors that's hard to be prescriptive about what to look for the end of the day. I do think it's a founder founder and and that's that's always when I'm looking for is the founder. That approach is building a marketplace with the systems level thinking and the cleverness that you need need in order to solve two problems at the same time with each other like it's you know most companies have to capture lightning in a bottle once marketplaces marketplaces have to do it. Twice and then use both sides of that market two or three two or three times. I mean inst- cart like I was reflecting on the other day like I mean. Gosh what a tough business to build like in. So it's it's you know when you're when they've got three constituents that got the the the grocery see the picker and then the consumer and then of course now they're adding on the fourth which is the kind of CPG goodies that you get in your in your delivery and so those businesses are really really tough to build. It takes a special type of founder bill them. So it's it's twenty nineteen of twenty well. Where are we excited? Right now in terms of sub-sectors in marketplaces are you looking at a lot of managed marketplace's I remember bill early. Had that tweet which is like what was it. Yeah what's market entrant where we sort sort of requests for startups and marketplaces. Or if you're an entrepreneur you know where I run. This community called on-deck which is people looking to do their next thing. They're thinking about ideas spaces or or conversely and ORCA versus where the bodies buried in the industry. Where you not looking to invest marketplace's What's your what's your take? I mean one area that I know no I just continue to dig dig around for and am excited by companies. That are unbundling Lincoln. In some way and in approaching it in a different Brent other a different kind of dimension or different vertical with an just you think about like Lincoln was solve for the problem that I have. I mean it was created for the problem. I I have. which is you know as a V. C. R. Recruiter like the Tech People? And there's there's it's perfect for me but when you start to think about other verticals I just the the value proposition becomes less and less strong and and you know I just think that man that creates huge opportunity opportunity. And so if it's you know real estate if it's actually going after engineers more specifically if it's kind of these other vertical labor pools like it just feels like there's there's a rig up is a great example like there's there's so much opportunity to create that type of network and that type of marketplace so that's an area that that I continue to be excited to speak to entrepreneurs about yeah have you looked at Labor marketplaces. Or what's what's what's your take on what's going to work in you. Know in labor markets for this is Tunisia might not. I think there's a reason we're seeing a trend towards labor marketplaces and service marketplaces. And I think it is this arc of getting into closer and closer to the transactions and closer and closer to the meat of what's happening at the end of the day it is about a human going and doing a thing and instead of saying connecting companies a to like a restaurant to that in consumer eventually gets down to the actual labor itself. So I think it's an interesting category. We've invested in a company. Actually with benchmark called INSTA- work which is looking at labor market place in the hospitality industry feel very positive about but I'd say broader struggle with the where the exciting in places thing because there are there are a lot of most. VC's prognosticate quite a bit and are rarely three driven in some of them. You can read those ceases on their website and so on on and I'm not saying that's the wrong or right thing for those firms. It seems to be the right thing. For at spark part of the lead to lead to a lot of new market creation. Companies is is that we actually try to keep a beginner's mind about these kinds of things so I try and keep an open mind. We've invested in a bunch of marketplace businesses and has certainly written are sheriff blog posts about them them but at the end of the day the founders. I don't know and so it's partly my job to be open to some founder walking in the door tomorrow and presenting some marketplace that I just have never even thought about before and then then feeling that excitement with that person and digging in till I respect to begin his mind Are there any bodies buried like marketplace type things that you just. I can't you can't do it or just I've seen too many. It's too hard man. I think that the biggest area where I just I just like. I just can't get comfortable with. The dynamics of the business are ones that are lending related. You know it's one of those. Things are lending business like three days ago. The you know the the thing with lending is that there will never be a shortage of demand and for credit products. And so if you are if you're able to give credit to people who have not yet been able to Get that crowd from someone else you're going to be able to grow. It's it's it's a little bit like kind of that outage and it's not exactly right but you can always grow. Oh by selling a dollar for eighty cents. There's there's a dynamic of lending that always makes me a little uncomfortable about that. The biggest thing is that you know we talk about a credit cycle. Michael and it's signed that we always have to be aware of and the thing that I just realized but lending or I kind of feel what lending that it's the type of business that can feel. Oh really really really great like it's really working until all of a sudden it doesn't and there's so many examples of companies that you look and the public markets that are lending ending businesses. And it's like it's great. It's great it's great great and then it can you know on a nose become not and that at like reversion to the mean which lending tends to be just a function of how much like the book of business that you're lending out makes me uncomfortable because no matter how many times there have been a crane those types of businesses there there's just a gravitational pull to the multiples that you can get that you can't time so that that feels just tricking me. The other area by the way healthcare spin so hard. The problem that we've had looking at healthcare for quite some time is that it feels like like first of all. It's highly regulated industry. We haven't talked about regulated marketplace's yet but that's an area where I think we have to be very careful on the one hand. It's an area of wonderful opportunity unity. There's a reason why there hasn't been marketplace there today. And so do you find a sliver or away in I think it's great for founders or look there but I think you have to have an angle on on the why now for the regulation. I don't think it's enough to just enter the market and assume it's all going to go well with a better product and I also don't think it's in two thousand nineteen thousand twenty the right or smart thing to go into a regulated market and assume much like Airbnb that you can just ignore the regulation and in just hope you grow. I don't think that playbook works at all and I don't think it's really respectful to those markets and so that makes regulated industries hard although again not not impossible and there's always going to be the exception that proves the rule and that's the nature of startups brute. I think that's exactly right like there's the bar gets a lot higher in an industry where like lives are at stake in that way. And so it's it's sort of like there was was a cast of startups at one. After kind of they they would describe as like Airbnb for like your home cooked meal like the idea and it makes so much sense. There's all these people who are already cooking at home and invested in a company called Kitchen Surfing Kitchen Surfing. Okay so oh yeah I remember that company and so it's like the value proposition makes sense. That like supply demand side make sense like whatever they get started they grow. Oh really nicely. Because it's it it just makes so much sense. And yet the regulators like the the risk the the counterpunch of of the regulators is very strong. And so you have to be so careful with those you want and health care the reason you really want to work as an investor is that it's clearly a situation where are the current market solutions are not solving the problem. It's clearly a situation where you want to try. New and innovative reasons to solve the marketplace would become across that seemed good and unfortunately that seemed to actually solve a problem with a really gate product tend to feel like booty Cayenne medicine that just makes healthcare better for rich people which is maybe a good business but it just. It's it's hard for us to get excited about. At the end of the day. When it's not really solving the deep underlying problem for the average American you know an unmanned unlike if there is ever an a space that needs disruption is gigantic like should cradle of opportunity is changing? Its it's healthcare and so I feel like it's one of those areas that will continue to bang her head against and I hope many founders do but it's just been really hard so far do you have sent a maybe. This is wrong when you think about. What the iphone moment in healthcare could your wet weather sort of the moment? Where'd all these sorts of? You know. Great was there is a hope and a belief that the affordable care act. It was gonna be that moment. I think that's you know there is a a wave of startups that that emerged and there have been there have been some successes successes. I would say Oscar. New York's is probably one of the companies that has the best chance of succeeding. At least that I know of But but you know it's it's it's hard to know what the like it's just it's hard to know it feels like the actual the incentives in that market are so so tough one one of the big problems in health care is that pricing so much controlled by the government. Like this is not you know. It's funny the government right. Now is getting muscular about tech and is talking. Introducing regulation and the issue with regulation is generally regulation favors incumbents it doesn't favor startups and so you try to insert regulation and to make things quote unquote more fair but in doing that. What you do is you make market entirely static and so you kind of remove the ability for innovation and disruption option to actually fix the problems for consumers and you kind of become more and more dependent on regulation to fix all these problems? And I think that's where we are in healthcare. You know when you have Medicare our pricing being set by the government and therefore like that flows into the entire rest of the business and so many people that are coming into their customers are on Medicaid Medicare a care I think it makes it very hard to try anything. That's truly truly destructors reparative. Yeah so we've seen some trends. Where traditional brick and mortar retailers going online in an effort to compete with companies? He's like Amazon. While Amazon and other online businesses made significant investments. Going offline like Amazon acquired. Whole foods talk a little bit about that trend developing over the next few years? Sure I mean I like I think a lot of what you're you're pointing to is that companies just have to go where the consumers are I think actions are two things such as companies have to go where the consumers boomers are and so. I think you know if you're Nordstrom and you've got your brick and mortar locations everywhere. People are are going to be surfing the web and so you need to have a solution for them when they're saying they're at their computers and and create a great experience. I think what Amazon going from online line to offline in the whole foods example I think is is really about the brand that Amazon has and having to expand that and like being able to have to be expanded with the step function change. That Amazon can do it there scale which is acquiring acquiring whole foods. 'cause like when you you think about Amazon and what you buy on Amazon you don't think about getting organic pairs or bananas or milk. And you do think about whole foods that way and so Amazon Zahn could expose pairs milk and everything in their Ui. But if consumers aren't thinking about it when they go to Amazon they're not going to purchase and so and so oh I think whole foods was about that but I think that you can't have companies like were investors in a company called good ex- ex- shows that there are plenty. Yeah people myself included who love to buy groceries and really great produce online without ever having to go to a store and so I think that if you you where's momentum. Momentum is definitely on the side of the good eggs where it's not. You don't need the physical location. You don't need someone to be able oh to go there and it's and it will become believe more and more niche But it's Gonna I mean there's just so much spend their. It's GonNa take a long long time totally. I think it's just a question of where you're getting your customers from. We are unfortunately in an area where there aren't really any good new customer acquisition channels. Like you know the broader landscape in the late nineties you had people trying to innovate on email marketing and direct marketing or to get people than you had folks on facebook feed when facebook came out trying to figure out new ways to acquire customers that way mobile was the next channel after that and today I think we're now five six seven years in two no real new channels of customer acquisition. And so I think this is a little bit of situation of like all the low hanging fruit being gone. And so you gotta go everywhere you can to try and find your customers. And if they're offline that's great if arguably the only new customer customer acquisition channel is probably like online influencers has been the one area where there's been some innovation over the last couple of years and actually I don't think of a lot of marketplace as businesses other than cameo mentioned earlier but there really aren't that many and some commerce businesses like glossier which were an investor in Yup exactly but they're actually in it marketplace side. They haven't really tapped into that into that audience yet and so. I think it's just a question of where you're going to get your next customer from. Do you have strong opinions on whether markets have to be to be winner. Take all or not. We've seen a ridesharing doesn't necessarily have to be it's still td and you would you invest post made subsidies few players there. Is that something that you strong opinions about are important to you. I think like the best. Marketplace's unquestionably winner. Take most dynamics to them. The like what I think about though is that there's you know when we say when we describe market plaster so many use cases that can be solved by the same marketplace. That what what happens is that you tend to have on the fringes of marketplace dynamics. That aren't winner. Take months and then put in the red hot center of the marketplace. It's really like you really got to be able to own to build something that's really valuable. I do think there's a lot of there's definitely definitely Naturally formed in most of these areas but but the profitability. That's just the network effects. Are Profitability of these businesses are are best when they are and what are most. I'll push back lately. I think what we've learned. Is that the PTO style. There's a natural monopoly and marketplace's marketplace's create a winner. Take all is untrue. I think that's actually something. The industry has tried to fight and say is true because they have a playbook that says how things are supposed to be run over the last twenty years but Ebay is not alone marketplace Amazon marketplace's. It's a majority of Amazon's business. You could just go down the list. Actually you can't. I don't think you can find a marketplace at scale that doesn't have at least an olive -opoly type structure where there's chewed three major competitors in the market that create alternatives partly because most of those the markets are so massive that. There's just no way they're going to be one player and yet they're healthy well and that's my point about how these marketplaces tend to be like have parts of them were. It's like the red hot center where they just nail that and like that's really where the proper law the profitability comes from the best dynamics of that business and then there's the fringes are slip a longer tail and you see this even with local businesses. So there's a lot of local businesses where all the profitability comes from one city Reno. Like there is I think I heard like deliver ruin in the in. Europe is London and so you have like you have some it just all the value ends up being from from the place where you have the most penetration there is. Actually I think it was NASCAR's or ships said had that had this graph that they posted where they talk about where they show empirically that the further ahead the number one is from the number two and this was for classified sites the more profitable the mark the model and so ideally. You want to win. It doesn't mean it's the only way to create equity value there certainly a lot of equity value being created but man like the the businesses that are like are just so so far ahead of the number two. Those are the ones where you end up having the best profit. I think it's all about time horizon. I think when you're investing a series A. or series B.. The last thing you want is five well-funded competitors that have very similar products. It's very unlikely that that company is going to generate enough leverage in the business to really scaling grow. I guess that's what I'm pushing back on is at the end of the day there's Hilton and Hyatt there's McDonalds and burger king like you're not going to get a massive market where you don't get entrance and so I think the real question question is just how far are you ahead of competitors how much leverage do you have with your customers and your market and can you get to scale. Can you get to the point where you build for the first three four or five years so you can and get to scale and have barriers to entry if you WANNA look at this in the case of the Food Services Business and you look at food. Delivery delivery has London it's no secret that the the bulwark for post meets is the Los Angeles area where they're wildly profitable. They have massive market share and they have actually a brand value. That would be really hard to assert but certain so new outfits back again like it's not about getting to scale it's about gain to liquidity and so like it is about. Where are you going to have equity and then the network effects that really support that and then there's like trying to and then as the dog fight of arm to arm battle? I think that's expanding from that from that place of strength. I think I think we agreed is about finding liquidity. Yeah market I think one of the things in food delivery that people underestimated me as well by the way as a board member early on we were talking about at the series. Be An early really see received post mates which the markets were about to hit liquidity. And we're about to see things like the number of deliveries per driver per month for per hour than Hillary's stories per driver per hour. Start to go down. And when are you going to get to the point that you're able to batch deliveries. Somebody happens to be going into that Mexican restaurant and another order comes in for that Mexican restaurants you walk out with debris does for two different places that happen to be located nearby each other and it turns out that we were off by a couple of years and in fact. What Grub is seeing right now is they're trying to expand end and it seems like they're determined try and take the entire industry down with them as they go down is that the recent statement from CEO Letter was let that you don't get any liquidity quitting the market period? And that's just not right because I think we're you have these bulwarks what you have these really really high concentration levels. You are seeing bachelor degrees. You are seeing the kind of leverage that you get from having a really strong network effect. I think what we maybe all underestimated was at what scale you start to see those network effects but once once you see those network effects in those markets I think right now. What maybe isn't as obvious from the outside looking in is that breeds Jordache and post meets? Customer basis actually are quite different and they have different market dynamics in different geographies and they have very very different characteristics. One thing that you you allude to there. I'll just double click on is is the value of specialization. And so when I think about Ebay I met talked about Lincoln being vulnerable Ebay seems vulnerable to On many different dimensions and and I knew and you can't help like look at goat and Stock X-ray at like here here. It was an area where Ebay did have a vulnerability in the category. They look they had all the suppliers all the demand that you could possibly want to you to create the dynamics for liquidity but then there was the risk of counterfeits and breakdown trust in what what goat was able to do so well in in particular in order to create vertical. was you know the the trust and the the effort. They put around making sure that anything sold on their marketplace place wasn't counterfeit you talk about Delivery now. There's a company in Canada called. Skip the dishes and skip the dishes like just. That's incredible founders was acquired by just eat in the thing that they did was they said. Hey everybody all this all these well-funded competitors or going after journeys big cities and we're gonNA go after the really sparsely populated spread out second third tier cities and we're going to create a solution that is specialized for the needs of the thirty minute drive from one place to the next year at the forty five minute drive like the places that just don't have the same density dynamics I mix and let's let's build our marketplace. I'm really worried about that though like like I. I'm curious I didn't know that company that well but I worry that a a company like that is walking into a market that is going to take actually may seem like low hanging fruit and different use case but really really hard had to build liquidity. Like if you're talking about thirty minute drives and you're at what scale you finally get to the point where you get any kind of real acquitted in the business in real leverage in the business. I so I I haven't spoken to them for a few years now but they did a great job and like they did a great job for two reasons one is that they were like no one was focusing on like everybody. Everybody was spending all their effort all their time on winning. Yeah they had huge slake it is it just you know it's the best when you get to focus focused market that no one else is trying to win. And so they were going after the markets that no one else was trying to win and one by one knocking down. The second thing that they did which was really smart is that they actually owned the website of the restaurant. And so they created this loop where you could go to whatever you know that local website restaurant is go directly to their website their page and by there and it was fulfilled by. Skip the dishes. And so you didn't have have to have the mobile phone. You didn't really know skip. You could just go to the restaurant you know. And so they really locked in the supply in a way that you could say open table able to to and so look it was acquired for. I don't know hundred something million like it you know. It was probably acquired before the founders wished that they had sold but I heard they're doing quite well and that is a good way to manage reduced frequency. You're talking about being in the third tier city. You don't have as much density the issue is you're going to have a frequency problem and you can solve that. Ideally locking sounds like creating a playbook. That's specific to the problem that you're solving very much. Yeah Yeah do you have any permits. For what real liquidity looks. Like what people know they have it. I don't know I think about it. It's actually such an interesting question. I think about a couple of things I think. Think like the classic definition of liquidity talks about like you've got intent foil users coming in and how well do fulfill that content and you can think about conversion rate as as one proxy to that but I think that there's so many ways in which people prop up that conversion rate in the beginning for good reason. That's how you do it for Marketplace Uber in the early day sent iphones to drivers and guaranteed. Hourly rate's a glass door. Actually you know called people up an offer to put them into like Lotteries for winning. iphones you know are they. Did whatever it took in the beginning to get that fly wheel spinning. And so there's there's there's just getting a sense for how well is the the supply supply value proposition match with the demand value proposition which is classic liquidity definition. But another thing that I think about it just like or how would it do without whatever Like whatever crutch it's using and I think that like we just get so dependent on the crutches for all the marketplaces and so it's always about being aware of that. One one crutch people use a lot as actually not taking a rake and so you don't really know yet how well how much value you're creating until you start to take to try to take so I'm always you know it's it's not just do you have liquidity but it's what the quality of that Liquidity Power Ganic isn't and how should we talk about scale we talk about. How should we think about profitability a lot of these numerically mission? Food delivery but other spaces to you The players as a lot of money and a lot of users there's other competitors editors like we were talking about what happens to them. I should they think about profitability. What could enable that? I think rumors of the lack of profitability of most of these scale L.. Marcus or marketplaces are actually greatly exaggerated. And I think you'll see it now. Lift beat their expectations. They said they're going to be profitable faster than they originally projected. I think you'll see similar things from other players now that it looks like the market has decided the public markets have decided that they don't WanNa pay for growth I think the downside of that is But look there's ways to grow badly and we can talk about when companies have overspent when they don't understand the unit economics of their business. There are certainly some bad behavior here but I think by and large actually unlike the late nineties most of these companies despite the sniping on twitter actually have a decent handle of their bottom aligned with like maybe one or two exceptions and we'll get profitable pretty pretty quickly. I think the unfortunate thing about the public markets not value in growth and people spending into their growth in these massive massive markets is it just means that for the companies that really do want to keep growing because they still see great leverage in their business and they WANNA keep taking market share. It means these are just gonNA stay private longer. And unfortunately we're like in a decade long cycle where already private equity in later and later stage funding is keeping these companies private longer and longer which is keeping keeping the public from being able to participate in the growth of those companies. And so unfortunately the psycho. I think we'll just mean that companies will still want to grow and feel like the public markets aren't Arcana allow them to grow publicly are just GONNA stay private. Yeah it's like you have this this challenge that all these businesses face which is that the market has has been rewarding growth with capital the private markets. And you've got so much capital in the private markets and it Kinda creates these these two challenges which is which is number one if you just have a lot of competition so you have people who are just continuing to spend money to grow as is quickly as they can do. So at the cost of their own UNIX the marginal cost to acquire that next that next user But the second one thing and I and I and I think about this a lot is just I believe that. There's you know this wheel that when you're operating a business you can turn the wheel towards growth or you can turn the wheel towards profitability. And it's like an incredible act of will to turn that wheel towards profitability. Amin saying no two things and I've heard stories of late. Stage growth. Investors pitching a founder on taking a very big check and and telling them explicitly. Pretend we don't care about economics if you if we say don't worry about that. How quickly can you grow? And what would you do with that. A- and orientation is saying jerk that wheel as far towards growth as you possibly can and what ends up happening is that if you operate under those circumstances stances. There are a lot of decisions that you're making at the margin that start to accumulate and as you try to turn that wheel back towards profitability. It it becomes harder and harder. You've just created a momentum that a culture a process of product. I mean there's just so many little things that add up that make it really really tough to do. And so it's it's not to say can't happen or it won't happen like tuna beal's pointers allow businesses Mrs that that are very disciplined about their Yoon economics and happened thinking about profitability and are growing in the right ways. But there's there's a lot of others that have just the have this momentum and the titanic at this point Anastas a much. That's a much longer turn to make. I look I'll say the quiet thing out loud here. Which is that soft bank's about actor in the space and has encouraged people to be more reckless as they grow I don't actually think that's endemic of the entire venture capital industry? I think it's really a small small number of players like less than a handful of players. What gets lost in all the noise is that I think every single marketplace business we've been involved with and probably I believe for benchmark to and probably good on the list other venture firms to we're really close to dying at certain points at certain points? There was one round where the market wasn't trending trending their way something hadn't turned out and they had a really hard time fundraising and actually I think one you have to understand that as an investor and as a CEO and just a a steady hand during those times appears and just make sure you're still go back to the fundamentals and believed rebuilding a really good business at the end of the day to that shock to the system of a hard fundraise as long as it doesn't kill the business can often be incredibly incredibly good for the business because when you get really good at saying no. It's when you really understand. It's when someone else jerk the wheel towards profitability in the market has direct that whale on you really pay attention to it then yeah I read somewhere that someone said software in more more of the world and start against the physical world we've settled for worst margins and we have this question of what's a Tech Company company so I'll ask nobile what's your what's your take on. We work I don't have any great insight into we worked. We didn't look at it as a deal for a variety of reasons to be honest. And if you want to know is smart person that I know on we work is actually a CEO. I work with Francis Seow Asandra. WHO's also in the real estate business and and actually for a couple of years now long before this fall? The fall that we work has taken has been talking about. How much publicly talking about how he doesn't believe it's a very good business? I would suggest that you read up on his thoughts on it and skipped mine. Let's let's close by Speaking to the founder's building billy marketplace's any obvious mistakes or maybe not not obvious mistakes that you see founders make that you they should be The biggest one is just what I what I mentioned before. which is it's so easy to get lost in one in that graphic up until the right and and just like kind of going fast fast fast? Let's scale scale scale scale. The market has so reward of that and it is just so easy to fall into that trap of thinking that way if you if you you go down that path you're more vulnerable. Because you're you're not focusing on the right thing which is building liquidity and creating more value for are your incremental next participant marketplace and so it is about getting that red hot center right when you do that there so only replay books on how to grow from there but the hardest thing the real magic is about getting that that small thing really right and growing from there. I think if I were to give CEO's one piece of advice as early as possible in their business especially marketplace business start reporting everything using a net revenue. Start talking about in board meetings. That way started putting. KPI's that way. I see way too. Many CEOS who report GM V and deal with it at board level and talk their executives about GMC growth and then say will move take rate up overtime. And that's how we'll get our net revenue and I've seen some very interesting changes in behavior you're amongst not just the CEO who might internalize the entire business but amongst their executive team which all of them might have variable view into the whole business. If you just start dealing with net revenue how much actual cash coming into the door in this business doesn't mean you have to be profitable day one. We doesn't mean you have to not focus on GM v you can focus Sonji envy growth but if net revenue is your start you at least know how much capitals coming in the door. I can't underscore that more like I think that's just such a rape point and you know what you measure matters. Everybody thinks about. Oh if I if measure it'll improve and that's true but man if you're measuring the wrong thing you're gonNA miss the real health of Your Business two point and how that's changing over time and so it's it's so important though the other thing that I I always push on because I I I love talking about data on how to how to measure the health of Your Business. It's just looking at cohorts on both sides of of your marketplace to really understand how those AMEX evolving over time my guest today have been Sarajevo. WanNa be Ohio Nabil Sarah. Thank you so much for putting on a clinic on all things marketplace thank you so much founder having US early stage entrepreneur. We'd love to hear from you. Please please hit us. Up At village global doc- slash network catalyst. Aw.

founder red hot center Airbnb Amazon ebay pinterest Sarah Nabeel Jordache craigslist Elissa Nabil Sarajevo zillow PUCK David Haber Torbert Bill. hiatt Andrew Parker Lincoln
DtSR Episode 388 - The SIEM is Dead Long May It Live

