{"version":"1.0.0","segments":[{"speaker":"mnemonic","startTime":4.019,"endTime":7.679,"body":"From our headquarters"},{"speaker":"mnemonic","startTime":4.019,"endTime":7.679,"body":"in Oslo, Norway, and on behalf"},{"speaker":"mnemonic","startTime":7.679,"endTime":12.869,"body":"of our host Robby Peralta."},{"speaker":"mnemonic","startTime":7.679,"endTime":12.869,"body":"Welcome to the mnemonic security"},{"speaker":"mnemonic","startTime":12.869,"endTime":13.739,"body":"podcast."},{"speaker":"Robby Peralta","startTime":16.12,"endTime":18.46,"body":"When the"},{"speaker":"Robby Peralta","startTime":16.12,"endTime":18.46,"body":"proverbial sh*t its the fan, who"},{"speaker":"Robby Peralta","startTime":18.46,"endTime":19.21,"body":"you gonna call?"},{"speaker":"Robby Peralta","startTime":22.0,"endTime":24.61,"body":"Back to a serious note,"},{"speaker":"Robby Peralta","startTime":22.0,"endTime":24.61,"body":"sometimes that call is in vain,"},{"speaker":"Robby Peralta","startTime":24.73,"endTime":27.49,"body":"as there is nothing even the"},{"speaker":"Robby Peralta","startTime":24.73,"endTime":27.49,"body":"best of Ghostbusters can do to"},{"speaker":"Robby Peralta","startTime":27.49,"endTime":30.94,"body":"save the day. But if you could"},{"speaker":"Robby Peralta","startTime":27.49,"endTime":30.94,"body":"ask a Ghostbuster for advice"},{"speaker":"Robby Peralta","startTime":30.94,"endTime":35.17,"body":"before a cyber drama occurred,"},{"speaker":"Robby Peralta","startTime":30.94,"endTime":35.17,"body":"what would you ask? Hopefully"},{"speaker":"Robby Peralta","startTime":35.17,"endTime":37.45,"body":"some of my questions will"},{"speaker":"Robby Peralta","startTime":35.17,"endTime":37.45,"body":"overlap yours because I brought"},{"speaker":"Robby Peralta","startTime":37.45,"endTime":40.33,"body":"in one of the mnemonics very own"},{"speaker":"Robby Peralta","startTime":37.45,"endTime":40.33,"body":"Ghostbusters to pick his brain"},{"speaker":"Robby Peralta","startTime":40.33,"endTime":43.54,"body":"about what happens when the"},{"speaker":"Robby Peralta","startTime":40.33,"endTime":43.54,"body":"proverbial security hits the"},{"speaker":"Robby Peralta","startTime":43.54,"endTime":43.87,"body":"fan."},{"speaker":"Robby Peralta","startTime":45.04,"endTime":47.2,"body":"Morten Weea, welcome to the"},{"speaker":"Robby Peralta","startTime":45.04,"endTime":47.2,"body":"podcast."},{"speaker":"Morten Weea","startTime":47.2,"endTime":47.65,"body":"Thank you."},{"speaker":"Robby Peralta","startTime":47.71,"endTime":50.77,"body":"We are in Iceland"},{"speaker":"Robby Peralta","startTime":47.71,"endTime":50.77,"body":"right now, say hi."},{"speaker":"Morten Weea","startTime":51.41,"endTime":52.49,"body":"Hello Iceland"},{"speaker":"Robby Peralta","startTime":53.03,"endTime":55.25,"body":"But Morten Weea,"},{"speaker":"Robby Peralta","startTime":53.03,"endTime":55.25,"body":"who are you and what do you work"},{"speaker":"Morten Weea","startTime":55.0,"endTime":58.84,"body":"My name is Morten"},{"speaker":"Morten Weea","startTime":55.0,"endTime":58.84,"body":"and I work with threat"},{"speaker":"Morten Weea","startTime":55.25,"endTime":55.34,"body":"with?"},{"speaker":"Morten Weea","startTime":58.84,"endTime":62.47,"body":"intelligence in mnemonic. But th"},{"speaker":"Morten Weea","startTime":58.84,"endTime":62.47,"body":"t's not where I started. I st"},{"speaker":"Morten Weea","startTime":62.47,"endTime":66.13,"body":"rted some eight years ago in th"},{"speaker":"Morten Weea","startTime":62.47,"endTime":66.13,"body":"information security bu"},{"speaker":"Morten Weea","startTime":66.16,"endTime":69.4,"body":"iness, and I've been working th"},{"speaker":"Morten Weea","startTime":66.16,"endTime":69.4,"body":"full cycle of incident re"},{"speaker":"Morten Weea","startTime":69.4,"endTime":73.27,"body":"ponse since then. I started my"},{"speaker":"Morten Weea","startTime":69.4,"endTime":73.27,"body":"climb in the security op"},{"speaker":"Morten Weea","startTime":73.27,"endTime":77.53,"body":"ration center, detecting and as"},{"speaker":"Morten Weea","startTime":73.27,"endTime":77.53,"body":"essing incidents and alerts wh"},{"speaker":"Morten Weea","startTime":78.01,"endTime":82.93,"body":"re I worked for one and a ha"},{"speaker":"Morten Weea","startTime":78.01,"endTime":82.93,"body":"f year. As I said, I analyzed th"},{"speaker":"Morten Weea","startTime":82.93,"endTime":87.07,"body":"events that we got on the sc"},{"speaker":"Morten Weea","startTime":82.93,"endTime":87.07,"body":"een, real time 24/7"},{"speaker":"Robby Peralta","startTime":87.52,"endTime":88.48,"body":"Good ol SOC work."},{"speaker":"Morten Weea","startTime":88.57,"endTime":92.83,"body":"Yes, the steady"},{"speaker":"Morten Weea","startTime":88.57,"endTime":92.83,"body":"work horse of every business."},{"speaker":"Morten Weea","startTime":92.98,"endTime":97.99,"body":"And I also came up with some"},{"speaker":"Morten Weea","startTime":92.98,"endTime":97.99,"body":"recommendations for how to fix"},{"speaker":"Morten Weea","startTime":97.99,"endTime":102.19,"body":"he problems. So that was how"},{"speaker":"Morten Weea","startTime":97.99,"endTime":102.19,"body":"t all began. And then I move"},{"speaker":"Morten Weea","startTime":102.19,"endTime":104.5,"body":"on to governance risk and comp"},{"speaker":"Morten Weea","startTime":102.19,"endTime":104.5,"body":"iance"},{"speaker":"Robby Peralta","startTime":104.56,"endTime":105.82,"body":"Out of the SOC"},{"speaker":"Robby Peralta","startTime":104.56,"endTime":105.82,"body":"into a suit."},{"speaker":"Morten Weea","startTime":105.99,"endTime":111.72,"body":"Yeah, more or less."},{"speaker":"Morten Weea","startTime":105.99,"endTime":111.72,"body":"I was not focusing on the"},{"speaker":"Morten Weea","startTime":111.72,"endTime":114.81,"body":"technical things. And the more I"},{"speaker":"Morten Weea","startTime":111.72,"endTime":114.81,"body":"was doing more management, the"},{"speaker":"Morten Weea","startTime":114.84,"endTime":118.56,"body":"work in helping your management"},{"speaker":"Morten Weea","startTime":114.84,"endTime":118.56,"body":"understand why information"},{"speaker":"Morten Weea","startTime":118.56,"endTime":123.69,"body":"security is important. Basically"},{"speaker":"Morten Weea","startTime":118.56,"endTime":123.69,"body":"tried to make them prepared for"},{"speaker":"Morten Weea","startTime":123.69,"endTime":127.59,"body":"any instance that could happen"},{"speaker":"Morten Weea","startTime":123.69,"endTime":127.59,"body":"with having sufficient processes"},{"speaker":"Morten Weea","startTime":127.59,"endTime":130.71,"body":"and procedures and good"},{"speaker":"Morten Weea","startTime":127.59,"endTime":130.71,"body":"information security foundation"},{"speaker":"Morten Weea","startTime":131.4,"endTime":138.03,"body":"within the organization. So"},{"speaker":"Morten Weea","startTime":131.4,"endTime":138.03,"body":"after some years there, I ended"},{"speaker":"Morten Weea","startTime":138.03,"endTime":141.75,"body":"up in threat intelligence, where"},{"speaker":"Morten Weea","startTime":138.03,"endTime":141.75,"body":"it's awesome, what I'm doing"},{"speaker":"Morten Weea","startTime":141.75,"endTime":146.58,"body":"now. So I work on the sharp"},{"speaker":"Morten Weea","startTime":141.75,"endTime":146.58,"body":"incidents. But though I only"},{"speaker":"Morten Weea","startTime":146.58,"endTime":149.94,"body":"work on the incidents that"},{"speaker":"Morten Weea","startTime":146.58,"endTime":149.94,"body":"weren't to the full blown IRT,"},{"speaker":"Morten Weea","startTime":150.36,"endTime":155.46,"body":"so not like everyday operational"},{"speaker":"Morten Weea","startTime":150.36,"endTime":155.46,"body":"incidents, but where the shit"},{"speaker":"Morten Weea","startTime":155.46,"endTime":156.84,"body":"related has hit the fan."},{"speaker":"Robby Peralta","startTime":156.84,"endTime":156.96,"body":"APTs"},{"speaker":"Morten Weea","startTime":158.04,"endTime":161.52,"body":"Yes, I'm gonna have"},{"speaker":"Morten Weea","startTime":158.04,"endTime":161.52,"body":"to move out and fix the"},{"speaker":"Morten Weea","startTime":161.52,"endTime":163.89,"body":"problems. Yeah, like"},{"speaker":"Morten Weea","startTime":161.52,"endTime":163.89,"body":"superheroes. '"},{"speaker":"Robby Peralta","startTime":163.92,"endTime":165.12,"body":"Sexy, very sexy."},{"speaker":"Morten Weea","startTime":165.0,"endTime":167.94,"body":"Indeed. So what I"},{"speaker":"Morten Weea","startTime":165.0,"endTime":167.94,"body":"mainly do is incident"},{"speaker":"Morten Weea","startTime":167.94,"endTime":172.26,"body":"management, making sure the real"},{"speaker":"Morten Weea","startTime":167.94,"endTime":172.26,"body":"heroes analyst gets what they"},{"speaker":"Morten Weea","startTime":172.26,"endTime":175.95,"body":"need, when they need it. And"},{"speaker":"Morten Weea","startTime":172.26,"endTime":175.95,"body":"they also work as a middleman"},{"speaker":"Morten Weea","startTime":175.95,"endTime":179.58,"body":"between client management and"},{"speaker":"Morten Weea","startTime":175.95,"endTime":179.58,"body":"technical expertise, making sure"},{"speaker":"Morten Weea","startTime":179.58,"endTime":184.47,"body":"the technicians are shielded"},{"speaker":"Morten Weea","startTime":179.58,"endTime":184.47,"body":"from the ties and translate the"},{"speaker":"Morten Weea","startTime":184.47,"endTime":188.94,"body":"nerd speak to business speak and"},{"speaker":"Morten Weea","startTime":184.47,"endTime":188.94,"body":"vice versa. Hmm. I kind of like"},{"speaker":"Morten Weea","startTime":188.94,"endTime":193.02,"body":"doing this because I have a"},{"speaker":"Morten Weea","startTime":188.94,"endTime":193.02,"body":"background both in management"},{"speaker":"Morten Weea","startTime":193.02,"endTime":198.24,"body":"and technical background, with"},{"speaker":"Morten Weea","startTime":193.02,"endTime":198.24,"body":"the master thesis in, in our"},{"speaker":"Morten Weea","startTime":198.24,"endTime":202.2,"body":"master's degrees in informatics,"},{"speaker":"Morten Weea","startTime":198.24,"endTime":202.2,"body":"and also one in management."},{"speaker":"Robby Peralta","startTime":202.9,"endTime":204.4,"body":"Wow, so you like"},{"speaker":"Robby Peralta","startTime":202.9,"endTime":204.4,"body":"school,"},{"speaker":"Morten Weea","startTime":204.52,"endTime":205.15,"body":"I like school,"},{"speaker":"Robby Peralta","startTime":205.15,"endTime":206.83,"body":"You must really"},{"speaker":"Robby Peralta","startTime":205.15,"endTime":206.83,"body":"like school because now you're a"},{"speaker":"Robby Peralta","startTime":206.83,"endTime":207.67,"body":"PhD candidate."