I've started up a new called EliteCast. It's aimed at business leaders and decision-makers who want to understand the importance of without all the technical jargon. The first episode is a bit rough, IMO, but I'll get back into the groove soon.

Spotify link as I wait for Apple to approve my listing:

Thanks, and I hope you all enjoy it!

· · Web · 5 · 6 · 8

@JohnsNotHere I don't use Spotify or apple but I'll boost just for the luv

@stunder It's actually available on a few platforms, like Google, Stitcher, etc. Basically, if you're into podcasts, it should be available in the next few days on your platform of choice. The problem is you can't distribute before the first episode is published, and even then it takes time. 🙂

Thanks for the boost, I appreciate it!

@JohnsNotHere First impressions are that I'm not super crazy about it, but I'm also pretty far outside your new target demo, though admittedly I also only really half-listened, so I'll give it another run tomorrow. I'm interested in hearing more and I'll share it at work. Glad to see you're in a position to start up a new show!

@architect Thanks, I appreciate the honesty. It's definitely a different approach than the previous show, but that's intentional. We have enough people screaming into the void that I don't want to add another voice, but rather do what we all aspire to do - be taken seriously by the rest of the business. If I can help educate some of those who are not in the space, then all the better. But yeah, I don't expect to appeal to my original base.

@JohnsNotHere Just listened to it 2 more times today and shared it with my company chat. I think it sounds pretty solid overall.
I'm not sure if it's something you're considering for later episodes, but since you touched on the SolarWinds debacle, I think it'd be worth discussing how heterogeneous deployments (broadly) can help mitigate these sorts of disasters by simple virtue of no one tool/platform/OS running all of your critical infrastructure.

@architect One man's solution is another man's nightmare. It's an interesting topic, and my opinion is that heterogeneity can be just as bad as homogeneity in a technology stack.

With a homogeneous environment, you have one set of systems to monitor, patch, and maintain. If it's heterogeneous, you have fractions, mismatched tooling, and other potential weaknesses. Yes, a homogenous environment can have harm spread faster, but in a heterogeneous environment, you have more blind spots.

@architect But I like this idea, and I think I'll work this into a discussion in a future episode, maybe when we get to the vulnerability management section.

@JohnsNotHere Oh it's definitely a trade-off, especially since in order to address the blind spots you need roughly equally diversified teams to manage the systems.
However, in the light of worldwide multimillion to billion dollar vulns/attacks like HeartBleed, Wcry, Netya, systemd-resolved, and now SolarWinds Orion, it's a strategy that deserves more consideration, as clearly no amount of system/service hardening and blinkenboxes can solve these issues.

@architect I 100% agree with the blinky-box comment, but basic hardening, RBAC, etc., is a better mitigating strategy, IMO. My experience is that this is exponentially harder to accomplish with a heterogenous environment, and sometimes not possible due to incompatibilities with systems. That's why I wanted to focus on the idea of fundamental security in this first episode.

Thanks for the great discussion, it's been a while since I've had one. 😉

@JohnsNotHere If there‘s no RSS feed that‘s available without proprietary subscriptions that just piggy back on your content, then it‘s not a podcast.
Why not post a link to your original content so people can directly subscribe from the source, aka you?

@JohnsNotHere Would you be able to share the RSS link so I can add it to a regular podcast player?

Thank you! I hope you find it useful and informative!

@JohnsNotHere I love your podcasts. Although I'm a technical savvy person, I'll give it a go.

I mean there's still tech discussion, just not at the levels I would have done in the past.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.