Down the Security Rabbithole Podcast

50:55 min | 8 months ago

DtSR Episode 388 - The SIEM is Dead Long May It Live

"They say they say we should have known bed then to Saudi. Od Down Down into this. It's time you the venture down the revel into the world of cybersecurity you're plugged into the podcast for security leaders and practitioners with a business sense. Prepare for unique interviews insights and practical advice. That makes your job just as Benazir and now. Please welcome your guides this adventure jeans Gerardine. The white rabbits were off all right. Good morning good afternoon and good evening. Welcome down the security rabbit hole to yet another riveting edition of the down the security rabbit hole. Podcast this episode. I don't know three hundred eighty something. Maybe three hundred ninety. We'll see when it gets published but unfortunately James is going to be kicking himself Because he's out doing family things I mean not because he's doing family things but it because he's missing this episode Because this episode. I think we're GONNA title Healthily The reincarnation of Sim Version nine point zero. And who do I have with me but the one and only Anton Hey body hello there and by the way reincarnation implies that it died. I don't know I think I didn't get that memo. Frankly okay find. It didn't die but it's been sort of like Zombie mode. It never rose really fully. I don't know I think I think there've been officially I think. Since I've read your material there's been what like two or three or four different Retry the SIM fair fair. And it's not that died it just like you know it starts to starts to grow. It starts to catch blossom and we we forget it needs water and sunlight and it just sort of wilted doesn't quite die but it just sort of hangs there lifelessly. We GO NO CRAP. We screwed that one up and try it again and we don't really probably fair. It's a slightly a tiny bit more depressing than I would describe it but yes. It's actually frankly mostly accurate. I'll go all right so before we get into hard given the listeners who you are give them a little bit of taste of your background and all that so I wanNA start from a truly depressing point namely that. I was involved with him Since January two thousand two so I literally spent Friggin Eighteen. Years Looking at him dashboards and rules and stuff like that. I'd Mentally I. I've taken a couple of short vacations from that. I've dealt with vulnerability management a bit of other topics but more or less was been with me in my life and it didn't kill me as you cannot use but So I dealt with the security monitor detection and Sam of course log management in different roles. So I've been at a few vendors first and then I was actually consulting with both vendors and end users doing architecture doing deployments throats this. He's that type of stuff and then. I is the come to the dark side. I who knows what's the dark side. And then I joined analyst firm Gartner to be precise and then spent eight years doing research Going all the way around all the way up to a distinguished analyst at Gartner and again pretty much throughout all the time I've adverts him and and the bunch actually long bunch of other technologies from deception to threaten tail to the M and after that something magical happen so I wasn't Gartner my eighth year and that was kind of I actually liked it then. I would have stayed for longer but I saw. This amazing started up that to me. Defied kind of defy the laws of economics because it was a startup with no downside because it was a part of the alphabet company and so I joined I left the safe bounds of the analysts. The Ivory Tower. They joined the vendor chronicle. Little do they know that about two weeks? Okay you'll laugh and find whatever each doing it ad hoc but so you know you. You get my feelings about that so literally in two weeks. I'm being told that. Hey you don't offer startup anymore. Because Google surprise surprise but to be fair Google is still a startup. Everything invaded our guest. And I think that I've I've openly told Gartner folks when it was doing Gardner that I am just allergic to watch companies and I think I eat too well at Gartner and when I was doing I I was being joined in legal options. I was like Joining the Hundred Thousand Person Company. My company allergic allergies would be like really going in the overdrive but frankly right I mean there are enough things that are kind of not done in a large company. I think something's are. You cannot really avoid. Avoid them but so far. It's been since I mean. We officially got acquired in August. So it's been a few months and I. I love it here actually surprisingly enough i. I'm not my allergies. Aren't being triggered so I deal with a very small team of people and yes. You're right some things are really pretty. Start at an end someone. Well so all right. Let's let's roll back. That's that's a great intro Let's roll back a little bit as my the first semi ever installed was Sean Sean Back when he was with SYMANTEC I it was considered officially assim. The SYMANTEC remember that thing wolf. Yes they are probably around two thousand three or two yes. It was a very easily that yeah I so it was Yeah no it was. And then I couldn't seem to get away from Sims. I ended up working at HP and I ended up Stuck with the brilliance that was ark site for some time for some time. Well yeah but but it's like syms one of those to me one of those absolutely necessary evils that we just for some reason. I I can't figure out why we could not never really get right and debate over whether chronicle got it right or not aside Microsoft got sentinel now Although that's not necessarily a Sim I don't yeah. It kind of is though. Because they they they they say it is and I think they want to be in a magic water at least to the best of my fair Ben like there's chronicle and there's a hundred different options out there Ibm still in the in the in the thing Are excited still around. You got you know. There's there's a tiny so it's been a long and painful process to get you around like this concept I evolved. What was the original intent of putting this thing together? You know people actually a I mean. Lately I've been a lady years for a few years in people who basically say Simmons about compliance and born compliance. And because I was there in two thousand two I knew that two thousand and two. We think we didn't even have saw. We definitely didn't have much so actually. Sims birth predates compliance and. That's that's a fact. I mean there's not much to Not much debate there. I mean that's that's the thing that early seems intact built for security operation centers. Admittedly they were built for a very large company stocks. Maybe in early two thousands only large companies had socks in the first place. But it was kind of the problem of too many ideas alerts and too many alerts genital. And you know I sound like twenty twenty but it's two thousand two program Install it produces too many alerts. I don't know how to qualify them. I need this. Other tool to correlate idea cellular may be the firewall date and maybe other stuff so surprisingly enough the original vision for same had. Nothing to do with compliance. Nothing whatsoever I mean we had reports we audit reports so if you areas curious about it you can look at them but compliance wasn't the motivator compliance. Wasn't the driver ideal depending how you count. Maybe two thousand six seven and that's when he kind of the big wave of compliance rushed and and yes sim became to a very large extent for many companies about compliance. Like Hey I need to get BCI. I need to get it for this for that. But but it's birth was absolutely security monitoring threat technology. Well while so and that's that that's interesting because you mentioned too many alerts Too many too many flashing beeping security devices. And you're right. You could just as well say that today as you could almost eighteen years ago which begs the question of what the hell. Yeah that one so let me give you polite lawn cursing version. I make rookie. You'll get abused later on so to me. Sim was born to help with a very difficult mission. And I think that the mission challenges not deprived challenges have been kind of ruin. Seems lunch for so many years. Like imagine that somebody shows up the door and says hey I want to collect data from two hundred different data sources of which you have maybe fifty thousand instances in your company and I want to make sense of all of that. Tell you what's going on security relevant like that's a heart Tusk. Admittedly by the way you'd have to collaborate with if you teams because many of these data sources are owned by by other teams in it and some of those teams actually hate you the security guy so you kind of dealing with political see that to an extent political challenges sort of like a detection Security Science Challenges Organization the Challenges Cultural Challenges. And Yeah. It's tempting to say Sim with fix it. But admittedly the problem is so hard and he attributed to the mission complexity not the same product being you know done wrong or like there are some but not not many. I mean so. That's a polite versus that it's the mission that it's hard and initials been hired in two thousand two way before abt way before you know. Nation States Being visible baby ransomware way before Attacks against all the nontraditional staff like clouds and ability so like it was hard back. Then but guess what? It's much harder now. Yeah so I think the so. What do you think is harder now? Is it the scale of the problem? Is that the attacks more complex. Because I personally believe that the the complexity of environments has gone up not even linear exponential. Your I love last couple years yes and I actually go one level the I. I fully agree with that. And I think that I've seen a lot of that and I- attributed largely to the fact that as new stuff gets born in it and deployment diety much of all stuff remains so we can have in this layer cake from mainframe to windows. Two thousand two you know redheads Lennox Circuit two thousand to an end to all the modern laughing all the way to please don't say blockchain. Please don't say blockchain All the way to modern OS IOT devices clouds micro services so we have kind of a layered cake over the nineteen eighties deck and then all that attack all the way to twenty twenty to me the complexity lodge reasons. Complexities death one. All right. That's fair So when you look at so because now I you know. Current Day job is working with that organization. That essentially does Not Managed Simba that provides similar functionality for companies on top of some other stuff so I I I've looked at so and I've been in Israel longtime to right. He called me an old Astra too. But I've watched so many companies that I both worked inside and devised on tried to. Diy This thing. We call a son and I have never seen a company quote get value out of it in a way that I think was meaningful. Because what everybody like. Every single instance happened like this they install it. They point one thing at it. It doesn't really nothing happens like okay. Well it's it's got some alerts. Well let's just point everything. Security says we should point every album our logs to this. They point all their lungs to it. Suddenly ten million alerts in our right. And what do you do? You have to tune it and every time they went to tune it what that meant was they're shutting off. Certain words are threshold for severity. And stuff like that. And and essentially what you're doing is throwing out things that you should be looking at. But you don't have the time to and I think that does security disservice which is why I think we built a damn thing in the first place because so that you could get more visibility into the you know all the things that are floating by that you as a human being could never buy yourself see Orson through yep but we necessarily have to turn a lot of that down because we're still not hitting like we haven't figured out how to do that right. Yeah but also the definition of right so let me get to that but I want to say also before. Go there sort of answering the indepth. I say that they're right possibly changed a little bit. Because if you're doing it right but you're right. He's basically compliance impression in assessor. Then frankly yeah you can do it right. It's just like it's not the right as repel top. Tier attackers may be the best on the planet. That's yeah but that mean assumed that you have some kind of a commodity threats with an occasional more advanced threat kind of mission. Let's not aim at the very top like being in Google. It's easy to To aim at talk. But I'm trying to resist and trying to tell people to not think about About other companies like us because literally they're not and if you deal with threats are sort of not the best of the best of the best. I mean tuning as form of turning things off hasn't really worked all that well however Once again number years ago I've kind of adopted the concept I've stolen from one of the colleagues frankly Called output driven. Sim where I tell people. Hey you are if you follow. The protest you described may turn on one log source seemed nothing useful than log. Data all the data sources. Nc A flood sometimes. What helps us to use an output driven namely. What am I trying to do what I'm trying to detect? What sort of threats may be there so you do some kind of very basic like a baby threat assessment very shallow threat assessment. Then you say okay. I want to monitor for this this and that. What type of data do I need for that? And then you start consuming log sources based on that so that worked for some of the Legacy Sim. Some of the traditional seems and people who practice this genuinely had better experience however Output Driven Sam was unpopular many years ago. Because it's gotten didn't exist and it started to become popular and then something happened namely a lot of people showed up and said we can do a free text search of all the day that you don't need the filter and people thought Actually you're right you're right we don't have to feel. We don't have to tune the collectors. We don't have to call you know. Call the vendor to fix Parson. We can just load up all this stuff. So so the concept of the driven seem that was kinda growing. It's slowly popularity kind of unraveled because people started saying text search text search and I'm not naming. Then there's the goes. Hey I am a vendor so I don't WanNA abuse vendors who don't deserve it in this case but tech search kind of one. Yeah with that outfit driven seem loss and now we're kind of Beck in the. I'm going to install a tech search. Throw all the data in there and then kind of hope for the best Yeah I think it's kind of regress. Some people think it's progress because they can search for whatever the whatever they want but the problem is many people don't know what they want. That's okay so that's where I was going to write because the I it's like Everybody's you know we we start talking about crypto. Suddenly everybody knows how to do crypto yet. There's like ten of the world qualified to to actually talk about doing crypto The rest of us just read a book and go now yet this now in spirit out. But that's how Sim has been right as you look what we're talking about a global. It security worker shortage and yet we're spending potentially tons of money because these things these these software packages are not cheap. The hardware they run on is not as basically the opposite of cheap right. Lots of compute power. Lots of memory meal pedal bites a disk space vast space. Might I add So we're we're spending a ton of money on licenses a ton of money on hardware or virtual or physical were spending. You know teaching our analysts. A how to use these tools and I feel like the value like we're getting out of it exactly what we put in and that is like this half hearted effort. I don't know how else to how else to look at that. So we kind of have the choice of the largely the old way where the vendors Pick the date. The parts make structure data out of attended down the correlation rules and and then the users are expected to kind of more or less trustworthy than there are selected for them or you have the The previous new way where you have You'll throw all the stuff in one pile and then you have search. You can set whatever you want. But many people don't know what they want. So it's kind of an advantage by the compared to the first one I way because you can get any data but it's also a disadvantage compared to the first way because You often don't have any security inside now. That would like to me erode from text search. Sim It's kind of a long and painful road. And I've seen too many companies lately that started installing the search engine for text and then they hope they have them and I would say they're four or five years. I went from a sandwich you are doing. What's the answer? Go back to the old technology. I'm not sure Suffer with new technology and hope that you can find what the search man not sure about that either so I guess. Maybe that's where I would try to to try saying that. The Chronicle is trying to kind of go. Middle ground a little bit. But I don't I'm not here to promote within their I'm Kinda here to lament about the state of the industry leaders and Yeah I get you I. It's easy to like Simmons really has. I mean for for for what it's worth. It has become the easiest place to pick on over the last because is it is so expensive. It's so laborious. It's there's so much upkeep and so much broken promises broken promises yeah but look. I like having having done time on the art side with P we would we would a. This is not something I can blame vendors for we would sell the product and the client would actively decline our installation and configuration services. Thinking I know I got this. How hard could it be? The answer is really frigging hard enemy. Come back a year later. The product doesn't work. It doesn't do anything like well. Like what are you feeding it like how do what do you mean we install it? We pointed our lawns at it. It doesn't all it's doing spitting out false positives and like okay that that's not how we told you. That's not how this thing works it. It seems like there's this at some point whether it's a promise that the vendor that went sideways or something it seems like at some point the customer the buyer got the impression that Sim was a Out of the air quotes out of the box installed good to go and that was never the the promise or should have never been. Yeah correct correct but I mean sometimes I even see then there's again you're you're right sometimes. Then there's actively tried to discourage their view but But the customer is still say. No I'm going to install it then I don't need your people. Yeah exactly so over time to solutions to this have emerged and T to waste rather and I think I have looked for somewhere about that but some people started saying. Hey I'm going to use machine learning of some sort. I'm GONNA use some kind of automated or machine centric way of of going through the data and then another group of people said No. I won't do it I'm going to do. I'm GONNA do some kind of a managed service What Gartner would call. Md are and where are you allowed humans? Just not here employee's together with that so I've kind of either you rely or try to rely on largely a male and machines or you try to rely on humans but not your humans and there's some there SOM- rewards at the end of both boths Yes although I don't think hey I F L is the Magic Rainbow Farting Unicorn. It for security that some of our vendors would have you believe and maybe even some analysts present company excluded. I yes I. I think that it's fair to say that overall as an industry we had a lot less success down that path than some of the pioneers hypothesized. And I don't want to reveal too much of our kitchen Here but I you assume that That Google is kind of the original home of of of of much of the research that happens on this planet. I mean we are not super deep. I've been super far. They using because week tried that. And it didn't really are call that well so like. I'm not gonNA break any secrets here but Yeah it's a lot more promise and a lot of few results. I mean there are use cases air legit but as far as like. Oh just send it down that the big Big Brain and machine. Tell you what you need or what you should care about. That actually. Hasn't happened anywhere. Yeah well I think one of my favorite quotes and I want to figure out eventually who I should attribute to but it was. Machines are only as smart as humans. A program them and that's the case is true. That's frankly here's why because m L. is supposed to break that. Mls supposed to be about machines not being program but learned from data so to me that quote actually specifically breaks and okay even narrow Ai. So it's a good quote but it just doesn't apply because most of the open invitation basically say here's how we did it in the boss. Program machines. Here's how we do it now. Machines learn from data so that one may be more N. A. Okay well that's I mean I don't know I'll be the first to tell you I know enough about aiml about as much as I do about quantum mechanics That is to say I've I've read about it And so I will. I'm far from an expert but I I I. I agree with your earlier statement about broken promises along the way and I sort of wonder. At what point did we lose our way or really and I know you're you're a essentially a company that's trying to solve this problem for the greater good but do we looking forward five years at are you seeing. Are you. Thinking like companies are going to eventually get it right in the run their own savings because I don't I think the only way to really really do and I say do it right when I've talked about actually provide security value out of out of these things we call sins is having them providing a service because you have to really have expertise care and feeding constant inputs constant output monitoring. Just it's GonNa take more effort than most companies most companies particularly mid market in non top. One hundred enterprise can do. I mean I eat. This view is easy to agree with however managed services of different kinds have kind of a Cemil a trail of dead promises behind them like and so it's almost like Like Beckon Gardner days. We do their research project on MSN peas and we started from a pretty admittedly fairly low view low opinion of MSSP's but after four months of Eric we realized that our initial view was actually optimistic. So we actually our admittedly low opinion of them actually way too high in the reality is much worse. I mean there's I'm real clowns out there doing this like there was a one of my favorite quotes from a client was I think our emphasis fees fine. They're not that expensive. The only problem is they never call us. We have to call them Pretty sure that's not. I look extremely knows how it. I'm not an analyst But I but I'm pretty sure that's not how it's supposed to work. Yeah and so. It's kind of a pretty. Yeah pretty broad range of like really iffy service partners and I think that the mismatched expectations are there. Also in in kind of in vogue adjust as with SIM frankly in Ms in case I'm assess or MD are actually more traditionally mustard and more than FDR. I've seen examples where customers basically assume that it's a coke machine. You throw money in there and the can of security comes out like they literally think of. Mss As outsourcing security means. Once he paid we never have to worry about anything insecurity and then there can tell them. That's not at all true and they just here true true true well but I mean so. Oddly enough that that kind of thing Is it endemic just to the same or just to the MSN managed MSU like that is that is that define security managed security for twenty years? As far as I'm concerned yes correct. Exactly right yeah. Yeah that that. That's of Detroit. So where do we go? I mean what's what's the what's the future look like giving. I'm curious because you had a law will say harrowing experience. You've got if as an expert on Sim. It's you at least on the historical aspect and trends stuff like that. Like where does this thing go? What do we need like what needs to be built? What Ha what has already been built? What's the next trend line? Look like so. I would say that I would start a from things. That kind of maybe not very sexy not not not very impressive. So I wouldn't say oh. My God. Next year is going to crack the nut. No one thing that I think is changing two game. Changing today is is of course the fact that they have massive public clouds where it can travel stuff and as long as you solve the money problem because I've seen people really fails to accurately where they deploy elastic on on Amazon. And they're say oh it's free and then they like get a seven digit bill at the end of the like like cloud if you exclude that if you if you don't do but do it. More elegantly to meet cloud is too large extent. A game changer because at least the backend complexity and management complexity of Sam really shouldn't customers problem. And you you deal with all those Historical you know oxide. Historically used oracle years ago so Customer admins we're kind of stuck with the higher GPA and all and even after it got fixed it's still a bit of a mess to run so to me. This is big because when I was at Gartner and we did the research on software service. Sim We called up a bunch of then. There's hoping they would tell us. Yeah we have all date in one place if you're on the male and the customer would love it and the everybody basically told us yeah. We prefer software. The service him you know why because we hate patching redhead boxes and that really means that the advantage the cloud way is kind of in the mundane things and it reduces pain enough. And then you're GonNa have fun things you can add. You know ethically fast. Search you can. You really can't do much better. Because they have more data you can tune rules. You can six bars mistakes. You can do a lot more. Things wants to date isn't a cloud and of course they would become cloud haters who would not accept that and okay such life and at the same time to me. Cloud is a decent big game changer for him. As long as you do it right and don't get hit Bacon Onyx. Well okay. So that's fair. So let's there I I I. I think you're right I really like. You're you're kind of repeated comment about the bat not not the back end of Sim should not really be a customer thing that they have to worry about so so I think this is twenty. Twenty there's not a there should like going forward into this year there should not be a customer out there Opening up a shrink wrap installing. A Sim onto their infrastructure. Right now. Yeah but you know you had this really amazing blog post a few weeks ago about how clouds perceived right and it's still stuck in. They had now it was Reflecting a lot of the thinking and things I've seen so I guess you do see people who for some reason the don't trust any cloud provider whether it's political or not they just don't trust any of them so I hear that there is a big enough population of people who probably still take appliances or take a take software and we can talk we can Rian ramble a rant forever. About how maybe twenty twenty. It's wrong but he still happened in these chunks of reasonable chunks of A frequent sequences. Sorry Yeah No. I guess you're right 'cause that the fact that we thought you know five years ago that will soon everybody'll be in the cloud and you're like yeah but they're not Or if they are going in. Chunks in small doses. And there's still you know it's a bio bosses say sex in highschool everybody's an but nobody's really tried it There are some people who just say they don't want I mean I'm in Europe with particular. I've seen enough I've seen enough of the just like people saying we don't want to do cloud because we don't trust I duNNo. Us Chinese Russian whatever. We don't trust providers elsewhere and we don't have it all our own. So what are we GONNA do like? We're GONNA stick to on Prem. Well so maybe maybe clouds the answer but maybe it's the SASS model Even if it's even if it's a vendor managing The the install on your friend not necessarily doesn't have to be out in the cloud Maybe even like that full. I I think it was The logarithms it has a Fully basically since ask Santa Solution no actually they don't they still. I think they still thinking about some well. Let me there. Couple of some of the traditional software vendors software vendors did do the deployed in the cloud for some. I mean to reduce the burden so that does exist for sure. I mean I mean I don't want again. I'm kind of avoided naming naming uses. But but some of the legacy guys do do Cloud deployments where they're deployed in somebody else's cloud and you pay for storage but to me. Economics is very tricky in this case. Because it's so easy to Kind of blow it up by by Paul putting too much data in the system so I seen the game even with free tools. You pay nothing for him. Assume this is free. If you do it wrong you may still be hidden cost. Frankly and so. Yeah because I mean the storage This is the Big One. So let me ask you difficult because this is this something. That intrigues me So detection depends. On how much data you can analyze in Or or Corley against right so I had this this this case that I keep I keep telling people about was hilarious So my last job Like a year into it or year and a half into Consult with a company. That was having a I pulled in on this. Consult and there's a customer of ours and they're they're basically came out and said look. We're having problems We can't figure out why are current S- manage sin vendor Is Is Kinda you know given US trouble and it's not that we're not we're not necessarily getting value out of it but it seems like the more things we add to it. The less it's fine. I'm just trying to struggle with this. Well clarify this. I'm kind of curious about some more damore data right so they would get alerts like they saw the picture of the ten things logging to it and it would spit out alerts at some regular interval. They added like thirty more. So maybe you're three extra volume and the amount of alerts went down there like okay. So are we getting better data and less false positives and there's quite frankly simple biter was sort of like a so. They're like okay. You guys do this. Maybe you can give me some thoughts and the first thing I thought of was when you're doing clearly again. Not Us an expert. So let's start right there but if you're doing correlation right it's you have to have a pool of data correlated against right like. I can't correlate against so you've always got the sliding window of time right so if you've got if you're adding say a Gig in our a Giga Day. Let's be basically by the day. And you're doing data Richmond's that turns into four gigs. Right with even if you do good deduplication all you're doing some enrichment. You're you're adding notes and all that so then so you've got four gigs a day so at some point because that's SIM has decreed data structures in memory to go reference against in near Real Time. Though the window of time that you can shove logs into into that memory space becomes finite so if I suddenly start Doing ten gigs a day. Right the the the volume is higher. Which means that. The window of time that you have to correlate against gets compressed that make sense yes it does so what was. So so. Here's what happened. They went from a. They had an architect same architect for them. It was built with enough memory to do a thirty day sliding window of time in near real time so this is a huge implementation. I mean we're big Amazon using Flash Memory. Expensive stuff but it was massive. Then somebody added another basically. I'd like five acts of the devices as they brought on and nobody. We architect the thing. I don't. I'm still surprised about the increase in data volume and decrease in alerts. Yeah so so. Here's what happened. So they compress the window of time from roughly thirty days to about six days and because they overtime had tuned it to the point. Where like one alert did trigger anything number of correlated alerts triggered something right so ports. Gan followed by RECON activity followed by an attempt to use a US an exploit that generated at an incident essentially because they weren't seeing those anymore because attackers had simply started taking their time right. So the kinds of attack that you'd see happening over thirty days. It was still happening over thirty days. But they were just seeing five or six days at a time so they were never there. Were the number of a high-quality like real things decreased dramatically because nobody really architecture the thing for them Yeah I think that I kind of see that. But it's just to me. The situation is still somewhat uncommon. Because I do see a lot. More people complain about more More date than warlords. More noise so it of like then. There may be the solution to this. May Well be somewhere their unique realities. At least that's my. That's my impression so it was. It was super interesting when I looked at it. Because you know insecurity we tend to say we'll just log everything right. How many times have you heard and saw everything? It'll be better. Just give give all the logs and it turns out that you know there's a point you hit whatever system you're using and this is another kind of another a bit of Sim and I think that. Yeah we we miss is. It's not a install once and never look at again right. It's the reason of it has to be designed for the volume and the workload that it's going to carry. You can't look for sure. Yeah very disturbing volume obviously as well because you may be looking for something that maybe I maybe looking for very different things so our stalls would be different right and so this is again another piece of expertise where I just don't think a diy approach works. You don't have that you just don't have that expertise so I'm looking at it going right. You know what? Let the vendors do these things because if you if you try to do it yourself you're gonNA end up in a situation where you know you. You think you've got to write and suddenly you're seeing more noise less positive stuff and you're wondering why that was why forgetting. I wish I can Give you kind of a general answer. I don't think there is one for that but that's because I don't think you'll hear. Yeah exactly that's what the problem is that. A lot of people still don't like him as a developer. Like like like you have to develop software to succeed with seem so. It's almost like if you go if you go too far the other way like. Yeah it's gusty them. You have the bill that every time from scratch for every client that's also not truly successful. Route costs yet. No no absolutely because then you get addicted. Nobody can afford this it. Yes the answer. The answer to scale is lead is the MSSP. But you do too much right. So the more cookie cutter you do the more consistency and the better the faster that time to value. But the more you have but that loses on your ability to truly customized to the specific use cases and that specific whatever you know the the client that land also shifts the problem of how do you choose the right. Mssp without being an expert. Like I've I've been with somebody about that because basically had yeah for you the best solutions probably MSS. But because you don't know what you're doing but the problem is if you don't know what you're doing you probably can choose the right emphasis and that I basically like the guy one I can't i. I'm not sure how to argue with that. Frankly because like you're right if you truly are unaware of security problems you probably would never pick the right there with us. Be Aware of security problems fix it? Then we have. I hate that but that's absolutely true. I think or stuck in this loop like I feel like groundhog day every every year like every day. You know it's it's we've got it right. This time. This next vendors gonNA is doing it right. You're doing it right. For what use case at how and I. I think I think this is just if you abstract like the life of the the life cycle of the same over the last eighteen years really Embodies the journey security has taken in that. It's really it's wandered everywhere. It's tried everything and ultimately it's come back to their home that it started which is out of the day but it's true it's true but then you kind of like it. I think I've used an example. Probably somewhere else. Well argued and social media like somebody many years ago told me that there was this book called how to get rich well staying average and I said and I couldn't find the cook by the way so but the point is that a lot of people right. Try to approach ransomware. Like how do I solve them? L. Problem wellbeing bad that it and security so like how if I'm mediocre at it and maybe second security. How do I saw security problems? The answer you don't you so you can say okay you screwed you write your answer. Outsourcing is a partial answer but then it's object to other problems like not being able to tell good providers from bed. Yeah this is this is this is endemic. I mean we we. We think I think will eventually have to happen. Is there's GonNa be there's GonNa be some some critical points some technology some something that's GonNa be able to take You know some of that Bridge that gap Or you know between the the fact that we all would think we can do it better than the other guy but at the same time You know we we are. We have less knowledge than the other guy. But we don't know what is the There's there's the name for that principle where there's a great tedtalk that I saw is basically the reason. There's a lot of people who And has happened and fortunately he said he's a sociologist. As in the male population is a lot of terrible male managers. Is We tend to overestimate our ability. how great we are. Because we don't really understand what like you're just never told no and some suddenly like you think you're the greatest thing ever and you measuring yourself by a fault by a faulty yardstick in like anyway so I think that's where security is is has been stuck in neutral for years as we all like you know we. We've gotten into the hype. Machine right like vulnerabilities come out. And they get their own theme Song Wettest I. I blamed black cat for a lot of this and I don't mean that in like oh it's black. Cats vault like conferences fall. But we we like when you and I were because we're kind of we've been here for a while right Will we will. We kind of started looking at security and it was the community was building what was what got the attention. The crazy outlandish start hacking like a half the jeep in the middle of traffic. Kind of nonsense. Right that that craziness and you know if you keep. Atm OUT CASH You. Could you know make a make a plane flight sideways or other nonsensical things that were just like great for news? But not much else. That's what that's what got clicks. What you've got you on stage but that is not what solves the problems that we're really facing Jeremiah. And our sneaker doing they they seem to guys like if anybody insecurity should get the problems we have. Those two guys would be would be in that group for me. And what have they done? They've gone in started at an asset discovery discarded company correct. Yeah no that. That's the ad that that thing is. Podcast I mean the fact that Ed management discovery is coming back. As a hot thing is is about customer sewn and I was like okay. I'm not ready to blame fence for everything and I've never been on the offensive side. I've done very little pen testing many years ago so but still i. So I'm kind of kind of blue team defender Guy here. But it's hard for me to blame. Blamed offense offensive. Be being hot because I think that this hotness can steal a could have been channelled into something different that how defense as cool as well but it wasn't really done so I don't think it's the stunt hackers fault. I think it's kind of a community. Just less industry fault that this energy was kind of fizzled. As opposed to channel sound were useful. Am I rambling here? Possibly I am but but I think you're you know you've got a point because much like You know much like the news. What's the old line if it bleeds? It leads right. So we'd like we'd like a you know. The news likes a good car wreck with lots of car and lots of people injured. Why because people tune into that Why do we have you know? Why do we have traffic jams when the accident is not even on the roads off aside because people like to crane their necks and see what happens like this is why the stuff became super popular? And we put a top. We many conferences around it. Many conferences around it and some of his point right right by at least one in the world every day right which is kind of kind of insane but but to really start to solve the problems that that security has at its base you know and whatever whatever use case you want us whether it's the recent as recent as Equifax as far back as target or way back before that right. What kind of problems? They actually facing these. Were not something that you could throw. Technology at and saw these were human interface problems right. There was an even more to the point. Like the you know the the issue that many companies and I worked on a network that had a million and a half nodes right so this was not a small network. How do you get to how to even if you have one? Patch to deploy across a million and a half nodes right save. There's only only ten thousand of those like it it it simply these numbers don't work in the way we think about like at them at that scale and then to a different point but related right. How do you even measure some of the things that how do you get to the things that you don't even know about 'cause after time we're like okay job we've patched also all ten servers mail about an somebody else out there in the back black out there going? You forgot to fourteen. You don't know about. Yeah Yep and since not going to help us with that Yeah symbol. Tell you that you've done it but We'll go beyond you tell you what you've done it makes your makes you are. Dss assessor happy. They as the bad guys. Siping all your data away unless unless if you're negligent it may actually make you kinda sad than the assessor will. It depends because sometimes deals that you actually haven't done a good job and you are in fact negligence. So sometimes that's that's the result. Well I duNno I sort of worry about some of these companies. That have these massive sims where. They're logging everything but not really doing a good job of detection because what in fact I think they are doing when the lawyers find out about that basically. You're logging evidence against yourself right. There they won in fact sure evidence of negligence in the case of that. Which are you know? Sometimes they're more hilarious than others. But yes you're right ultimately You your pain to eventually pay more all right well. This has been a riot. Where nearly fifteen minutes I told just want to go quick. We can do like three of these and not run out of topics man all right. So what's what's next for you or You'RE GONNA YOU'RE GONNA stick around for Awhile while and tried to assure because it's There are many more dark and dark but like deep It technical capabilities that can drag out of our internal environment of course And then making them in the product of course google original home of Of Kinda Zero Trust approach to network and then if you other things that we have can become products and I think that become that may be part of a mission to make it Helpless See the light of the world that would be That would be great. Just don't do it the way Amazon. Stealing it by Like I think Google kind of made this famous. You know where you kind of put to sing in Beta throws him code together throat in the world. Good luck people. Start to use it and gets nuked. But I I think. I think the company's maturing I'm like an evaluation process so get to it. You got some work to do but for sure. There's that okay perfect. Thank you for inviting me and looking for all right. Thanks folks for listening. That was Anton Advocate News. Join US in. We babbled on about seminar. I Dunno some adjacent stuff. I guess it's been a blast. I hope you took a lot of notes or at least laughed long. 'cause I know I was on mute laughing half the time and it's been it's been enjoyable. Thanks for you. Thank you folks. We'll talk to you another time and another place on yet. Another Dallas queudrue rabbit hole. Podcasts until then JOE is we've bathed out on another down the security rabbit hole episode. We'd like to encourage you to chat with our hosts and guests using the twitter. Hashtag D. T. S. Please check out the show notes catch up on any episodes you of missed and subscribe to. You don't miss. Our website is white. Rabbit Dot net w. h. One two three R a V. I t. dot net so on behalf of provoking jeans with good bucks. We'll see you soon on another down. The security casts news.