},{"speaker":"Morten Weea","startTime":207.72,"endTime":210.12,"body":"Yes, I'm a PhD"},{"speaker":"Morten Weea","startTime":207.72,"endTime":210.12,"body":"candidate researching decision"},{"speaker":"Morten Weea","startTime":210.12,"endTime":214.35,"body":"making in incident response, or"},{"speaker":"Morten Weea","startTime":210.12,"endTime":214.35,"body":"more precisely, how to make sure"},{"speaker":"Morten Weea","startTime":214.44,"endTime":219.0,"body":"decisions taken in incident"},{"speaker":"Morten Weea","startTime":214.44,"endTime":219.0,"body":"response, are the right ones in"},{"speaker":"Morten Weea","startTime":219.0,"endTime":222.57,"body":"the right time. So basically,"},{"speaker":"Morten Weea","startTime":219.0,"endTime":222.57,"body":"make sure that you do the right"},{"speaker":"Morten Weea","startTime":222.57,"endTime":224.22,"body":"things as fast as possible."},{"speaker":"Robby Peralta","startTime":224.64,"endTime":226.38,"body":"Let me just stop"},{"speaker":"Robby Peralta","startTime":224.64,"endTime":226.38,"body":"you there, that that's really"},{"speaker":"Robby Peralta","startTime":226.38,"endTime":229.5,"body":"important, because in a incident"},{"speaker":"Robby Peralta","startTime":226.38,"endTime":229.5,"body":"response situation, you know,"},{"speaker":"Robby Peralta","startTime":229.5,"endTime":233.37,"body":"more? Yeah, more than anybody"},{"speaker":"Robby Peralta","startTime":229.5,"endTime":233.37,"body":"else, how decisions get made"},{"speaker":"Robby Peralta","startTime":233.37,"endTime":237.54,"body":"just very hastily, not very"},{"speaker":"Robby Peralta","startTime":233.37,"endTime":237.54,"body":"seldomly the right decision to"},{"speaker":"Robby Peralta","startTime":237.54,"endTime":239.01,"body":"make if you're doing it really"},{"speaker":"Robby Peralta","startTime":237.54,"endTime":239.01,"body":"quickly?"},{"speaker":"Morten Weea","startTime":239.37,"endTime":242.19,"body":"Well, if you're"},{"speaker":"Morten Weea","startTime":239.37,"endTime":242.19,"body":"basing it on a gut feeling, it's"},{"speaker":"Morten Weea","startTime":242.19,"endTime":246.39,"body":"a good chance it's the wrong"},{"speaker":"Morten Weea","startTime":242.19,"endTime":246.39,"body":"decision you're taking. I'm"},{"speaker":"Morten Weea","startTime":246.39,"endTime":247.77,"body":"trying to prevent people"},{"speaker":"Robby Peralta","startTime":248.04,"endTime":248.97,"body":"from trusting"},{"speaker":"Robby Peralta","startTime":248.04,"endTime":248.97,"body":"their gut."},{"speaker":"Morten Weea","startTime":249.0,"endTime":251.85,"body":"Yeah, well, not"},{"speaker":"Morten Weea","startTime":249.0,"endTime":251.85,"body":"necessarily. Because sometimes"},{"speaker":"Morten Weea","startTime":251.85,"endTime":254.85,"body":"it's good to trust your gut. But"},{"speaker":"Morten Weea","startTime":251.85,"endTime":254.85,"body":"you know, if you have someone on"},{"speaker":"Morten Weea","startTime":254.85,"endTime":258.99,"body":"your team that you give more"},{"speaker":"Morten Weea","startTime":254.85,"endTime":258.99,"body":"face value, for instance, and"},{"speaker":"Morten Weea","startTime":258.99,"endTime":263.85,"body":"then you end up trusting him"},{"speaker":"Morten Weea","startTime":258.99,"endTime":263.85,"body":"when his information isn't that"},{"speaker":"Morten Weea","startTime":263.85,"endTime":267.24,"body":"good, necessarily, and then"},{"speaker":"Morten Weea","startTime":263.85,"endTime":267.24,"body":"trust him over someone else with"},{"speaker":"Morten Weea","startTime":267.24,"endTime":270.96,"body":"better information. And that"},{"speaker":"Morten Weea","startTime":267.24,"endTime":270.96,"body":"makes your incident response not"},{"speaker":"Morten Weea","startTime":271.14,"endTime":275.64,"body":"as good as it could be. So I'm"},{"speaker":"Morten Weea","startTime":271.14,"endTime":275.64,"body":"trying to figure out how to not"},{"speaker":"Morten Weea","startTime":275.67,"endTime":279.0,"body":"discriminate based on, you know,"},{"speaker":"Morten Weea","startTime":275.67,"endTime":279.0,"body":"friends,"},{"speaker":"Robby Peralta","startTime":279.36,"endTime":280.56,"body":"and organization"},{"speaker":"Robby Peralta","startTime":279.36,"endTime":280.56,"body":"matters. That"},{"speaker":"Morten Weea","startTime":280.56,"endTime":284.19,"body":"shouldn't really"},{"speaker":"Morten Weea","startTime":280.56,"endTime":284.19,"body":"matter. And that's no easy task."},{"speaker":"Robby Peralta","startTime":284.25,"endTime":287.55,"body":"Right? So,"},{"speaker":"Robby Peralta","startTime":284.25,"endTime":287.55,"body":"incident response, explain your"},{"speaker":"Robby Peralta","startTime":287.55,"endTime":288.33,"body":"definition of it."},{"speaker":"Morten Weea","startTime":288.69,"endTime":292.26,"body":"Well as in"},{"speaker":"Morten Weea","startTime":288.69,"endTime":292.26,"body":"response, could be could be"},{"speaker":"Morten Weea","startTime":292.26,"endTime":295.8,"body":"viewed as an organized approach"},{"speaker":"Morten Weea","startTime":292.26,"endTime":295.8,"body":"to addressing and managing the"},{"speaker":"Morten Weea","startTime":295.8,"endTime":300.54,"body":"aftermath of security breach or"},{"speaker":"Morten Weea","startTime":295.8,"endTime":300.54,"body":"cyber attack. You know, That's"},{"speaker":"Morten Weea","startTime":300.54,"endTime":304.95,"body":"not necessarily a good"},{"speaker":"Morten Weea","startTime":300.54,"endTime":304.95,"body":"definition of instant response."},{"speaker":"Morten Weea","startTime":305.34,"endTime":309.57,"body":"Because there are so many"},{"speaker":"Morten Weea","startTime":305.34,"endTime":309.57,"body":"attacks, that shouldn't be a"},{"speaker":"Morten Weea","startTime":309.57,"endTime":315.36,"body":"problem for people, you know,"},{"speaker":"Morten Weea","startTime":309.57,"endTime":315.36,"body":"like having scan or, or whatever"},{"speaker":"Morten Weea","startTime":315.36,"endTime":318.48,"body":"going on on your network, you"},{"speaker":"Morten Weea","startTime":315.36,"endTime":318.48,"body":"have to be able to identify"},{"speaker":"Morten Weea","startTime":318.48,"endTime":322.59,"body":"them, because it could be the"},{"speaker":"Morten Weea","startTime":318.48,"endTime":322.59,"body":"first step of often the time. So"},{"speaker":"Morten Weea","startTime":322.59,"endTime":326.91,"body":"you need to know that the scan"},{"speaker":"Morten Weea","startTime":322.59,"endTime":326.91,"body":"is ongoing. And then you need"},{"speaker":"Morten Weea","startTime":326.91,"endTime":331.95,"body":"to, you know, have this logged"},{"speaker":"Morten Weea","startTime":326.91,"endTime":331.95,"body":"somewhere so that when when they"},{"speaker":"Morten Weea","startTime":331.95,"endTime":335.43,"body":"escalate their attack, later"},{"speaker":"Morten Weea","startTime":331.95,"endTime":335.43,"body":"than you, you're able to"},{"speaker":"Morten Weea","startTime":335.43,"endTime":339.36,"body":"connect, connect the dots, what"},{"speaker":"Morten Weea","startTime":335.43,"endTime":339.36,"body":"scan was the one got coming,"},{"speaker":"Morten Weea","startTime":340.23,"endTime":345.87,"body":"coming before the attack in this"},{"speaker":"Morten Weea","startTime":340.23,"endTime":345.87,"body":"case, you know, but that that"},{"speaker":"Morten Weea","startTime":345.87,"endTime":349.56,"body":"shouldn't necessarily warrant a"},{"speaker":"Morten Weea","startTime":345.87,"endTime":349.56,"body":"full blown IoT response, and"},{"speaker":"Morten Weea","startTime":349.56,"endTime":354.18,"body":"should be maybe call more like"},{"speaker":"Morten Weea","startTime":349.56,"endTime":354.18,"body":"this operational incident, but"},{"speaker":"Morten Weea","startTime":354.69,"endTime":360.24,"body":"the soccer whoever is working on"},{"speaker":"Morten Weea","startTime":354.69,"endTime":360.24,"body":"first line is able to deal with"},{"speaker":"Morten Weea","startTime":360.33,"endTime":363.69,"body":"cope with you should have some"},{"speaker":"Morten Weea","startTime":360.33,"endTime":363.69,"body":"playbooks or, or whatever that"},{"speaker":"Morten Weea","startTime":363.69,"endTime":367.26,"body":"defines these kinds of things."},{"speaker":"Morten Weea","startTime":363.69,"endTime":367.26,"body":"And maybe a little,"},{"speaker":"Morten Weea","startTime":367.5,"endTime":372.18,"body":"surprisingly, ransomware should"},{"speaker":"Morten Weea","startTime":367.5,"endTime":372.18,"body":"be one of those as well. DDoS"},{"speaker":"Morten Weea","startTime":372.21,"endTime":373.56,"body":"should be one of those as well."},{"speaker":"Robby Peralta","startTime":373.86,"endTime":375.75,"body":"I'd like the ones"},{"speaker":"Robby Peralta","startTime":373.86,"endTime":375.75,"body":"that you wouldn't define as"},{"speaker":"Robby Peralta","startTime":375.75,"endTime":376.02,"body":"incident"},{"speaker":"Morten Weea","startTime":376.019,"endTime":378.809,"body":"response. No, it"},{"speaker":"Morten Weea","startTime":376.019,"endTime":378.809,"body":"shouldn't really, you know,"},{"speaker":"Morten Weea","startTime":378.809,"endTime":382.649,"body":"trigger the full blown incident"},{"speaker":"Morten Weea","startTime":378.809,"endTime":382.649,"body":"response where where, you know,"},{"speaker":"Morten Weea","startTime":382.709,"endTime":387.179,"body":"you have this incident manager,"},{"speaker":"Morten Weea","startTime":382.709,"endTime":387.179,"body":"Adler, information manager,"},{"speaker":"Morten Weea","startTime":387.239,"endTime":391.979,"body":"analyst, communications team,"},{"speaker":"Morten Weea","startTime":387.239,"endTime":391.979,"body":"No, you shouldn't have all these"},{"speaker":"Morten Weea","startTime":391.979,"endTime":394.799,"body":"things in place, when you're hit"},{"speaker":"Morten Weea","startTime":391.979,"endTime":394.799,"body":"by ransomware. Because"},{"speaker":"Morten Weea","startTime":395.309,"endTime":399.629,"body":"ransomware, you just shouldn't"},{"speaker":"Morten Weea","startTime":395.309,"endTime":399.629,"body":"shouldn't pay, you should just"},{"speaker":"Morten Weea","startTime":399.989,"endTime":402.659,"body":"restore from backup. And if you"},{"speaker":"Morten Weea","startTime":399.989,"endTime":402.659,"body":"don't have backup, then you have"},{"speaker":"Morten Weea","startTime":402.659,"endTime":407.339,"body":"a huge problem. You know, so"},{"speaker":"Morten Weea","startTime":402.659,"endTime":407.339,"body":"when, when you first hit with"},{"speaker":"Morten Weea","startTime":407.999,"endTime":411.959,"body":"ransomware, then it's not much"},{"speaker":"Morten Weea","startTime":407.999,"endTime":411.959,"body":"we can do. It's not like we're"},{"speaker":"Morten Weea","startTime":411.959,"endTime":416.129,"body":"going to break the encryption."},{"speaker":"Morten Weea","startTime":411.959,"endTime":416.129,"body":"It's not like we're going to fix"},{"speaker":"Morten Weea","startTime":416.159,"endTime":420.359,"body":"something that's going to be"},{"speaker":"Morten Weea","startTime":416.159,"endTime":420.359,"body":"very costly. And it's a lot"},{"speaker":"Morten Weea","startTime":420.359,"endTime":423.209,"body":"cheaper just to have, you know,"},{"speaker":"Morten Weea","startTime":420.359,"endTime":423.209,"body":"good backup, good working"},{"speaker":"Morten Weea","startTime":423.209,"endTime":423.719,"body":"backup."