Watch the episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Morning everybody. How are you doing today? Uh Mark here after a week off. Um For those of you on the vlog, you're getting a cool little insider look um into my home office. Please forgive the mess.
It's been a frantic week, um been off last week with some back and shoulder challenges. Still struggling through that, but Aws re invent is less than a week away. Um And what I wanted to talk to you today and why I'm giving you this look into the studio um is I want to talk about preparation so you can see here, I've got um things set up.
I've been doing some filming ahead of time. Um And now I'm just gonna try this super awkward solo camera swap. Uh get this down on the set, tripod set up the mic. It's like that boy boy in there and there we go.
So you probably got the microphone and shot here. How's that, that windscreen? There we go. So um one of the things I want to talk about was preparation. So this is my home studio.
I've been filming a whole bunch of stuff trying to get ready because in a week from now, I'll be in Las Vegas for Aws re invent. It is going to be crazy, amazing. Um And super, super exciting.
So, one of the biggest challenges though, um and this is where I see security teams sort of falling down all the time is a lack of preparation. So you can see I've got some of the lighting on.
Um but if I truly prepared ahead of time and you'll give me one second here. This is how the scene would have been lit. I've turned on my key light um for those of you on the podcast, uh obviously way, way brighter um with the key light and the studio properly lit here to record some videos.
And that's really what I'm doing for the next day or two is recording a whole bunch of stuff that I'll release um or add to over the course of Aws re invent next week.
Now, what does that have to do with security and privacy, which is obviously the main the of this vlog. Well, the vast majority of the time when I'm talking to teams, um they aren't prepared, they are prepared for the worst.
Um And I know that's doom and gloom, but the reality is for incident response, you can't make it up on the fly for any sort of pr response, communications response. You can't make it up on the fly.
You need to talk about this stuff beforehand. You need to be prepared. You need to have your lights already on, you need to have the scene set the scene staged. Um There are some interesting stuff I think you got glimpses of as I did the opening shot here.
Um I am working on a video that explains how I shoot and why I shoot different shots. Um And also I'm working on readjusting the studio a bit for a different look in 2019.
But um the idea here is that, you know, you're preparing, you're setting up things you're thinking through. Um when you have time to think. So, I wouldn't exactly say I have time to think last week and this week, but I have a lot more time than I do next week.
So next week I'm at this show, it's gonna be um my calendar is jam packed, which is a great thing. I love it. Um But I don't have time to plan out shots. I don't have time to create uh the bumpers that go on of the videos.
I don't have to call it time to make the call it actions. I don't have time to write blog posts on the fly that I haven't already sketched out into a skeleton. I'm doing my preparation last week.
Well, a couple started a couple of weeks ago, honestly, but I've been doing my preparation and will have been doing preparation for about a month before the actual show. The corollary here is if you're in a scenario where you're defending an organization and preparation makes the actual event so, so much easier.
So if you take time to write down who the key contacts are, what the critical information is, what the restoration procedures are, test those procedures out. If you're doing that work ahead of time, when things hit the fan, all you have to do is walk through the pre established steps and verify each step.
sort of, does this continue to make sense or was there something we didn't see? But you've essentially got 95% of the work done you just need or 95% of the thinking done. You just need to work through it.
And that's an absolutely critical difference between successful incident response and a stumbling one or you just got through on the skin of your teeth. Um You know, or you barely made it kind of through and it's amazing how little prep needs to be done ahead of time, right?
Because right now you're working as normal, your systems are working. I assume they're not breached. Um You got time. Yes, there's pressing projects, but take a day, take two days to get everybody on the same page and write out a literal checklist.
Now, hopefully that checklist points to a bunch of code to do restorations, um incident response, all this kind of stuff. But you need to know what the flow is as opposed to, hey, we determined there was an error.
What now? Or there was an attack. What now? Um, so there was an article that dropped in C TV, uh, by C TV News here in Canada about a municipality in one of our provinces that actually paid a substantial ransom for ransomware because they hadn't prepared ahead of time.
And that's not to cast blame, but the reality is the vast majority of people probably don't have backups. Um, and if you do have backups, probably haven't tested them. So ransomware works by this sort of extortion.
I'm going to lock your data out and you're going to pay me to get access back to it. It works on the premise that there's only one copy of the data. Well, if you just make a simple offline backup and test that backup to make sure you can restore that whole premise is gone.
So yes, it's inconvenient and you need to restore a bunch of systems to clean and then restore a clean set of the data, but you don't have to pay out of pocket for the ransom again.
Preparation is like 95% of security response and so few teams do it. So that's what's on my mind today. Um As I continue to uh you know, leave what hair is left as opposed to pulling it out though.
I do think it is going grayer over the last couple of weeks. Um I'm super excited about next week. I'm hoping to be able to do mornings with Mark all week this week, unlike last week, um, feel a bit better, which is good.
Um, but, you know, no choice with the, uh, blooming deadline, uh, of Aws re invent. So, uh, please stay tuned to the show. Hit me up online at Mark NC A um, in the comments down below for those of you in the vlog.
And I was always by email me at Mark N dot C A. How are you preparing for incidents or worst case scenarios or just normal day to day activities? Do you prepare or is everything kind of shot from the hip?
Uh Let me know. Um Obviously this week, next week, you're gonna see a ton of content around eight of around the cloud from me. Um If there's any, anything in particular you want me to find out about at the show, let me know.
I'm more than happy to do that. I hope you are set up for a fantastic day. I will talk to you online and see you on the show tomorrow.