Sim Google analyst Gartner Sim Sam twenty twenty Simmons US MSSP Amazon Hundred Thousand Person Compan The Chronicle Ivory Tower SYMANTEC Benazir James Beck Md
Threat and SIEM Management for Insurance

Cybersecurity Effectiveness Podcast

58:32 min | 3 months ago

Threat and SIEM Management for Insurance

"Dj How you doing. Great, how're you doing great I love the I. Really Do love that steam punk lamp behind you and you were talking about that. That's that's cool stuff. Now, it does that like a theme have you done that throughout your entire house or is that just like one particular piece? It is well, I have that piece and then you can't see it. But over here, my shelving kind of follows that theme so. Just trying to trying to soup up the office a little bit for the work from home will. The new home for sheriff's right. So have you been able to get out any camping or fishing or any outdoor activities? Yeah. Yeah. I've been able to get out. So kind broke from quarantine a couple times to get away. So did a camping trip have have a little bit of property fortunate enough to up in North Carolina. Mountain Smoky Mountains. So got to get out and and taken some nature which is always good and then actually last week in the family went down to Navarre, beach and got to get out in the ocean and do some fishing and and play in the sand which was awesome. Family needed a a respite from the quarantine. So it was good really good to get out. When the kids just get super excited to go go to target. Or Costco. You know it's time to take him. Exactly now, did you do deep sea fishing out there or fly fishing or what he's doing? Yeah. So we were fishing surf SOM- caught some black-tailed course catch and release always let fish go. And that was really exciting. People are always shocked and amazed. Oh, where did you catch that? It was great on the shore like where people swim. Sharks there too. So there there are bigger they you know. My brother-in-law caught one that was doing the fishermen thing about you know round that big. So pretty decent size I take off the to- yeah. Yeah. But they're they're they're pretty benign sharks. They're pretty friendly to kind of keep to themselves and then we did actually get out and do some deep sea fishing caught some red snapper. Fish and and things like that. So that was really close. We did a little six hour expedition out into the Gulf Oh that's a pretty a pretty long long one six hours. Yeah. Yeah. It was good. I took my daughter's deep sea fishing. We fish off Costa. Santa. Cruz. And usually go fishing for link cod or depending on the day maybe salmon it just depends. And my youngest daughter. She had just dropped the hook and and she's kind of releasing it and she's counting how many seconds for. Down she goes is the very first time fishing. Any kind of fishing she goes I got got one I'm like you probably caught like a fisherman next to you or a piece of coral. But sure enough she did and she had a fish and she was like she's real it entries doing the whole thing I'm just letting go and all of a sudden. It just goes slack. And she's like Oh and I go I go sometimes you know the fish will break the line or maybe didn't have it all the way it got free She she feels it in and all she has is the head of the Salmon Happens it wasn't sharks there, but we have a lot of sea lions and. SMART, enough to know. Let the fish get caught I tire self out come up behind it don't the part with the hook with the with the pointy bit and stuff. So he just had the head of the fish. Yeah. But we a really one really cool experience over there me and my brother-in-law went out in a Kayak from the beach. Shoreline and we went out probably three or four hundred yards, and we were just fishing for whatever would bite out there. And I heard a little. Noise. And then we looked over and something kind of bumped the Kayak and we just saw six or seven foot shadow. And and here in the noise something kind of in my subconscious was like it's okay. But my brother-in-law is like, Oh, just shark. It was I mean when you're out in a little kayak year like you're at the mercy, the everything's a shark in everything's a short. Well, it turns out it was dolphin. Yeah. Up Two of them and they were just hanging out around the Kayak for about five minutes. We were like splash hands in the water coming right up to our hands You gotta spend some time with them. That was just a really surreal experience out in a Kayak that was that was a lot of great. Well, as long as the dolphins are there the sharks aren't gonNA hang out. So that's exactly yeah. Yeah, for sure. So let's Let's talk a little bit about what you do AFLAC, and maybe you can give everybody a little bit of background on that. Sure. Sure. So I'm the director of security operations and threat management and Sort of a mouthful, what that means is over most of the operational aspects of security at athletics. So I have seven functional teams that that do a lot of things. So that's threat management slash threat intelligence. There's order the tip of the spear doing security research what our adversaries doing gathered intel on them, what are their techniques, exit procedures and gathering all the And doing cool stuff with all the data there and helping US adapt our defensive posture security ops, which is sock. Security. Administration and incident response and forensics. So those are pretty self explanatory I recently took over engineering. So well, build the new capabilities in our program. So all the services that were offered to the organization they're helping. Recent because I think when we first met when when I was out there that was not under your under your umbrella. Yeah that's a recent recent change. And then enterprise vulnerability management, which is you know vulnerability management application security, and pen testing us we have an x. read a I read team. So internal pen testing and external attack surface testing, and then also have a a decent chunk of cloud cloud security minutes ultimately, all those practices kind of extend to cloud, but we do have some very specific things we're doing. So. have some purview into that as well. It sounds like you got all really cool stuff. People say, yeah, it is. It is all the fun and interesting stuff. It's it's it's it's quite a bit of innovation going on. So never ever all moment it's do you to deal with anything on the regulatory mandate compliant side of the house at all. It all touch is in everything we do. There's facets of it that you know have compliance obligations You know we we worked very closely with privacy technology risk compliance management So yeah, very heavily involved in in governance and compliance and on the regulatory side anything that's needed were pretty heavily involved in attestations and We're doing everything that we need to be doing talk to me a little bit about that in terms of some of the regulatory requirements in compliance obligations specific to maybe. Insurance companies. Yeah I mean insurance is starting to look a whole lot financial services I mean we really call ourselves financial services anyway, and we we really hold ourselves to the highest standard. So we really we really stick very heavily to like. FIC. That's the standard we kinda hold ourselves to even though we're not necessarily directly under the purview of FIC rigs just helps us stay where we wanna be from a compliance and security readiness standpoint some of the. Unique Challenges in insurance specifically are it's it's really a lot of it's state driven. So you have to know what all fifty states expect in terms of compliance and they all have their different. You know disclosure requirements, reporting requirements, privacy requirements. So it's a lot of all of the the state level rags in kind of them up in Saint Alright. What's the? What's the most aggressive in any given area and that's what we have to adhere to. So we're California Senate bill. Yeah. Yeah. Exactly and then yeah I see CPA and things like that. You know there's a lot around you know privacy and consumer oriented regulations that are are driving want to change in terms of how approach story and processing handling customer information, and that's that's that's a big play to. So yeah, that's that's sort of the landscaper insurance looking like banking now. So, let's let's switch gears to the security side. What are what are maybe some of the big security challenges that you're seeing that maybe maybe are a little bit more specific to financial services slash insurance. Yeah. You know there's again it does look a lot like like finance minus the banking trojans. They're they're the lucky? Recipients of those threats. You know I I think probably what's what's Kind of on the newer you know set of challenges for security is is like. Most industries now, it used to be like there were a handful of verticals that really had to have a pretty leading edge user experience and digitisation programs now users or customers really. Of of article you're in, they expect a, you know a seamless user experience cutting-edge technology. So insurance is really definitely going in the direction of you know modernizing the user experience, a digitisation of of technology Omni, channel support, and so from a security standpoint, what that means is like I'm sure most companies are feeling now is there's just intense pressure and desire to modernize technology and then you know keeping pace with with that changing landscape to make sure that that security and. In application development teams and everyone are in lockstep, and that just means faster pace of development newer technologies and making sure that you know security is deeply integrated into all of it. You know through that that digital journey. Yeah I mean it's a demand now I think we've done a really good job as industry educating nachos enterprise, but the general population about the the need and evaluate security. Then they came back and they said, okay well, we'll give it to us we we want it but you gotta make it easier, right? Yeah. Yeah. It's gotTa be integrated. Be Seamless. I was in I was in Central America, and I won't name the the country just because I don't know how many. Financial Services companies might be doing this there but they had for their multi multi factor authentication. They gave all of their customers basically like a a card I I guess I'll call it a Bingo card for lack of a better word. So you had x. y access and When would it come up based on? They'd log in username password than ask for the Co when the code was predicated to this card, which had some type of serial number idea to them and said, okay, g seven and then gave them gave him this and that's how they would do their multi factor authentication wasn't horrible. It's actually a a somewhat elegant idea a somewhat low tech, elegant idea I think But now now, of course, people are converting that to if they don't have to have a key fob doing it on their on their mobile phones, right so it's very easy click and it just passes it through but So even cases like that where perhaps you had a a public that didn't have access to that type of attack they still wanted security such demand. There's such a push and I'm sure that's just something that's. Evolving probably every every year in your industry right trying to make things easier for the consumer trying to make them more secure at the same time and playing that balancing act. Yeah. It is. I mean you know the authentication experience is been you know a big big push for US trying to get. You know uniform indication across the board trying to find ways to make multi factor is effective as possible without impacting user experience and so yeah, that's just it's sort of expected. It's. That easier harder, the same any I don't think cloud has had much of an impact on it. Directly I mean, a lot of the cloud stuff just you know kind. And ties into whatever you're already doing and so we're not seeing cloud chain disrupt that too much but it's more about you know whatever platform they're touching. They don't want different authentication experiences. They don't WanNa pivot to this happen to have to reauthenticate. They. Don't WANNA BE CHALLENGED FOR MFA. Every single time if they're within session and and we really don't necessarily want to challenge them every time anyway, you know. So so an analytics to drive, you know when to challenge for multi factor to try to reduce that that that burden on the end user is all really important to the experience which really try to focus on experience even from the security perspective and keeping it very simple for them. Very cool. Very cool. Well, they'll look at how somebody like you thinking through it like that. Let's let's of switch gears from sort of the user side to maybe a bit on the threat side you mentioned before you're not really seeing banking trojans pre. That one segment. From A THREAT PERSPECTIVE So I wish I had something. eye-opening and exciting to talk about their But really you know it seems like it's a whole lot more the same. And that's that's a a good thing. You know they're you know with with coed obviously, they re rebranded a lot of their their schemes to to use cova to try to entice users to to fall for fishing games and things of that nature but but fishing still number one, and within that, there's really two key categories you got your credentials dealers, they're going to try to get credits. And then go after your your SAS applications they were like to target. Microsoft's we wherever they think business is going to happen they're gonNA try to get credits for those those platforms by fishing their employees Mauer, of course through vision as well. You know we're seeing a lot. You know it's weird because it just goes through cycles. It's like up there is that one again. So, dried eggs, loader agent, tesla, low key, pony, all these ones they just kind of cycle through about. Twenty or thirty core Mauer variants that are families that work. Well, they get their infrastructure torn down. Somebody's spins up new infrastructure starts new campaigns and it's like, Oh, there it is again. So they keep recycling that sort of stuff One thing that is a little bit newer though not new insecurity terms because if you've been insecurity long enough new means you know in the last couple of weeks. but in recent years you know a lot more focused from the adversaries on on just open services and I think cloud proliferation is Roy driving a lot of that. So why go through the trouble of building you know elaborate schemes with complex infrastructure our the has to be supported when you can just show Dan and Find Open S. three buckets right and just go pick data clean off that people miss configured. So often services and and you know data storage mechanisms online. In the cloud a real popular targets right now because you know cloud miss configuration is a pretty significant risk for a lot organizations in its ultra, easy low hanging fruit for the adversaries to go after. So they're taking advantage of that trend. and then you know ransomware Kinda it's like it flares up and then fizzles and flares up and fizzles and and so we're seeing. Some ransomware again as Phobos grand crab, a handful of others. and. It's just like the regular M- just goes in cycles. and then of course, targeting a web applications API is you know for for exploit. So they're they're always scanning what's out on the Web from an application standpoint that might still be susceptible to all the old trustees like cross site scripting sequel injection or other other exploit methods. Though, they might target the underlying platforms to if you're running on like a content management system or something like that the target that as well So it's a lot of that Ted anyone who's been insecurity for wild. You sounds really familiar not seen a whole lot of novel stuff like just hey, here's something that's really flashy really new and be aware of this so. They don't need it. I mean there's I mean when we when we first started verden now Mandy and security validation. But when I start up, the whole idea was did we want keep on chasing zero days and the is It out of these the. Late stage threat analysis frameworks that were put out or do we want it is based on on behaviors and we said look there's there's only a finite number of militias behaviors whether it's related to lateral movement or data xfinity see two or. Business logic attacks. Now, the attacks ride on top of them are going to be completely different, but they're always going to follow this process. So we tried to yeah yeah. Yeah it's it's it's never ending. If you try to trace every single attack type you mentioned something as well. I'm hearing a lot of folks like you people that are managing large large security infrastructures talking about just simple cloud miss configurations leading to you know the extra buck on the wrong side. So maybe they architecture was supposed to go wife web application, traditional firewall database application in because a few incorrect key strokes the WAF- and the fire or on the wrong side and the the database in. Asian is on the other side. It was really hard to do that in your local data center because you'd have to change routing and. Abel's around but it's a couple of key strokes, right? Cloud and that seems to be happening a lot actually. It, really it is in. Their governance at scale really kicks in and I'm sure we could touch on that. In a bit but that's that's definitely a newer paradigm to a lot of companies are waiting in the cloud. One that had would strongly everyone be very conscientious of when you're developing defying cloud strategies is to figure out how to address. Configurations I would wager that the the number of cloud incidents are percentage of incidents that are due to miss configurations is probably you know in the eighty to ninety percent rain I think you're absolutely right. you know. Zero days and fundamental flaws and cloud infrastructure that are allowing these types of exploits to happen. It's just how people are setting things up. Yeah. Yeah. Well, let let let's talk a little bit about governance and maybe some of the other trends as well that saying things that are how they're evolving right now. Yeah. So I mean obviously the the heaviest hitter right now on my opinions cloud. Just, overall as a as a macro trend from both from an IT and security. Standpoint because they're you know it and security inexorably intertwined. So where it goes wants to take the the infrastructure and applications. As you know, security's gotta be mock step in a cloud is you know even more conservative companies that that might have even uttered the word cloud five years ago are getting pretty serious about it now and and if I can is well on our cloud journey. And so with that, you know the IT brings a couple of trends with it and you know the first one you know we've already. Touched on which governance at scale, which is you know I think the the core mandate of security in the cloud environment is to to supply guardrails. and. By that, I mean you know when you look at a provisioning and then access governance or access provisions for you know you want to be you on your teams to be nimble he wants them to go to provision environments quickly but how do you do that at scale? Security in place, you've got to think about the frameworks that you can put in place ideally with automated solutions that can help. You assess in real time, the the infrastructure being provisions, and how everything's being configured and have all your policies in place to say, Hey, go provisions and you know they can't hurt themselves in the process too much because of the. The PLA policies that are applied that have been put in place in agreed upon and then oversight to to see if things change over time or if there's some way to circumvent some of those guardrails that you have really fast detection to go take remediation steps ideally automated were working on automation for the remediation. Detects this, run a lambda go shut it down. Or fix it. and. I started interrupt. I was just GonNa. Say I think a lot of these trends that you're you're talking about if you don't leverage automation as a way to help manage that and you try to do with the old kind of manual process. You're just making things worse. You're you're you're actually. Getting better at anything you you have to hire an army. It's going to cost you way to secure your businesses making. Yeah exactly. Exactly. I mean that's the main thing is a lot of companies are going to cloud, define the obviously get resiliency and you get. Access to tap resources at should help drive innovation. Accelerate delivery in. Great. Time at times highly working. Exactly. But ultimately, you know your CFO and others will probably argue CIO THEY WANNA see a cost savings in it. Alright. So security can't come in and say, Hey, we're going to double the cost of everything which is you know in a data center I it got really expensive as Larry and things on but cloud does offer a lot of opportunity to do security at a much lower cost. If you're if you're thinking in the in the vein of how do we scale this? How do we automate it How do we? How do we set it up to where you know things are provision securely? So we don't have to bolt on a bunch of stuff after the fact that costs you know half a million dollars each. So. Very on but yeah, and then the other the other significant trend you know that kind of dovetails into that is a pretty significant shift from click a click OPS descript ops. So you know traditional security was you know by forty or fifty different solutions? They have nice neat gooey and you're dragging and dropping or clicking boxes to apply configurations, and you know even in data centers, you starting to see more hyper visor type stuff being exposed to feel more cloud. Then private clouds are trying to look more public cloud with their automation and orchestration capabilities and then public cloud. Obviously, it's just it's an eight to them and so as a security person the whole clicking things is kind melting away and it's all becoming. Scripts got clean a cloud formation scripts or you got tear former answerable You know you're doing things with python lambda and whatnot, and so it's really all become in its back to coding. We're all coding again and so You know that's that's for some painful for some enjoyable but but it's necessary transition they security teams are go. If they're not already they're going to have to get very comfortable with how to do things as code because it's all about provisioning security with everything that's deploying with the application with the infrastructure. That's the point. I remember some of the first things I ever needed to script I was using expect and I was using Korn Shell a little bit of Pearl and. This is this is the best. This is like cutting edge, and then it all kind of went away a little bit. Say where we're dating ourselves with some of that. But yeah, definitely. Well, you know we just came out with our twenty twenty mandate Mandy and security validation affecting this report. Yeah or Mandy security effectiveness. report, and we done a couple of these over the years and I just captured a couple statistics I wanted just run passion get your your hot take. You know what you're what you're got. Tell you about these and maybe why are these numbers are where they are and sort of how you feel about him so I wrote him downside get them exactly right here The first one, it's about data exfiltration. Based on the analysis of a companies that we've worked with, we found that did exfiltration is prevented. About Twenty, seven, twenty, nine percent of the time and data exfiltration is detected only about thirty one percent of the time. So roughly thirty percent for prevention and detection for data x Phil What do you? What do you think about that? You think that's probably about average do you does that seem high low which you're hot? I honestly would say that sounds a tad hi. I'm. A bit skeptical but mainly because. It's something that that we're actually working through ourselves right now because it's an interesting challenge, you know you have dop A lot of people rely on that for exfiltration on behavioral analytics is starting to get some some traction, some capabilities there. There's some interesting players that are doing some cool things around behavioral analytics that might provide some some long-term benefit to be able to detect xfl but I think the challenge is So few do DOP type of technology. Where were you know on the end point know as soon as data hits, they can detect it. You know a lot of most GOP that I've seen is either happy through email when you're loading USB or or across. The network while I. Mean if I'm an adversary and I'm you know trying to get you know a certain number of records out of a company I'm just going to download the data stage it meaning put some space bars in the social security numbers and then and then send it out and suddenly dop. That's you know looking at patterns if it's not looking at patterns like, Hey, this is abnormal for this user to be sending this much date out then which is really hard to do because you know environments are chatty. Now then you're you're probably looking at patterns and once it's been staged, it's it becomes invisible to a lot of technologies today so we're focusing on get dop. Pre staging. So so before they get the chance to modify since it hits an endpoint. It's detected there. So we can see before that dagoes out. So I think that's kind of the crux of the challenge. Is the technology and approaches it's a little dated but as M., L. picks up. sorry. Machine learning picks up. And as people kind of adjust their tactics to get catch. Data, staging processes. I think we'll see improvements there. I think a couple years from now I'd expect that to be much better than the maybe in the seventy eighty percent range to techno that'd be I. Think you're right I think that's direction. You look at some of the early solution for this and it was all about mitigating in coding help people in coding this the output in different ways where they zip it or arrived or tar or Zip Rar Antar, or Tartan ten times whatever or you know all these different ways because it can only impact. So many times maybe had a three level. UNPACK A you're. In those were pretty easy to bypass but I I like where you're going with that as well. I. Think Machine Learning is is going to be a big change for that and also mixed with what you previously said sort of the network behavior analysis capabilities and things that to to look at behavior the the second final stat I wanted to share is related to lateral movement. And I know you have a really strong background in similar log management so we'll get to that in a moment, but this one says. Lateral. Movement only creates an alert in Assem four percent of the time. So missing it ninety, six percent in your background again. I I was I was at Ark site for almost seven years in the same thing I'm like. I'm almost saying that's probably actually higher than yeah. Yeah. I just because you know we mentioned. Earlier, just parsing issues and NTP issue is making sure your infrastructures right and then it guest your Sim. The correlation, the pattern discovery, the anomaly detection, temporal volume, metric analysis, all that stuff. It's so rare but and it was lateral movement creating an alert four percent of the time. Yeah. Sounds about right. What I would expect across. Organizations or Across industry. I'd be disappointed if that was our percentage I think I think you know we're. We're. We've we've really think help. Take some more advanced steps to to address that problem where I think we'd probably fare better than that that stat But yeah, that's you know I mean the the real challenge there is you know in the last five, seven years or so adversaries have gotten exceedingly proficient living off the land and so they they know what tools to use to look like a regular user. They're gonNA use accounts that are in your environment So gone are the days of them creating an Admin adn accountant and trying to use that and using their custom tools to try to pivot around environment they're not loading. You. Know Custom malware to the systems to exploit and pivot 'cause it's there's enough low-hanging in most environments that they can just use service accounts or the accounts on the systems and just pivot using the tools that your administrators do So so that really comes down to behavioral analytics and a lot of other technologies that provide visibility into You know what's normal what's not I really liked deception for this. This use case That's an a you know anouar. newer technology. It's you know probably you know four four years in the market. and trying to deceive adversaries who are trying to move laterally. Into using your your decoys, whether it's deceptive artifacts on end points or or deceptive systems if they bump into it, then we know that it's somebody trying to move laterally and that's a pretty effective means. So there are some solutions to get those numbers up. And Sim Sim configuration good correlation rules things like that can help whole lot to. I wonder how many people name their deception servers Financial Accounting System Well, if you do in deception, right. You have you know many many many deceptive systems You know we go for saturation. So you know lots of systems deployed everywhere that look like anything So impossible to tell I. Kind of always use the analogy it's like playing minesweeper crawling around. Affleck environment you're clicking boxes but you don't know what's behind it and sooner or sooner or later. Generally sooner rather than later you're gonNA click the wrong box and you're gonNa hit a mine and and it's GonNa be game over so yeah. Very. Well I alluded to your you know your background symon log management you you've been working in that for a long time. A lot of things have happened that changed how that evolved over the years. It's gotten. It's gotten much more agile so Where you know maybe five years ago was, hey, we tried to make out of the box content work do some tuning and tweaking and creative. You know a few of our own rules here and there to a pretty extreme agile approach. So we're we're we're doing a lot of I, kind of have a four stage cycle. It's it's test you know validate and then. iterating. So it rate meaning close gaps or refine and then and then test again and just have this this continuous cycle. So we're taking you know all of our threat research and are a you know attack simulation platforms were feeding that in were figuring out you know based on current threats. How do we? How do we fare you know are we rea-? Detecting, what we need to detect in the SIM and then we're we're doing custom model in as well and just continuously iterating through that. So we we just have this. You know we're always at war mentality and we can't let off the gas, and so we're always doing that testing and in continuous improvement to our our correlation capabilities and probably a no as two or three. Years really truly relying more on the the analytic space to help augment some of that. So rather than the the old school method, maybe five years ago or so of having just one to one correlation, and if this hits, you know burden your sock to go figure out if it's if it's you know real or not we're doing more risk aggregation so. You Know One plus one plus one altogether equals five and five is something we need to act on. And then augmenting that with with machine learning analytics to to help get some more robust anomaly detection incorporated into that risk scoring. And so were are Sim you know we're updating it no less than you know four or five times a week with Linda. Adapting correlation rule is creating new ones tweaking algorithms. Need to to stay up with whatever current threats are are doing? Now. How has the security validation capabilities helped with your process of tuning in maturing testing and balloting? Assume it's been huge that was a major. Major multiplier for us so. Prior, we were doing manual modeling, which was great because you know we have really smart people in there. There they are doing our research. They're they're studying adversarial tactics and they're getting pretty good perspective, but it just doesn't scale real well That's a lot of you know manual time and effort from a skilled resources, and so we knew that needed the scale and the attack simulation or security validation space come into fruition as a commercial solution was was really timely for us because we were red at the stage where we were ready to adopt something like that. And so we did and that's you know we went from, you know maybe three or four you know. A. Net simulations, but like going threat modeling sessions. To say like, here's here was a breach. You know what did that look like what tactics they use? What's what's make sure were were ready for something similar to here's ten a day and we're taking you know live hours ampoules and running them through doing simulations were we're using you know. The latest and greatest adversarial techniques and and run them through. So we can just scale so much better and that was important because we we adopted mitre attack framework as a sort of a core framework to measure because with sock it's always like well, how do you know? Historically you would look at and say we're successful if were responding to alerts in a certain time and and what's are false positive rate but the real in my opinion, the real measure of success for your your sock, and your Sam, is you know, can you detect everything you need to detect? and. What is everything you need to detect? That's a nebulous thing. Insecurity teams have Roy struggled to grapple with what's the source of a good source of truth for what is you know everything and while it's not truly everything you know there there is such thing as good enough and security know you gotta you gotTa strive for getting a really good baseline in place at Mitre might attack framework. We feel like is really good for getting. You know a pretty comprehensive list of the known. Techniques tactics procedures at adversaries are using, and so we set some pretty high benchmarks to achieve coverage across the the minor attack framework and our OUR attack platform Roy helped us accelerate you know getting penetration into target range that we wanted to get because we could run so many scenarios, and then you know mandate maps that to mitre for us which helps speed things along since we could tell our compliance pretty quickly by running. Dozens of hours ampoules. And, a daily basis. Yeah I think if I look across a lot of frameworks we integrate with Mitre. NIST. Inside. `specially, like nist eight, hundred, fifty, three maybe some eight, hundred, ninety, two as well. O. Wasp. Think things of that state, and there's a little bit of overlap between between these by far by far. One of the biggest ones that we're seeing people measure against mitre and and I. Think it's the right one to testing. So it's great to see that you're you're doing that. You know. Another thing I'm seeing on the same side that's neat is a tear point. You guys just don't set it and forget it seems like there's this constant worry in continuous sort of validation testing because the the biggest thing that I saw when Sorta Sim rot if you will where people would set something up. Something changes in the network we talked about NTP gets screwed up or There's a new update on your IP s now the parsing different there's there's so many there's so many things that have to be done right that. Yeah. Meyer mental drift. Well, my son was working perfect last week today it's doing four percent alerting on lateral movement. Yeah. It's like. Well, your endpoint data stop feeding end. oops. Yeah, it's the proxy server in place. Now Right. Exactly. Exactly. So drift is is definitely a something that we're. We watch very carefully because it we started a cybersecurity assurance program You know mainly you know to do two things. One is you know you know validate that we have all of our core controls covered. and. So that's like it's taken audit and compliance put it on steroids because they're very targeted like mitre. It's almost like minor attack for you know compliance. compliance era know validation of your program and drift is definitely a big reason that we were doing. That is just to make sure UK this work last year does it still work, and so we have to do quarterly at stations that that actually run through scripts and validate that everything works and with our when it comes to the area of security ops where we have. All this in in Mandy End It's so easy because we're we're already validating this like ten times a day. So we know everything's working So it just makes it a lot easier. yet puts a check in that box pretty quickly. A lot of people now tying threatened till to it. So of course. We have access to a pretty great intelligence source. There were opened up to a nominally flash point and you know all flavors of a public and. verticalised from ICE FSI sack. One of the cool things that we added into the solution that I think has been used a lot on the Sim site. I'm just curious if you've started doing this testing. is validating TDP's in. Isis's safely within your production environment to see how am I security tools react given this TCP or given this trying to X. filler beacon out to appear domain and then we'll that result in a similar that my you know my team can get onto. I love it. Kind of takes it full circle because intelligence for a long time was this thing that was kind of opt to the side maybe you got to it when you had time almost like a lot of people treated deception technology a few years ago. Almost a nice to have. It was a actively integrated like you guys are doing but has threatened to become a big component of your overall security ops. Yeah it's banned for quite a while for US frankly Is started with you know getting aggregating and curated the data. So, we we like to make sure we have a lot of context that data's well curated side. If something hits somebody can go in and figure out not just hey, something bad happened. But what is it? You know what our family, what what you know other related indicators are are that we need to cycle through and then we automated the correlation in our Sam so that these millions of. Is's we were tracking where look being looked at real time across network, email and point. So forth But then you know with security attack simulation and and validation for frameworks. We we actually incorporate that data and and we're we're running live simulations all the time just to make sure that the notches would we detect it if it hit you know through our SIM but. Does our firewall block the domains correctly does. is so we're running fresh. Even before we popped them into our, our tip will take them our power variant I and throw it into. Our our security validation tool and run it and just see like, Hey, did we protect based on behaviors? Did we you know that our endpoint agents blocked blocked the execution of the the loader? and. So forth, and so we we try to look at all the different stages before we cheat and put the I o season there bacchus, which we know now nine times out of ten. If it's an IOC we know about we're to block it. Now, you not just operationalized if you've it sounds like you guys have really personalized, you've made. Living Environment, I mean it used to be. You know you you build these activists and here here's all the bad stuff, but then the activists Scott so unruly that most Sims couldn't couldn't handle the amount of you know I domain. It was like you can't process. This is too much. Got I theatre whatever it's just too much but the way you're approaching it sounds like that's a very holistic approach to yeah. Yeah. Yeah I mean we It takes it takes a little bit of. You know engineering and architecture to do it right. But once you do it. Right? It's the Karen. Feeding really is not bad. You know it just it's an upfront investment in in the infrastructure. If you got to begin with a resiliency model in mind, which is what we did. Then it kind of you know there there is that upfront. Gift of figuring out what's the right way to build a resilient environment but once you get through the architecture and then get some some engineering work done to build it out. It the care and feeding is is really manageable. So it's really about investing the time that upfront strategy in what he wants to end product look like and we we knew very early on, we don't have to touch all. This stuff we don't want to choke in on itself if we wanted to go to handle millions of icees well, that means you gotta do data models, accelerate them and have the infrastructure in horsepower to support that You know where you need to make your investments already talked leadership about why those investments will pay dividends and once you build it you know my experience, they're happy with it. Yes. You know we talked about cloud a little bit earlier on in the in this conversation, but I kinda wanted to loop back into it just wondering how are you leveraging security validation in the cloud environment and how's that helping her or what are you doing there? Yes. So we we are. We are leveraging it there. And so the were. Pretty were pretty early in our cloud journey but far enough along to have this as part of it So we have you know the the actors deployed to our cloud. Environment and and you know are able to run tests in that environment just like everything else and so the goal there is to make sure you know all the controls that you have in place that are unique to cloud their functioning as expected. So We're not really integrated the provisioning process yet, but but that's that's the long term goal is to be able to actually you know prevision actors and then have our compliance at scale validation against that in addition to run attack simulations against it to make sure that that all the controls are functioning there and that's that's pretty critical because you know you need you need all the same controls that you have on Prem plus some in the cloud. You know with all the all the integrations that you have makes accents expense. From a technical perspective. You have extremely mature a mature environment, all the different components and how they're all integrated together and playing off. Early mazing. You're also responsible for a lot of different groups that you you outlined as we started here and I'm I'm guessing a big portion of what you do is having to communicate probably two to nontechnical non security executives in the organization to kind of give them a state of the state or trends or you know what's going on. How as how has you know security validation sort of helped in that process and you being able to share what needs to be shared at that level for people that don't really need to get into the bits and bytes. Yeah. So We have encouraged our leadership team board and and honestly I shouldn't even say we encourage because you know they're they're eager and to do so. But to to kind of meet in the middle on on how technical we can get in our discussions. We will actually have our board come in and they'll they'll look at like Sim dashboards and stuff. It's pretty cool So they're not the norm in that respect, but but. To your point, it does have to be. Communicated a level that's appropriate for the audience. And so the types of things that were communicating up to the board as we will actually talk mitre framework and what coverage we expect and why that's important and how we're achieving that with our continuous attack simulation framework. So we actually built a framework called V. cast validation through continuous attack simulation and testing oh nice and that was built around. You know with with you know Mandaeans Platform as a core component, and and basically how we position that with the board is you know this is how we this is how we maintain assurance that we are ready for today's attack what's happening what's going to happen today? And because that's that's again it's that sort of thing is nebulous when you talk about the typical board metrics people say, Oh, we you know. We see this many thousands of tax led to this many alerts. This many were actual incidents in and we responded by this tune in. You know we had no data leakage through this period or something like that no no reportable events but but that doesn't really answer the question like how are we? How are we positioned today? You know against emerging threats and how are we gonNA stay ahead and this has been a a pretty significant answer to that you know for us we're discussing this with the board and so some of the metrics that were actually working towards. We're very close on We do report up how many simulations run and and how many what percentage of coverage we have and how that relates to mitre attack coverage because we have our targets that we've committed to them that will achieve. what what we want to get to and and I know we can because we worked with with Mandy and on on the concept of this is we want to get to meantime to detect a meantime to prevent and I would encourage everyone to consider that as a as a really important KPI for for board is from the day hits and it becomes public. How long on average does it take for us to become resilient to that in terms of prevention and detection, and then using our visas framework to manage that number down as low as possible because if you can say are meantime to to detect is twenty four hours, and our meantime to prevent is seventy two hours. That's pretty incredible. When you think about you know what you read in the industry reports about you know one year dwell times before things are detected. It's crazy how long it takes some time. So you know it really shows return on investment. To the board. We're talking about behaviors earlier in one of the things I, really like about being able to validate security controls against behaviors, not just necessarily attack types, but you can do it both ways. It's sad this this new attack just just dropped you know three hours ago, but it uses an identical behavior to this one that we've known about for two years and we already have controls in place that mitigate that. So yes, it's high I know it's all over the news everyone's talking about it, but we are and we have been protected against it for years. We still test against that specific. P. Cap or whatever. Luggage in. Let's give further assurances so I. Yeah. What? One I can give you a real world scenario where something similar to what you're stating there. It's not specific to the the repeatable technique but When the conflict with Iran happened in January with the death of Sulejmani Everyone would if you remember like the government was issuing warnings with with a day thought, there might be a cyber response and warned businesses to be on heightened alert for for potential state sponsored attacks from Iran. and. So of course, you know. Directors executive team managers everywhere they're like, Oh are you know? Are we aware this ready until we were able to do is we worked with Mandy and we worked with other partners to get into l. on the known Iranian the most common Iranian a AB groups, AB thirty, three, abt, forty, one. and. We're able to consolidate one hundred and twenty two attack methods that those ATP groups have used in the past and run them through our simulations and and demonstrate that we had ninety one percent detection rate eighty percent block rate lower, and we had five five things that we need to do right now to close those gaps to about two hundred and that we were on it. And and so that that would you know that was something that really showed Mike Hey. We have a capability to to understand the dynamics current dynamics of the environment that would go on powerpoint page one if. Into my about. Yeah. Why why you have security Yes exactly exactly and. And so and these more advanced capabilities right So you know that that was a real world scenario were reused this very specific to a to an acute concern. Out of curiosity so when you're going through this process Did. You get rich DNA in terms of. Information about the offensive side from FSI sack maybe some other action involved in or did it mostly come out of working with fire I and other other companies like this and just I'm always curious how much valuable data usable information you get actually from the ice axe in a case like this. Yeah I tax they're helpful You know we have a pretty holistic approach. So so ice axe are a big part. We're fortunate enough to to have a board that is invested in a threat Intel team So we have security researchers and a wad of comes from them looking at well, what's affecting now 'cause he is tax, they have pretty broad industry purview whether it's insurance I sack or financial services is sack. The some good tidbits. Here's what we're here is what we're seeing there to me. Nothing's more valuable than what we're seeing right now you know on our email gateway you know in our web gateways you know in our in our Dark Web Monitoring That's that's the stuff that's you know trying to reach out and touch us right now and so that's always going to be priority one for us and we have a lot of it. We have a lot of data points So that's that's probably the lion share. Is Sax absolutely are valuable supplement to that NC FTA is a good organization that has a good good information sharing and and though share you know binary is with you and and pe- caps and things research communities There's a Lotta, a Lotta communities where researchers are just talking. And we get auto good Intel from from those channels as well. I've often found that some of the publicly free publicly available databases like Mallard traffic analysis and things you can get some really great especially if you're just looking to pull a peak APP in Essex in tested, for example, that's been some great stuff. The flipside of that is sometimes there's so much information and. Spend your time and how do you aggregate and to do and he does just the the share horse power takes but yeah, certainly having your own threat until team to focus on that. So a huge if if you've made the investments in an orchestration and automation to it, it gets pretty easy to just eat a poll samples from your. Gateway from your email gateway and look at other techniques and tactics that are being you attempting to be used against you. And and replay those without exerting a ton of effort and energy to gather them, and I find that just to be you know very fertile ground for for you know DNA for your your testing environment. Yeah absolutely. Well, as we wrap up here, I just want to. Ask You the crystal ball question, which is. Your production predictions on the threat landscape is as well as maybe sort of the security industry evolution overall for the coming years. Yeah. I think it just going to be a everything's start moving a whole lot faster and so the at the macro trends are going to be a very heavily oriented toward devops and deep integration into Cic de Pipelines everything is Code and and it's just there's GonNa be no looking back anyone who's not adopting that those types of deployment and development models you know five years from now there's can get left behind because digitisation is is king right now and I don't see that. That reversing you know years out You know the things that that make me uneasy in the questions that I think we're going to have to answer is as computing power continues to grow and grow and an am l. starts to mature from Hey, everything's m. l. and everyone has a bad taste in her mouth bought because it doesn't actually work the way everyone tries to sell it. It will begin to work the way they've been selling it for ten years and when it does. self-aware and take over everything. Yes. Exactly. Well I. I think. What will happen is you'll it will start to become machine learning versus machine learning right? Who's machine is better and faster. Tax will be very automated The you know with things like quantum computing that comes to fruition and adversaries can get their hands on those types of resources They'll be able to learn your environment almost instantaneously and figure out what the weaknesses are and exploit them and extract before you know there, if you don't have something equally powerful to combat so I it just to be kind of an arms race in terms of compute automation and so then that really just means everything's going to have to be automated and orchestrated very well and a metal evolution's I. WE'RE GONNA wake up and just get in our. Butts kicked one day and go what happened. We lost it's to be you know you're a see that steadily ratcheting up and we're just going to have to be implemented more more A. and m. l. into our capabilities. You know that's a good point at you're the first person I've heard bring this notion up of might be your a or your Elvis's my in my Mo, right? Yeah. Yeah. It hearkens back to the days I remember some of the the larger Batman Armies just even a few years ago that if you looked at one of them had more bandwidth and processing capability than like Google and Amazon combined so. Powerful. So if a nefarious actor or even a nation state with those capabilities able to commandeer, those types of quantum resources, I mean think about De dos attacks and things like that. But. village to to penetrate leverage those those types of capabilities would just be. Phenomenal and everything we've talked about automation thus far boy you better. You better have that stuff kneel down or else it's endgame, right? Yeah. Yeah. Exactly and I think one other security trend that will like we see and we've been talking about this lot recently is how do we operate our business without any sensitive data? And that's that's going to be a challenge. I think companies are going to try to solve for over the next. Three to five years. Yeah. Yeah. We definitely went from a point where let's try to collect as much possible as we possibly can have in mind it and leverage it to this really is a bit of a risk. Data's arrested at how can we do business? You know with that data you know being you know some kind of modern form of Tokens Asian or something that's very different from today. Yeah. We'll Austin man hey DJ. Thanks so much that was really pleasure having you on the show and back can we have you back? Yeah. Thanks I appreciate it was great talking to you take care you too. Bye.