},{"speaker":"Robby Peralta","startTime":423.959,"endTime":425.669,"body":"So somebody calls"},{"speaker":"Robby Peralta","startTime":423.959,"endTime":425.669,"body":"us right now and says, Hey, we"},{"speaker":"Robby Peralta","startTime":425.669,"endTime":427.559,"body":"got hit by ransomware. We don't"},{"speaker":"Robby Peralta","startTime":425.669,"endTime":427.559,"body":"have backup, what do we say?"},{"speaker":"Robby Peralta","startTime":428.279,"endTime":428.849,"body":"Tough luck."},{"speaker":"Morten Weea","startTime":429.329,"endTime":432.449,"body":"Really? Yeah, more"},{"speaker":"Morten Weea","startTime":429.329,"endTime":432.449,"body":"or less, because nothing we"},{"speaker":"Morten Weea","startTime":432.449,"endTime":436.829,"body":"really can do. You should just"},{"speaker":"Morten Weea","startTime":432.449,"endTime":436.829,"body":"get the ransomware out and plug"},{"speaker":"Morten Weea","startTime":436.829,"endTime":439.289,"body":"the hole. start all over again."},{"speaker":"Robby Peralta","startTime":439.379,"endTime":441.689,"body":"If I can ask you"},{"speaker":"Robby Peralta","startTime":439.379,"endTime":441.689,"body":"then what do we you know, what"},{"speaker":"Robby Peralta","startTime":441.689,"endTime":445.259,"body":"are people calling us about? You"},{"speaker":"Robby Peralta","startTime":441.689,"endTime":445.259,"body":"guys are so secretive in wires,"},{"speaker":"Robby Peralta","startTime":445.259,"endTime":446.849,"body":"you never tell me anything? Tell"},{"speaker":"Robby Peralta","startTime":445.259,"endTime":446.849,"body":"me good thing?"},{"speaker":"Morten Weea","startTime":447.029,"endTime":450.719,"body":"Well, our clients"},{"speaker":"Morten Weea","startTime":447.029,"endTime":450.719,"body":"are calling us about mostly"},{"speaker":"Morten Weea","startTime":450.779,"endTime":455.369,"body":"anything that they don't have"},{"speaker":"Morten Weea","startTime":450.779,"endTime":455.369,"body":"the competency of, or skills, or"},{"speaker":"Morten Weea","startTime":455.429,"endTime":459.689,"body":"no resources to fix themselves."},{"speaker":"Morten Weea","startTime":455.429,"endTime":459.689,"body":"Or they they have some"},{"speaker":"Morten Weea","startTime":459.689,"endTime":463.859,"body":"resources, sometimes some"},{"speaker":"Morten Weea","startTime":459.689,"endTime":463.859,"body":"skills, and they want to fix a"},{"speaker":"Morten Weea","startTime":463.859,"endTime":468.419,"body":"big part of it does come do you"},{"speaker":"Morten Weea","startTime":463.859,"endTime":468.419,"body":"know, a system in incident"},{"speaker":"Morten Weea","startTime":468.419,"endTime":471.359,"body":"response? Some helping hands?"},{"speaker":"Morten Weea","startTime":468.419,"endTime":471.359,"body":"Yeah, helping hands on depending"},{"speaker":"Morten Weea","startTime":471.359,"endTime":476.429,"body":"on our availability, and, you"},{"speaker":"Morten Weea","startTime":471.359,"endTime":476.429,"body":"know, the seriousness. And then"},{"speaker":"Morten Weea","startTime":476.459,"endTime":479.459,"body":"of course, we could come help"},{"speaker":"Morten Weea","startTime":476.459,"endTime":479.459,"body":"them. Because this is what we"},{"speaker":"Morten Weea","startTime":479.459,"endTime":484.079,"body":"do. We're professional incident"},{"speaker":"Morten Weea","startTime":479.459,"endTime":484.079,"body":"responders. So we fix these kind"},{"speaker":"Morten Weea","startTime":484.079,"endTime":489.389,"body":"of things. But But mostly when"},{"speaker":"Morten Weea","startTime":484.079,"endTime":489.389,"body":"when, you know, the Power"},{"speaker":"Morten Weea","startTime":489.389,"endTime":495.149,"body":"Rangers or whatever, yeah, we're"},{"speaker":"Morten Weea","startTime":489.389,"endTime":495.149,"body":"going to call ourselves really"},{"speaker":"Morten Weea","startTime":495.149,"endTime":498.599,"body":"need to work is when we are"},{"speaker":"Morten Weea","startTime":495.149,"endTime":498.599,"body":"dealing with the advanced"},{"speaker":"Morten Weea","startTime":498.629,"endTime":503.999,"body":"persistent threats like nation"},{"speaker":"Morten Weea","startTime":498.629,"endTime":503.999,"body":"states or very advanced crime"},{"speaker":"Morten Weea","startTime":503.999,"endTime":504.869,"body":"syndicates. So"},{"speaker":"Robby Peralta","startTime":504.93,"endTime":506.34,"body":"and is that"},{"speaker":"Robby Peralta","startTime":504.93,"endTime":506.34,"body":"because you don't want to kick"},{"speaker":"Robby Peralta","startTime":506.34,"endTime":509.82,"body":"them out, basically knew they"},{"speaker":"Robby Peralta","startTime":506.34,"endTime":509.82,"body":"want, you know, are they?"},{"speaker":"Morten Weea","startTime":510.81,"endTime":513.96,"body":"Well, eventually,"},{"speaker":"Morten Weea","startTime":510.81,"endTime":513.96,"body":"the goal is to kick them out."},{"speaker":"Morten Weea","startTime":514.05,"endTime":518.4,"body":"But it's not necessarily that we"},{"speaker":"Morten Weea","startTime":514.05,"endTime":518.4,"body":"are able to kick them out, or"},{"speaker":"Morten Weea","startTime":518.4,"endTime":521.85,"body":"that we should kick them out"},{"speaker":"Morten Weea","startTime":518.4,"endTime":521.85,"body":"just immediately, because we"},{"speaker":"Morten Weea","startTime":521.85,"endTime":525.81,"body":"don't know who we're dealing"},{"speaker":"Morten Weea","startTime":521.85,"endTime":525.81,"body":"with. We don't know what they"},{"speaker":"Morten Weea","startTime":525.81,"endTime":530.34,"body":"want to get out to our clients"},{"speaker":"Morten Weea","startTime":525.81,"endTime":530.34,"body":"say say if we, we have found"},{"speaker":"Morten Weea","startTime":530.34,"endTime":533.52,"body":"them in one segment of the"},{"speaker":"Morten Weea","startTime":530.34,"endTime":533.52,"body":"network, doing some kind of"},{"speaker":"Morten Weea","startTime":533.52,"endTime":538.08,"body":"recon or whatever, and then we"},{"speaker":"Morten Weea","startTime":533.52,"endTime":538.08,"body":"just indicate that we know that"},{"speaker":"Morten Weea","startTime":538.08,"endTime":541.68,"body":"they're there, but we haven't"},{"speaker":"Morten Weea","startTime":538.08,"endTime":541.68,"body":"necessarily seen them in this"},{"speaker":"Morten Weea","startTime":541.68,"endTime":545.52,"body":"part of the network, then they"},{"speaker":"Morten Weea","startTime":541.68,"endTime":545.52,"body":"could just go under the radar"},{"speaker":"Morten Weea","startTime":545.58,"endTime":550.35,"body":"hide, and just let that part be"},{"speaker":"Morten Weea","startTime":545.58,"endTime":550.35,"body":"kicked out. And then they could"},{"speaker":"Morten Weea","startTime":551.1,"endTime":554.88,"body":"keep on operating in the part of"},{"speaker":"Morten Weea","startTime":551.1,"endTime":554.88,"body":"network where we haven't"},{"speaker":"Morten Weea","startTime":554.97,"endTime":555.75,"body":"identified them yet."},{"speaker":"Robby Peralta","startTime":555.9,"endTime":558.21,"body":"What sort of"},{"speaker":"Robby Peralta","startTime":555.9,"endTime":558.21,"body":"actions would we do that would"},{"speaker":"Robby Peralta","startTime":558.21,"endTime":559.89,"body":"let them know were there? First"},{"speaker":"Robby Peralta","startTime":558.21,"endTime":559.89,"body":"of"},{"speaker":"Morten Weea","startTime":559.89,"endTime":563.61,"body":"all, we could, you"},{"speaker":"Morten Weea","startTime":559.89,"endTime":563.61,"body":"know, start plugging the holes"},{"speaker":"Morten Weea","startTime":563.61,"endTime":568.65,"body":"that they are exploiting? Yeah,"},{"speaker":"Morten Weea","startTime":563.61,"endTime":568.65,"body":"you know, out of the blue, just"},{"speaker":"Morten Weea","startTime":568.65,"endTime":573.12,"body":"shutting down there, what we"},{"speaker":"Morten Weea","startTime":568.65,"endTime":573.12,"body":"have observed the way in so we"},{"speaker":"Morten Weea","startTime":573.12,"endTime":576.48,"body":"could also do like, stupid"},{"speaker":"Morten Weea","startTime":573.12,"endTime":576.48,"body":"things like patching the"},{"speaker":"Morten Weea","startTime":576.48,"endTime":581.28,"body":"vulnerability in front of them"},{"speaker":"Morten Weea","startTime":576.48,"endTime":581.28,"body":"or, you know, start cleaning up"},{"speaker":"Morten Weea","startTime":581.37,"endTime":586.38,"body":"after them, you know, leave"},{"speaker":"Morten Weea","startTime":581.37,"endTime":586.38,"body":"traces because it's not like"},{"speaker":"Morten Weea","startTime":586.38,"endTime":589.5,"body":"you've seen the movies where"},{"speaker":"Morten Weea","startTime":586.38,"endTime":589.5,"body":"they sit in a basement in the in"},{"speaker":"Morten Weea","startTime":589.5,"endTime":593.28,"body":"the hooded sweater without"},{"speaker":"Morten Weea","startTime":589.5,"endTime":593.28,"body":"lights on, by being like very"},{"speaker":"Morten Weea","startTime":593.28,"endTime":597.03,"body":"fast on the network, or the"},{"speaker":"Morten Weea","startTime":593.28,"endTime":597.03,"body":"keyboard, you know, just"},{"speaker":"Morten Weea","startTime":597.03,"endTime":602.07,"body":"exploiting in shouting, I'm in"},{"speaker":"Morten Weea","startTime":597.03,"endTime":602.07,"body":"No password breach felt that."},{"speaker":"Morten Weea","startTime":602.61,"endTime":607.23,"body":"Yeah, I mean, and that's not"},{"speaker":"Morten Weea","startTime":602.61,"endTime":607.23,"body":"exactly how, how it works."},{"speaker":"Morten Weea","startTime":607.26,"endTime":611.76,"body":"Because these are regular human"},{"speaker":"Morten Weea","startTime":607.26,"endTime":611.76,"body":"beings, they are at work, they"},{"speaker":"Morten Weea","startTime":611.76,"endTime":616.47,"body":"work nine to five, and they have"},{"speaker":"Morten Weea","startTime":611.76,"endTime":616.47,"body":"holidays off, you know, we see"},{"speaker":"Morten Weea","startTime":617.7,"endTime":622.29,"body":"on Chinese New Year or whatever."},{"speaker":"Morten Weea","startTime":617.7,"endTime":622.29,"body":"And then we see the activities"},{"speaker":"Morten Weea","startTime":622.53,"endTime":628.11,"body":"on the decline. And then they"},{"speaker":"Morten Weea","startTime":622.53,"endTime":628.11,"body":"come back, rejuvenated and help"},{"speaker":"Morten Weea","startTime":628.11,"endTime":629.73,"body":"them feeling well,"},{"speaker":"Robby Peralta","startTime":629.91,"endTime":631.11,"body":"like the second"},{"speaker":"Robby Peralta","startTime":629.91,"endTime":631.11,"body":"of January."},{"speaker":"Morten Weea","startTime":631.8,"endTime":635.19,"body":"Yeah. But you know,"},{"speaker":"Morten Weea","startTime":631.8,"endTime":635.19,"body":"they have this moving holiday."