sharks Mandy US intel Roy Mitre Costco North Carolina Sam director of security Gulf Oh Mountain Smoky Mountains Navarre Cruz Santa AFLAC
Snake Oilers 12 part 2: Gravwell seeks to shake up SIEM market, Plextrac pitches its pentest reporting platform

Risky Business

36:08 min | Last month

Snake Oilers 12 part 2: Gravwell seeks to shake up SIEM market, Plextrac pitches its pentest reporting platform

"Hi Everyone and welcome to this edition of the snake oil is podcast. My Name's Patrick. Gray snake oils is the podcast. We do a few times a year here at risk off where vendors pie us to come on and pitch their products to you the listeners and this edition of snake oil is is a crack up. We'll be hearing from three companies in this edition grabwood plex track and it pro TV. Sorry Gravel Mike's ice structure on read. Based seem, which is an interesting point of difference I. Actually, you'll hear more on that in a moment plex track Mike, what they're calling a purple team platform that one falls into the security productivity categories. Basically, it's a system where pen test is can create living reports that plum through ticketing systems and what not, and it's a really interesting idea and they're already experiencing some success with that, and finally we'll hear from dawn possess at it pro TV. Who is really really in the right business for twenty, twenty, it per TV does online training for thirty bucks. A month uses get to access the whole catalog of training material, which is quite gigantic and yeah. Obviously, Don has seen some interesting trends this year and he'll be joining us to talk through those. But first up, let's hear from Gravel Corey Thune is the founder of grab will and. These guys I inquired about sponsorship. The thing that caught my eye because we get a lot of inquiries for these slots and we have to ration them. But I saw that Ron Gula is an investor now run founded tenable co-founded tenable, and before that he was a founder of network security wizards all the way back in one, thousand, nine, hundred, nine. So rolling throwing money at something. I want to know more about it. So gravel they pitches, they enable large scale fully unstructured data ingest. So basically what they've built is the same that does structure on read. So instead of trying to form at all of your event data on ingest. You can just put it somewhere raw and figure out how to throw it on a timeline when you wanna look that's the problem I've solved. Corey Thune is the founder of grab well, and he joined me to talk through their product. As you hear, these guys are really looking to shake up the same market Correy says they already popular with teams running and Rit networks? Yeah. Drop you in here way. Corey explains in his own words. What it is that grabbed well actually does. So the problem. Is seeking to solve is The fact that organizations have a bunch of data coming in from their applications from systems from the cloud and they need to be able to make sense of it for making decisions like security finding, bad guys who are targeting them but also business decisions like where which of our products doing the best I, which of our web pages has been populists. Week has this marketing campaign made sense? Sort, of all the questions that data can inform the decisions to is where grab while helps. But like people listening to that they might say, just congratulations you just described spunk. Yes I could. I could see that the fair comparison. And if I'm being honest so. That is the original problem set where we started out and looking at the space You've got you've got spunk inelastic when it comes to doing this at enterprise. If we're GONNA talk about the state of the market. And those both those who have been around for a long time and have fundamentally different approaches to data analytics, and then you've got sort of a bunch of things that are either built on elastic or on the French. Efforts or whatever. And Yeah you got. SPUNK PLUG INS, and APPS, and all that sort of stuff, right? Well. Yeah. So that's kind of built on top of that platform but. But in my mind, the reason why we've seen a bunch of killers come around and why this industry needs a refresh is because there are some deficiencies of, but there's a fundamental difference between like elastic or something. That's a key value where you have to know something about your data before you put it in. A right and so at their you're at an inherent you've got work up front. Versus the diagnostic structure on read that you just put the data in and you can figure it out later and that's your difference. Right so the Don't need to actually do the plumbing I i. think that's what you're getting at. You pull the daughter in and then you can then you can search you can do. You can meaningfully search binary Dada right? That's the key thing. Yes. Yes. That's one of the quarter French because we make it possible to to search and analyze all the stuff and binary is one of it like you can put Raw Netflix data and or rob packets I don't know if you've ever tried to load. Two terabyte packet capture and wire shock or something, but it doesn't go very well versus trying to search and make sense of that at scale. So that's one of the advantages. To the platform because we built it from Lyon Zero to be able to handle you know binary data natively. Okay. So what's the real sort of operational advantage if I'M Listening. To this, why should I consider moving away from something like spunk or you know if I'm thinking of standing up a seem style operation like why would I consider grab well, something like spunk. So kind of talk to that in into parts because initially I would say you don't necessarily have to because we can run alongside some of these other things but the core problem is as a see. So it's very very unlikely that you're collecting all the data that you want. And that's for a variety of reasons maybe it's in binary maybe you want packet data Netflix data, but you can't because it's binary and you can't convert it or or maybe it's cost you know maybe your devops team wants to be able to put data in, but the security team's budget is out and so there's infighting between organizations that kind of thing happens all the time. And so that's where we can come along gravel and say you know you can bring us into the organization. Our pricing model is significantly different than the rest of the industry a we encourage you to put in as much data as possible because it's your data, you own it and you will benefit by having more data and the method to be able to search through that data, and so that's where it makes sense for for the sea. So is you'll get more visibility you'll gain insights into the data that right now you're dropping because of cost or UH, some of these efficiencies or functionalities now, people would be asking at this point to what end do you collecting this? Data and This is for threat hunting mostly, right. This is for people who want to be able to do this collection and you say you scale to the sky for and then. Get some new I pay that comes in you can. See if you got hit on that Ip across every point where you're doing this this collection, right? That's a good example from a use perspective, right? Yeah. So throw hunting is. Security is sort of our background myself and my co founder. So that sort of where we're focusing but we have customers who don't do that at all which I can talk about later. But But exactly. So if you have a tip that comes in because you've got somebody like like soccer or some other threat detection setup that says, Hey, this is this IP suspicious l.. Let's. In history has ever shown up in our DNS records, has anyone ever data to that Ip as anybody attempted to and you can. Do that search through your entire history as much. You've got retention Ford figure out. The hunt side of of that aspect, as well as kind of providing the opportunity to do some of that in automated fashion before you really get the human involved. So by now, you would have had enough customers to have a pretty good idea of the type of stuff they're dumping into. One of the most commonly using it for what are the most common data sources that they connecting to it? Yes. This is one of the most fun questions because where we're out of the box falls down is the unique ven diagram for given organization. Right. So you can have out of the box for for something like corliss that's well defined has been around for a long time Zeke data or Zeke logs has been there. So doing some out of the box, there is great. But then when you combine that with, you know weird firewall a or esoteric and point be like you create this unique environment for a given organization and and that's really where a gravel does. Best is in sort of that context aware environment where you've got hunters proactively searching through their own data because nobody knows their environment like the people who live in it and there's only so much that out of the box gets. But when it comes to accommodate sources of yeah like we'll handle Zeke straight out like net flow Ip, fix packet, raw packets will do us. So it really depends on the vector and who the customer is it's utility their their most important thing is making sure that the lights turn on right they need they need the process to run and so for them they have laser focus or they're shining the light on my network traffic. As a data source because they WANNA, make sure that you know you're not loading different PLC from where're ladder logic on the system or whatever. But that's not the case necessarily for a different organization doesn't care as much about network where they've Zeke or something. So they're monitoring that instead So yeah, it's it's unique for the organization. That's where we do best fitting into everybody's mold. I'm innocent of feels like somewhere between net and spunk right I. Hopefully closer to the latter on that because really this, what we're trying to do is enable I. But I will say that sort of on the network side like we have run into that on accident. So we've we've gotten into an organization and then like they turn off solar winds because now all inflows coming into our system or something and so so they don't need some of. These ancillary tools. So in a way, we're helping to kind of drop. The Swivel Chair workflow is how some people have framed it where like you're going by between a whole bunch of tools just to figure out what the heck is going on off of a given thing, and so having being able to put all that in one spot is a big efficiency time saver loan costs. For. Some of these tools. Yeah. I mean, you know obviously you would be competing with some of the same vendors in terms of science who you competing with in terms of technology I mean, do you consider yourself to be fairly unique? Other other companies out there doing taking a similar approach. Yeah I think if as people get to the architecture and and start to dig around, we're going to be closest to spunk in terms of the industry We are intentionally in the data agnostic structure on read approach, which differentiates differentiates us Corley from something like elastic or like you right are. Or some of those type solutions and the those are sort of fundamental difference at that level. So yeah, there's a lot of budget competition, but in terms attack is pretty much pretty much spunk as kind of the only one in here and I think the reason for that is because in order to even get to this point, two, billion, our own proprietary data lake and that sucks. No one wants to do that. So all right. So Imagine I'm sorry I've got spunk right have said that people are running this alongside spunk convinced me that I need it convinced me that I need gravel as well as my spunk. Sure absolutely. So I mean so are I'll be straight up with our marketing strategy. We're going for a land and expand approach. We think that we can get in demonstrate value and then we expand from there but the core benefit is There's a so a well is able to take any kind of data binary innocent form as as we've kind of talked about so So you're going to get more visibility into systems and then our pricing model is significantly different. So you've got a clear. Total cost of ownership there's no surprises It's infrastructure based and always has been and so when you have those data spikes or you've got a period where you need to do a whole bunch of analysis that never never have to worry about budget on that front, which is something that that people have historically struggled with and our officiency is unlock a better collaboration between teams. One of our tagline is data is better together and saw your teams you your devops team should not be fighting. Not Fighting Security about who gets to put data in the analytics platform. As ridiculous it's twenty twenty. We can collect as much data as possible and benefit from that on all departments. So we can focus on the mission of your organization instead of infighting. And worrying about these technical problems. So your strategy really is get us alongside your spunk and you feel like you're gonNA push spunk out. It's been working for us so far for for organizations that we go and just because yeah the efficiencies of their, the pricing model is better and so it's been able to serve organizations well on that front. And we'll. We'll play alongside certainly will feed you know events out of out of us. I'm will act as like a tributary data lake sorts if if necessary, but what we're seeing customers see the value. The clear total customer ownership and they ended up putting more data in as as they see the. Better efficiencies, in tech and cost. All right. Cory. Pleasure to chat cheer the product is gravel. I wish you the best of luck with. Cheers. Thanks. Thanks we have up. That was corey in their from gravel. You can hook up a free trial at Greve well dot. Slash Risky Biz B. Isaiah. I S K Y be is it okay next up in this edition of Sny, Kayla's plex track plex truck makes a red team pen test reporting platform that's designed to be blue team friendly. So whether you're a pen test consulting company or an internal pen test team, you will want to hear this interview with plex tracks, founder a president and CEO. Dan. To close here he is telling us all what track actually is. Flex track at its core is a pen test reporting platform that really allows pen testers and security assessment teams to write the reports quickly and deliver them through a web based platform to their end users than can track those remediation and show real results. So how do you? How do you track a pen test report through remediation? Tell us tell us how that works. Yes so I mean every every pen tester is gonNA, write up a finding and so then they're going to say here's here's what we found in. Here's how we did it here's all the evidence and then that they dish that over to the end user and the user needs to say like, okay well, what do we do with this right? So they may collaborate back and forth with pen Tester on So being able to report the findings of the pen test directly in the platform, make it easy for the blue team or the end user to. Say. Hey. Okay. I know what I'm supposed to do I can assign this to somebody. We can make stat status tracking capability where we can make comments in notes on what we're doing, and then actually close out that findings you have real time analytics on the PIN test results. So now at pen test report doesn't become just the static real point in time assessment of an document, but it's actually a living thing where you actually show how you've fixed the findings were reported. So so he's plex track like ticketing system or you plumbing through into existing ticketing systems. Both. Yes. So we have customers that use a strictly for tracking just the security findings in their program, but we also integrate with your service now. So we don't break up the workflows teams outside of the security team Rodeo I'd imagine your competing the pen test shops I know most of them have things like site they've developed some really powerful like word template, right? Like that's one way that I've seen it done for the. The that do we think that? Yeah. Yeah. So is that what you competing with with these really like really heavily developed Word templates and stuff. Yeah, I would say I mean you know we we have the capability to export to accustom word template. So we really kind of take that burden off of the pen testing, which is really nice. But we try to try to steer people where the document is point in time we're really a a a real time in lyrics platform right where you can actually show the progress over time of these results. So our competitors are really like homegrown systems yet templates that folks have developed internally spreadsheets. You know tracking findings through spreadsheets in those kinds of things as well as you know, some of the other products that might also. Export, document based reports, but we have the the web based component which really makes it much more impactful and real time. Now Dan, you are actually previous previous life. You were a pen test to right, which is how you got the idea to do this. One of the biggest frustrations among test designer is they get sick of testing the same system year after year and basically cutting and pasting the same findings. Into, the document year out. was that part of the motivation for building this platform so that you would actually create essentially a productivity system that would encourage people to actually act on findings. Yeah absolutely. because. Yeah, that was there was nothing more discouraging from my perspective as a pen tester than cly writing the same report from last year and in which meant that either something happened like somebody the person that was responsible for fixing these issues, left the company and so did and went there when the report as well. So nobody knew what they should be working on or are they just didn't get around to doing anything with those results because they didn't have a system to track them beyond maybe a spreadsheet. So the other aspect too. Is like being able to collaborate you know post engagement. You know a lot of times that doesn't happen and so as pen testing firms who has evolved as well to be able to collaborate in a post engagement in have that stickiness factor was a motivation where it's like, Hey, you can. You can sink back in the platform and say how are things coming you know are you making progress in being able to fix these so that the next time they come, they can dig deeper and find find other vulnerabilities that may have. been nuanced from four. Okay. Okay. But if I'm going to put on my devil's advocate hat, my fear as a pen test listening to this is that I'm going to insert the findings into plex track generate a report that's going to go off to the customer and I'm GonNa say here you can log into the plex track system and and track the report. And Its findings, and then you just going to get crickets has that been the experience where cost him actually engaging on this? Our customers actually are engaging on it right and so I in and we have two types of customers some that still just use it as their reporting tool where they end up still delivering that document based. Just using it for actually generating the reports as a static raven. Consolidating their findings, their their write ups. Would reuse across multiple types of engagements or like say you know everybody's going to have the same way that they write up sequel injection right or something like that. But but then also when people are using it as an internal portal for those internal teams on in the enterprise or as consulting firms, use it as a customer facing portal, we are getting good engagement you know and and and people liking what they see in terms of the analytics and being able to actually feel empowered to not only get these things. Reported but actually fix them and show progress to their constituents. Say they're they're bored or they're you know they're so or directors say, Hey, not only do we get great results from this contest we've actually fixed. That's interesting because there's like quite a few use cases. Here is the use case of high all of a sudden. If you move all of your pen testing team into a centralized place into an online platform to do the reporting, you can stop building up a bit of a knowledge base within that platform right and. Productivity gains there. There's also the internal team use case which makes lot of sense I guess the one that I was. Putting the devil's advocate had on was for the pen tests firm trying to get the clients to engage with these. But you know the fact that there's success, there is very encouraging. Yeah you know and I think I think when you have when you go pay for a pen test, you know you're spending a lot of money right or if you're if you've hired an internal pen test team, you know that's that's a significant budget. You know that you're allocating and it's important to because these are the these are some of the most critical findings that. You can identify within your organization. You know you're breaking all of the other investments in your security program. So it really should be some of the items that you're most concerned about in most focused on, and so being able to track those to completion in real time has been a it's been welcomed. You know. So now is this offered as a online platform or as On Prem Oh above because I would imagine some people would feel a little bit weird about putting a giant repository of their organization's most vulnerable spots into a database on the Internet. Sure Yeah. Yeah. So it's it's both we have. We have a cloud based version as well as being able to deploy on. Prem and Seattle whatever whatever. Customer wants you know we we offer. So look we've we've still got time Dan maybe you can walk us through what a typical engagement using plex track actually looks like. Typical. Engagement could come in in a couple of different fashions but things that has been really impactful with flex track is the ability to conduct. You know what? We would call a quote unquote purple team engagement where the red team can sit and collaborate directly with the blue team being able to say here are the things that were testing. The Blue Team can identify whether or not they're logging systems, identified it or they got any alerts on it, and you can track all that activity notes within the engagement and then immediately create a report out of it so. Essentially homework for people as part of the report crime. Yeah. So I mean, it immediately becomes a finding that they can start tracking to to remediation, but they actually see the activities that were conducted during the engagement, and so it really facilitates that learning mechanism as well for the blue team. To say, Hey, here's what the attackers are really doing in. Can we see this in real time and then even on the flip side I've been on the blue team and you know for read teamers to understand what blue teamers have to go through and how they're supposed to manage their security program. It's very insightful for the red team to somewhat empathize you know with like hey, you know we're doing these things to break through all these defenses. But what are the? What is the blue team actually trying to accomplish right and so being able to conduct their engagements against the goals of the Blue Team are very valuable. So it's nice to be able to track all that and do do that in a single platform from soup to nuts right from engagement from. You have a methodology or a checklist of these are all the things that were going to do you execute them the blue team can see what they've been. You know. What has been conducted and be able to immediately create a report out of that that can now be identified as vulnerabilities and risks in your in your security program in show how you're going to. Accomplish mitigate those risks I find this interesting because I've been floating around in for a second now for something like twenty years and it really does feel like you know Blue Seema's as. You know as a substantial category of INFOSEC, professional competent blue team is is a relatively new class of Infosec professional right which is probably why you can build a product like this people will use it. Yeah you know in you know we talk a lot about the talent shortage within Infosec right and that's never going to go away and so you know there's lots of lots of ideas of how to solve that problem. But one of the most practical ones is to make the current team more efficient and. T my favorite, my favorite category of product to talk about in snake oil is segments is literally. What you'd call in for sex productivity software, which is designed to replace all of the scripts that pay have written and horrible spreadsheets and Nali would templates it does feel like this. You know it's never going to be the biggest product category and INFOSEC, but it feels like at least people are doing good stuff. Now because previously the vandals never understood the workflows right and now these people like yourself who do you know there's actually useful stuff coming out. Yeah you know I mean I. Lived this for fifteen years and it's it's the pain of like. Find if that experience and. We need to be spending more time focused on getting the actual security work dot, and that's really what the mission is. Plex track is you know let's let's make our lives more efficient. Make us more productive you know we've proven that out. We vote we've we've shown that people can conduct more assessments throughout the year and go deeper on assessments, which only improves the security posture of the organizations that they're. Testing and and that's what's most important. You know when we talk about what is the mission of the Blue Team it's truly to detect compromise as early in that life cycle as possible. So the more opportunities you have to detect those activities that art that are simulated or emulated the better. Now, my last question is I'm just curious how what's your customers split look like between consultancies versus in house teams. Yeah. I would say today probably between sixty to sixty five percent consulting firms, and then the rest in but our pipeline continues to grow where we've got a lot more interest out of the those enterprise level teams I'm looking for those productivity enhancements because you figure, you know they're investing a lot of of their headcount into these internal assessment teams, and so they wanna they wanna make those people as productive as possible. 'cause they're going to be hard they're hard to find to. See You wanna you WANNA. Make. Them. Empowered to do as much of their work you know throughout the year as possible. All right Dan declaws. Thank you very much for coming onto snake oils to pitch plex track. I wish you all the best with it. Thanks so much for having a son. That was Dan to close. They're telling us what plex track is all about big. Thanks to him for that S-. Okay it is time for final snake oil and now it pro TV is an online it training provide them. It's a company that's grown very very quickly, and of course, gone into hyper drive as twenty twenty has made in-person training very difficult. I'd say pro TV isn't the place where you're going to learn about the nuances of contemporary. Memory Corruption Techniques Whatnot this. is more bread and butter stuff everything from security basics via remote workforce two straight up vendor specific like vocational courses don't possessed is founder of I'd say pro TV and he's also one of its trainers and He joined me to talk through what's hot in online training this year anti. Yeah. There are definitely some interesting trends in two thousand twenty. Here he is. What we're seeing now is a huge uptick uptick in end user training that you've got people working from home that are way more exposed than they used to be when they're at the office and they're safe protected nest and people are needing to be trained up on how to detect social engineering. How to make sure their home network is secure. How to make sure. They're encrypting their laptop and protecting their data, and that's the type of training that I was largely getting overlooked the last few years. So other those end users actually buying that training for themselves or is it more the case that the companies I work for saying, Hey, here's this resource you can use, which is going to be good for you and good for us. So what I, what I love when it happens is when it is a an active measure company is taking in saying we're going to provide this training to our end users ahead of time to get people safe but a lot of times we see it actually is more of a punitive measure. That you know somebody somebody clicked on a link and got their theirselves infected and so now here's this training they need to watch to help prevent that from happening again in the future A lot of end users looking for the training themselves. That's where we see a lot of people that have been had their career impacted by covert right. So if you worked in the restaurant industry or the entertainment movie theater or anything like that in your of a job cruise ship well. Right Oh absolutely, and and you look you say wait a minute. If I were an IT, this would have happened if I worked in it, I could be working from home right now and cyber security is a huge job market. I'm out of work. Now is the time to jump in and train up, and then see if I can make a career. It's amazing. You've got a staggering amount of content in your library obviously, I can't speak to you know the INS and outs of the content because I haven't sat down and actually trained with it or anything, but you do have just so much there and people can access that like the personal subscriptions like thirty bucks a month right so it would seem if you stop at hiring and you're looking to retrain this online is GonNa, be a good way to do it and you've seen that. Absolutely, you know when we created iceberg TV one of the things was we were thinking about our experiences like when I got into it back in the very beginning of my career I looked at some of the training that was out there. It was just too expensive. Tens of thousands of dollars. It was weeks on end of courses and I couldn't I. I was not capable of doing that. So we wanted to make something that was more approachable that anybody. Jump in and make it career because it is done. So well for us, we want to do well for everybody else. So jumping in at like twenty nine dollars a month that gets you are whole library. We don't want people to be limited to a a single coarser or whatever. They should be able to jump around and learn all the different aspects of it and net might be a really super popular course or might be a fringed course based on their own needs I mean. What's amazing here is that you know you're talking about like thirty bucks a month. Obviously, we're not going to replace arts degrees, hardcore engineering degrees with just online training but for a lot of the the skilled work that goes into it, online is a perfectly viable platform. You would say to that since this thing has kicked off that I imagine you would say that just online trainings generally booming I mean I know even offline training is pivoting to online now. Sorry, you know you're going to have a much more competitive landscape I'd imagine in the next year or two, but you're off to a head start I mean is is. Is, what I've just said sort of does that vibe with your experience here it does but you even before the pandemic, we were seeing a lot of activity in the the main reason is it changes so fast and it's been like that for a long time but even recently with like devops and this move to containerization and cloud deployment services, computer stuff changes so fast that college curriculum can't keep up with that and I don't I don't think we should expect it. To that when you go into a college into a university yeah, you don't WanNa. You don't WanNA learn like Cou Bonetti's right because like God knows who's GonNa using it in five years. Now I'm totally with you as someone who actually went to a university and didn't engineering degree like we didn't do that sort of study, right? Like it was very much about first principles and whatnot whereas if you want to do this sort of applaud stuff online training makes lot of sense. And I would say that they're both equally valuable that you know when you get a college degree that's establishing a certain amount of knowledge that you're going to carry through your entire life. But then when you get out in the field, you've got to be ready to apply those skills and that's where certifications really shore up that gap. So whenever possible people can do both that sets them up for the highest degree of success have you noticed a difference in the growth rate between the businesses buying training packages? You know like corporate training whatnot versus the individuals like how much does each side contribute to your bottom line? You know it's funny for us. It's probably about I would say fifty fifty, it does fluctuate from month to month. Yet what we end up with a lot of times people will come to us as an individual and just say I wanNA, do training in it has all sign up and they sign up and then they like it and then they say, well, you know I work with these other people they'd benefit from a to let's get the whole team on. The and so they might have come on an individual but then they end up turning over and becoming a a commercial account and we love that we love being able to train an entire it department. We liked that you know we have different training for each of the different roles depending on what it is you do it's not just security. We also have admin database, other types of things like that. So we meet a lot of different needs. Yes you mentioned that. A hot costs right now is training people who are working from home on how to better secure this stuff and like just giving them that social engineering training like how to encrypt your hard drive and things like that. What are the other hot categories specific to security both from the corporate side and from the individual side? What are people really looking at at the moment? Sure the the biggest buzz for us right now, one of our partners is comp Tia the computer, Technology Industry Association, we are their official video training partner, and the they are in the process updating their security plus certifications that's updating in November. So we're currently filming nats the will have the updated exam the moment that exam drops in November So a lot of people are rushing to finish up on the current exam exam will bring the demand demand forward. Yeah. Yeah. Yep. So that's probably one that we're seeing a lot of activity for less because the exam is. You know they rolled out some new search, a couple of years back the SISA plus for blue teamers and the pen test plus for red teamers and those two are just exploding right now people if you're trying to defend your network, you want those blue team skills and so you're you're looking for that on the red team side that's a great career people to get into. The split there would be interesting because I'd imagine a lot of the red team study is being done by individuals and a lot of the blue team study is being purchased by corporations is that what you found? That is absolutely. and. You know it is a shame. The Blue Team stuff doesn't get the fame and glory. They don't make Mister robot show about the blue team. But that's that's really stories like blue team stories actually did start getting cool as of a few years ago because they got better tools and they go training and they can actually get into those knife-fights now. Yeah when when an attacker is coming at you through some your thing that hasn't been seen before and you're able to repel that that's winning a war right there. That's a big deal you should. Write a biography about it. There's a whole story. I. Also understand that. Cisco has rolled out a bunch of new stuff. Yeah absolutely. You know we're we're actually putting the finishing touches on her CC impede security tracks. So that'll be done likely by the time you all out there here, this and there will be starting up our CISCO CYBER OPS training right after that. So a lot of new stuff in their their security realm now is that new to you or is that new to see scar because I'm not sure what I've previously often. So, a lot of it is, is both new to us and them. So they rolled out some new certifications because they've switched from focusing on like Cisco Asa firewalls over to focusing on their firepower solution, which is a big deal. If you haven't looked at firepower is really really cool. I understand. You've got a promo code for the listeners. If they're interested in signing up SCHERF, you want to try on TV and see what we've got. You can just travel over to it. Pro Dot TV slash risky business. And if you do decide to sign up, you can sign up for a free account plenty of training that's available for free, and then if you decided to go for one of our paid accounts be shared, use Promo code risky business, all one word of get thirty percent off the lifetime of your account. That is a pretty reasonable discount that I'm learning about just now Don possessed. Thank you so much for joining us on risky business. Update us on how things going for you at it Percy veep. Yeah. As I said at the Inter I think is sort of vocational training increasingly it's going to be online and Yeah. I wish all the best with cheese. Thanks for having me on your I really enjoyed. That was done possessed from it pro TV. They're big thanks to him for that and big thanks to it. Pro TV for being a snake oil la again, this year and that is it for this edition of Snake Oil as I do hope you enjoyed it, I'll be back next week with more security news and analysis. But until then I've been patrick thanks for these things. By.