},{"speaker":"Morten Weea","startTime":635.19,"endTime":638.07,"body":"So it could be like in the"},{"speaker":"Morten Weea","startTime":635.19,"endTime":638.07,"body":"middle of March. Yeah. And then"},{"speaker":"Morten Weea","startTime":638.07,"endTime":641.88,"body":"we just see less activity. And"},{"speaker":"Morten Weea","startTime":638.07,"endTime":641.88,"body":"the same with some, some crime"},{"speaker":"Morten Weea","startTime":641.88,"endTime":644.7,"body":"syndicates, they have this"},{"speaker":"Morten Weea","startTime":641.88,"endTime":644.7,"body":"summer off coding, where they"},{"speaker":"Morten Weea","startTime":644.7,"endTime":647.64,"body":"just take everything offline, go"},{"speaker":"Morten Weea","startTime":644.7,"endTime":647.64,"body":"to the beach. Yeah, no, not"},{"speaker":"Morten Weea","startTime":647.64,"endTime":651.63,"body":"necessarily. They they fix the"},{"speaker":"Morten Weea","startTime":647.64,"endTime":651.63,"body":"program. They patch it, they"},{"speaker":"Morten Weea","startTime":651.63,"endTime":654.84,"body":"make it better, they improve it,"},{"speaker":"Morten Weea","startTime":651.63,"endTime":654.84,"body":"and then they deployed when"},{"speaker":"Morten Weea","startTime":654.84,"endTime":658.59,"body":"they're done. So it's not like"},{"speaker":"Morten Weea","startTime":654.84,"endTime":658.59,"body":"they're having a vacation"},{"speaker":"Morten Weea","startTime":658.59,"endTime":661.44,"body":"necessarily, but they they're"},{"speaker":"Morten Weea","startTime":658.59,"endTime":661.44,"body":"organized, and they're doing"},{"speaker":"Morten Weea","startTime":661.44,"endTime":663.69,"body":"things in, you know, during the"},{"speaker":"Morten Weea","startTime":661.44,"endTime":663.69,"body":"summertime,"},{"speaker":"Robby Peralta","startTime":663.69,"endTime":665.31,"body":"it's because they"},{"speaker":"Robby Peralta","startTime":663.69,"endTime":665.31,"body":"know that we're not at work, and"},{"speaker":"Robby Peralta","startTime":665.34,"endTime":667.17,"body":"they have less opportunities"},{"speaker":"Robby Peralta","startTime":665.34,"endTime":667.17,"body":"window"},{"speaker":"Morten Weea","startTime":667.26,"endTime":668.67,"body":"or window"},{"speaker":"Morten Weea","startTime":667.26,"endTime":668.67,"body":"opportunities. I won't"},{"speaker":"Morten Weea","startTime":668.67,"endTime":673.89,"body":"necessarily speculate in why."},{"speaker":"Morten Weea","startTime":668.67,"endTime":673.89,"body":"But we see there are some clear"},{"speaker":"Morten Weea","startTime":673.89,"endTime":679.59,"body":"patterns of when the advanced"},{"speaker":"Morten Weea","startTime":673.89,"endTime":679.59,"body":"actors are, you know, not at"},{"speaker":"Morten Weea","startTime":679.59,"endTime":684.03,"body":"work. And we see that they have"},{"speaker":"Morten Weea","startTime":679.59,"endTime":684.03,"body":"they're sleeping, they're not"},{"speaker":"Morten Weea","startTime":684.03,"endTime":687.84,"body":"24. Seven, necessarily. They"},{"speaker":"Morten Weea","startTime":684.03,"endTime":687.84,"body":"have different teams, you know,"},{"speaker":"Morten Weea","startTime":687.84,"endTime":693.51,"body":"they they have designated tasks"},{"speaker":"Morten Weea","startTime":687.84,"endTime":693.51,"body":"have to do. So when this breach"},{"speaker":"Morten Weea","startTime":693.51,"endTime":696.75,"body":"team has come in, and they're"},{"speaker":"Morten Weea","startTime":693.51,"endTime":696.75,"body":"leaving all the information to"},{"speaker":"Morten Weea","startTime":696.75,"endTime":700.29,"body":"the the other team that's going"},{"speaker":"Morten Weea","startTime":696.75,"endTime":700.29,"body":"through, you know, exploit"},{"speaker":"Morten Weea","startTime":700.44,"endTime":701.07,"body":"whatever, they"},{"speaker":"Robby Peralta","startTime":701.1,"endTime":702.27,"body":"keep it going."},{"speaker":"Robby Peralta","startTime":701.1,"endTime":702.27,"body":"Yeah,"},{"speaker":"Morten Weea","startTime":702.359,"endTime":703.019,"body":"yeah. Hmm."},{"speaker":"Robby Peralta","startTime":703.05,"endTime":705.51,"body":"Speaking of"},{"speaker":"Robby Peralta","startTime":703.05,"endTime":705.51,"body":"phases, yes. What what are the"},{"speaker":"Robby Peralta","startTime":705.51,"endTime":708.15,"body":"phases of incident response?"},{"speaker":"Robby Peralta","startTime":705.51,"endTime":708.15,"body":"Like, how does it start? besides"},{"speaker":"Robby Peralta","startTime":708.15,"endTime":709.35,"body":"us getting a phone call?"},{"speaker":"Morten Weea","startTime":709.559,"endTime":713.099,"body":"Well, it starts"},{"speaker":"Morten Weea","startTime":709.559,"endTime":713.099,"body":"before this. Okay. Yeah. Because"},{"speaker":"Morten Weea","startTime":713.099,"endTime":716.309,"body":"it starts with a planning and"},{"speaker":"Morten Weea","startTime":713.099,"endTime":716.309,"body":"preparation. Yeah. That's the"},{"speaker":"Morten Weea","startTime":716.309,"endTime":719.159,"body":"governance risk compliance part"},{"speaker":"Morten Weea","startTime":716.309,"endTime":719.159,"body":"of it, where you have to"},{"speaker":"Morten Weea","startTime":719.159,"endTime":724.829,"body":"prepare, you have to, you know,"},{"speaker":"Morten Weea","startTime":719.159,"endTime":724.829,"body":"make some what ifs? flowcharts,"},{"speaker":"Morten Weea","startTime":724.829,"endTime":729.029,"body":"what to do when this happens,"},{"speaker":"Morten Weea","startTime":724.829,"endTime":729.029,"body":"who to escalate to? What's the"},{"speaker":"Morten Weea","startTime":729.029,"endTime":732.779,"body":"escalating trigger point? Who"},{"speaker":"Morten Weea","startTime":729.029,"endTime":732.779,"body":"has the mandate to do something"},{"speaker":"Morten Weea","startTime":732.839,"endTime":733.889,"body":"about this?"},{"speaker":"Robby Peralta","startTime":734.219,"endTime":735.359,"body":"And what"},{"speaker":"Robby Peralta","startTime":734.219,"endTime":735.359,"body":"percentage of organizations"},{"speaker":"Robby Peralta","startTime":735.359,"endTime":736.799,"body":"actually have that in place?"},{"speaker":"Robby Peralta","startTime":735.359,"endTime":736.799,"body":"Because I've been hearing this"},{"speaker":"Robby Peralta","startTime":736.799,"endTime":740.249,"body":"for forever, that apparently,"},{"speaker":"Robby Peralta","startTime":736.799,"endTime":740.249,"body":"it's chilla"},{"speaker":"Morten Weea","startTime":740.939,"endTime":746.969,"body":"mentioned in their"},{"speaker":"Morten Weea","startTime":740.939,"endTime":746.969,"body":"minds, everyone. But when, when"},{"speaker":"Morten Weea","startTime":746.969,"endTime":750.089,"body":"things get serious, that's when"},{"speaker":"Morten Weea","startTime":746.969,"endTime":750.089,"body":"they see that whatever they have"},{"speaker":"Morten Weea","startTime":750.089,"endTime":754.499,"body":"in place is not sufficient, or"},{"speaker":"Morten Weea","startTime":750.089,"endTime":754.499,"body":"it produces bottlenecks or,"},{"speaker":"Robby Peralta","startTime":754.71,"endTime":756.0,"body":"or whatever."},{"speaker":"Robby Peralta","startTime":754.71,"endTime":756.0,"body":"That's the point of like,"},{"speaker":"Robby Peralta","startTime":756.0,"endTime":757.29,"body":"tabletop exercises, right?"},{"speaker":"Morten Weea","startTime":757.32,"endTime":761.55,"body":"Yes, that's great."},{"speaker":"Morten Weea","startTime":757.32,"endTime":761.55,"body":"And other exercises as well."},{"speaker":"Morten Weea","startTime":761.55,"endTime":766.8,"body":"Because then you see, it's, it's"},{"speaker":"Morten Weea","startTime":761.55,"endTime":766.8,"body":"a lot better to figure out where"},{"speaker":"Morten Weea","startTime":766.8,"endTime":772.11,"body":"things go wrong. When you have"},{"speaker":"Morten Weea","startTime":766.8,"endTime":772.11,"body":"this safe environment, where I'm"},{"speaker":"Morten Weea","startTime":772.11,"endTime":775.68,"body":"the bad guy, and not the actual"},{"speaker":"Morten Weea","startTime":772.11,"endTime":775.68,"body":"bad guys, the bad guy, because"},{"speaker":"Morten Weea","startTime":775.74,"endTime":780.69,"body":"I'm not going to leak your data"},{"speaker":"Morten Weea","startTime":775.74,"endTime":780.69,"body":"punish you. Yeah. Planning."},{"speaker":"Morten Weea","startTime":780.69,"endTime":783.69,"body":"Yeah, yeah. And then the next"},{"speaker":"Morten Weea","startTime":780.69,"endTime":783.69,"body":"one is testing and reporting."},{"speaker":"Morten Weea","startTime":784.44,"endTime":787.44,"body":"It's important to have"},{"speaker":"Morten Weea","startTime":784.44,"endTime":787.44,"body":"visibility in your network, if"},{"speaker":"Morten Weea","startTime":787.44,"endTime":791.19,"body":"you have, you know, if you have"},{"speaker":"Morten Weea","startTime":787.44,"endTime":791.19,"body":"a lock on your door, but you"},{"speaker":"Morten Weea","startTime":791.19,"endTime":794.49,"body":"don't know, you can see what's"},{"speaker":"Morten Weea","startTime":791.19,"endTime":794.49,"body":"happening inside the house, or"},{"speaker":"Morten Weea","startTime":794.55,"endTime":797.64,"body":"you can see when the door has"},{"speaker":"Morten Weea","startTime":794.55,"endTime":797.64,"body":"been opened, who opened the"},{"speaker":"Morten Weea","startTime":797.64,"endTime":801.51,"body":"door, whatever, all you know,"},{"speaker":"Morten Weea","startTime":797.64,"endTime":801.51,"body":"when if you leave the house and"},{"speaker":"Morten Weea","startTime":801.51,"endTime":805.26,"body":"come back, is the status when"},{"speaker":"Morten Weea","startTime":801.51,"endTime":805.26,"body":"you left, understand this when"},{"speaker":"Morten Weea","startTime":805.26,"endTime":809.7,"body":"you come. And then if things are"},{"speaker":"Morten Weea","startTime":805.26,"endTime":809.7,"body":"as they were when you left, and"},{"speaker":"Morten Weea","startTime":809.7,"endTime":813.39,"body":"you just assume that no one was"},{"speaker":"Morten Weea","startTime":809.7,"endTime":813.39,"body":"there. But you will know, for"},{"speaker":"Morten Weea","startTime":813.39,"endTime":816.51,"body":"something is missing. And they"},{"speaker":"Morten Weea","startTime":813.39,"endTime":816.51,"body":"know that someone has been"},{"speaker":"Morten Weea","startTime":816.51,"endTime":819.6,"body":"there, but you don't know who"},{"speaker":"Morten Weea","startTime":816.51,"endTime":819.6,"body":"you don't know, when you don't"},{"speaker":"Morten Weea","startTime":819.6,"endTime":822.87,"body":"know what else they did. You"},{"speaker":"Morten Weea","startTime":819.6,"endTime":822.87,"body":"know, so detection and reporting"},{"speaker":"Morten Weea","startTime":822.87,"endTime":829.14,"body":"is important to have visibility."