Blue Team Dan declaws founder Corey Thune Don Netflix soccer Mike Correy Cisco Ron Gula Zeke INFOSEC Infosec co founder
Episode 116  Azure Sentinel

Microsoft Cloud IT Pro Podcast

34:29 min | 1 year ago

Episode 116 Azure Sentinel

"Welcome to episode one hundred sixteen the Microsoft cloud. IT pro podcast recorded live March one two thousand nineteen. This is a show about office three sixty five, Azure, and the IT pro and end user set of life where we discussed the topic. Or is it news related to obvious threes Asher, and how it relates to you as an IT probe for this week's topic. Scott talk about a new preview feature Asher as your central in. How you can leverage it for office three sixty five Asher and other services. I'd like to kick something good morning. Good morning. Scott said you wanna kick something? Yeah. I hope it's no me now kicking kicking cloud. That wonder how that would work can lead kicking fog. I guess Kickapoo kicking new blog post kick. New course just kick something or we can just play with new stuff that Microsoft is kicking out. We can I think this will be fun. I always like the preview services that aren't always documented as well as you would like them to be, but you can point and click your way to success. Yeah. Up's Chile is disrupting cloud training, as we know it with their on-demand platform skill me up their new design focuses on a user flow to better support role based learning paths with these great new features real-time hands on labs are now included with each subscription to build your skills. Catheters hundreds of cloud courses with more added daily to transform your skills. For today's cloud. First careers role base learning paths guide you through associated level courses, an easy if you lay out and tracker Microsoft, Azure, and Microsoft, three sixty five certification prep courses and labs to support you leading up to exempt a learn more and start your free trial at WWW dot skill me up dot com. Should we let everybody under secret on how we came up with this episode discussion before share now? Yeah, now, so we did we saw this last night. And we started playing with it. I install last night we screen here. Just clicked around and kicked the tires for about thirty minutes and decided this and make good topic. Yeah. So let's talk a little bit about Asher sentinel. Yes. And all of our thirty minutes of experience with it. Right. Now to be fair. I did watch Microsoft mechanics video that was seven minutes long. I didn't learn anything in that video. But I did watch it. Okay. I'm about as prepared as the rest of the field to discuss. And I set it up last night. So that gives me like an extra fifteen minutes that I took to set it up which gives you a little bit of a previous. Oh, maybe we have like forty five minutes of experience fifty two maybe an hour combined. Who knows but yes, as your sentinel, you sent me this last night. And then I saw a bunch of other news announcement as well as night. And this was a new service that was announced yesterday right in preview. Yes. So this is a one hundred percent cloud needed security information event management system. So it's a one hundred percent cloud native seem think things maybe like spunk. They use today collect all these Curie events from all these various sources, and then go ahead and aggregate them in one place for not only. Visualization, but also downstream triage, we're seeing that pass the hash tack, and we need to be able to kind of do RCA on it figure out. What's going on mitigated, go back fix it? Make sure we fixed it and just to all those different kinds of things. So it is seem up front, and then it is also a security orchestration automated response solution or a source solution which many other security event management products. Also, kind of have automation built into them in this case, you know, we're talking about the same kind of things let's be able to execute playbook against certain in Olympic events. So think things that you might have access to keep it Asher focused. So maybe you do Asher active directory identity protection, and you combine that with something like conditional access so UCA certain signal comes in. I see a risky sign in and it's a seven three risk based on my classic. Well, now make this conditional access subject for that user authentication. So that you can go in drive additional functionality. But now, let's lift it outside Asher ET and actually go ahead and put this into other Ayrshire construct. So maybe services that you run inside of Asher. Maybe you wanna look at events inside a storage account or inside and Asher sequel database or just your virtual machines, and general whichever workload you happen to be running and pushing through I think it's a pretty nifty solution just just from kind of kicking the tires speaking kicking things right and poking at it to see what it does. And how it's getting its data where it's pulling that data from an M potentially kind of queering against it to go ahead and give you these visualizations and then other downstream actions on top of that it is. And it was super easy at least get set up. And like you said start kicking the tires of. So you sent me that article last night about as you're sent. No, I wouldn't looked at it in the very first thing to do. It'll just show up as as your sentinel in your environment. And you go in click into it. And the first thing you need to do is connect the mess workspace to it. So it leverages on us in the background for all the you're not supposed to say that word OMS is not a thing that exists in Microsoft land, except for all the labels that it's on in the Ayrshire portal. So mess doesn't exist except for everywhere. It exists. Well, oh MS was a licensing construct. It was a licensing. Sweet. So it's a little bit weird because yes, you did create an EMS workspace. But are no mass workspace isn't really an EMS workspace. It's called a log in Olympics space, and it's not really called a log in Olympics workspace except when you're interacting with the workspace because really you're going to interact with it through Asher monitor where then it is referred to as Asher, monitor logs. Have I lost yet? So I created this thing. Yes. There. We Microsoft told me I needed and logs are stored in it. We'll just call it this thing yet. So I would this a little bit just from again seeing the way it's kind of surface together, you're going to have a log analytics workspace or no mass workspace if you wanna call it that, but I had my wrist slapped one too many times thing. Yeah. You create this thing this workspace workspace. It was called it a workspace it his workspace. It always has workspace in the name, so yeah, there's this workspace. And then has this kind of super set of functionality built on top of it to go ahead and give you access. So it was super easy to spin up. If you have an existing workspace, you can tie it into that. Or it will walk you through your generic kind of marketplace create experience to spin up a new one as well. If you don't have one today and headwind created so I just connected to one and it took again like two or three minutes. Just go in select it connect it. And then as soon as you have it connected it walked shoe. Through starting to pull data into it. So it has all these data collection. Probably I don't even know what it's doing on the behind the scenes probably renting templates power shell all of that. But it has all of these different data sources that you can then connect to it. So it has as your active directory Ezra d identity protection of three sixty five as you'd Vance threat protection cloud application security as your information protection as all of these Asher office, three sixty five services. But then you can also pull another things like checkpoint or Palo Alto. What other ones around here windows firewall the application firewall the web application firewall you've got the app gateway basically anything that supports CF commun- event format to be able to ingest events in some way or another potentially into that log analytics workspace and have access to. That data. So then you could go ahead and query. So once I got all that started pulling in it actually, then recommends dashboard so they have several dashboards all ready built in. I think there's like twenty five or so different dashboards. And it told me as I connected these different data sources. Hey, we were commend you. Also, install this dashboard. So I installed five of them for a couple of Azure. AD three of them for office three sixty five where polls in exchange online share point one drive office three sixty five information, and you go in and you can view these dashboards that will give you some of this information around. What types of activities are happening in your virement. I'm just looking at the chair point one drive because that's reduce mental lot of my day. It gives me like the top ten sites different activities such as what files are accessed. How many files are moved? How many pages are viewed byles modified files or not? I'm just flipping through the dashboard here top client by addresses. So you can see if he we have some bizarre address there's somebody over in China or Russia that is one of our top Klein p addresses, but we don't have anybody over there. What's going on with that IP address range? So top users. What am I active users have users accessing this environment that shouldn't let's your point one drive. It has all the stuff around Azure AD as well. And you can flip through all these different dashboards that tippety, and that's just again, a quick snapshot to introduce you to it. There's a whole lot more functionality in here to around setting up security alerts was another one of those things that presents you with when you first for set. It up is a go create similar it's so that you can get alerted on some of these anomalous Loggins, maybe for a D or certain events that you may want to keep track of because it's. Going to be considered suspicious in your environment. Yeah. So what I love about this service, and the way it's manifesting just from spending a little bit of time with the is it is one of those things that I think really shines and shows how when you're building solutions in the cloud, really tying all these other services together. So by being pin to log in Olympics as the data source. So that's where your data is stored and queried out of all of a sudden opens up all this rich functionality for presenting dashboards and presenting alert. So, you know, the alerts aren't unique to sentinel their alerts that are coming from just as monitor and the back end alerting system in there, and because Asher monitor has the ability to use the same queries that sentinels using that are going ahead, and creating the date in that log analytics workspace, you can go ahead and spend all that stuff up. Same thing for the dashboards. The dashboards aren't doing anything. Things special like, I really love that. When you install these dashboards, it's actually creating an Asher dashboard. It's not a sentinel dashboard, it's an Asher dashboard, which is a little bit different. That's an army source. So you can take that dashboard. You can share it with other people. You can apply are back to it. You can go ahead and extend it and customize it yourself if you want to read it's just a declaration of kind of the data that's in there. So you know, you wanna put like a little markdown tile in there. And how some additional context awesome. Go ahead. That's what those things therefore. And it's really great that they've just kind of extended that system and even the data for sentinel itself or things that are unique to sentinel. So something maybe like in that threat management context when you're considering being able to do any type of hunting or following threat through hunting is just an extension of the schema. So the data that's associated with that is actually living down in your log analytics workspace. So you'll go in there and. You'll see, hey, here's the query that we're using to go ahead and to terminate masquerading files or Maur in the recycle bin or hosts new Loggins. It's all just kind of sitting there ready to go for you. Which is just awesome and nifty. I think they did a really good job with that. I agree. And that's to be fair. That's what we figured out somehow this was even working as we were looking at this. And it was like, okay. So as you're sentinels pulling all this data when you do these queries, or when you leverage, this are you going straight to office three sixty five are you just going to data stored in lugging Olympics? And because they surface all of that. And you could see it all it's like, oh, here's the queries data's coming from. So we were able to go into that log in environment in dig through all the tables and say, oh, yeah. Here's this table. That's where this date is coming from. Here's where the security alert. This is how they're surfacing that. So it is it's nice that it's not this island of. Hey, there's this brand new feature. It doesn't interact with anything else. It's just like you said tiny, these cloud services together to give you even more power even more functionality across those Microsoft cloud services. Yep. What are the other nice things? They did here as well. Was they have this the Ayrshire security insights community. So they went and spun up a get hub repository just for Azure sentinel, which has all the declarations for the dashboards all the functions a bunch of sample hunting queries that you might wanna take a look at based on the systems that you run like if you're really interested in and you're running a Lennox environment. And you want to do some CISL queries. They already have it sitting out there for you to go ahead and do things like look it scheduled task aggregation or edits in editing Krahn or or things like that. And it's all kind of sitting there ready to go. And that's awesome. Because for anybody who hasn't worked with logging Olympics before it's built on this its own query, language, Cousteau so cake, UL Cousteau query language, and it's really all just Asher data explorer in a couple of tools on the back end, but it's a sequel like kind of construct, but it's not just straight T sequel or or things you might be used to. So to go ahead and learn new language can be a little a little daunting in the beginning, especially when you take a look at some of these queries. So you know, it's great that they put all those samples out there. So you can really lean on the backs of others who have already done some of this work for you. Yeah. Definitely. I was just looking at the cases stuff in here too. And they also have this underneath some of the threat management and sentinel because that's essentially with cell based around is that threat management is as you get those different security alerts to it creates cases in this case dashboard that collects all of those alerts any logs and. Anything related to those specific alert triggers that you set up with sentinel. So that all of that information that's captured as part of that alert trigger is bundled into a case where you can actually track open cases new cases cases that are in progress. As these alerts are triggered to help you drill through. Hey, what's going on? Where else you pull those logs together into that single case into that single repository to really be able to take through it? Resolve issues you may have or the work through what security alert going on right now. How am I going to go about resolving? Yeah. You'll have your security alerts there. And then you still have made of alerts in Ayrshire as well. So depending on the data set you're going for or how you want to maybe potentially structure your own custom query, maybe a part of your own custom dashboard for alerting. Now, you can start to you tie this rich ecosystem together. And then that extends a little bit further too. So you can move beyond maybe alerts or cases and set them and think about maybe automation within that environment. So Azure alerts can do all sorts of things natively. They can go ahead and fire web hooks. They can fire functions and they can also run playbook which they've surfaced that functionality natively in sentinel as well where playbook are really just Asher logic apps. So they're kinda using that enterprise integration engine. Biztalk server in the cloud. All that good stuff to go ahead and tie your environments together. However, you need to so what they've done there is you just go into play books and sent only at playbook, and it just walks through the process to create a new Logica up where then you can go and take that logic Eappen, maybe have it reach out to another system or potentially even integrate with another system. So quite often something like as security event me. Needs to drive not just immediate response. Like, hey, let's remediate the problem. But also things like maybe tickets and your help desk system and following those through. So wouldn't it be great? If you could have a system where alert is generated playbook picks it up. It automatically creates a new incident inside service now for you. And then it actually can track that incident through be able to read the data back out, and then maybe drive other automation on the other side or other remediation. So we saw this thing come through a bunch of events. Open a ticket and automatically shut down the ports on the firewall that kind of thing power. Shell is a fantastic tool for your daily tasks IT pro wouldn't it be great? If you could take power shell to the next level with script runner you manage in develop your scripts and the central place monitor all power shila titties securely delegates scripts to help us users and others script runner automatically creates a web interface with no additional coding script runner is the leading all in one solution. Propeller shell you're going to the Microsoft ignite tour Amsterdam drop by visit scriptwriters booth for free popcorn a poster and the chat. So these play books because I haven't played with this play books, then they're just logic apps. So they can do anything electric triggers, then based on something that happens in sentinel or bud be triggers based on something. That happens inside logging Olympics inside lug inlet it because sentinels just a query engine at the end of the day. If I was going to be myopic. That's the way I would view it. It is the query engine to go ahead and get at your underlying data. Yeah. It's gonna serve some stuff with cases and things like that. But really the way that case was generated was based on that data inside. Log Olympics inside log into Lubbock. So this is just surfacing that sensually services, right in Sutton, 'cause I just went in created one. So I'll do we're talking about it. I was clicking around and creating it, and it does you're going to address that. No, you click create a playbook give it a name a resource group. All of those like, you would if you're just creating a logic up, and it just gives you that whole logic app interface almost like, I don't know if it's an I frame, but I'll describe it as almost as just an I frame within as your sentinel to go in and set that logic up, right? Nash are giving you much sentinel specific guidance? Right. It's just saying, hey, create a lodge gap. Right. Logic doesn't even give you anything. Like, it would be nice. If it could and may still be coming where it gives you some hints around to even create that trigger. 'cause like I said I went in and it creates a blank logic happens go at a trigger, and I'm like, well, what is my trigger going to be for this playbook that I'm creating Azure sentinel because it leaves it up to me to go find the right trigger and all of that on that ladder cap yet. They do have a little bit of guidance out there. So I make sure that we have links to kind of how to create a security playbook, but there are connectors within logic apps. They actually added and Asher sentinel connector, so you can go in and say. If you search for that, just the Azure sentinel connector inside one of those lodge gaps then you'll have access to something. Like, let's have kind of our if statement if a response to an Azure sentinel alert is triggered then. Let's go ahead, and do whatever we need to do with it to get it to where it needs to be. Okay. One thing to where of their if you are playing with us is that because playbook says just leveraging logic apps and a frame, it's not limiting those or filtering those out to just as your sentinel related logic apps. So mine, I'd some other logic apps. I have created for other things and they show up in there too. So it's like what's this test playbook in my bucks, and as your sentinel, and it was just a logic that I created a few months ago, and it just happened to be in the same workspace resource group subscription all of that as my as your sentinel. Yup. So if you look in there there's a field or a column for trigger kind and you'll see it says not. Initialized because you're not using a sentinel trigger inside of that particular Balchik app. But like I said you might not need to. So you might want to have a playbook that's based on a sentinel specific alert, or, you know, this is just a good way to go ahead and can understand you said this is just another stitch together solution. So you can tie straight into logging Olympics or something else if you want to well, very easy. So we've talked about all this functionality, and how people should really go. Check this out and start playing with it and leverage it for expanding on their security for their environment. They're intelligent security in lyrics for your entire enterprise as Microsoft says and the product page about it how much is this going to cost somebody right now. It's free. So well, the sentinels sentinel service is free while it's in preview so pricing has not been determined yet. So there's going to be I would imagine some pricing that's gonna be associated with this because it is doing more than just surfacing queries and doing dashboard, it's it's letting you run Jupiter notebooks. And you do have these sentinel specific connectors in logic, apps and things like that. And it does have some other kind of solution earring going on to extend your scheme on your log analytics workspace at all they could stuff so free touring preview that is sentinel now all the other things that sentinel is making use of they potentially have costs as well. So that logging Olympic space that could be running in free mode or the free tier where you get up to five data up to thirty one days of retention to go ahead and have access to that. So if you need more than go into kind of per gigabyte pricing four. Logging Olympics alerts also can have costs associated with them. So depending on the type of alert that is generated inside of Azure, monitor. There's kind of a difference between metric alerts and log alerts and baseline costs associated with those. And even maybe the number of alerts that are sent out like say, you're creating an alert with an action group that sends a bunch of emails and SMS there could be another cost that's associated on that side. And then I'd imagine because it's using just the street. Asher notebook service. You're going to have any associated pricing that comes along with that. So if you are starting to get into building python or are really anything within those Azer notebooks or Jupiter notebooks. You know, you're gonna have the pricing that's associated with that service as well. And then let's see what else pricing automation workflows your play books, yet also have pricing. And then the other thing that I think could potentially come. Into into the pricing conversation as well is as your extending these data sources. So you're you're maybe doing something like, adding the Ayrshire security center data source in your logging workspace that requires being in the Ayrshire security centers standard here, which means you're paying I want to say it's like fifteen or sixteen dollars per node per month for the number of nodes that you monitor and that's pricing that specific to Asher security center in log analytics and having that solution deployed, there's just it's going to kind of creep on you. But hopefully, you understand the underlying costs of these other services that you're trying to pull data out of could be a little confusing. If you're just getting into it. But if you've worked with it a little little while I think it'll be approachable. I don't know that it'll be as clear as you want it to be water can be murky sometimes when it comes to cloud cost, but you could figure it out, and I know some of them, and I was setting it up to as you go through some of the other information protection or the events threat protection. In where specific licenses are required. Or even your office. Three sixty five environment has to be at a specific license did give me some of those warnings of. Hey, you're going to configure this. You're going to connect to this. But be advised that to pull the state in you have to have. P to or you have to have that as information protection licensing. So that they did try to at least give you a little bit of a heads up of hate just because you're connecting. This doesn't mean you're going to see data because you still have to be licensed for the service on the back end and have the appropriate licenses to actually capture the information and imported in correct? Yeah. And just to be clear, that's not sentinel specific pricing kind of stuff or licensing things that's all logging Olympics. So key mentioned maybe like, Azure, AD, so, Azure, AD or things like density protection, while identity protection requires premium licensing, and then to sentinel aside, just pull your Azure, active directory logs like your diagnostic logs into a log analytics workspace you have to get your sign in logs. You have to be a p one or p to Azure, EDP wonder P to licensor you have to have that license in place to be able to go ahead and get that stuff in and that's all just way logging Olympics diagnose. Works for measuring D, right? That nothing to do with sentinel sentinels just adhering to the rule of saying, hey, if I'm gonna pull your data into log analytics for you. You're gonna have to do the same things as if you pulled your data into log analytics yourself underneath the pricing. Details to it was kind of interesting. Like, you said once it gets out of preview, and we actually see the pricing. It'll be curious to see how Microsoft does it because it says, hey, there's no charges for as your sentinel during the preview pricing will be announced later, but then a paragraph underneath that. It says data import from office three sixty five is free. You need to be licensed customer for office three six or office three sixty five for the day to import. It's kind of murky is does this mean that with your sentinel data import from office three sixty five is always free. Are they just saying that the data is free? But you still have to be licensed office three sixty five. It's not super clear what they're actually implying with those. Yep. If I had to take a stab in the dark for something like that when they say, it's free. They mean. That you have access to a log and would expect space in the free tier? So that has limitations right? Thirty one days thirty one days five gigs all that kind of stuff and you have to be an office three sixty five subscriber to get out of office three sixty five. So you're you're going to have that licensing. So so that wasn't free, but you can spin up sentinel, and then has sentinel deploy that logging Olympic solution for you because that's really what it did in the background. Right. It went out and spun up a solution it created and application inside of your, Azure, active directory that could interact with the graph and go ahead and get that data out and all that good kind of stuff. So you'll see that office three sixty five preview solution manifest in your workspace. And that solution doesn't have a cost associated with that either. So it'll go out and get it stuff. It might not get you as far as you want to get unless you start paying for it and get into things like per gig pricing in logging Olympics. I think the other thing you run into them might be really confusing just thinking of office. Sixty five customers because really you're kind of quasi I- Asher subscribers, but you're really not because you don't have Azure subscriptions, but you have Azure AD. So you have that kind of tenant level Asher service. So you might go over to something like Puerto that as your common goes to. Oh, cool. They thought the homie sentinels out, and it's free and you're gonna go try and create a sentinel. It's going to say sorry. You don't have an Azure subscription, you're only in office three sixty five customer. So you're still going to need an Asher subscription, which means you're gonna need a payment method associated all that could kind of stuff as well. -solutely go check it out. Again, took me like five or ten minutes last night to set it up to start digging around and at this point in time, it's free. You can do it all for free and keep an eye on the price into happens. Once it hits spin it up kick, the tires just keep in mind that because it's based on logging Olympics. It is at best near real time for data ingestion data and Justin is dependent on these solutions. And how often they kind of pull for their data. And then how quickly it can go through t L MP available for query through logging Olympics and Cousteau and all that good stuff. So it's not always instantaneous like, you might go in there and say, oh, this office three sixty five thing was really that's where I wanted to be. And you'll click next next next new the button, you might not have any data for twenty four hours or four eight hours or for six hours. It all depends on the solution. You spin up so you might need to go read a little bit of documentation to just so you can set the expectation right for yourself in your head as you're getting ready to potentially abort those. Yeah. Mover as cloudy Gration company. That specializes in moving your company's files from file servers or cloud storage box. Dropbox Google into office three sixty five their pet technology. Makes mover the fastest one drive pile may grader in the world moving dozens of terabytes of data a day as a breeze used movers free industry-leading migration guides or ask for managed migration. And they'll take the lead with louver all your data is secure an intact running completely behind the scene to don't lose time, money or hair. Well, you transfer scam plan migrate report migrations that don't suck with mover. Visit mover dot I o for more info. One thing we didn't look at is. We did as we were digging through this. We notice that the schema and logging is the same as the unified audit. Log when I don't know do you have to have the unified audit. Log and abled an order to be able to do this. They don't actually they don't talk about that as part of configuring just the solution. So we'll throw sentinel aside, and just, you know, go to logging in if you deployed that solution on your own they really don't talk about the audit. Log so you're going to you're going to do is what sent doing when it's configuring that for you. I say it's creating a new application in your, Azure, active directory and that application is getting API access to the office three sixty five management API's. And then it's getting a bunch of application permissions like admin and consent permissions assigned to it. So being able to read service health information for your organization read activity, data things like that. It looks like it all just polls activity data and not straight out of the activity log or the audit log, but if you think about the audit, log the audit logs to get its data from someplace, and that's kind of a query and the surface engine itself. So a lot of that data's coming from the activity log as well. Oh, clear as the murky water. We talked about earlier. Yeah. As strange strange world. I think it's a little bit scary. If you haven't stepped into it before and a lot of this just sounds like jargon. And it is you have to learn the terminology. But really at the end of the day. We're talking about like go create this sentinel thing and spin it up. It's going to do all this other stuff in the background for you. Which is the nice part? Because normally there'd be a lot of this that you would potentially have to do on your own. We looked through the setup instructions for the office three sixty five and pulling Mendel again lyrics, even if you just went off three sixty five stuff in logging Lubbock scudo sentinel. So it does it for you. Because it's quite the install and configuration process to go set up that seeing office three sixty five connector and to log looks. If you do it manually. Yeah. You've got to install this other thing called arm clients, which is its own weird. Little beast of a command line to a which isn't the Ayrshire power shell. It's not the command leads. It's not the Ayrshire CLI. It's this other thing that interrogates the rest API directly. And. Yeah, do it through central and that if you want go ahead and turn set off because it'll lifted played the solution for you. So they still be there won't matter. Exactly. Yes. There's two bit trick for you. So I think that about does it for good overview of sentinel. Yes. So I'll make sure that we have links in the show notes to the market. Sure stuff. You talked about what is sentinel what's going on there? And also how to do some of these deployments and configuration. So you know, how to hook up that connector through logging Olympic so thinking about how to set up automated threat response links to that hub community. So maybe you wanna take a look at the dashboards that are out there. Because again, you don't need sentinel for a lot of that stuff. Like they've done the work to create the deck. Ration- for dashboard, which is really just based on data that sitting in log analytics anyway for a lot of a good portion of it. So you might wanna go in and kick the tires on that. All right. Sounds good. Well, thanks good discussion today. Yeah. Thanks. All right. We'll talk later. If you enjoyed the podcast, go leave us a five star rating an IT helps to get the word out. So more IT pros can learn about office three sixty five and Azure. If you have any questions who want us to address on the show or feedback about the show feel free to reach out our website, Twitter or Facebook, thanks again for listening and have a great day.

Asher Microsoft Olympics Ayrshire Asher Chile Scott I- Asher Cousteau Palo Alto Lubbock RCA
November 12, 2020

Cyber Security Headlines

05:59 min | 2 weeks ago

November 12, 2020

"From the sea so series it cybersecurity headlines. It's thursday november twelfth twenty twenty facebook extends ban political ads in the announcement. The social network said. The band would extend for another month. Facebook said the delays election results for extending the ad moratorium. The company did say there may be an opportunity to resume political ad. Sooner as election results are finalized. Facebook originally announced in early. October it would ban political ads starting on election day in the us the eu. Tighten cyber surveillance export laws. The rules are an effort to keep. Such tools are being used by repressive regimes. The new rules impact so called do surveillance products and services which can be used in both civilian and military contacts member states will be required to consider the risk of us in connection with internal repression or the commission of serious violations of international human rights and international humanitarian law when approving things like high in computers and drones identification software and spyware for export. It's expected that the new rules will not immediately limit the flow of goods and technology but will add greater transparency over exports palo alto networks acquires expanse palo alto plans to use the acquisition to bolster its cortex portfolio with expanses attack surface management solutions. The deal is valued at eight hundred million dollars in cash stock and replacement equity experienced currently offers dashboards for monitoring internet assets and looking at suspicious network activity with api's to integrate into existing infrastructure. The deal is expected to close in palo. Altos fiscal q. To tiktok petition. Safest i some attention. The move comes. After tiktok said it received no substantive feedback regarding its proposal to form a new corporate structure with oracle to satisfy national security requirements. An executive order requires tiktok in the us to be invested by parent company. Bytedance by november twelfth tiktok filed a petition in the us court of appeals for the dc. Circuit tuesday calling for a review of actions by cps and october thirtieth preliminary injunction blocks a band of tiktok but the lack of communication prompted tiktok to make the new filing and now a special offer from our sponsor blue mirror. Seaso's are all trying to do more with less these days. Balancing compliance security and business objectives. Consolidate your security with one end end detection and response platform blue. Mira works as a force multiplier enabling your small teams to detect threats and respond to them quickly. Get a free fourteen day trial of mirrors cloud. Sim that you could deploy in hours. Not weeks or months. That's blue mirror. Dot com b. l. u. m. i r. a. dot com another exploit discovered in intel's sgx security researchers revealed a side channel attack against sandy ridge and newer intel chips called platypus. That can remotely use the running average power limit or are a l. power meter to infer values including crypto keys. Sgx claves intel is elevating. The privileges needed to access the r.i.p power meter in microcode fix that. Limits reported energy consumption crypto algorithms. That your time constant camper met the side channel attack from working. There is no indication. The vulnerabilities were exploited in the wild energy meters. In chips from and others may be vulnerable to similar attacks. Invidia patches a major g force now exploit the privilege escalation exploit could have allowed local attackers to execute arbitrary code through g. Force now open. Ssl library this library was vulnerable to binary planting attacks. Which in video warned. Were even more urgent as they were low complexity and require low privileges although the exploit did user interaction to actually execute code the exploit only impacted the windows client of the cloud gaming service and invidia has now issued a patch to resolve the issue. Facebook says six percent of content seen by users is political. This statistic comes from a blog post by alec schultz facebook's vp of analytics and chief marketing officer. The post noted that the platform saw twice the increase in post on halloween compared to election day. Twenty twenty schultz also clarified that lists of post but the most engagement pulled third party services like crowd. Tangle don't equate to reach or what's going viral on facebook as the platforms ranking muddle uses other indicators like user surveys according to facebook the us publishers with the most reach in late october were cnn. Fox news nbc news. The washington post and the new york times. Campari ransomware saga gets a new. Twist reported last week. That the italian liquor conglomerate. Campari was hit by a ransomware attack by the ragnar locker ransomware gang with campari seemingly unwilling to pay a ransom. The gang is now trying a new approach to put pressure on the company facebook ads. The ads i bided by security researcher. Brian krebs and were posted from a facebook account. The at threaten to release two terabytes of sensitive data stolen the initial ransomware attack if compared refuse to pay a fifteen million dollar ransom in bitcoin on c. series dot com. We've got the latest episode of defense in depth entitled. What's an entry level cybersecurity job where we discussed the mismatch between what companies are looking for and expecting and what the market can bear. Do they really want entry level person or do they want someone with multiple years of experience to work very cheaply. And please join us tomorrow. For our friday video chat the topic will be hacking multi factor authentication. It all starts at ten am pacific. You can find it. All at sea series dot com. I'm rich draft lino reporting for the sea so series cybersecurity. Headlines are available every weekday head to see so series dot com for the full story behind the headlines.

facebook eight hundred million dollars tiktok tiktok twelfth tiktok us court of appeals Seaso intel fourteen day palo alto invidia palo eu us alec schultz Sgx Mira oracle Campari Sim
Making a Documentary Series in China with Dominic Johnson-Hill

The Documentary Life

41:18 min | 1 year ago

Making a Documentary Series in China with Dominic Johnson-Hill

"Microphone. Check one two, three cities city siblings, civilins levels. Check good. Sounds good. One two, three rolling and. China's moving on is progressing. And of course, it is a shame, but a lot of these old traditions and cubs, you will be lost. And, and I really did feel that, that we were documenting the last of a lot of things. You know, one thing I've lent. It businesses the importance of finding your niche and finding something you're truly passionate about, and being able to, to sell a story, and I think there's a lot of stories that I know in, in Beijing in China through the fortunate being hidden so long that I would love to tell Hello and welcome to the documentary life, a show that sets out to inspire, and inform you on how to best live and leave your own documentary life. I am your host Christine parkers, and this is episode number one hundred and six and it is brought to you by barong films. Proud creators of documentary film the documentary life podcast. And now, the independent filmmakers, essential checklist course our free, eight part course, designed to help you chief financial stability gained support and effectively distribute your documentary film. Before we get into today's show. I just wanted to let you know that the podcast will be going to a BI weekly release, or as they say, in the UK once a fortnight. So the next time you'll hear from us, we'll be on Friday June fourteenth now onto today's show. The. If you've never been to Cambodia, but if scene photos, or video footage of it, you've most likely seen one of two things you've either seen some kind of archival footage of the Camaro Rouge, the notorious radical group that took power in the mid seventies, and proceeded to destroy nearly a third of its own population or you've seen the images of the magnificent Ankor watt temples the incredible stone structures built sometime in the twelfth century. And then kind of forgotten until they were rediscovered by French explorer on remote around eighteen sixty even in photographs, these temples incite comes and Oz, but to see them in person it's a powerful mind-blowing experience, the faces of the ruling on Korean king. And the seventh that protrude out of these giant monoliths are forever. Sealed on your brain. Once you've seen them in person. I truly never grow tired of seeing these temples up. Close. Although until this trip it had been years since I visited the temples in the town of seem real ground zero for all things. I'm gore what and all things terrific. Over the past decade, Siham, reappeared really become pretty inundated with tourists or bought on as they like to call tourists in Cambodia, and I tended to stay away from this kind of action. Now he wasn't quite the hedonism in crowded streets of Kosar in Bangkok, but it also wasn't that far off. But my friend and filmmaking companion, Patrick. He had a place that he was renting up and see him reupped, and I needed to shoot some scenes there, specifically b roll. So we decided to head up there after our time, income Pote as it had turned out, come pot hadn't been nearly as successful filming trip as our time with sang dot I in chimney can Ben? You'll remember we had been filming saying that I in his family, and in his hometown during the Chinese New Year. Well, the bulk of that new year we spent down in Kampot a town in province. Don't down in the southern part of Cambodia quite close to the beach resort town of kype come in pen, traditionally always been one of my favorite spots in all of the country. Even if previously Patrick had had to find a doctor to hook me up to an IV to get my system back in order in any case. This time out Kampot had turned out to be a bit of a disaster. It wasn't composites fault. It was our fault, traveling anywhere in Cambodia during the Chinese New Year and trying to meet with people or businesses. It's a highly. Unadvisable thing. So when we'd set out there to try and film, a particular scene of particular cincy, but song come composed on. We didn't anticipate how difficult it was going to be navigating through the throngs of people that had descended upon the beach town for the holidays, and we hadn't anticipated having such difficulty finding a place to stay or more importantly, an artists that we could film depicting the sinc- some of song. Aw. But that was come pot. It didn't work out as planned we hadn't found an artist to film. So we were now on our way to see him. Reappear. To try and film, an artist who could depict the famous cincy summit song that he had written about seem aptly titled chump icing. The all. I should probably explain a little something here. The mean subject of our film since he's the most famous singer to ever come out of Cambodia was killed during the Camaro time in nineteen seventy five. Which is something that the Camaros were quite known for killing the artists that doctors, the teachers, the educated, and destroying the library's books, personal properties, law records money anything that depicted, Cambodia prior to nineteen seventy five destroyed. Even the majority of encore wats temples had the Buddha statues beheaded or dismembered. And because of this, we were not only making a film that was about the legacy of a man who is no longer alive. But to our knowledge and research, only had one single piece of archival footage of him a short clip, from a movie that he had been in cold up Sada. So a huge challenge for us with this film was figuring out creative ways to depict cincy summit and in many ways Cambodia of the sixties. And seventies, this was, obviously not really surprised us since we were well aware of the lack of photos footage, and even recordings from that time, we knew very early on that we would need to embrace a very different approach to telling this story, certainly in the case of the visual aspect of storytelling. In this involved our approach to be role. Role is just one of those pieces of film, making that can either make your documentary, look like just another talking head film, with the occasional bureau shots edited in Oregon, take your documentary film to another level of complexity. A lot of docs that you'll see you can kind of tell that the filmmaker shot an interview, and then based on the content of that interview afterwards went, and shot Biro shots that went along with what was being said, and that's totally acceptable. It's a formula that can work, right? But we felt that with Elvis of Cambodia that kind of approach to be role just wasn't going to bell, shall I say, cut it? We sensed early on that if we have any success with this film, and that if we wanted to create a film about one of the most extraordinary artists can Bodey has ever known then we were going to have to do our best to match that artistry. And therefore, we had to make something like our Biro one of the more compelling elements to our film. This morning was to be our second of three shoots with artists that were depicting a very specific sincere lit song that depicted, a very specific place in Cambodia as already mentioned Kampot hadn't worked out too well. And we were either going to have to cut the Kampot seen, or at some point, get back down there to try and shoot again. So this scene that we were about to shoot with an artist here in Siem, Reap was actually the first in the series that we were doing the idea, here was to take a local artist or VJ Takhar, as they say, income, I have them listen to the sense that song, and then have them create what the song meant to them are Takhar seem real was a painter in his late thirties, a Cambone, military man was making the majority of his money by selling his paintings of, on currency real. He had this welcoming smile and really seemed to get what we were trying to do. And so we were pretty excited about spending the day filming with him. So as you can probably make out behind me. We are currently in the process of the first of three sequences will be shooting with a local artist from town in which cincy Smith sangha. Very specific song. This is Siham reap in this is for the chimpanzee reap song. Let's get a closer look at our VJ Takhar, which is combined for artists that suits happening here on set in terms of approach, we decided on a multi camera type of strategy, I would man, the main camera, which was our candidacy, three hundred Mark two and Patrick would use his Sony seven s to on a slider. We also shoot some time lapse stuff with a gopro, and then also use an additional cannon, seventy the idea was that this scene would play over the entirety of the song, we'd start very close in. And we'd gradually move out until eventually by the end of the song, we would completely reveal the artist and their work are shots would be intercut with one another. Now, there might be very tight shots of paintbrush tips dipping. Into paint or brush strokes across the canvas there'd be some tights on hands in eyeballs slow movements from trees or flowers or figures as the song progressed and the painting started to take shape Patrick, and I would move and work around one another all day. We'd switch up lenses camera positions slider movements even a few drone shots for good measure. And we would kind of do our very best to avoid distracting. R J Takhar or painter and just let him get into the flow of his work while we did the same. Again, the whole idea here was to shoot our bureau for the scene in his artistic layaway as possible, and artists, and his or her work depicting, artists singing about their town or province. At the end of the day, what resulted was this kind of dance, amongst a handful of artists all with great respect for one another's work and ultimately all with great reverence for one of the most profound artists, this country is ever known. It was a deeply satisfying day and later on as Patrick. And I sat in watched some of the dailies, we were left with the sense that the bureau that we'd shot on that day was exactly the kind of bureau that was going to be needed to elevate and celebrate the story and the figure of our film and other than a few tweaks here and there, exactly what an how we needed to shoot the remaining two BJ truecar scenes. You've been listening depart, six of our, Chris and Cambodia series. I'd like to encourage you to really try and think outside the box when it comes to shooting bureau for your own documentaries, and to try and get away from the conventional shooting of interviews, and then filming of cut-away is afterwards and instead to try and find more compelling complex ways in which to shoot your bureau. If you can think about what your film might look like without the interview without the safety net of words and see if you can visualize, a more interesting way in which to visually depict, the story of your documentary, film, also just quickly mention that you don't always have to fully plan out your bureau shots all the time. Sometimes a very interesting shot may present itself, when you least expect it, but maybe you declined to shoot it thinking that it's not something you'd find a way to use will, I'm here to tell you that you should shoot it anyway there. There is a reason that that's something caught your eye or look good in your frame. You may not understand those reasons at the time but you should trust. Your instinct, anyway, you'll be amazed at how once you sit down and begin editing. A shot that you were unsure of at the time. It might suddenly really elevate a scene or moment in totally unexpected but quite beautiful way. So please whenever you see a possibility for an interesting shot, just shoot. It. If you'd like to see some of our interesting shots, and behind the scenes footage of our film shoot artist of seem real. You can check out the show notes for this episode and others by going to our website at the documentary, life dot com. Up next on TD L or weekly conversation with documentary industry guest and I've a feeling that you're really going to like this. That's all coming up next here on the documentary life. If you're anything like me when it comes to doc film, preparations checklists are -sential part of that preparation. Whether it's putting together a gear list, storyline notes for an edit or gathering materials for grant application, checklists are very helpful in ensuring that we're prepared for whatever may lie ahead in our dock journeys, which is why Stephanie, we've put together a very special offering for you a free eight. Part course we're calling the independent, doc filmmakers essential checklist in this. Course we outlined the essential areas, you need to build, or establish in the non creative or business aspects of your documentary film that will help you to affectively manage successfully fund and eventually launch your film out into the world. We believe that given the right strategy and insight. Every doc, filmmaker catchy their goals and intentions with their Phil. Uh-huh. We believe that there is money out there for every project that it's just a matter of finding, and securing it, and that would the right preparation in strategy, every film can be met by an active eagerly anticipating audience. And that includes yours to enroll in the independent filmmakers, essential checklist, and see how the course can help you just had on over to the documentary, life dot com slash courses. It's free. And just as we do each week here on the show, this eight part checklist in course will inform and inspire you on your documentary film journey something I wanted to mention before continuing on today's show. You've probably noticed that we're playing around with some pretty cool fresh sounds on this season of TD L, and I'd like to thank music vine for supplying us with those cool. Fresh sounds if you're interested in learning a little bit more about how music vine might be able to serve your doc project. You can check out the show notes for today's episode or you can simply go to their website. At music. Fine dot com. At age seventeen Dominic Johnson hill left the UK to travel alone to Africa where he stayed for a year before travelling on to South America, and India after reaching China in nineteen Ninety-three. He stayed for twenty five years. It was in China that he got to know the locals of Tong. The back lanes of Beijing and began to learn Chinese by studying and absorbing Hooton culture end its history, he was able to master the intricacies of the Chinese language starting from scratch before hosting the documentary TV series seasons of China. He founded a street fashion brand in two thousand six it was called plastered, eight and was inspired by his experiences of the local Chinese culture, Dominic Johnson hill. Welcome to the documentary life. We are. We're happy to have a conversation with you. Thanks, chris. What, what an introduction? I'm I'm feeding old you and me both man. You and me both. Dominic be part of the reason we brought you on today's episode. Is that a big part of the conversation that we often have Dominic is how doc filmmakers, certainly nowadays more than ever really need to embody this on Trump near entrepreneurial spirit, and you are someone can speak at length at great length about that. And for good reason, and so maybe a nice way to start this conversation would be to talk about, you know, before TV before doc filmmaking before the seasons of China's series, which, of course, will get to you were an entrepreneur, and you can you found yourself in Beijing? Tell us briefly about that story coming debate ching and your first instances of entrepreneurship yet. Well, as you said, mentioned left home. At an age and was really I did terribly at school in England. And so I felt that staying than bird hope for me, and I was very adventurous, and so, I started to travel and hitchhike across countries and, and started doing alpine climbing, and, and it was that was three years of travel of South America, Africa India, and then I ride in China Ninety-two because I had an older brother who was working on a contract in cynical. Ching now in China and I can't visit him came up to Beijing on my own say, why did you stay in China will not twenty seven years and it's quite simple? I ran out of money when I write them Beijing and, and I had, you know, to go, and so I you know, so much about entrepreneurship as being in the right place at the right time person, and I ended up in, in Beijing in BoomTown, you know, the nineties in China was was the crew. Crazy time where you could, you know, try Joe handed anything you would have made money and the literally to BAAs in the whole city, ninety ninety two and I went to one of those BAAs, and I was rubbing shoulders with CEO's CEO's in companies will come into China to set up the ripple, and I was doing jobs that I was totally unqualified full. And so what, what, what kept me in China was this incredible like just opportunity everywhere. And it wasn't a country I fell in love with, because it's Beijing's city that you come in certainly, like how it's beautiful. I like it was it was it was it was flat. It was gray as far as we had our own money. We wouldn't have to spend, you know, Chinese money we had to live in foreign designated housing, but, but, but I started to in, in China that I started thinking and that was because everywhere I looked that with the industry's or they will Mark his the hadn't opened up yet. No one had done this. And no one had done that. No mistake, Macher. Search no one t shirts. And I thought, wow. You know, I. Could do that. I've seen that, you know, work in the west and then, of course, then you're surrounded by millions of entrepreneurs because the Chinese are probably the most don't race on. And so an and so that's really where I got the bug in. I just happened to be in the right place at the right time and through most SIS. Learn about how to be an entrepreneur on kind of on a street level, and I and I got hooked well, and of course, for any sort of venture like this, you need a certain amount of capital and you find yourself in Beijing. And, and as you have said yourself, you didn't have much money, and that is often, the case, doc filmmakers, don't have a lot of financial resources to maybe to begin in this case, a number of our listeners first projects, what can you share with us in terms of, you know, maybe advice, your suggestion to kind of raise capital? Well, I'm my first business was in market research, and it was really know love travel. And so I went travelled out the parts of China that no one else wanted. To travel is with so off the beaten track. But it was still millions and hundreds of millions of customers there. And I applied myself and set up networks, you know, three taxi drivers and kiosk owners and I was providing in a information on products foreign products being sold in China, basic stuff, you know, so I didn't need an awful lot of money, will I need to do by fax machine for the taxi driver, who would then drive around and gathered information fax it to me before emails, and my startup custom. That was was quite small. But what I found was, you know, I had the market because no one else was doing it. So his right facing right time, but, but terms of creative projects. And now I'm in the creative industry with, with my brand will pass. Is that what I really find found was at the beginning, I was able to get incredible talent to work with me, the almost nothing and if not nothing if I could sell them good idea, and what I found was with creatives with credit injury before, is if I if I was passionate about an idea and I could. Pitch it well to someone was the amount of people that was full in line and work with me on that. I did for almost nothing while old quite often just nothing because they were behind the idea. And so, really, I had to work on my skills as a salesman and my skills in terms of storytelling, so that I could get people to, to, to, to join in that journey with me because when I started pasta and still to now I didn't add design software. And now an artist but I got to what I found was that, you know, the data I wasn't at selling story or selling an idea, and then documenting it. Well, and then putting that content in a decent form that people would see that I had, you know, dunning interesting things before, and the and then more people would want to join that journey that I was on. So the beginning, I started pasta with study house, an our and be so. Around five thousand dollars. And I, I still own the business outright. I just opened a shop on an all two-tone that had no shops. It was completely empty, and an an I then built it by being extremely creative about how I got people in to find out about my brand, whether it was through storytelling or doing events, but just getting people on board because they liked the idea. And I really with creatives. They if you can sell them on idea, you know, though, the they'll get emboldened and not need a lot of money. You know, I've been on that street. I think that the before we got on or before we started recording. I mentioned you that I'd done some commercial gigs in Beijing. I've been on the street where your shop for started in. It's, it's hard to believe that it was as you described initially, because, of course, it's, it's a, it's a pretty big booming area now to say the least. Yeah, yeah, crazy. I mean, I was the first shop on the street and it now gets on public holidays one hundred thousand people a day. And when I, I saw how started was, you know, I I moved into no residential streets, eight hundred Izzo Beijing to live with my family. And then one day, I had an idea to set up a t shirt shop on that street because the rent was cheap and it was an old alley way. And I thought it would be fun. But obviously the no people on the street that street on public holiday now gets hundred thousand people a day, and we were the in and thirteen years ago, we were the only shop on the street. And so, you know, I mean it's a long story, but, you know, I started off by holding catwalk shows on the street there. And, and then people started to come an interview me and, and I made some spun videos with my with my mobile phone, and a lot of events. And most people started to open shops on that street. And then it turned into like the busiest retail street in Beijing. Yeah. It's a crazy kind of China story, but this kind of stuff happens in China. It's, it's, it's an economy that's being, you know, going out for forty years in terms of open economy, and it's still it's still a long way to grow. And so as I said at the beginning right place at the right time, you know, and then, and then applying myself and working with the community really where I lived, you know, I was brain bedded into the community and you know what with the liquid chamber comas web with the, the local o ladies on the street to, to man my stores. You know, it was it was a great story of community and, and being in the right place at the right time. Two thousand sixteen China's twenty four solo attempt was scrubbed on UNESCO's Representative list of heritage. Command the ancient Chinese divided the sun's annual limits. Segments. Also wisdom, but China's traditional agricultural civilization and the pasta generation jittery but how's it today? Well, outed, affixing are our everyday. The twenty four says this documentary series season China will visit towns and villages old young experiencing the traditions and customs firsthand. Well, speaking of right place at the right time, your current documentary series of which you are the presenter Ron is called seasons of China. Let's turn direction a little bit towards seasons of China and at this moment, and maybe this time, let's turn our direction two seasons of China bit, and in. How did that I come to be for you were you in the right place at the right time? How did that series happen? Dominic. Well, then when I take you back to when I opened my teasha shop. China's most famous talk show host to came to my stole and I was talking about the importance of story is when she came to the stole, I told the story of my brand, and then I took to my house that was behind this introduce it to my children and then told her the stories of designs, and she was so into the story that she asked me to go on a chat show and, you know, in China talking in China's okwu free. So you're talking show gets audiences of up to sort of twenty million and that was my first everytime on television was on a chat show with twenty million people watching and, and I pulled up a bit of a marketing stunt because I wore a t shirt on the show at my telephone number on it out, tending anybody and then join and join the show she she pointed at my teasha, and then everyone started calling my number, but then will happen from there was peop- people thought I was good at telling stories and I try to be entertaining speak Chinese, and it was a great story. But Chinese media Farda speaks Chinese celebrates, you know, he celebrates Beijing through these. Zayn on his t shirts and it went from one show to the other to the other. And then, you know, I was never passionate about television. I was very anxious in front of the camera. But I just, you know, pushed myself and then it was show off to show. And then I ended up as a as a judge on China's own special that you have in America like the shock tank in that. And I did that show six years, and then I did show on CNN require one day, and then I spotted. And then I got us to show that was owned by FOX cool. Vintage Hon to travel around the world have been. And then and then I do a lot of shows in China. You know, I'm very known in China on television. That's one of these foreigners who speaks Chinese being a long time until I get pulling pulled into a lotta shows whenever there's a public holiday, some celebration. There's like let's into dominate. He's the around them for a while. Yeah. That's being here a long time. And so I you know. Started with a t shirt shop and then it ended up as a television presenter, you know. So I feel incredibly incredibly blessed and fortunate to be in this position here. The yeah. Yeah. I often ask myself how it will happen. But the seasons of China was it was quite funny because he's in China is. It's a twenty four episodes show. Yeah. And we had to recall that in one year because it's twenty four seasons. Each season happens every two weeks. And it coincided with me being China twenty four years, and it just seemed to good to be true. And so, you know, I was asked to, to present it, it didn't make any financial sense to me. I wasn't in a paid a huge amount of money to do it. And I got in a team of twenty people in the retail businesses. Yeah. Yeah. A lot of other responsibilities. But I'm so passionate amount travel. And I love China so much. And I love getting onto the countryside where you see the real China. Yeah. And so, I had to have along with my wife up to she'd had a glass of wine and say, listen, listen, something's come up. Yeah. Right. And maybe the next year or two. Yeah, exactly. And you know, we also forces in and you know, she was so sweet. Like I know what you love this, and, and you should do it. And so I commend did it was it was every, every ten days, you know, I was off, Laura for another adventure, and it was probably the most incredible year if not the most incredibly of my life in terms of sort of the day to day production, can you give us can you paint a picture on? Well, first of all, what was the size of the crew that you were operating with as a presenter, and then how much time was happened? How much time was being spent on sort of research in content building before you would arrive an inability or in a province. Okay, because it's China and this was well, funded we had quite, you know, lodged team, I guess compared to maybe you might do in the west. So we had to, to cameramen we had a sound guy. We had a director. We had the director's assistant, and then we would each province that we traveled to have a, a local government assistant, who would help us, you know, in filming in certain villages, and areas, and you need to have government permission to film in, in any area in China. So we would have they would be along to help as well. So that would be upwards of eight of us for, for the shoot. And so it's quite a large, I guess, compared to maybe some of your listeners who were working on a on a smaller budget would be quite a trinity launching. Someone Gelson hill, even though I'd been in China for long time, I never knew about the twenty four seven towns. I'm very excited to so to go on a journey festivals in Joe beautiful mountain. I we just had his shin to the. The reason. Customs and traditions. And it's a great place. To learn about all the stuff to spring. In terms of being the presenter, being the interviewer, how much say did you have Dominic in some of the actual content that was being filmed? Certainly, you're, you're leading conversations but was all of that prep for you beforehand, or, or again, how much how much did you have in that content? Well, I mean, I'm very passionate about story. Yeah. And that's how I really built my brand. And so I you know, the same time running a business. I'm not writing the script. So I would be sent a script usually a week prior to the filming and that was researched by team of probably three or four people in the private production humping. And also with the help of the Chinese news agency, and then we would arrive where I be hot was in some of the really interesting posits documentary, a Mike conversations with people in these provinces and compensation. As, as I tell you know, as I told my daughters who speak Chinese said, you have this, incredible skill, which you can go and travel, anywhere in this country of one point four billion Eva, and you can have a conversation with them. And that's so powerful and so going to these provinces. And you know, one time I was hanging out for this one season mountain. John, as you know, these combine harvesters these launch knows who borrow money to buy, these combine harvesters for, like twenty thousand dollars that he hasn't all this, and then they literally write them thousands of kilometers across provinces, all the way across her an up towards Beijing. Just, you know, harvesting weet, the families, six says at a time x time I to hang out with this night for three days and sleep with him. Yeah. You know in wheatfield. And and and and crazy conversations. You know, I mean that he has no idea about England a whole bunch of lies came into the Golden Harvest. And he said to me, Jeff is in England. I'm like, yeah. We do have very innocent conversation that and then now found it because I was I'm a foreign. I'm very hot on sleep kind of guy have a lot of emotion. And I found that they really opened up to me. You know, there's a with any society within within self as a lotta complications. We English people quite distrustful of each other. Especially when I hear an English peasants, but, you know, you'll wife is, you know, this soon as speech like he's, he's private school. These public school. He's Nolte south on then you start to make to judge each other. But this is an English guy who's six three he's bold, and he's got a big nose and he speaks Chinese. And he's talking to me about my relationship with my wife, which was funny one because he's away from his wife. You know, so long, you know harvesting this, this week and he really opened up to me. So it was it was fascinating. So I got to dictate the story on that side, which was to have incredible conversations with people, and, and really found that they, they got to open up also, you know, I got to lead the story in that, you know, it's so fascinating these things from foreigners perspective. And yeah. So it was a lot of fun as you were making seasons of China. Did you always were you always kind of aware that you guys were filming? Moments and you were filming people in parts of culture that, that, that, that, that soon at some point in time will no longer be like where you constantly aware of that, that you are, that you were putting something down on film. You were documentary something and, and there's importance in. Yeah. I mean, I'm -solutely I mean talking about when I ride in China in nineteen Ninety-three, there was, there was a full hundred million less so more people living in the countryside, narrow now. And so with that, that, that whole mass migration into the cities, you're seeing a lot of these coaches disappearing. And I even in one of China's oldest provinces Shansi, which is really the han-chinese come from when the Yellow River that I go to hang out with a guy who's being who's being is given money by the government to try to restore local customs and traditions, go to hang out with a with a nine Munger who, who makes tools for farmers and fixes tool. Perfomance absolutely fascinating guy. And an another woman who made weaved in a red lanterns that everyone hangs outside two houses during Chinese New Year. Yeah. And they're trying to trying to presentable this culture on the his job to do it. But in a country as old as China's two thousand eight hundred years, you could go back three or four thousand if you like the so much culture history. And it's very difficult to present that so really is absolutely an even down in young shores. Hanging out the guys who, who do the fishing with Coleman buds was a lot of people visits, China. These guys these large straw, hats and fishing with buzzes Coleman's. I got to hang out with them. And really no one does it anymore. It doesn't make sense that, that type of fishing full them. But some of them still there and they're doing it if anything Petur purposes, but it was amazing to be on boat and to see guy, let go of Coleman and see swim underneath my boat and catch a fish right underneath that will be. That fish. He had Precourt, and tied it to a piece of string and onto a rock and left it on the bottom of this. This is home. It was is comb. It was definitely out of shape, but I, but I did get to see it happen. And then you get a feel for it, but this so much culturing. I mean, China's moving on is progressing, and it's still a long way to go. And of course, it is a shame. But a lot of those old traditions coaches will be lost. And I really did feel that, that we were don't commencing the lost of a lot of things, especially with the foaming because the the that's the really the last generation of, of the small farmers. You know, the every family would get a six hundred acre or hectare of land for each member, and still holding onto that, but those people now in the sixties, and they getting too old Afam and the kids are in the cities, and, you know, they come back to help them, so that, that land is gonna get redistribution. It's going to become big pumps Dominic as we wrap up our conversation here, unlike to sort of ask you, having worked great. At length on this docu series, as a presenter, does it does it inspire you or scare you away from actually doing your documentary film. It does not scare me away at will. In fact, I think one thing I've lent businesses the importance of finding your nation and, and finding the truly passionate about, and being able to, to sell a story with I happen to sell t shirts and it doesn't sell it by con sell the story behind it. And I think there's a lot of stories that I know in, in Beijing in China through the fortunate being hit so long that I would love to tell, and if anything we're wrapping up the whole back end of it. Now I'm really really would love to get back into doing documentary, it's an China's grip base to do it because I think, you know, you can find funding as a lot of funding for the arts and culture. And I think if I can find the right story. Find the right niece. And, and, you know, some support and get people behind it that I could tell stories so absolutely. I would love to do more of mentoring Dominic, if I'm fortunate enough to find myself in a commercial or documentary job over in Beijing. Again, I certainly hope to pop by the plastered shop and I'd love to hang out with you, man. Please do. Yeah, absolutely. And I'll take you for swimming in an old lake in Beijing, and it's it'd be a pleasure to have you have wonderful. I love it. Thank you so much for being the documentary life. Dominic chris. Don't forget, if you're interested in our free, eight part course, the independent, doc filmmakers essential checklist. Course go to the documentary, life dot com slash courses. Thanks again for listening. We'll see in two weeks, time dot lifer.

China Beijing China Cambodia Dominic Dominic chris Patrick Kampot UK Kampot R J Takhar cubs cincy Christine parkers Dominic Johnson Ben Siham Ankor watt
November 9, 2020

Cyber Security Headlines

07:27 min | 3 weeks ago

November 9, 2020

"From the sea so series it cybersecurity headlines. It's monday november ninth twenty twenty net neutrality and broadband expansion possible under biden presidency of the many changes expected to come about in a biden. Presidency tech industry watchers are expecting a return to net neutrality and broadband access. Reinstating obama era rules that allowed the fcc to punish companies that tried to block throttle or force consumers to pay for broadband service. Mr biden has also laid out a plan to invest twenty dollars in broadband infrastructure. Not only to support the tech industry but as an integral part of his pandemic response plan supporting remote working remote learning distance medicine and access to other vital health technologies trump lawsuit site to report. Rejected votes leaked voter data. The website called. Don't touch the green button. Dot com was launched by the trump campaign. in relation to the recently filed arizona rejected votes lawsuit. The data leaked included voters names addresses and a unique identifier however reports have surfaced of users. Alleging the website has sql injection flaws. That make it possible to collect voters social security number and date of birth. The website was in support of a lawsuit filed by trump's reelection campaign and the rnc alleging polling officials in maricopa county had incorrectly rejected in-person votes on election day by misusing a mechanical feature a green button on the voting machines. Facebook releases disinformation probation policy in. Its latest move to slow the spread of this information and attempts to undermine the legitimacy of the us election facebook has launched a policy in which any group public or private that has too many posts that violate its community standards will be forced into a sixty day probation period in which administrators and moderators will approve submission manually with no appeal or override options. Facebook will also shut groups down completely of its moderators repeatedly. Allow too many offending posts. The changes intended to make the volunteers who run the groups more responsible for what happens inside them. Apple patches three actively exploited zero day flaws in ios bugs were discovered by google's internal threat analysis group. Which as we reported last week also discovered zero day flaws in its own products including chrome for android the apple devices impacted by this outbreak. Include iphone six s and later ipod touch seventh generation ipad air to and later and ipad mini four and later the patches have been released. An updates are available through automatic and manual options a now a special offer from our sponsor bloom era. Seaso's are all trying to do more with less these days. Balancing compliance security and business objectives. Consolidate your security with one end and detection and response platform. Blue mira works as a force multiplier enabling your small teams to detect threats and respond to them quickly. Get a free fourteen day. Trial of lumieres. Cloud sim that you can deploy hours. Not weeks or months. Visit bloom era. that's b. l. u. m. i r. a. dot com twenty million big basket us records available on the dark web india's prominent line grocery store co founded by the alibaba group says the breach which includes email. Id's password hashes phone. Numbers addresses dates of birth location and logging. Ip addresses occurred on october fourteenth cyber intelligence firm cybele states that the fifteen gigabyte package is being offered for sale any cybercrime marketplace for forty thousand dollars. Us public disclosure of the breach was made november seventh. Many websites will stop working on older android versions in two thousand twenty one. Let's encrypt one of the world's leading certificate authorities used by approximately thirty percent of all web domains uses a root certificate that is included in all browsers and operating systems and has been crossed. Signed with that used in windows mac os android and most other software platforms for years. This relationship expires on september first. Twenty twenty one. This means that many websites could encounter issues or failed to load if the proper certificates aren't installed on older android devices next year. Let's encrypt states at the only work around for legacy android devices is to install the fire fox browser yahu mail. This discontinues automatic email forwarding for free users verizon. The company that owns yahoo mail sites security concerns especially spammers for the closure which will happen on january. The first twenty twenty one yahoo mail users who still wanna use. Automatic forwarding will have to sign up for yahoo mail pro which cost thirty four nine thousand nine per year or three dollars and forty nine cents a month. Hackers who breached email accounts often add their own email addresses as an automatic email forwarding rule to receive. Cc's all messages that are victim receives windows ten. I o s chrome and others fall at china's top hacking contests. Many of today's top software programs have been hat using new and never before seen exploits at this year's edition of the tian food cup china's largest and most prestigious hacking competition. Fifteen teams of hackers participated. Contestants had three tries of five minutes each to hack into a selected target with original exploit winning prizemoney for each successful hack. Successful exploits were confirmed against ios fourteen samsung galaxy s twenty windows ten mobile into chrome safari fire. Fox adobe pdf reader and others over on c-series dot com. We have a preview of this friday's see so series video chat entitled hacking multi factor authentication an hour of critical thinking on best. Technologies implementations and adoptions off m. f. a. repeatedly. We've mentioned on the podcasts. That if there's one security action you could take that would have the greatest impact and fa is one of our top three suggestions it so effective yet. The quality of solutions varies widely as does the ability to deploy and get adoption. The event happens live at ten. Am pacific one pm eastern. last friday. We had our biggest crowd ever. We're expecting the large crowd once again. So please come participate in the chat room on camera and join us at the end for our cybersecurity. Speed dating to find out what that's all about go to see so series dot com and select the register for video chats button. I'm steve prentice reporting for the so series cyber-security headlines are available every weekday to see so series dot com for the full stories behind the headlines.