},{"speaker":"Morten Weea","startTime":822.87,"endTime":829.14,"body":"So the next phase in incident"},{"speaker":"Morten Weea","startTime":829.14,"endTime":832.23,"body":"response is assessment and"},{"speaker":"Morten Weea","startTime":829.14,"endTime":832.23,"body":"decision, which is the face"},{"speaker":"Morten Weea","startTime":832.23,"endTime":835.65,"body":"where you have to assess what,"},{"speaker":"Morten Weea","startTime":832.23,"endTime":835.65,"body":"what has happened, you know, the"},{"speaker":"Morten Weea","startTime":835.65,"endTime":839.37,"body":"doors are maybe opened in my"},{"speaker":"Morten Weea","startTime":835.65,"endTime":839.37,"body":"house, I got an alert, not"},{"speaker":"Morten Weea","startTime":839.37,"endTime":842.88,"body":"nothing's missing, I'm assessing"},{"speaker":"Morten Weea","startTime":839.37,"endTime":842.88,"body":"the situation, is something"},{"speaker":"Morten Weea","startTime":842.88,"endTime":846.57,"body":"gone, there's something broken,"},{"speaker":"Morten Weea","startTime":842.88,"endTime":846.57,"body":"what has happened, if I assess"},{"speaker":"Morten Weea","startTime":846.57,"endTime":850.5,"body":"it to be not that serious, then"},{"speaker":"Morten Weea","startTime":846.57,"endTime":850.5,"body":"I wouldn't necessarily call the"},{"speaker":"Morten Weea","startTime":850.5,"endTime":855.21,"body":"police to come to my house,"},{"speaker":"Morten Weea","startTime":850.5,"endTime":855.21,"body":"they'll file it, you know, for"},{"speaker":"Morten Weea","startTime":855.48,"endTime":858.81,"body":"some that it's some insurance"},{"speaker":"Morten Weea","startTime":855.48,"endTime":858.81,"body":"claim, yeah, something legal"},{"speaker":"Morten Weea","startTime":858.81,"endTime":863.67,"body":"happen. So, so I need to file it"},{"speaker":"Morten Weea","startTime":858.81,"endTime":863.67,"body":"somewhere. And then the"},{"speaker":"Morten Weea","startTime":863.67,"endTime":868.14,"body":"response, and their response"},{"speaker":"Morten Weea","startTime":863.67,"endTime":868.14,"body":"should be proportional to do my"},{"speaker":"Morten Weea","startTime":868.14,"endTime":872.37,"body":"assessment. So say if I figured"},{"speaker":"Morten Weea","startTime":868.14,"endTime":872.37,"body":"out that someone came into my"},{"speaker":"Morten Weea","startTime":872.37,"endTime":875.52,"body":"house to call my jewelry to call"},{"speaker":"Morten Weea","startTime":872.37,"endTime":875.52,"body":"my computers to call my money,"},{"speaker":"Morten Weea","startTime":876.0,"endTime":880.14,"body":"and I would need the police to"},{"speaker":"Morten Weea","startTime":876.0,"endTime":880.14,"body":"come and investigate. Maybe they"},{"speaker":"Morten Weea","startTime":880.14,"endTime":884.16,"body":"broke something as well. And now"},{"speaker":"Morten Weea","startTime":880.14,"endTime":884.16,"body":"we have this huge case. So we"},{"speaker":"Morten Weea","startTime":884.16,"endTime":888.63,"body":"should figure out who was it and"},{"speaker":"Morten Weea","startTime":884.16,"endTime":888.63,"body":"how can we you know, return to"},{"speaker":"Morten Weea","startTime":889.35,"endTime":894.57,"body":"normalization. So the last face"},{"speaker":"Morten Weea","startTime":889.35,"endTime":894.57,"body":"after the response is the"},{"speaker":"Morten Weea","startTime":894.57,"endTime":899.04,"body":"lessons learned and lessons"},{"speaker":"Morten Weea","startTime":894.57,"endTime":899.04,"body":"learn. means what did I do wrong"},{"speaker":"Morten Weea","startTime":899.49,"endTime":902.46,"body":"to invite them These people in"},{"speaker":"Morten Weea","startTime":899.49,"endTime":902.46,"body":"what could I have done"},{"speaker":"Morten Weea","startTime":902.58,"endTime":906.33,"body":"differently? How could I, you"},{"speaker":"Morten Weea","startTime":902.58,"endTime":906.33,"body":"know, prevent this from"},{"speaker":"Morten Weea","startTime":906.33,"endTime":908.97,"body":"happening again. And if it"},{"speaker":"Morten Weea","startTime":906.33,"endTime":908.97,"body":"happens, again, someone reaches"},{"speaker":"Morten Weea","startTime":908.97,"endTime":913.26,"body":"the door, maybe I could hide the"},{"speaker":"Morten Weea","startTime":908.97,"endTime":913.26,"body":"computer, lock the jewelry"},{"speaker":"Morten Weea","startTime":913.26,"endTime":917.28,"body":"somewhere else, you know, make"},{"speaker":"Morten Weea","startTime":913.26,"endTime":917.28,"body":"sure they don't get it, so they"},{"speaker":"Morten Weea","startTime":917.28,"endTime":921.03,"body":"can steal it from the"},{"speaker":"Morten Weea","startTime":917.28,"endTime":921.03,"body":"consequences of the breach will"},{"speaker":"Morten Weea","startTime":921.03,"endTime":927.51,"body":"be no less severe. So those are"},{"speaker":"Morten Weea","startTime":921.03,"endTime":927.51,"body":"the five phases of incident"},{"speaker":"Morten Weea","startTime":927.51,"endTime":931.2,"body":"response, as I identified"},{"speaker":"Morten Weea","startTime":927.51,"endTime":931.2,"body":"previously, the planning and"},{"speaker":"Morten Weea","startTime":931.2,"endTime":933.27,"body":"preparation is for the"},{"speaker":"Morten Weea","startTime":931.2,"endTime":933.27,"body":"governance risk compliance"},{"speaker":"Morten Weea","startTime":933.27,"endTime":937.5,"body":"department. Detection and"},{"speaker":"Morten Weea","startTime":933.27,"endTime":937.5,"body":"reporting is for the sock. And"},{"speaker":"Morten Weea","startTime":937.5,"endTime":942.09,"body":"also the assessment and decision"},{"speaker":"Morten Weea","startTime":937.5,"endTime":942.09,"body":"is also sock material. And then"},{"speaker":"Morten Weea","startTime":942.09,"endTime":946.44,"body":"the Incident Response Team or"},{"speaker":"Morten Weea","startTime":942.09,"endTime":946.44,"body":"dirty comes in in response,"},{"speaker":"Morten Weea","startTime":946.83,"endTime":950.19,"body":"handling it, and then they"},{"speaker":"Morten Weea","startTime":946.83,"endTime":950.19,"body":"deliver lessons learned, which,"},{"speaker":"Morten Weea","startTime":950.19,"endTime":955.11,"body":"you know, kindness, back to"},{"speaker":"Morten Weea","startTime":950.19,"endTime":955.11,"body":"governance, risk compliance. And"},{"speaker":"Morten Weea","startTime":955.2,"endTime":959.4,"body":"on the side of all this, we have"},{"speaker":"Morten Weea","startTime":955.2,"endTime":959.4,"body":"the technical, the technical"},{"speaker":"Morten Weea","startTime":959.4,"endTime":962.94,"body":"solution where you, you know, we"},{"speaker":"Morten Weea","startTime":959.4,"endTime":962.94,"body":"do penetration testing of"},{"speaker":"Morten Weea","startTime":962.94,"endTime":967.35,"body":"yourself to identify where it"},{"speaker":"Morten Weea","startTime":962.94,"endTime":967.35,"body":"could be some possible vectors"},{"speaker":"Morten Weea","startTime":967.35,"endTime":972.42,"body":"to attack you, etc. You have"},{"speaker":"Morten Weea","startTime":967.35,"endTime":972.42,"body":"operations to, you know, install"},{"speaker":"Morten Weea","startTime":972.48,"endTime":976.56,"body":"appliances, fix things, you"},{"speaker":"Morten Weea","startTime":972.48,"endTime":976.56,"body":"know, be prepared for when the"},{"speaker":"Morten Weea","startTime":976.56,"endTime":982.56,"body":"shit hits the fan. Hmm. So what"},{"speaker":"Morten Weea","startTime":976.56,"endTime":982.56,"body":"happens when the shit hits the"},{"speaker":"Morten Weea","startTime":982.56,"endTime":983.34,"body":"fan? Hmm."},{"speaker":"Robby Peralta","startTime":984.48,"endTime":986.04,"body":"Now, what does"},{"speaker":"Robby Peralta","startTime":984.48,"endTime":986.04,"body":"happen? When should its event?"},{"speaker":"Morten Weea","startTime":986.07,"endTime":988.86,"body":"Yeah, people call"},{"speaker":"Morten Weea","startTime":986.07,"endTime":988.86,"body":"us and then, you know, I would"},{"speaker":"Morten Weea","startTime":988.86,"endTime":992.97,"body":"like to say we push a big red"},{"speaker":"Morten Weea","startTime":988.86,"endTime":992.97,"body":"button and it starts blinking."},{"speaker":"Morten Weea","startTime":992.97,"endTime":997.29,"body":"And, you know, we have these"},{"speaker":"Morten Weea","startTime":992.97,"endTime":997.29,"body":"tubes to jump into and just on"},{"speaker":"Morten Weea","startTime":997.29,"endTime":1001.79,"body":"the way down to our Batmobile we"},{"speaker":"Morten Weea","startTime":997.29,"endTime":1001.79,"body":"get suited for for the incident."},{"speaker":"Morten Weea","startTime":1002.39,"endTime":1006.71,"body":"But that's not how it happens."},{"speaker":"Morten Weea","startTime":1002.39,"endTime":1006.71,"body":"Unfortunately, we have to do"},{"speaker":"Morten Weea","startTime":1006.92,"endTime":1010.58,"body":"some kind of boring tasks before"},{"speaker":"Morten Weea","startTime":1006.92,"endTime":1010.58,"body":"we can start, you know, the"},{"speaker":"Morten Weea","startTime":1010.61,"endTime":1014.12,"body":"mercantile part of it."},{"speaker":"Morten Weea","startTime":1010.61,"endTime":1014.12,"body":"Commercial stuff. Yes. Do we"},{"speaker":"Morten Weea","startTime":1014.12,"endTime":1017.06,"body":"have an agreement with the"},{"speaker":"Morten Weea","startTime":1014.12,"endTime":1017.06,"body":"customer? Do we have resources"},{"speaker":"Morten Weea","startTime":1017.06,"endTime":1022.28,"body":"to fix this? Yeah, you know,"},{"speaker":"Morten Weea","startTime":1017.06,"endTime":1022.28,"body":"should we do this 24? Seven? Is"},{"speaker":"Morten Weea","startTime":1022.28,"endTime":1026.75,"body":"Christmas coming up? Do we need"},{"speaker":"Morten Weea","startTime":1022.28,"endTime":1026.75,"body":"to force people to be available"},{"speaker":"Morten Weea","startTime":1026.75,"endTime":1032.45,"body":"for us to handle the incident?"},{"speaker":"Morten Weea","startTime":1026.75,"endTime":1032.45,"body":"You know, these are people. So"},{"speaker":"Morten Weea","startTime":1032.45,"endTime":1036.56,"body":"they have to, they have people"},{"speaker":"Morten Weea","startTime":1032.45,"endTime":1036.56,"body":"considerations, and we have to"},{"speaker":"Morten Weea","startTime":1036.56,"endTime":1040.25,"body":"make them as well. And if we"},{"speaker":"Morten Weea","startTime":1036.56,"endTime":1040.25,"body":"don't have the resources, then"},{"speaker":"Morten Weea","startTime":1040.25,"endTime":1044.84,"body":"we couldn't, we can't really"},{"speaker":"Morten Weea","startTime":1040.25,"endTime":1044.84,"body":"help. The ones calling. It could"},{"speaker":"Morten Weea","startTime":1044.84,"endTime":1048.2,"body":"be that we have already deployed"},{"speaker":"Morten Weea","startTime":1044.84,"endTime":1048.2,"body":"all our resources on other"},{"speaker":"Morten Weea","startTime":1048.2,"endTime":1052.79,"body":"assignments, or we just don't"},{"speaker":"Morten Weea","startTime":1048.2,"endTime":1052.79,"body":"have, what resources they need."},{"speaker":"Morten Weea","startTime":1053.3,"endTime":1058.55,"body":"Because if they have this very"},{"speaker":"Morten Weea","startTime":1053.3,"endTime":1058.55,"body":"specialized problem going on, we"},{"speaker":"Morten Weea","startTime":1058.55,"endTime":1061.55,"body":"wouldn't necessarily need to"},{"speaker":"Morten Weea","startTime":1058.55,"endTime":1061.55,"body":"have the specialized expertise."},{"speaker":"Morten Weea","startTime":1061.61,"endTime":1064.19,"body":"And if we have a lot of"},{"speaker":"Morten Weea","startTime":1061.61,"endTime":1064.19,"body":"available personnel, but no one"},{"speaker":"Morten Weea","startTime":1064.19,"endTime":1065.36,"body":"with that expertise, then"},{"speaker":"Robby Peralta","startTime":1065.57,"endTime":1066.26,"body":"there's no point."},{"speaker":"Robby Peralta","startTime":1065.57,"endTime":1066.26,"body":"Yeah,"},{"speaker":"Morten Weea","startTime":1066.32,"endTime":1070.88,"body":"no. expertise. And"},{"speaker":"Morten Weea","startTime":1066.32,"endTime":1070.88,"body":"also, that's, that's the the"},{"speaker":"Morten Weea","startTime":1070.88,"endTime":1074.75,"body":"boring part. Yeah, yeah. And"},{"speaker":"Morten Weea","startTime":1070.88,"endTime":1074.75,"body":"that's something you should"},{"speaker":"Morten Weea","startTime":1074.75,"endTime":1078.2,"body":"consider at least a little bit"},{"speaker":"Morten Weea","startTime":1074.75,"endTime":1078.2,"body":"before you decide to outsource"},{"speaker":"Morten Weea","startTime":1078.23,"endTime":1082.76,"body":"this competence to someone else."},{"speaker":"Morten Weea","startTime":1078.23,"endTime":1082.76,"body":"Because if you don't have this"},{"speaker":"Morten Weea","startTime":1082.76,"endTime":1088.43,"body":"agreement in place, before"},{"speaker":"Morten Weea","startTime":1082.76,"endTime":1088.43,"body":"aronsohn hits you, then it's not"},{"speaker":"Morten Weea","startTime":1088.55,"endTime":1091.4,"body":"guaranteed that you get the"},{"speaker":"Morten Weea","startTime":1088.55,"endTime":1091.4,"body":"response you need when you need"},{"speaker":"Morten Weea","startTime":1091.4,"endTime":1096.95,"body":"it. And that's, that's also a"},{"speaker":"Morten Weea","startTime":1091.4,"endTime":1096.95,"body":"risk that you need to consider."},{"speaker":"Morten Weea","startTime":1097.79,"endTime":1101.51,"body":"In the preparation phase, it's"},{"speaker":"Morten Weea","startTime":1097.79,"endTime":1101.51,"body":"completely fair to say we don't"},{"speaker":"Morten Weea","startTime":1101.51,"endTime":1106.43,"body":"want this in house, because it"},{"speaker":"Morten Weea","startTime":1101.51,"endTime":1106.43,"body":"takes a lot of practice"},{"speaker":"Morten Weea","startTime":1106.46,"endTime":1112.52,"body":"resources to maintain, you know,"},{"speaker":"Morten Weea","startTime":1106.46,"endTime":1112.52,"body":"the competencies. And we are, I"},{"speaker":"Morten Weea","startTime":1112.52,"endTime":1121.31,"body":"think, 200 or so people that can"},{"speaker":"Morten Weea","startTime":1112.52,"endTime":1121.31,"body":"handle incidents, and not all"},{"speaker":"Morten Weea","startTime":1121.34,"endTime":1125.9,"body":"200 have the same background or"},{"speaker":"Morten Weea","startTime":1121.34,"endTime":1125.9,"body":"same, you know, area of interest"},{"speaker":"Morten Weea","startTime":1126.38,"endTime":1130.28,"body":"that they want to focus on. So"},{"speaker":"Morten Weea","startTime":1126.38,"endTime":1130.28,"body":"say we have a couple of"},{"speaker":"Morten Weea","startTime":1130.28,"endTime":1134.93,"body":"reversers a couple of login two"},{"speaker":"Morten Weea","startTime":1130.28,"endTime":1134.93,"body":"sets, you know, and they do"},{"speaker":"Morten Weea","startTime":1134.93,"endTime":1137.87,"body":"different stuff. They, they"},{"speaker":"Morten Weea","startTime":1134.93,"endTime":1137.87,"body":"could all be a part of the same"},{"speaker":"Morten Weea","startTime":1137.87,"endTime":1140.87,"body":"incident but doing different"},{"speaker":"Morten Weea","startTime":1137.87,"endTime":1140.87,"body":"things. Yeah, different things."},{"speaker":"Morten Weea","startTime":1141.65,"endTime":1147.95,"body":"And having having a reverser in"},{"speaker":"Morten Weea","startTime":1141.65,"endTime":1147.95,"body":"house is like that's good that"},{"speaker":"Morten Weea","startTime":1147.95,"endTime":1151.88,"body":"way. Yeah. But it's it's doable,"},{"speaker":"Morten Weea","startTime":1147.95,"endTime":1151.88,"body":"but it's a if you're"},{"speaker":"Robby Peralta","startTime":1151.88,"endTime":1153.38,"body":"DNV are big."},{"speaker":"Robby Peralta","startTime":1151.88,"endTime":1153.38,"body":"Yeah, yeah."},{"speaker":"Morten Weea","startTime":1153.41,"endTime":1157.07,"body":"Because it costs a"},{"speaker":"Morten Weea","startTime":1153.41,"endTime":1157.07,"body":"lot than that person or if you"},{"speaker":"Morten Weea","startTime":1157.07,"endTime":1160.1,"body":"have more than one, you have"},{"speaker":"Morten Weea","startTime":1157.07,"endTime":1160.1,"body":"this community where they could,"},{"speaker":"Morten Weea","startTime":1160.13,"endTime":1163.58,"body":"you know, evolve. But if you"},{"speaker":"Morten Weea","startTime":1160.13,"endTime":1163.58,"body":"have that thing, the incidents"},{"speaker":"Morten Weea","startTime":1164.42,"endTime":1168.41,"body":"involved with reversing tasks,"},{"speaker":"Morten Weea","startTime":1164.42,"endTime":1168.41,"body":"and they have a huge problem."},{"speaker":"Morten Weea","startTime":1169.28,"endTime":1173.96,"body":"First place So your goal should"},{"speaker":"Morten Weea","startTime":1169.28,"endTime":1173.96,"body":"be not to have the nine for all"},{"speaker":"Morten Weea","startTime":1173.96,"endTime":1178.22,"body":"these sources. So that's that's"},{"speaker":"Morten Weea","startTime":1173.96,"endTime":1178.22,"body":"our niche because we go from"},{"speaker":"Morten Weea","startTime":1178.25,"endTime":1181.46,"body":"customer to customer or client"},{"speaker":"Morten Weea","startTime":1178.25,"endTime":1181.46,"body":"client and fix this so we can"},{"speaker":"Morten Weea","startTime":1181.46,"endTime":1187.43,"body":"get the experience. We know how"},{"speaker":"Morten Weea","startTime":1181.46,"endTime":1187.43,"body":"the the deputies evolve and see,"},{"speaker":"Morten Weea","startTime":1187.64,"endTime":1190.97,"body":"you know, they're doing"},{"speaker":"Morten Weea","startTime":1187.64,"endTime":1190.97,"body":"something said this this year,"},{"speaker":"Morten Weea","startTime":1190.97,"endTime":1193.04,"body":"and then they're doing these"},{"speaker":"Morten Weea","startTime":1190.97,"endTime":1193.04,"body":"things the other year, and then"},{"speaker":"Morten Weea","startTime":1193.37,"endTime":1199.28,"body":"we have enough assignments to"},{"speaker":"Morten Weea","startTime":1193.37,"endTime":1199.28,"body":"just have the people constantly"},{"speaker":"Morten Weea","startTime":1199.28,"endTime":1201.56,"body":"updated. educated on?"},{"speaker":"Robby Peralta","startTime":1202.31,"endTime":1204.14,"body":"Is that a threat"},{"speaker":"Robby Peralta","startTime":1202.31,"endTime":1204.14,"body":"intelligence team and emoticons"},{"speaker":"Robby Peralta","startTime":1204.14,"endTime":1205.58,"body":"incident response? Yes,"},{"speaker":"Morten Weea","startTime":1205.61,"endTime":1211.88,"body":"yeah. Awesome. But"},{"speaker":"Morten Weea","startTime":1205.61,"endTime":1211.88,"body":"part of the reason because we we"},{"speaker":"Morten Weea","startTime":1211.88,"endTime":1217.58,"body":"have to know what's happening,"},{"speaker":"Morten Weea","startTime":1211.88,"endTime":1217.58,"body":"and respond accordingly. And we"},{"speaker":"Morten Weea","startTime":1217.58,"endTime":1221.27,"body":"are fortunate enough to be big"},{"speaker":"Morten Weea","startTime":1217.58,"endTime":1221.27,"body":"enough and have enough"},{"speaker":"Morten Weea","startTime":1221.78,"endTime":1226.55,"body":"assignments so that people could"},{"speaker":"Morten Weea","startTime":1221.78,"endTime":1226.55,"body":"stay on top of the game. And"},{"speaker":"Morten Weea","startTime":1226.55,"endTime":1229.91,"body":"that benefits us. And that also"},{"speaker":"Morten Weea","startTime":1226.55,"endTime":1229.91,"body":"benefits. It's the clients that"},{"speaker":"Morten Weea","startTime":1229.91,"endTime":1235.67,"body":"need our resources. Because we"},{"speaker":"Morten Weea","startTime":1229.91,"endTime":1235.67,"body":"are, we're updated, or less."},{"speaker":"Robby Peralta","startTime":1235.97,"endTime":1237.35,"body":"That's a stupid"},{"speaker":"Robby Peralta","startTime":1235.97,"endTime":1237.35,"body":"question. How long does this"},{"speaker":"Robby Peralta","startTime":1237.35,"endTime":1241.22,"body":"process usually take from, you"},{"speaker":"Robby Peralta","startTime":1237.35,"endTime":1241.22,"body":"know, customer calls us wakes us"},{"speaker":"Robby Peralta","startTime":1241.22,"endTime":1243.5,"body":"up says that we need to help."},{"speaker":"Robby Peralta","startTime":1241.22,"endTime":1243.5,"body":"And then we say, Okay, cool."},{"speaker":"Robby Peralta","startTime":1243.95,"endTime":1246.65,"body":"Tell us what's happening. They"},{"speaker":"Robby Peralta","startTime":1243.95,"endTime":1246.65,"body":"explain it, we call them back"},{"speaker":"Robby Peralta","startTime":1246.77,"endTime":1249.35,"body":"and said, Okay, we have some"},{"speaker":"Robby Peralta","startTime":1246.77,"endTime":1249.35,"body":"guys for you. They get on their"},{"speaker":"Robby Peralta","startTime":1249.35,"endTime":1251.12,"body":"PCs start working,"},{"speaker":"Morten Weea","startTime":1251.33,"endTime":1253.46,"body":"how long? Are they"},{"speaker":"Morten Weea","startTime":1251.33,"endTime":1253.46,"body":"going to be there for others?"},{"speaker":"Morten Weea","startTime":1253.46,"endTime":1256.16,"body":"Depends? Yeah, it really depends"},{"speaker":"Morten Weea","startTime":1253.46,"endTime":1256.16,"body":"on the"},{"speaker":"Robby Peralta","startTime":1256.48,"endTime":1258.4,"body":"Do we have an"},{"speaker":"Robby Peralta","startTime":1256.48,"endTime":1258.4,"body":"average that we've calculated"},{"speaker":"Morten Weea","startTime":1258.92,"endTime":1264.23,"body":"well, as most of"},{"speaker":"Morten Weea","startTime":1258.92,"endTime":1264.23,"body":"our clients, they just want to,"},{"speaker":"Morten Weea","startTime":1264.41,"endTime":1267.47,"body":"you know, have our stamp of"},{"speaker":"Morten Weea","startTime":1264.41,"endTime":1267.47,"body":"approval or whatever. So we"},{"speaker":"Morten Weea","startTime":1267.47,"endTime":1271.82,"body":"could just move in, do the"},{"speaker":"Morten Weea","startTime":1267.47,"endTime":1271.82,"body":"assessment and deliver the"},{"speaker":"Morten Weea","startTime":1271.82,"endTime":1274.82,"body":"report. That's, that doesn't"},{"speaker":"Morten Weea","startTime":1271.82,"endTime":1274.82,"body":"take long. But then on the other"},{"speaker":"Morten Weea","startTime":1274.82,"endTime":1278.96,"body":"hand, we have the more serious"},{"speaker":"Morten Weea","startTime":1274.82,"endTime":1278.96,"body":"cases where where we have, you"},{"speaker":"Morten Weea","startTime":1278.96,"endTime":1283.4,"body":"know, an advanced persistent"},{"speaker":"Morten Weea","startTime":1278.96,"endTime":1283.4,"body":"threat on the other side. So we"},{"speaker":"Morten Weea","startTime":1283.4,"endTime":1287.51,"body":"will need to have more people to"},{"speaker":"Morten Weea","startTime":1283.4,"endTime":1287.51,"body":"take more time. So but that's"},{"speaker":"Morten Weea","startTime":1287.51,"endTime":1290.69,"body":"the the other end of the scale."