Mr biden biden zero day sixty day Facebook Seaso fourteen day twenty dollars cybele states fifteen gigabyte forty thousand dollars maricopa county thirty percent rnc fcc Apple trump alibaba group yahoo us
DtSR Episode 333 - Security Evolution and Trends

Down the Security Rabbithole Podcast

48:18 min | 1 year ago

DtSR Episode 333 - Security Evolution and Trends

"They say they say we should have known bad then to Saudi down d- down into this rabbit. It's time. Again, the venture down the revenue hole into the world. Cyber security your blood into the podcast for security leaders and practitioners with a business sense. Prepare for unique interviews insights and practical advice that makes your job just been easier. And now, please welcome your guides this adventure jeans jar deemed, the white rabbits off all those. All right. Welcome. Welcome folks down the security hole to another edition of the down to security. Evan whole podcast this raff and over yonder James rap episode three thirty three. And if I remember correctly, I'm not gonna pull up the site and scroll for three days that would be three hundred episodes since I've been on with you while we have been for three hundred that is a that is a lifelong commitment. It is it is a long commitment. Isn't it? That is that is hilarious law. I didn't even think about that. Dang. Wow. Three hundred episodes, and you stuck around. That's the part. It's it's almost amazing. Isn't it at that time? You start your own podcast. Listen, it's been it's been a beautiful time. It's been fun. I've been on multiple podcasts. But you know, this is obviously been the longest running one. Let's keep it. Let's keep it. All right. So for this week show as the polar vortex as we're recording this vortex currently has the middle half middle center of the country middle and northern parts of the country. Like, minus two thousand agrees getting close to absolute zero superconductivity is happening is pretty crazy. But that being said we have somebody. I was pretty sure I've had this guy to show before. But I guess on wrong. They just talked about it for like fifteen hours as in a row. And so here's Sean Martin. Hey, buddy. Robin. And James pleasure. Finally. Fifteen sixteen who knows how many years we've been talking about it. But I'm here the seriously. I'm pretty sure like we I remember at least twice ARCE. Hey, we gotta get you on the show. He should we should have you on the show and. I could've sworn had it took the board Tech's to make it happen. Nice. Well, so for those folks that don't don't know the familiar named some of us who are you in? What have you been doing with your tech career? That's a good question and figure it out. Know someone little history. Yes. A little little history. Let's see the date myself. I dunno nearly thirty years three decades. Nearly as many years is ten times as your show three three. It's good number, by the way. I'm happy to be on this one. Right. Yeah. So been been in the space for quite a while started in product management a QA actually break in crap. And then building stuff that didn't suck and then helping companies go to market, and so that's that's mostly most of those thirty years in a nutshell on then last three been work with my co founder, Mark Pelli, which some people might know. And we we started magazine called IT Espy magazine. And that's that's what's taking most of my time important, my heart and soul into that. And hoping to make a difference in Infosec. Well, it has been it has been a hell of a run for you. I mean, you've got you've got some interesting history. Going back you met you may be responsible for one of the earliest, well, earliest enterprise security. Do he do he pieces of software? Do things which one would not be this little sim. You're you're part of jeez. Little him. Yeah. That's right. I can't remember how we connected there. But yeah, the whole semantic sim space that was an interesting run. I I do have too big props to semantic. I mean, they they gave me a great environment to to learn and grow, and and as most no semantic company back was, and I was in a position to actually be on teams that built stuff which is kind of cool ghetto these code and got the work with building stuff is fun. And while many my have their own opinion on on the whole sim platform. That's imprompt that semantic brought to market. I think it was a huge endeavor and a lot of fun and some really cool people. I got to work with you in that. And yeah, I think we're embarking on a new era in the form of Soren now, right? Orchestration and automation platform should platform. I just couldn't that word folks, you have to pay me if you say platform, Asian, I like it permission. Hey, whatever happened to the semantic sim. It's still exist. I don't think it does. I think they think it's been decommissioned. I think one of one of the things that I remember most about we used it. We brought it in as probably one the first. Unifying sort of platforms. That was at GE. We brought it in. I want to say it's gotta be like two thousand to two thousand three and the thing that I remember is it would take you could you could make a full screen window, and you'd have little sub windows and all these tiny little graphs. It was pretty pretty cool. The graphs were big deal. I mean, every time we went into a prospect or customer account is like, where's the reporting? What SIMS were four, right? Like this the whole point of a sim pretty much pretty much. I'd grand visions for it. And I think what what we see in some of the source stuff. Now is kind of where I saw that that whole thing going, which is automating automating response porn, pulling all the bits and pieces together and actually make an do something for you. But but I came reporting. Well, well, so. Do you think we've we've gone through iterations of Sam like I think they're said there's next-gen Simpson. Two point. Oh. I think it was anti who said a little while ago. Couple years ago. We're finally we're like three point one. I think we're finally getting him. Right. This time almost. Starting to feel like maybe we're getting close close to what? Well because look the biggest. Close to making sense of it. Because like the the purpose of that of that platform, unless I missed something was to do we we Mike migration purchased it. And brought it in house was too. To essentially be able to start to visually and logically correlate things that were happening against the spirit platforms. You know, 'cause you had your ideas over there. Maybe you're fifteen different ideas. They all had their own dashboards near av was over here. And you know, you're we started using wafts those were over there and the all had their own. That's that's of the problem too. They all had their own dashboards and views, they all they all launched tickets at you and the all launched events at you. And the sim the whole point of it was far as I can tell was put all the wants face make sense of it. Yeah. Main thing was reduced noise and make sense of it. Absolutely. I think where where there's potential for success now in is the the -bility to collect just crapload data, right, right? And then on top of that analyze it with some algorithms can call it a and L the alike, but just the ability to analyze stuff in near real time and against massive amounts of data into your point data that that resides from all kinds of things or is derived from all kinds of things not just security, tools, so business systems and fraud detection systems and banking system, or whatever it is. Right. Kennedy systems all that stuff come together. So I. There were there were many many rations of this in many many different tools at tried this. And I feel like a lot of them have largely failed to get us to the level of the promise of reduction of noise, and we created more noise because we just had more things shouting at us at the same place mind, you which was I mean, at least halfway there, at least it wasn't set a different platform shotting. But now, they're all seven there were seven different platforms all shouting at you from the same place. The single pane of noise from several platforms AUSSIE, I love that single pane of noise. But it kind of make things better for little while. And I think that the problem continued to be then into the direction of pain shifted from. I have to look at twelve screens to. I'll good I've got now one screen. But now I've got too many things scrolling by to fast. And I think not know how much of this is driven by investments VC's and the cool new widget where and marketing from vendors as well where responses to late, and so a lot of lot of the effort, and and focus has been put on threat hunting and analyzing data as a means to prevent some of these things. Yeah. But then in terms of response, I think the real value comes in the ability for the system to do something for you. Otherwise, you're just you're as you pointed out just continued overload the user, and you have to bring on more users than analysts to extra responded the stuff. And so the more we can automate things on the response side. I think the better will do. And then of course, there's a whole threat hunting piece, but we're not talking about that at this point. Aren't we though I mean threat hunting is has become part of like, I remember we used to separate out threatened does a threat intelligence function is over here. And and then like we did threat hunting are those do still see those as separate functions with an with an operations group are are those starting to different teams different platforms. Are they starting to melt those together as well into some sort of in some sort of as sore happens right into that platform as well. Yeah. So I'm not as deeply involved in the operations ends of the stuff that I used to be. But I would say that there's certainly some melting going on they're melting going on. But. Yeah. I think I think the team hunting is probably still separate some degree from the response because. Yeah. The when you were in your response in you have to respond quickly, right? And you have to figure out where the sources, and and how big the damages and clear thing up and block, the bleeding and all that stuff. And and you might tap into the threat hunting team to see how real is this or how dramatic is it, and I'll wide spread is it. But I think there's still some separation there, but from from a content perspective, certainly they both pull in threatened television speeds, right to see how contextualized the information is that they're working with does does it impact my industry, does it impact my environment specifically, Lennox or windows, or what is it that thing's going after and our my systems and environment at risk from the stuff. So I think that feed supports both. But I think there's still some separation of duties in terms of the teams now. Of may disagree. And certainly as I said, I'm not as deeply involved in the operations than to these things. But that's kind of my view. You know, heavy spent some time in security, where do you see the challenges? Did you like how he put that kinda lightly? Have you been in here a couple of days? Where do you think the shifted? The fo the shift in focus for the industry has gone from a from a development and innovation perspective because we started in trying to identify kind of what we consider sort of the basics. Anti malware antivirus. Intrusion detection volunteered, those kinds of basics. And we started building on top of it on top of that. And on top of that. And on top of that. Like, what do you think to focus currently is like what do you think we're trying to do as an industry now? And syncing the said we built on top. And I think that's kind of what we've done, and I've had a few conversations with some VC's recently. And I think what we're faced with now is a lot of feature companies hitting hitting the market. So there's this little widget that we can sell you that will do this one thing in the context of the grander scheme of things you're trying to solve and I think as an industry, we're now forcing companies to figure out how many of those widgets do they need and which features work well together to actually build the solution this office problem and in the meantime, the cybercriminals of doing the same thing. But now they're which is together. And and they have the luxury of of just. Yep. Putting it in a big bucket and seeing what works right? And I think that's what we're trying to do from a security management perspective as well. But we're we're doing so by leaving while leaving big gaps in in our protections in our ability to respond. I think the other the other shifts and actually on the advisory board for for the risks certification program at Pepperdine and not just because I'm part of that. But I also see there's a. Shift back to looking at risk again, which I think the the real value of what we can do industries to kind of really ask ourselves will. Why are we doing these things with the business in these ways? And what what exposure are we putting out there from from a risk perspective or threat perspective? What's our footprint? Like, then do we really need to do that? And are there different ways to do that which may change the conversation from we just built all this crap? How do we protect it versus to one where we can say we need to ensure that this stuff is built properly. So that we don't have the exposure and keeping separate keep them protected shore them up with proper access control and multi factor off and all these different things we have but do so build the stuff in a way that that addresses the risk front versus how do we plug the holes with all these widgets on the other side? Do you think that? We have you know, when you mentioned, you know, the feature sets, and you know, everybody's just building this tiny little feature. This is what we're going to put out there to work in the whole grand scheme of things. How much of a detriment is that actually of you know, if you're a C so sitting out there, and you gotta work with different vendors. It's I, you know, I gotta have a hundred different meetings to cover something that I could have one meeting for you know, if this stuff was all kind of put into one thing. So while it's great that things are very specialized in specific at the same time. How much does that slow somebody down from being able to actually look at the overall risk and figure out here's what I really need. Yeah. That's the that's the conversation of while. We do need to build this. Business process or business service in his way. And therefore, we do have this exposure. And therefore we need these policies in controls. How do we how do we achieve that? What what technology and process and people we need to make that happen. And yet is overwhelming for look to find out figure out how to find the controls and implement them and put the teams on them, and then go back to that single pane of noise. The figure out if it's all working properly or not, and I think certainly a place for all these innovations small and large, and there's also a place for some of the large organizations we pick on the platforms. But I think there's certainly a place for for them. And we'll certainly see some consolidation of these features being picked up as part of products and these products picked up into the platforms to build solutions. And I think the real question is how Oude organization operate organizations operationalize that stuff. And that's that's really where the team comes into play, and perhaps even partners organizations doing this stuff internally on their own may come by the wayside inn. We might see some some big partners come to play where they're actually the playing these platforms and operationalizing them and managing monitoring them and working with organizations to actually see it through. So on the ends of the question about the role for all this stuff. But I don't know that organization not not every organization can look at all those widgets, and I'll make one more point maybe stayed in the office, and some people may not know this. But a lot of those widgets are brought to brought to market through friendships and relationships I've sold this widget to you from the last company, and I'm now with this new company, I'm gonna I'm gonna sell this new widget T. So I think there's a lot of wages present. Dacians from from people that know people, and so there's a lot of entry into the market through those means, and those that don't have those relationships will probably fall by the wayside and or get picked up by vendor that that again is built on or based on a relationship, but bottom line is. I think there's a place for the end of vacation we've started to see some consolidation. I expect more. Bigs up an interesting question as you look at different products different companies. I mean, especially in the security industry, people are fairly close when you know, people, you know, a lot of people, and like you said, I mean, a lot of stuff has done by people getting in here and moving forward that how does that that? That's gotta make it more difficult for somebody to be, you know, I'm an outsider. How do I know that products? Good. I see that John over there uses that product. But does he use it because it's a good product. Or is it easy knew that use it because you know, he's friends with the CEO of that company that obviously plays a little bit into making difficult. Specially if you're not in the know of who's out there, and what they have for products. Yeah. And I think the it would be silly to assume that you see so or see us oh wouldn't look to their peers their friends to figure out what they're doing just because they're they're so little time to do all that research and figure out if you have a hundred products in front of the which ones do you pick? We pick the five that your friends talk about right? And then you send your team off to to analyze analyze those and do proof of concepts. What about the other ninety five? Right. Those those maybe great technologies better technologies. They just don't have the relationships. They might be in a different region or started by founders that aren't as well known in the industry, or or from these firm that doesn't play directly in the security space, or example. So I think they're. Probably a lot of innovation out there. That's being missed. And with that, perhaps we we may be leaving some things on the table with respect to solving this problem. But then at the end of the day. If Cisse doesn't have the time to investigate all those and to make it as Susan than. We're leaving stuff on the table for that as well. So I I think I think the cease owes have to do what they need to do there and leverage their relationships and the people they know and their peers are colleagues to help make those incisions. Johnny said something earlier that that my brain is still still stuck on. Now. I didn't what's that. I said, no, I didn't. No, the the idea of building something building something with a sort of a I think you said like a building. It securely building with a low risk or tolerable risk as opposed to going in securing something that's already built do you? This has been something that we've all wanted for ages and ages and ages do you feel like it's broadly happening. I mean software infrastructure cars toys, computers, power lines. Like all of it. I so my thought on this is we are. Multiple thoughts on that. So the first is we've done for years, a great job talking security security people. Right. And I think we've extended the conversation beyond detection and prevention systems to to like application security and folding that into the applications were building. And I think we're starting to see some of that in in the device development areas. Well, internet of things and that kind of thing. I definitely see conversations happening outside of pure security systems. And I see action in the area of application security, but I think we're still just the conversation level for most things and from a business perspective. Aside from the widget that they're they're building the camera or whatever might be. That's connected. I definitely see more conversations around risk and taking in more conversations around security and taking the risk conversation to help identify exposure. And and areas that need to be short from terms of policy and and controls. I don't know how well we're doing there yet. But I I definitely see that. They're more conversations on on that end, general business form. That's that's heartening with with as many new widgets as many new everything is getting a massive gobs of software added to it. Like almost literally like, my my the scale of my bathroom has wants to get an IP address. And that's a terrible idea. Right. I mean, this this terrible idea the end. But like all of this is getting all of this is getting peer dresses. It's all getting smart, and I'm gonna use smart in air quotes. Because 'cause y'all know what I'm saying right now. Right. That things are getting smart. I it's it's it's a little bit. It might be just a little bit disturbing to me the the level of. I forget I forget the rule. There's a there's a rule that says that you know, we basically are about ten years out ahead of terms of developing technology are Bill to understand impact on society. There's a name for it. I forget what that was the name is is somebody's long or something. But but that scares me because that's been the thing that in my entire career. I've been working against is. We rush to somebody goes. Hey, wouldn't it be cool? If and with the amount of tools that are out there the amount of intelligence it's out there. We simply prototype it and build and go there, it is it goes. And then suddenly a year later go. Hell we really did. We really just do that. The fact that. The stories that broke about all the hospitals. That connected. Suddenly put IP addresses on things like heart monitors and various medical dispensing things in hospitals to make a particular nurse more efficient, and suddenly the those medical stations that nobody really ever thought about having to protect were excessive potentially remotely like oh my gosh. That's legitimately terrible. But we didn't we didn't quite get that impact. Like, nobody really thought about it as they were doing it until many many L much later. I I kind of wonder about what that means because the pace of technology isn't slowing down things. Get things are miniaturizing. My phone can do things that that are absolutely amazing and miraculous like via you know, we can do augmented reality through our through our phones as virtual headsets. That's crazy. But I mean. We're not really understanding. I think we're finally starting understand the impact of text messaging outside and that's been a while. Right. We're we're we're starting to grasp that, but like where are the other things that impact security, and I think that's the that's the broader question from sophomore respected like holy crap. Where are we? Yeah. And I think you're touching on this this asylum pact of all this stuff. And it's one thing to look at businesses. And and and I think generally speaking, we know how to run businesses, right? And hopefully, we're doing a better job of understanding the risk that technology has them running to business and putting things in place to mitigate that risk come come to the society and things I think you're spot on and the stuff been tweeting with a gentleman on Twitter this morning and yesterday that now the idea that the horses down the bar and the trains running away, and and things are moving faster than I think we as a society recognize and oh all day long. Yeah. And and Mark when I talk about this quite a bit in that we're making decisions today that are going to impact us ten fifteen twenty years from now and we're doing so with. Limited information. Perhaps this information biased information. And yeah, I think I think we're building systems and setting about or them's and or not and all this stuff is just going to. Come crashing down at some point. Well, think about the impact that we're overly. I think what the impact we're finally seeing from from the likes of Facebook. Like it's been a while it sets that hit the market, but we're finally starting to get old lay. Cow. Like, what have we done? How do you gauge that though before you put something out, even if you put the idea Facebook out there before anybody used it, if no I d how many people, you know, how do you sit there? And gauge like, wow, what if everybody starts putting everything on this? And now all of a sudden, we know everything about everybody. The sitting down or stopping and trying to play out that whole ordeal and making it public enough about the see like, you wouldn't have seen a Facebook. You would've seen fifty or five hundred Facebook's pop up. Right. So how do you come up with new stuff and be the first one to get it out there and see what's going to happen with it without just doing it and saying, oh, no, no, I'm going to step back, and we're gonna we're gonna walk through because I think a lot of the stuff that we see come out from stuff that happens. We see all the I o t people don't think about this stuff until it's out there. And I'm not saying the people that are putting it out there. But it's not like you have somebody out there. That's a visionary. That says somebody's gonna do this. You know, what here's all the different ways. I can act that. So before you do it. I'm going to give you this information. So you don't do it. Right. Hindsight's twenty twenty and not foresight. And I think that's the challenge in and we want to innovate as a species. Right. We want to progress. And make our lives better. And and certainly is a human race. We want to be more efficient than make the most money possible. And. Yeah. That means we're gonna we're gonna build that product and test it and not invest in all things necessary to make it the best product possible. We're gonna we're gonna test a proof of concept and see how it works. Invitations off them will start to wrap other things didn't Securities One of those things that is almost always an afterthought right now. They may think what we if this takes off. We might have to consider what it means for data data, protection perspective or privacy perspective. But not right now. Right. That's going to prevent us from getting to market. It's going to prevent us from mass adoption, so people may be discussing I guess your point earlier, I think more people are discussing it something not enough are and in terms of action. I I still think time to market wins and and revenue time to revenue wins over security decisions. Well that was. Good chance stick, you know. I mean say you put it out there. Go back to wraps example of the heart monitors the internet or connecting to the network, not even say up to the internet couch in the network. So we've got a central monitoring system, which is all about. And you know, we got people sitting there watching it it it has enhanced are billeted to do something. But even if they had said, you know, what we're thinking about doing this, look, let's put it out to the security community and say, here's what we wanna do. Tell us the good the bad. What we can do what we can do. The problem is is just like the political world security is so divided on everything you'll get a fifty fifty of. Yeah. You should do it. Now, you should. So then where do you go with that? Right. We would never implement anything. If we put it out there like that because you'd have half the people now, you know, what your risk it's fine. You're going to save more than you're gonna lose. You know? I mean, look at Harper's that's going to help protect people way more than the risk of somebody getting in and doing something to it. If that's the profile that come up with and. Making that up. But then you're gonna have the other side as Nope. Nope. Nope. There's a one in eight zillion chance that somebody could get in there, and you know, change the rating, and you wouldn't see somebody having a heart attack. You can't do it. And so we'd never move any place with it. If we didn't put it out there and say, okay, we've got it. Now, we gotta figure out how to handle this. And I'm not saying, you know, throw stuff out there without security and minds. Right. But if you throw it out there and say, a look we have to understand the impact of this for the next twenty years, you're never going anywhere with anything. Yeah. And I think what you're describing there is a real conversation around risk. And I would say we probably don't do a good job at that as as a security profession. It's typically note, this is bad. This really bad thing can happen. What's the likelihood? And and are there ways to mitigate the likelihood of that actually happening? And it may not be get rid of a hundred percent, maybe drop the likely done to ninety and and put some things in place to to hopefully detected. So let's say that is a heart monitor that if it gets popped it you can kill everybody who has it. That's connected at the moment. Eighty thousand people just picking number how likely is that? And are the things you can do to to not let all eighty thousand people beyond at the same time. Do you change the way that that it's configured in used in actually does connect and the way that it receives signals? So there's a lot of discussion that can take place. But I think we find ourselves in. Nope. That's that's really scary. So don't do it or they don't wanna hear that answer. So they don't even ask the question, and they just moved forward. Right. And and then then we're stuck with dealing with it afterwards. You get a lot of people that are afraid to say, no, we don't need that in the event that actually we did need that. Right. Goes back to that risk. Talk of. Way this. How has this happening? I mean, we are there's no one hundred percent guarantee. But I don't wanna be the one that said, no, I didn't need that one control. When then something happens, it'd people like you said, we did need that you know, and that fleet were pretty much an industry of as much as we can buy buy it. And that way we can't say we didn't do enough. The the problem is even if even if every company bought every widget that is available. It's not going to solve all the problems. There's no way to be a hundred percent secure. So it again is why I'm so so being on risk. I think it's really having a discussion in an understanding around what the risk is and find the ways to either reduce the exposure to begin with or find find them alternative way to identify and detect the risk event happening or ways to mitigate most of not all of it with other other controls gets so Sean, I think what's interesting to me at this very moment is. Thinking about. Thinking about. The way that we can do. So think about designing things with security in mind. Meaning to do them safely as a process, right? So there is you know, how much data do we keep doing crypt? It. Do. We in transit in while in use. Where does it get stored? And is it is the app secure is the off secured is the identities. Good solid bubble. All that. Then there's the other part of like, hey, here's like here's the design of the thing. In terms of the impact on our lives from security perspective like. Connected cars is a fantastic. It's just a fantastic world that we could potentially live in. But we need to think about the the broader impact of the failure of that system. Now, right. When that would something like that would network like that would get hacked. And it did has before you know, he could disable thousands of millions of cars at once. That's a much bigger problem. And the question. Should then go to what what can happen if it is compromised network, right? How deep can they go out wide? Can they go out FARC in the hops? Can they take and what can they get to? And and each of those points. What can we do to stop it toward it slow it down recognize it and protect the rest of the network separate things. It's not. So that's where the discussion needs to happen. And and I think it's starting to it. It's a tough tough discussion. Right. And all of that takes away from a we have to hit the back to school time to to reach our revenue goals because of the dancer to or the the market dance, the ultimate the ultimate discussion of that really starts and ends is right at is is the Intel processor debacle that we ran into right? Oh my gosh. Does this usual inability until processors? Why didn't they? The funny thing was he's somebody's has started. Well, why would why didn't they think of this? I can't believe nobody insecurity told him about this. I'm sitting here kinda trumping going, I'm willing to bet. Good money. Somebody at the beginning of this design phase was in the room going guys a risk to this. Right. Somebody's going to figure out a way to leverage this for evil, and they all kind of looked at him and went. Yeah. But like how many years massive profit? Do we get before then that other and that detractors of at the point paychecks, and they moved on? We used to saying things like what was a business decision. Like, aren't they all? How much is stuff that may not even be known at the time. You know, you look at a bug that was introduced ten years ago, you know, the risks that they were aware of in their software ten years ago is different than what they're where of today. You know? So if I can get something in there, and we can have somebody look at it. Like, yeah. I can't see any problems with this. And in five years down the road, some sort of new risk of all. And we don't go back and look at that. Right. Then we're just like, oh, not when we built that. It was good. We just keep reusing the code. You know, I mean, obviously, there's an issue of, hey, you're not going back and reassessing the stuff that you have that's out there. But you know, how many times do you not do not fix? What's not broke? And there's so much to this point as well. I mean legacy is one area that you right? Tons of legacy stuff. It makes the business run. We can't get rid of it. So there it is open source modules and services that come from all over the place, a whole ecosystem there that many times people don't even know what what the heck they're using. And then of course, takeaway off target. But yeah, the user, and as I'm sitting here having a call this podcast with you. I have multiple phones for to do many things with I turned FaceTime off on most of them except for one that was sitting on the back side of my desk. And I just got a call on FaceTime. That's how we're actually recording this podcast. He didn't know this. We didn't we didn't need this other platform on the back channel on FaceTime. Perfect. So I mean, I was aware I took care of this for myself and others around me. And yet I missed one phone, right? So there's just that whole end of things, and that's the one that somebody's been snooping on you on this entire time. Exactly. All my conversations today. It is you know, it's tough for it's tough for you even with knowledge of stuff to be able to carry it out every place. But you know, mean you think about something like a platform like Facebook, you know, you can sit there and talk about secure design and building it out. And you know, we encrypt ever you get a grip everything in that database. But the moment they started, you know, potentially selling that data to other companies all that goes out the window. You know, you've got all these things in place. But maybe you didn't foresee that and you know, because it's time nobody felt that was going to be value and all that amount of data like those risks change over time. You know, same thing with the risk of using those platforms to spread fake news or around election time or anything like that. That's not necessarily something. Somebody's gonna see, you know, back in two thousand seven versus maybe what they see and two thousand nineteen. Well, that's a problem. We had with when I was doing apsect way way back when dinosaurs roamed gear, and you go ahead invalidate an app was, you know, relatively bug free. And the nine months later, something new happen. Like this software now has bugs in the developers. But nothing's we've changed nothing. Like, yeah. But new techniques that conversation shot how do you have that conversation because I guess James you've qualified explained this to the beyond soft beyond just like apps, but just in general developments today. It's good like what what we know of it's safe. But tomorrow, the situation we totally different, and may require you tear this thing down and rebuild. It like that doesn't sound like a fun conversation. Yeah. I can't imagine. It would be. I think and we're your point earlier the questioner there were probably not having those conversations, right? Unless there's a an annual audit or something that forces us to read look at an environment in particular system. We're probably not we're probably looking at CF is fine then and now it's good or we expect it to be good moving forward. But so I don't know the people are having those conversations less it gets identified in some other way there it gets popped or falls under scope for for assessment or an audit through some other thing and. Go ahead. Know, we're good. Oh, I was just going to say, you know. I mean most the time I know when I do like estimates for organizations against applicastions. You know? I mean, there's an understanding there that hey, look, we we can only do what we know what we see this doesn't guarantee your apple secure. What we're doing is denting what risks may be out there. And, you know, just like when you do have owner ability scandals like when you do static analysis. What was there today, maybe different than what they are tomorrow in that, you know, that's just the nature of the beast of how that works. And, but I'll tell you, you know, from your earlier conversation that we had you know, I think when we start seeing things like applications acuity while we are doing a better job. We're getting out of the security where we're getting into the development world. I do a lot of developers and QA and those type of groups were doing better doing that. But to me the biggest gain we're seeing from an application security perspective is we're seeing the frameworks get better. Right. As you go out there and get the newer frameworks. When you go from dot net. Four point seven two dot net. Core right? There's all kinds of stuff that's their that's more secure. When you go. You know, when you're using some of the newer versions of these new frameworks? These new languages were building stuff in things like cross request forgery protections out putting coding by default. All this stuff is being added in and that's making the biggest impact and worse falling behind trying to say, hey, look, let's make more aware developers and QA and business analysts. Hey, what do you need to be thinking about what what are the security implications? But a lot of the gains. I think we're seeing are really directly attributed to the frameworks that are out there that are just taking care of stuff inherently for them. And as an excellent point. I mean, it's easy to be doing gloom. And but we we do continue have made and continue to make huge improvements. Doesn't mean we were fault-free, and we certainly see companies get popped in locations, get compromised. But yeah, I think like Jim Monica presented upset California here last week. And he did a whole talk on how well we've done application security talking about the frameworks, and and the methods that we have and list and the best practices that we've established and and standards for SSL and a bunch of different things. But. Is point was we're doing good stuff, and we continue to goods do. Good stuff. The question is enough. And is a wide enough. I think that's a question. We'll leave time guys. This has been fun. Sean. This is a has been a great discussion as always there's always expected with you. But now we've got an on the record. So there it is finally number three three down down on tape. Yeah. And just for just for the record you'll be cheering for the patriots. That's exactly he'll be cheering for right after the Rams. Oh, well this. This is going to be released after that that that the patriots Invitatinal twenty nineteen. So we'll have to see if a you know, if for the reps are from southern California or where they come from. Nice. Nice. Nice RAF, James. It's as a pleasure. I'm thankful. We got to to connect this time. And hopefully, we'll see you see Francisco in March. Yeah. Have used by the way, one final thought have you seen hotel rooms for this year with the costs are? What every year I book right outside leave San Francisco from the previous year's conference ibook immediately for the next year. And I didn't do that this year. So I did that. And I did see I did that last year. But I changed jobs and the and the cancelled the card until the reservations gone. Brutal. And yeah, they're they're stay started like nine fifty for anywhere within walking distance in the financial district there. Yeah. It's kind of absurd. It's actually it's not not cool actually asked me. That's that's that's ridiculous. Yeah. The Knicks Pence that we that we could put elsewhere. Yeah. The topic is all right. All right. Great. Wasted places. Excellent. Thanks. Thanks for being on the show, buddy. I'm definitely looking forward to seeing you on San Francisco James is always always fun to philosophize with you. Yes. It is always a good time guys. All right, guys. Thanks, folks. Thanks listening episode three hundred thirty three of the down the security rabbit hole podcast. Twenty nineteen gets off to a roaring start. I keep telling y'all suggest some guests Taiji TSR or underscore underscore at underscore podcast on on Twitter unlinked in smoke signals carrier pigeons. Whatever you've got let me know happy to include an you know, if you're sitting in a PR company, and you you've got somebody that's legitimately cool and interesting that's not going to product try to sell us something for for forty five minutes. Listen to listen to them to so anyways for the for the folks here on the side, Mike, thanks for listening. We'll get you guys. Another time. Another place on a down the security rabbit hole podcast Shaoyong. Out on another down the security rabbit hole. Episode. We'd like to encourage you chat with our hosts and gifts using the Twitter. Hashtag pound D. T S are please check out the show notes catch up on any episodes EBay of missed and subscribe to you. Don't miss a few. Our website is white rabbit dot net. Wh one two three r a VDI T dot net. So on behalf of James with good. On another down the security.