},{"speaker":"Morten Weea","startTime":1287.51,"endTime":1290.69,"body":"So that could take years."},{"speaker":"Robby Peralta","startTime":1291.47,"endTime":1295.49,"body":"And that does. We"},{"speaker":"Robby Peralta","startTime":1291.47,"endTime":1295.49,"body":"do exist organizations out there"},{"speaker":"Robby Peralta","startTime":1295.49,"endTime":1296.75,"body":"that are being attacked like"},{"speaker":"Robby Peralta","startTime":1295.49,"endTime":1296.75,"body":"that, right?"},{"speaker":"Morten Weea","startTime":1296.81,"endTime":1299.84,"body":"Yes. And that's an"},{"speaker":"Morten Weea","startTime":1296.81,"endTime":1299.84,"body":"ongoing process. And that's more"},{"speaker":"Morten Weea","startTime":1299.84,"endTime":1304.25,"body":"like a cat and mouse, know where"},{"speaker":"Morten Weea","startTime":1299.84,"endTime":1304.25,"body":"we have. It's a nation state on"},{"speaker":"Morten Weea","startTime":1304.25,"endTime":1306.95,"body":"the other side, they want to get"},{"speaker":"Morten Weea","startTime":1304.25,"endTime":1306.95,"body":"some kind of information, and"},{"speaker":"Morten Weea","startTime":1306.95,"endTime":1310.01,"body":"then we should just prevent them"},{"speaker":"Morten Weea","startTime":1306.95,"endTime":1310.01,"body":"from from getting that"},{"speaker":"Morten Weea","startTime":1310.01,"endTime":1313.67,"body":"information or that it shouldn't"},{"speaker":"Morten Weea","startTime":1310.01,"endTime":1313.67,"body":"come out. Because that's the,"},{"speaker":"Morten Weea","startTime":1314.21,"endTime":1315.41,"body":"that's a consequence."},{"speaker":"Robby Peralta","startTime":1315.44,"endTime":1317.03,"body":"But if you're"},{"speaker":"Robby Peralta","startTime":1315.44,"endTime":1317.03,"body":"there for many years, what are"},{"speaker":"Robby Peralta","startTime":1317.03,"endTime":1319.61,"body":"you doing, like operating honey"},{"speaker":"Robby Peralta","startTime":1317.03,"endTime":1319.61,"body":"pots? And just like just"},{"speaker":"Robby Peralta","startTime":1319.61,"endTime":1321.08,"body":"confusing them throwing them"},{"speaker":"Robby Peralta","startTime":1319.61,"endTime":1321.08,"body":"off?"},{"speaker":"Morten Weea","startTime":1321.11,"endTime":1321.98,"body":"Yeah, cool,"},{"speaker":"Robby Peralta","startTime":1321.51,"endTime":1325.56,"body":"Cool, awesome. I"},{"speaker":"Robby Peralta","startTime":1321.51,"endTime":1325.56,"body":"don't even know what that"},{"speaker":"Robby Peralta","startTime":1326.19,"endTime":1326.79,"body":"entails."},{"speaker":"Morten Weea","startTime":1332.15,"endTime":1335.93,"body":"yeah, it's, that's"},{"speaker":"Morten Weea","startTime":1332.15,"endTime":1335.93,"body":"a good question. And we have to"},{"speaker":"Morten Weea","startTime":1335.93,"endTime":1341.15,"body":"give the attacker something, but"},{"speaker":"Morten Weea","startTime":1335.93,"endTime":1341.15,"body":"not something that's valuable."},{"speaker":"Morten Weea","startTime":1341.42,"endTime":1346.46,"body":"I'm not something that"},{"speaker":"Morten Weea","startTime":1341.42,"endTime":1346.46,"body":"compromises the clients of the"},{"speaker":"Morten Weea","startTime":1346.46,"endTime":1350.69,"body":"client, or whatever, you know,"},{"speaker":"Morten Weea","startTime":1346.46,"endTime":1350.69,"body":"they should have some not"},{"speaker":"Morten Weea","startTime":1350.69,"endTime":1354.77,"body":"important information. So but"},{"speaker":"Morten Weea","startTime":1350.69,"endTime":1354.77,"body":"that, you know, we have to"},{"speaker":"Morten Weea","startTime":1354.77,"endTime":1359.18,"body":"balance a little bit, is this is"},{"speaker":"Morten Weea","startTime":1354.77,"endTime":1359.18,"body":"this compromising? Could this"},{"speaker":"Morten Weea","startTime":1359.18,"endTime":1364.22,"body":"have a legal consequences for"},{"speaker":"Morten Weea","startTime":1359.18,"endTime":1364.22,"body":"the client? And, you know, are"},{"speaker":"Morten Weea","startTime":1364.22,"endTime":1369.02,"body":"we indicating that we know that"},{"speaker":"Morten Weea","startTime":1364.22,"endTime":1369.02,"body":"they're there for the attacker?"},{"speaker":"Morten Weea","startTime":1369.23,"endTime":1374.54,"body":"So, you know, we have to give"},{"speaker":"Morten Weea","startTime":1369.23,"endTime":1374.54,"body":"them some but not all. And it's"},{"speaker":"Morten Weea","startTime":1374.54,"endTime":1377.63,"body":"a it's a game of cat and mouse?"},{"speaker":"Morten Weea","startTime":1374.54,"endTime":1377.63,"body":"Sounds? Yeah."},{"speaker":"Robby Peralta","startTime":1377.0,"endTime":1379.7,"body":"That sounds li"},{"speaker":"Robby Peralta","startTime":1377.0,"endTime":1379.7,"body":"e so much fun, when you're no"},{"speaker":"Robby Peralta","startTime":1379.7,"endTime":1383.33,"body":"the person that's being atta"},{"speaker":"Robby Peralta","startTime":1379.7,"endTime":1383.33,"body":"ked? But by the way"},{"speaker":"Robby Peralta","startTime":1383.48,"endTime":1389.12,"body":"the communication part, that"},{"speaker":"Robby Peralta","startTime":1383.48,"endTime":1389.12,"body":"s an art of its own right? I fe"},{"speaker":"Robby Peralta","startTime":1389.12,"endTime":1392.3,"body":"l like honestly is the best pol"},{"speaker":"Robby Peralta","startTime":1389.12,"endTime":1392.3,"body":"cy, and it's weird because if I"},{"speaker":"Robby Peralta","startTime":1392.3,"endTime":1394.4,"body":"see a company thats like, yeah,"},{"speaker":"Robby Peralta","startTime":1392.3,"endTime":1394.4,"body":"we're getting hacked or under cy"},{"speaker":"Robby Peralta","startTime":1394.4,"endTime":1396.32,"body":"erattack. I look at them, lik"},{"speaker":"Robby Peralta","startTime":1394.4,"endTime":1396.32,"body":", Cool. Thank you for tellin"},{"speaker":"Robby Peralta","startTime":1396.32,"endTime":1399.89,"body":"us like I automatically"},{"speaker":"Robby Peralta","startTime":1396.32,"endTime":1399.89,"body":"ave like, I sympathize for them"},{"speaker":"Robby Peralta","startTime":1399.89,"endTime":1401.87,"body":"That's probably because I"},{"speaker":"Robby Peralta","startTime":1399.89,"endTime":1401.87,"body":"ork with cybersecurity. Other p"},{"speaker":"Robby Peralta","startTime":1401.87,"endTime":1405.44,"body":"ople may not like that, like,"},{"speaker":"Robby Peralta","startTime":1401.87,"endTime":1405.44,"body":"h, that's a bad company. What d"},{"speaker":"Robby Peralta","startTime":1405.44,"endTime":1410.15,"body":"es mnemonic say companies shou"},{"speaker":"Robby Peralta","startTime":1405.44,"endTime":1410.15,"body":"d do? Is honestly the best pol"},{"speaker":"Robby Peralta","startTime":1410.15,"endTime":1412.7,"body":"cy, or is there a strategy"},{"speaker":"Morten Weea","startTime":1415.57,"endTime":1418.81,"body":"It depends. It's,"},{"speaker":"Morten Weea","startTime":1415.57,"endTime":1418.81,"body":"we're not the communications"},{"speaker":"Morten Weea","startTime":1418.81,"endTime":1423.37,"body":"expert. So I'll just have to,"},{"speaker":"Morten Weea","startTime":1418.81,"endTime":1423.37,"body":"you know, wrap my mind around"},{"speaker":"Morten Weea","startTime":1423.37,"endTime":1428.74,"body":"this myself. So but honesty goes"},{"speaker":"Morten Weea","startTime":1423.37,"endTime":1428.74,"body":"a long way. So if you're owning"},{"speaker":"Morten Weea","startTime":1428.74,"endTime":1432.49,"body":"up to whatever's happening, and"},{"speaker":"Morten Weea","startTime":1428.74,"endTime":1432.49,"body":"then you're sharing enough"},{"speaker":"Morten Weea","startTime":1432.49,"endTime":1436.93,"body":"information for people to know"},{"speaker":"Morten Weea","startTime":1432.49,"endTime":1436.93,"body":"what's going on, then that's"},{"speaker":"Morten Weea","startTime":1436.93,"endTime":1439.69,"body":"good. But if you're sharing too"},{"speaker":"Morten Weea","startTime":1436.93,"endTime":1439.69,"body":"much information, then you're"},{"speaker":"Morten Weea","startTime":1439.72,"endTime":1442.9,"body":"obviously alerting whoever is"},{"speaker":"Morten Weea","startTime":1439.72,"endTime":1442.9,"body":"attacking that you're on to,"},{"speaker":"Morten Weea","startTime":1443.47,"endTime":1449.23,"body":"onto though. And also, even, you"},{"speaker":"Morten Weea","startTime":1443.47,"endTime":1449.23,"body":"know, the communication part is"},{"speaker":"Morten Weea","startTime":1449.26,"endTime":1452.98,"body":"one way because you're not"},{"speaker":"Morten Weea","startTime":1449.26,"endTime":1452.98,"body":"getting communication back. So"},{"speaker":"Morten Weea","startTime":1453.04,"endTime":1456.97,"body":"if you're just telling everyone"},{"speaker":"Morten Weea","startTime":1453.04,"endTime":1456.97,"body":"what's going on, then obviously"},{"speaker":"Morten Weea","startTime":1456.97,"endTime":1460.33,"body":"the perpetrator is also getting"},{"speaker":"Morten Weea","startTime":1456.97,"endTime":1460.33,"body":"the information that you're"},{"speaker":"Morten Weea","startTime":1460.33,"endTime":1465.13,"body":"sharing. Yeah. So that's not"},{"speaker":"Morten Weea","startTime":1460.33,"endTime":1465.13,"body":"good, necessarily. And the other"},{"speaker":"Morten Weea","startTime":1465.13,"endTime":1470.98,"body":"part of this, this problem is,"},{"speaker":"Morten Weea","startTime":1465.13,"endTime":1470.98,"body":"say it's the 12th time this year"},{"speaker":"Morten Weea","startTime":1471.01,"endTime":1473.35,"body":"that you have been hacked, you"},{"speaker":"Morten Weea","startTime":1471.01,"endTime":1473.35,"body":"know, should you just go out"},{"speaker":"Morten Weea","startTime":1473.35,"endTime":1476.23,"body":"there so well, were hacked to"},{"speaker":"Morten Weea","startTime":1473.35,"endTime":1476.23,"body":"get too bad"},{"speaker":"Robby Peralta","startTime":1476.26,"endTime":1478.09,"body":"Good morning"},{"speaker":"Robby Peralta","startTime":1476.26,"endTime":1478.09,"body":"everybody, it's Monday and"},{"speaker":"Robby Peralta","startTime":1478.09,"endTime":1478.45,"body":"we're..."},{"speaker":"Morten Weea","startTime":1478.969,"endTime":1483.859,"body":"yeah, you know. So"},{"speaker":"Morten Weea","startTime":1478.969,"endTime":1483.859,"body":"if, if you're constantly"},{"speaker":"Morten Weea","startTime":1483.859,"endTime":1487.639,"body":"communicating that you're being"},{"speaker":"Morten Weea","startTime":1483.859,"endTime":1487.639,"body":"hacked, and you're, then you"},{"speaker":"Morten Weea","startTime":1487.639,"endTime":1491.269,"body":"come across as somewhat"},{"speaker":"Morten Weea","startTime":1487.639,"endTime":1491.269,"body":"incompetent, maybe learning from"},{"speaker":"Morten Weea","startTime":1491.269,"endTime":1494.569,"body":"your previous mistakes, though,"},{"speaker":"Morten Weea","startTime":1491.269,"endTime":1494.569,"body":"I think sharing the right"},{"speaker":"Morten Weea","startTime":1494.569,"endTime":1497.599,"body":"information, the right amount of"},{"speaker":"Morten Weea","startTime":1494.569,"endTime":1497.599,"body":"information in at the right"},{"speaker":"Morten Weea","startTime":1497.599,"endTime":1503.359,"body":"time, crucial to do some"},{"speaker":"Morten Weea","startTime":1497.599,"endTime":1503.359,"body":"specific assessments, hmm,"},{"speaker":"Robby Peralta","startTime":1503.57,"endTime":1506.39,"body":"Is there any"},{"speaker":"Robby Peralta","startTime":1503.57,"endTime":1506.39,"body":"circumstances where covering it"},{"speaker":"Robby Peralta","startTime":1506.39,"endTime":1508.52,"body":"up to be actually may be the"},{"speaker":"Robby Peralta","startTime":1506.39,"endTime":1508.52,"body":"best thing to do?"