James pleasure Facebook Sean Martin Twitter California Mark Pelli San Francisco Robin co founder Knicks Soren GE Mike migration Sam Kennedy FARC Intel
Risky Biz Soap Box: PRODUCT LAUNCH: Backstory by Alphabet's Chronicle

Risky Business

35:08 min | 1 year ago

Risky Biz Soap Box: PRODUCT LAUNCH: Backstory by Alphabet's Chronicle

"Hi, everyone and welcome to this soapbox. Addition of the show. I'm Patrick great soapbox. Editions of this podcast are wholly sponsored everyone you here on a soapbox podcast paid to be here. And yeah in this eviction of the show, we are playing a small pot in the launch of chronicles flagship product backstory chronicle is of course, alphabets security spinoff, alphabet being Google's parent company. And yeah, the launch of the company at self was announced about a year ago. And until now chronicle has only really had one product which is virus total and apprise, but that old change today. Win chronicle launched back story at the iris I conference in the United States. So what is back story? I was lucky enough to see a demo before we recorded this interview last week, and I'm gonna characterize it in a way that they probably won't like, but it's cloud spunk. With a twist. That's not one hundred percent fair. But it is kind of same play basically backstory ingests logs for bunch of different data sources DNS. Look up information. DHCP info, your ideologue from crowd struggle Cobb and black you web proxy logs firewall alerts, and then it takes all of this data and structures it so that you can make use of it. Now, you get a nice pointy clicky visualization sort of thing with timelines and stuff, which is of course, very handy, but do keep in mind your logs and now with the company that is responsible for virus title. And you know, they've got access to call Google infrastructure, which means they know how to process Dada at scale. And they also have very good intelligence. They very good threatened L. And of course, I can apply various to the logs you've submitted which by the way, I should point out. They keep for twelve months. You can hold twelve months with Dada in your backstory account. So one use case, of course is doing the type of. Threat hunting threat, hunters like to do backstory looks to be very good for that. Especially as I mentioned earlier, it's built on core Google infrastructure. So the average response time to a complicated query is basically negligible as the ingest processing times, but beyond that, I think this is actually going to become quite a useful alerting platform. Same deployments, very very hard to pull off and they're also very expensive. And it's easy to wind up with gaps in them and cetera et cetera et cetera. But this is an easy way. I in my mind from what I've seen anyway to get the same type of value. Now, I should point out so chronicle also planning on collecting net floor that is on the roadmap. And boy, oh boy. Once you go to company like chronicle collecting net floor from all of their customers and analyzing it. That's what dreams are made of the potential for greatness is certainly there. Let's put it that way. Anyway, you probably want to hear what chronicle has decide about its product. Instead of listening to me blab about it old ice. Yeah. I recorded this interview with chronicle co founder Mike Weizsaecker last weekend. He's what he had to say about backstory year ago, we announced chronicles company, and I was here on the podcast talk about virus total, which is our first product was acquired by Google and moved into chronicle when we graduated from x and so just just a short recap V T is one of the world's largest our intelligence. Uh-huh. It has over a billion files and gets more than a million new ones every day. It's simply a massive amount of information about our, you know, how it operates how behaves what it communicates with in vetoes you about threats in the world. We have millions of users over thousands paid enterprise customers, the the obvious next question when you give someone unlimited information about threats out in the world is or any of these in my world, like my organization's network, and even more importantly worthies things ever my in my environment. And I just didn't catch them. It's a very simple question. But one that we find very hard for enterprises to answer. So what we're announcing today is our very cool solution for this. It's backstory. It's a global cloud platform where customers can upload securely trauma tree into a private layer where they can analyze it hundred threats and investigate incidents. It looks like a lot of the work. You're doing on the back end with backstory is in structuring a lot of event information that you're all ready collecting through things like DNS logs. DHCP logs eighty are long stuff like that. You're ingesting all of that. And actually trying to time line at structure and order correctly. So that it becomes meaningful. I mean, that's the idea here, isn't it? Absolutely being able to do that at, you know, multiple abide scale in literally timeframes that allow you to witness what's happening now within the UI with minimal latency is actually a really hard problem in one that we're really proud of how we solved here. Yes. So I'm wanted you just rattled off a list of the types of Dada that you ingest because as I understand it yet DHCP you'll looking at things like web proxy logs eighty you're going to be supporting crowd strike and carbon black out of the gate. I imagine his more coming there. What other stuff do you? Do you have coming in? I understand that net. Flow is on the roadmap nephews on the road map. And it's one of those things that we're going to really focus on your customers. Telling us to go trying to focus on the most important things that we would want ourselves given that a lot of practicians into space, and then allowing feedback from customers to help drive that direction. So currently, I just those things or or there a few that of missed the DHCP. Ideologues would Brock's logs Netflix on the horizon. That's what I have fan right now. We're also ingesting alerts as well. So firewall alerts alert some other products as well can be propagated into the you. I could see where they intersect with the behavior that your underlying asset was exhibiting at the point in time. Now, you've showed me a demo this, and it is quite a height using buzz words, but it is pretty granular. I mean, you can because you're collecting that sort of DHCP information, you can go right down and look at the history of someone's actual device. Right. You can see that they've been beginning to a non bad Demane. You can see when that started. You can see events around that. I mentioned a lot of the work that you've done in the last year has been around. Getting this daughter into some sort of coherent form is that is that a sumptious. Correct. I mean, normalizing date is obviously a challenge, but we're also working in a way to ingest Roelofs as well and providing very fast search capabilities over those Rolex too. So while some data makes sense to store in normalized fashion to facilitate very particular types of ups as we do branch out into raw, and we're allowing arbitrary searches over that data as well, the differences between normalization and free free. Search is is gonna try and blur within the product. So I guess the obvious question is what's the problem that this solves? So the real problem solve actually, you know, I think it's best with a story. So when I was Google working, I was working on, you know, part of the Aurora incident and one of the things that we were sitting there, and we were trying to understand what? Resources. We had available to us. We knew the command and control servers for the Mauer. And so that's one of the first time. I actually started thinking about DNS in terms of security. So this is going back ten years ago. But the the real catch that we had was we knew these things were bad. And we're like we want to know everything that are networked it's ever communicate with them. And that's actually where I met the co founder of chronicle Shapur he actually was working as a necessary helping manage Google's corporate DNS infrastructure, and he basically said, oh, I have logs of Guinness resolutions. And we were like really this is amazing. And we're able to quickly able to use that data in Google systems to understand what were all of the machines that were actually impacted and then use that to help initiate investigation or formal forensics work. So that was that was something that was was almost turning stone for me careerwise as well as for him because that was where we started to realize the ability to have massive data and the able. Search it in a really quick way was transformative in how we think about security, you know, another another example would be, you know, flush for advice secure there. I was at a meeting at the department of homeland security in northern Virginia. And they passed out a list to about twenty of us in a room where they said lease have host names reknown APD actors for their Mauer if you have any traffic to these you probably have a problem. And so I ran out to my car other to my laptop, and I checked our systems in you know, within a few seconds. I knew that Google's infrastructure with safe. We'd never seen anything ten generally even related to these the the key here is that we're able to do that search very fast and when I went back into the room. I actually saw everyone else was sitting in there asking when would I have seen this? And you know, the Representative said oh six to nine months ago and literally everyone through there. Ends up in the air. One person said, you know, if you told me it was twenty four hours or forty eight hours. Maybe even a week. I would have had a chance, but you telling me six to nine months ago, I can't leverage information. And if that idea that there was some sort of a delay. There wasn't something that even occurred to me is oh should check that like, I just searched everything. And I and I knew have this problem. And that was that was that was one of those moments relate. Well, this is having this scale of data and being able to search it in seconds is something that really it really started to things like this is something that we need to share with the world. This is something that every enterprise can benefit from, and it will help people think about security in a different mindset. I I've always been on a little bit of so FOX when I say that you we're limited by the tools that we have. And so know the old adage if you only have a hammer everything looks like now, and I think most tools have never been designed to think a multi PetO bite scale. Where you have maybe two or three or four or five or ten PetO bites of DNS, logs alone. That's a little look ups, man. I'm just thinking just thinking too. I mean, there's been various approaches to this problem. Right. I mean, I'm thinking about some of that full packet capture gear that was popular like ten years ago things like packet loop which was developed by a couple of strands, actually, and that was bought by networks we saw net witness go to say because they caught some Chinese AP activity when the demoing Tara size. I I think that would I think already in talks requisition, but whatever that went to recite that tech sort of as that tick didn't quite pan out as the as the amazing thing we all hoped it would. I mean, mostly because the storage requirements were insane. Which is probably why I recite border because they owned by EMC. That's a great way to sell this. We've seen we've seen other approaches things like spunk, which can be very powerful. But everybody I know who uses spunk. I mean spunk is a is a massive project, and we need to really have some experts to set it up correctly. I mean, it seems like what you're doing here. Is you trying to unlock, you know, most of the value of something like spunk, at least from a security context. But you doing with Dada sauces that you already have. I mean, how am I going selling your idea here? 'cause to me that sounds pretty good. I think you're I think you're pretty close. I think the key thing is it's data over the long term. You know, we don't find out some witness and stuff was new. I mean that was that was one of the pitches, right? Which is like, you know, here's a nine, bad domain. You can actually you can actually look through your stored packet captures and see what happened and see if this triggered three months ago, whatever so all the people have had to go at that. But yeah, I mean, twelve months instantly instantly. So actual is pretty cool. I'll give you that. Definitely. I mean, if you're running spunk. It's something you have to manage yourself. It's hard to hire security people. There's a very finite pool. And I've heard I've heard someone uses staff that the unemployment rate for security professionals near zero. So why ten minus ten that's true? You don't want wanna hire a flunk team to manage spunk. Or you're going to have your security team dual hat and also function as spunk. Admins? And now, they're managing the infrastructure of the maintaining you have a very high cost there to to to build a tool that at the end of the day is supposed to help these people actually do security work and backstory is in a sense removes that it's just let security people do security, and it frees them from worrying about like, well how much discs face do. We have left. What's our software licensing costs looks like it makes it for dictatorial. I also imagine to that you're going to be building out various features of this because you'll be you're going to be collecting everybody's Dada in aggregate. I mean, I imagine you have your own threat. Haunt his working on that stuff and trying to find various patents various attack groups, and you'll be able to let let people know. I mean, that's got to be part of the playbook air, right? Yeah. I think is you sit down and you look at the nature of this. Right. Like is as you're able to get a aperture into translate merged around the world. It does definitely afford a unique visibility point to be able to go over then start investigating opportunities. Like that you know, down the line. Yeah. So you've spoken a lot about DNS and looking at beginning demands. And one thing that gives me a little bit of pause. There is you know, you look at how some of the crews are actually doing things these days. I mean, they can beacon out priced in comments to Britney Spears Instagram these days, I mean, other people are doing divine fronting or doing some stuff with encrypted us in IT too. You know, all the true destination of communication, so I mean that only gets you so far, right? So so I I wondered if you could talk through like some of the other use cases here that might help you with detection that don't really have anything to do with IPO domain by speaking. So I mean, I think that's one of the things when you start looking at stuff like Idi our data being incorporated in the back story. So you're not limited just to network connectivity. For your able to put. All in the idea of file reads file rights registry. Modifications you're able to pull in Mutek creations named Texas would be available in there. And you're able to look at that data. So imagine like this is the part where this almost feels like black magic to me is being able to say like was what were the names Mutek is on my particular laptop, eight months ago, yet this particular point in time, and then you start looking that in as you start in just being threatened tells you start getting indicators of compromise you're able to go back and actually get the backstory able to go back and look at what happened in the past understand. Hey, was I owned that? I get vandalized any attackers left. And I didn't even know because if I take that information, I take those today, and I put them in my, you know, intrusion detection system ri- scan the data that I have available. I have no hits. But the question is we only know what's bad at the point. We find out. And then if you try and look back where? Limited by most enterprises seven ten maybe thirty days d- able to look back at the long haul actually gives you a higher level of assurance that your system is secure today. And we've never really thought about I think as an industry thought about security in that retroactive mode. It's always like, you know, I like to say point in time forward, and this is a chance to actually say, well, the more I know I was safe up until now gives me more shirts and trust than what I have versus just looking forward blindly. No. That makes a lot of sense. But I mean, the next question is, okay. Where are these IRC's coming from him, you giving imagine you're gonna give customers the option to feed their own IRS's into the instance or their account, right? Because I'm guessing it's more of like just an account in you'll you'll biggest systems are they might have. List of bad demands that have been targeting the vertical sector that's being given to them by whoever maybe a government agency that can feed them in and see if they're getting any hits. But I'm guessing also a pot of these service that you're going to be offering is you will be providing some of that threat intelligence is that right? And you know, I mean, you got you got a bit of it to see a VAR startled ready. Yeah. Definitely. So we it's an area. We're actually looking at a lot. We have obviously any any references things that existed virus total. We actually have what we call insight panels within the UI that will say, hey, you're looking into main virus total knows a lot about it. Click here to jump over virus total just a question. They like you mentioned before like registry changes virus total actually capture information about like say this sample that was submitted to us makes this registry change. Because I can't imagine it really would so virus total does detonate in San boxes. And they actually do have for some some percentage of the files. They actually do have behavioral report. So they actually do know when this file runs. It drops a copy of itself and puts it with a random file name in the windows directory or something like that so virus still does have fairly large repository of behavioral detonation information for for files. That's. Just a part from BT there. Right. We also have we're also launching a threat feed. It's called upper case. And upper case is our own internal sourced signals, which will be made available within backstory exclusively within Baxter, actually. And we're also worked with a bunch of third party partners. So right now launch we're gonna have vast and proof point there will they'll be providing data to us, which we will then continuously correlate with activity that we have from an enterprise within back story itself. So as that ecosystem grows, and as as that develops it's going to get even richer. I almost forgot we also have a threat feed from the department of homeland security in the in the US as well. So that's also already being available to the few customers who actually backstory right now. Okay. So that the I got another question for you come on. I mean, they record. Just before our side. This is obviously this podcast is going out. Just after you've downst- this product. Why have you not said Herbert up it up it up a machine learning? Why why Mike? You know, there's little hanging fruit here, right? Like. We got we can take that one off the learning we go back and forth on this thing. One of what are the things that like you think about the threat feeds for a second. Right. As data comes in. We're constantly revaluing new indicators at new threat information against a year of data. If if we have that much data for you. So you're constantly getting retroactive scanning without any real management. Like, no sim do that. There's no platform in the world. That's able to do that. Constant reassurance. Would be allegation of all of that. And doing that automatically as well. Right. Like automatically these feeds are turned on. They start showing alert at how you're going. You're going to go down to like that registry. Key change damp, or you're gonna be looking more for the dumb stuff like file hashes IP's it. It's one of those things where it's expanding right now. Right. So what what can be expressed within like, a sticks taxi feet or something? Like that is something that we're able to go over and cross correlate the the number of types of indicators that can be leveraged. Is simply one of the things that's just only going to growing it better. It's one of the beautiful parts of a cloud platform like this. You know, what what's there today may be tenfold tomorrow? And so it's kinda hard to nail down. Exactly what's going to be supported that make sense. Now, look you'll coming straight out of the gate with support for carbon black and and also crowd strike. I'm just wondering like what it was like working with them on this. Because I would have thought you kind of. To a degree. You're almost kind of stripping away a point of differentiation between those two companies who highly competitive, how did you get them to go along with with being partners on this right because to degree you're just stripping away the platform component of what they're offering and turning them into agents for your thing. I mean, really I feel this data retention problem. You know, the data that's available to a customer of either. One of those is the retention and search ability of it is fairly limited. They were able to leverage the fact that we have the ridiculously awesome power of Google's core infrastructure behind us. So if they're the ones who are making the data making available to customers, but then we're able to take that store it and then make it searchable over the long haul. It doesn't it doesn't necessarily compete with them or strip anything away. I think actually makes both of their solutions were competitive on their actual features and Cape. Abilities. So who's using this now because I'd imagine you would have had some trial uses giving it a go like what what what types of companies have been have been using this. And what if they using it to do because I mentioned people create a technology, and they expect people to do X with it. And then they give it to people, and they start finding a completely different set of uses for it is that has that been your experience. Definitely I think it's one of the most exciting parts proc project. Like this is seeing how people use it. It's it's I like the island we use the analogy that you know, if you use Email and use the web based Email before g mail launched the way that you used Email very different than the way use Email today because you had a five megabyte inbox, you delete every message after replied, and you live like that. But now for most of us are Email inboxes are personal file storage cabinets? I know I've emailed to myself was to do list of e my Email myself photos that I want to remember to do. With and it's changed our behaviors because the tool became more advanced. And I think that's what backstory is gonna do. I think we have our own vision for how we use it. But the unique cases that people who are actually in the trenches are going to say, hi, you know, what I can use Baxter to solve this particular problem. And they're gonna come up with things that we never thought of. And I hope they do because I don't wanna zoom, the smartest person in the room. Ever. You had trawl uses out there doing unexpected things already. Or is it have you just been completely under wraps at this point? We have we actually have a fairly robust community of people who have been piloting alphabet attesting back story and honesty. They run the gamut some of them have five hundred employees and some of them have five hundred thousand and points in their in their inventory. They run the gamut from manufacturing to health insurance to energy with oil and gas. Scaling dimension this just operating at that sort of scale as a cloud service, right? Like, I mean, how you ingesting information from an organism that sort of information from an organization with five hundred thousand points. I mean Ville simple answers were built on core. Google infrastructures. I don't have any other magic answer to that. Like, I think there's a lot of insights that are engine nearing team is really top notch. They have a a lot of income from moved over from Google proper to become chronicle, employee's and a half number so came from the outside. And so we have this really good divergence that we have people who have experienced building systems that like, hey, this needs the scale to handle a million rights per second. And if some other people who are like, hey, I've worked at other companies. I never did something if that's Gail before. But these are actually the challenges that they want solve and you get that together. You let them gel and you end up with something really cool. I think that's what we have here. So who's this fall? Right. I mean is this four lodge and prizes who have threat hunt teams is this for any enterprise has a security team. Like who is the most said a logical? What what's the sort of logical use a class? If you will to be honest. I think it's every company by I think every company that has any chance to concern themselves with security, if you if you're a company that has an internal threat hunting team where you're actively looking for novelist behavior on your network. You're going to have better insights into that behavior with backstory than if you didn't have fax story. But if you're a smaller company, you know, if you're in in we've worked with some NGOs as you sit down you look at small organizations, and you look at big ones, they still have security concerns. They may not have someone who can sit down dig through this data on a daily basis. But when they have even a viewer that says, hey, suspicious file and have someone who understands that they can go over and look at backstory was or anything else on here. The triggered any large. Any other watchlist alerts here anything else happened at all? All and being able to have that is something that smaller organizations never had the budget or the resources or the technical know how to get that data centralized and be able to then go over and do searches on it. So we've always regarded this is something that's tied for the big guys in the world who have threat until team. But really what we're offering is away to have a criminal canonical, log of security data that's happening on your enterprise, and then being able to go back and ask it what happened here. It's you know, you can you can see a naming scheme between chronicle back story. We're trying to keep that log of what's happening for security purposes, on any ev- every enterprise, you've mentioned to, you know, a few times people searching through the, you know, the store Donna that helps them, you know, go back and look at things, but I'd imagine for a lot of companies, particularly the smaller ones. They're going to be much more interested in this win. It is a. Effectively a high quality alerting platform. Do you see that use case being one that people are going to jump on down the track? Absolutely. I think it's use case that will happen today. Even we have the ability to have those alerts coming in from the feeds in the partner data that we already in in ingesting, and then you're actually going to get something new you're guarding these retroactive detections. You're gonna get alerts that say, hey, three months ago, this machine was compromised by this this machine is exhibiting this behavior, and that opens up a whole new world of of opportunities to actually consider maybe we should reemerge that machine. Maybe we should pull the hard drive replace it, then re image. But let's, you know, there's a reason to not trust that particular device in in an absolute term customers will tell us you guys know when there's bad stuff, please tell me when it's all my network, that's kind of an obvious obvious problems Russ assault here. Now, look, you know, one of the key selling points. He that you'll pr-. You know, you're pretty Cain to emphasize is the speed, right? We've heard you mentioned multiple times at know the spiced on, you know, Kogel infrastructure that it's very very fast pet about scale. You know, try to put that into some into some real world context for us when you say fast, how fast is this. So our average response time for when you do it search is about two hundred fifty milliseconds. So there's no waiting minutes or hours to get an answer. It's just to fifty milliseconds that does that really cool thing with that. Is that doesn't matter if you have a terabyte of data ingested or you have no five PetO bites data ingested, we're gonna get those results in roughly two hundred fifty milliseconds. And so that's like for me is I don't want say game changing because that's another cliche, but I wouldn't do its behavior changing. And what I mean by that is, you know, people are very susceptible to how fast things are. And if something is perceived as being slow psychologists will tell you they tend to do it less often the faster web. Page loads. The more engagement people get so even thinking about that as a key metric just tells you that the vaster weekend make back story the more usage, it will get which is actually good because we believe that will actually improve security for machines out there. The other thing which I really think is amazing to is our indexing in processing time. So when a customer streams, they a particular log entry, I'll just use DNS, for example, they log they send us log lying there from when we get it to when that's visible scored Ryan in indexed in the U. I, you know, on average it's less than two or three seconds that that's amazing because I've worked with so many different tools over my career where I see while the gesture for this particular, log source is six hours behind now this twelve hours behind and so then what happened happens there sock? Analysts sits down at their keyboard may see a ticket. They had to look at this machine. And they're not entirely. Sure. Do they have all the context that they need am? I looking at ever if it's this particular thing, I might have these state is up to date with the state is not one of the demos. I've been loving to do with customers is you know, I have a office sliver behind backstory network. And I'll say hey, shout out a random domain name. I'll just paint, and then I'll go to the scroll over on its they're already catalogued prevalence identified as Demane that's new to my enterprise all that enough like an unscripted live test. Just this is showing. That's you know, that's that's fun. Right. Like. Quick question to you like how you actually ingest like from a use from the us aside. How did they set this up? Do they have to like just get some sort of from you? And then how how do they actually connect stuff through to the backstory account? So we actually have a bunch of ways what we wanted to try and do one of the reasons why we worked with several dozen pilot customers to help round out this process was we knew we would see any and every possible solution we worked with some customers had no log management at all. And it was like, hey, help us collect our logs and help us get them to you because we want to and then some of them are ready had fairly sophisticated centralized logging infrastructure that was running on spunk where they were doing something with elk or anything down that line. And what we developed actually was a whole suite of different methods. Do the type of work we can obviously injustice, log data. They can send that to us. But we can also go over and us we have a four. Order app that people can actually install on their existing spunk instances, which will basically works as a splitter. It streams the data to us as while sending it to their spunk instances. Well, so that if they're already working in the have log centralizing, they're putting it there. We can just pull them out of slunk, and then we'll have them within a few seconds. And makes it easy there for them all sorts of Troy's if people have long stored guessing for a lot of people are just going to be like Seuss long. Pretty simple. Yeah. That's that's the that's the simple answer. Now. Let's talk about cost, right? Because where I can I like to to be able to sponsors like what they charging for the attack. I'm an enterprise, we say five thousand seats. What's this cost me? The key point for backstory in terms of pricing is it's flat rate user pricing and users defined as the number of sometimes never employees number of temporary employees that you have. So something first off it's a predictable thing if you don't have any headcount growth or its negative zero for the year your costs, roughly stay the same. Our general general approach here is we want your cost to be predictable. We also want to encourage you to put as much data into the platform as possible 'cause we think that's going to actually improve security for everyone over the long term. Once once you collect information aggregate, you can stop doing some some cool stuff with it. I mean, one of the reasons I'm particularly interested to find out about pricing from chronicle is because you know, virus total enterprise is quite reasonably priced for what it is. Right. So I just wonder is this the sort of thing where you're going to mock it and people are going to be bald over and how cheap it is. Or is this priced much more along the lines of? Hey, this is normally priced enterprise security software or cloud. So I think what you're gonna see here's your basically find probably on average the cost to deploy backstory is going to be roughly fifty percent of what people are ready spending today for exactly if they're spending on spunk or trying to even do it themselves in terms of headcount with Elkin, infrastructure and all stuff that goes along with that. And I think you're gonna find people basically being bowled over by this. They're gonna get bowled over by what we're asking in terms of pricing. The fact that there's no hardware or there's no management costs for that. And the pricing is basically gonna be fixed. All right. Well, Mike Weiss, Nick. Thank you so much for joining us own soapbox to really talk through what chronicle is doing. You know, we've had a lot of anticipation, there can only imagine how you've been working on this over the last twelve months, so yeah, congratulations. Thanks for joining us. And I hope you survive. Thanks great to chat with you. Again. That was Mike. Why sec he's the co founder and chief security officer of chronicle, and yeah, you can check out chronic chronicle dot security big thanks to chronicle sponsoring this edition of the risky soapbox. And that he's for this podcast. I'll be back tomorrow with another weekly news edition. But until then think Patrick thanks for this.

Google United States co founder Mike Dada Cobb Virginia Mike Weizsaecker Britney Spears IRS Netflix San Mauer Roelofs chronicle Shapur APD Brock Representative
Coachcast #1218  Esteja com prontido para produzir para voc mesmo

COACHCAST Brasil

06:46 min | 2 weeks ago

Coachcast #1218 Esteja com prontido para produzir para voc mesmo

"It was so now defeating achilles. I say things if you will see zandt. What will mitch does not as a by your windows evolving visible pixel as noise. don't produce zindabad. I love it could use a super cheap dodger. Fan komo hiccup. It's essential chevy paddock coaching. Moocher vodka cj foot eight the stone. We will coach cast to brazil. Sadat key motive. What does he follow. Soberly that you ownership ill sensitive appropriate. Who says donor duplin a gloss over his cheetah can music fan votes. Save davis gyda carney's player put their facility. Top by kidding plays a finance circle superior sergiu sold donor. Soap died who saw was pursuing his name. Breeze thing to dodging hello value about this month. I've heard that flies a lion over gaza. We still fell the sobering. The jesus lucielle intelligence so sociaux get it if as marketing but all your there will be made to pre chief assuming his soon on Sookie novel idea. So no dante single hell on wheels migos cisco legacy threatened by appalling normally start to l. e. h. bookable syndrome saint sheikh. You silt or value. Applicable cities involve east asia poodles ziemba meanchey elbow key ki. Falter does his ensure food to this poor. Senator ballots manchin book acadia. Who's gadget particular. Moos album is soccer. hader opening snow nassau familiar. It was ridiculous was. That's what i heavily. He'll minch scheme is import busey. Let's pursue ski. My system took over a decade is supposed to go steady angle. Sola becker kings ziems get us be suicidal. Single seddiqi signet. Our bodies here. He janine goose saw wounds familiarize more faster. My fastest seen within the will say paso blow to learn who geeky lizzy view really to quasar gora. You was was if i see dot com meanchey siem saddle dopamine sincerity fisher being precipitator. See aguado nissim say this upbeat noises. Cements he don't his poison temple. Lavar sweep you said. Every through six died you wanna shape to the year but is sushi tweeting value brekke stroke gassing busey wouldn't professor nagaoka watch gets his city they're happy to minimize nice study. Bobby's silky is that don't report need. Because of the morale might encounter on this issue. The i league premier brocail pollsters say stock up on them opposing soccer. Gingy means threat you gingy delusion and these genus okay. Report is term all his new linke gene. Therapy who for a non-american. It is long rabin. You rabin doug. War gained some missiles. Sit on fifth don't us work as quickly as you to in the last so basically some milk a seizure by feed you for few what's machines saw suicidal by khazar is of particular concern. Is walter pessoa. What's it what it gets older passage potsy but a typical bunch ziprecrui punch logos. Thomas look it will say Ethical punch visha bank mir's masino of be should some problems set by province. Might know of. It has to be some planning breeze weekly so they won't buy our stone waterproof so now by did prove so now us up. Love benita spiky. Kyoto sunup. All saints with your new sheep but he was not the complete security will vs community seizure now stop prophecy passover neely placards keystone also. Hit door was linda. Brierley's versi preseason digital as well so sensitive to that and our vida dailies food. Dan henderson analysis. Gp cds volvo seizure. Moscow pay juvenile mass brought. You bought a wom- as song me revel seaquake stock act g-l-a-c seniors if fleet unease your team surtees kestler vida minute donna. Pause position. I answered it was abolished decatur. Espn do l. Simba todos position attack. You move in now. This is if there's if. I go to recording coach. Kassar poltical on fall to bear. Anything else asks what you've just given to vote checked out that phone jesuit that greasier kuma silverman. She was sick. Ezequiel submit all through school to cater. Final you doobie you to be able to go. Bob bollinger you aging idea dumb angel instagram. Full cohn bob police akebono. Ucla coach chester. But as you was applaud your own reading folks get platform including those spotify. Doing this cast books equal. Get door podcasters. Those of put us in april. Tell gastropod juba dzamija almost feel put gas to you.

gyda carney ziemba meanchey Sola becker kings ziems zandt aguado nissim Lavar brekke stroke nagaoka watch brocail hader linke gene manchin rabin doug Sookie soccer Falter walter pessoa east asia brazil gaza