},{"speaker":"Morten Weea","startTime":1510.019,"endTime":1513.229,"body":"Well, you know,"},{"speaker":"Morten Weea","startTime":1510.019,"endTime":1513.229,"body":"with all the new GDPR"},{"speaker":"Morten Weea","startTime":1513.289,"endTime":1516.739,"body":"legislation and things like"},{"speaker":"Morten Weea","startTime":1513.289,"endTime":1516.739,"body":"that, you're obligated to give"},{"speaker":"Morten Weea","startTime":1516.739,"endTime":1521.389,"body":"information to authorities and"},{"speaker":"Morten Weea","startTime":1516.739,"endTime":1521.389,"body":"the public and whatever within"},{"speaker":"Morten Weea","startTime":1521.419,"endTime":1525.739,"body":"it, or whatever they call it."},{"speaker":"Morten Weea","startTime":1521.419,"endTime":1525.739,"body":"But they also have this"},{"speaker":"Morten Weea","startTime":1525.769,"endTime":1529.579,"body":"exception where you don't have"},{"speaker":"Morten Weea","startTime":1525.769,"endTime":1529.579,"body":"to disclose the information. If"},{"speaker":"Morten Weea","startTime":1529.579,"endTime":1531.169,"body":"it's an ongoing investigation,"},{"speaker":"Robby Peralta","startTime":1531.3,"endTime":1532.5,"body":"Why doesn't"},{"speaker":"Robby Peralta","startTime":1531.3,"endTime":1532.5,"body":"everybody just hide behind that"},{"speaker":"Robby Peralta","startTime":1532.5,"endTime":1532.71,"body":"then?"},{"speaker":"Morten Weea","startTime":1533.33,"endTime":1535.94,"body":"Well, because you"},{"speaker":"Morten Weea","startTime":1533.33,"endTime":1535.94,"body":"can't have an ongoing"},{"speaker":"Morten Weea","startTime":1535.94,"endTime":1542.21,"body":"investigation for a year 234."},{"speaker":"Morten Weea","startTime":1535.94,"endTime":1542.21,"body":"You know, so if it's a serious"},{"speaker":"Morten Weea","startTime":1542.21,"endTime":1545.45,"body":"thing, then obviously, you"},{"speaker":"Morten Weea","startTime":1542.21,"endTime":1545.45,"body":"should hide behind the ongoing"},{"speaker":"Morten Weea","startTime":1545.45,"endTime":1550.85,"body":"investigation part. For as long"},{"speaker":"Morten Weea","startTime":1545.45,"endTime":1550.85,"body":"as you need it. But, but it's"},{"speaker":"Morten Weea","startTime":1550.85,"endTime":1554.3,"body":"also good to share some"},{"speaker":"Morten Weea","startTime":1550.85,"endTime":1554.3,"body":"information on what's happening."},{"speaker":"Morten Weea","startTime":1555.98,"endTime":1559.19,"body":"Know, if you, you're swift with"},{"speaker":"Morten Weea","startTime":1555.98,"endTime":1559.19,"body":"the response, and just fix"},{"speaker":"Morten Weea","startTime":1559.19,"endTime":1563.48,"body":"things and get them out. And"},{"speaker":"Morten Weea","startTime":1559.19,"endTime":1563.48,"body":"that's your goal. And you can"},{"speaker":"Morten Weea","startTime":1563.75,"endTime":1567.53,"body":"respond and then disclose, you"},{"speaker":"Morten Weea","startTime":1563.75,"endTime":1567.53,"body":"know, because we have already"},{"speaker":"Morten Weea","startTime":1567.53,"endTime":1570.62,"body":"fixed it, and then people are"},{"speaker":"Morten Weea","startTime":1567.53,"endTime":1570.62,"body":"okay, okay, but it's fixed. So"},{"speaker":"Morten Weea","startTime":1570.77,"endTime":1573.59,"body":"let's move on. But if you're if"},{"speaker":"Morten Weea","startTime":1570.77,"endTime":1573.59,"body":"you're too early out there in"},{"speaker":"Morten Weea","startTime":1573.59,"endTime":1578.57,"body":"the game and say, well, we have"},{"speaker":"Morten Weea","startTime":1573.59,"endTime":1578.57,"body":"been hacked, and the advanced"},{"speaker":"Morten Weea","startTime":1578.57,"endTime":1581.9,"body":"persistent threat now has access"},{"speaker":"Morten Weea","startTime":1578.57,"endTime":1581.9,"body":"to all the pipelines. In the"},{"speaker":"Morten Weea","startTime":1581.93,"endTime":1586.16,"body":"case of ATM, they could poison,"},{"speaker":"Morten Weea","startTime":1581.93,"endTime":1586.16,"body":"you know, your water supply. But"},{"speaker":"Morten Weea","startTime":1586.16,"endTime":1590.27,"body":"Have a good day. Yeah, we're"},{"speaker":"Morten Weea","startTime":1586.16,"endTime":1590.27,"body":"fixing it, but we don't know who"},{"speaker":"Morten Weea","startTime":1590.27,"endTime":1592.88,"body":"is doing this, or what they"},{"speaker":"Morten Weea","startTime":1590.27,"endTime":1592.88,"body":"really want. You know, that's,"},{"speaker":"Morten Weea","startTime":1592.97,"endTime":1597.8,"body":"that's not kind of good"},{"speaker":"Morten Weea","startTime":1592.97,"endTime":1597.8,"body":"information. So we have to be a"},{"speaker":"Morten Weea","startTime":1597.8,"endTime":1601.58,"body":"little careful with what you"},{"speaker":"Morten Weea","startTime":1597.8,"endTime":1601.58,"body":"share and, and how, and consider"},{"speaker":"Morten Weea","startTime":1601.58,"endTime":1604.64,"body":"the consequences of, of your"},{"speaker":"Morten Weea","startTime":1601.58,"endTime":1604.64,"body":"information. Obviously."},{"speaker":"Robby Peralta","startTime":1605.92,"endTime":1608.38,"body":"I see why it's a"},{"speaker":"Robby Peralta","startTime":1605.92,"endTime":1608.38,"body":"it's a fun job what you're"},{"speaker":"Robby Peralta","startTime":1608.38,"endTime":1608.95,"body":"working with here."},{"speaker":"Morten Weea","startTime":1609.89,"endTime":1612.74,"body":"It's a it's"},{"speaker":"Morten Weea","startTime":1609.89,"endTime":1612.74,"body":"interesting, huh?"},{"speaker":"Robby Peralta","startTime":1613.11,"endTime":1615.27,"body":"Do you have any,"},{"speaker":"Robby Peralta","startTime":1613.11,"endTime":1615.27,"body":"like, last words of advice? Do"},{"speaker":"Robby Peralta","startTime":1615.27,"endTime":1618.48,"body":"you have any, you know, with all"},{"speaker":"Robby Peralta","startTime":1615.27,"endTime":1618.48,"body":"this, you're studying this"},{"speaker":"Robby Peralta","startTime":1618.51,"endTime":1623.13,"body":"you're working with in real"},{"speaker":"Robby Peralta","startTime":1618.51,"endTime":1623.13,"body":"life. Somebody had as another"},{"speaker":"Robby Peralta","startTime":1623.13,"endTime":1625.65,"body":"podcast, but he said, you know,"},{"speaker":"Robby Peralta","startTime":1623.13,"endTime":1625.65,"body":"the whole point of security is"},{"speaker":"Robby Peralta","startTime":1625.65,"endTime":1627.84,"body":"like, actually, you know, the"},{"speaker":"Robby Peralta","startTime":1625.65,"endTime":1627.84,"body":"whole point of his SOC actually,"},{"speaker":"Robby Peralta","startTime":1628.23,"endTime":1630.78,"body":"was just when something happens"},{"speaker":"Robby Peralta","startTime":1628.23,"endTime":1630.78,"body":"just to clean it up, you know,"},{"speaker":"Robby Peralta","startTime":1630.78,"endTime":1634.92,"body":"incident response. So your whole"},{"speaker":"Robby Peralta","startTime":1630.78,"endTime":1634.92,"body":"security scheme should be giving"},{"speaker":"Robby Peralta","startTime":1634.92,"endTime":1637.95,"body":"you everything you need to"},{"speaker":"Robby Peralta","startTime":1634.92,"endTime":1637.95,"body":"respond to an incident. And that"},{"speaker":"Robby Peralta","startTime":1637.95,"endTime":1639.36,"body":"was an interesting way of saying"},{"speaker":"Robby Peralta","startTime":1637.95,"endTime":1639.36,"body":"and I agree,"},{"speaker":"Morten Weea","startTime":1640.249,"endTime":1645.139,"body":"I agree. Because I"},{"speaker":"Morten Weea","startTime":1640.249,"endTime":1645.139,"body":"usually when I explain the steps"},{"speaker":"Morten Weea","startTime":1645.139,"endTime":1650.089,"body":"in all the preparation, the, you"},{"speaker":"Morten Weea","startTime":1645.139,"endTime":1650.089,"body":"know, detection, assessment,"},{"speaker":"Morten Weea","startTime":1650.149,"endTime":1656.509,"body":"response, etc. I used to draw"},{"speaker":"Morten Weea","startTime":1650.149,"endTime":1656.509,"body":"circles, you know, indicating"},{"speaker":"Morten Weea","startTime":1656.539,"endTime":1662.929,"body":"each step in the circle. And"},{"speaker":"Morten Weea","startTime":1656.539,"endTime":1662.929,"body":"then I used to know, this"},{"speaker":"Morten Weea","startTime":1663.199,"endTime":1668.029,"body":"regular size to the preparation"},{"speaker":"Morten Weea","startTime":1663.199,"endTime":1668.029,"body":"part. And then I come to the"},{"speaker":"Morten Weea","startTime":1668.029,"endTime":1671.449,"body":"response, and then it's a huge"},{"speaker":"Morten Weea","startTime":1668.029,"endTime":1671.449,"body":"blob. Because if you have a"},{"speaker":"Morten Weea","startTime":1671.449,"endTime":1676.309,"body":"small preparation phase, then"},{"speaker":"Morten Weea","startTime":1671.449,"endTime":1676.309,"body":"you have to do most of the Yeah,"},{"speaker":"Morten Weea","startTime":1676.549,"endTime":1680.839,"body":"most of the job in the prep or"},{"speaker":"Morten Weea","startTime":1676.549,"endTime":1680.839,"body":"the response phase. But if"},{"speaker":"Morten Weea","startTime":1680.839,"endTime":1683.689,"body":"you're good at preparation, in"},{"speaker":"Morten Weea","startTime":1680.839,"endTime":1683.689,"body":"know what's going on can hit you"},{"speaker":"Morten Weea","startTime":1683.719,"endTime":1688.459,"body":"or how you should respond when"},{"speaker":"Morten Weea","startTime":1683.719,"endTime":1688.459,"body":"it hits. And you have to have a"},{"speaker":"Morten Weea","startTime":1688.459,"endTime":1692.089,"body":"lot less in response. So the"},{"speaker":"Morten Weea","startTime":1688.459,"endTime":1692.089,"body":"goal is to have a perfect"},{"speaker":"Morten Weea","startTime":1692.089,"endTime":1697.249,"body":"balance between these two phases"},{"speaker":"Morten Weea","startTime":1692.089,"endTime":1697.249,"body":"where you have put enough money"},{"speaker":"Morten Weea","startTime":1697.249,"endTime":1701.689,"body":"into the preparation phase. And"},{"speaker":"Morten Weea","startTime":1697.249,"endTime":1701.689,"body":"then you wouldn't have to know"},{"speaker":"Morten Weea","startTime":1701.689,"endTime":1704.839,"body":"open your wallet when a response"},{"speaker":"Morten Weea","startTime":1701.689,"endTime":1704.839,"body":"comes out when the response"},{"speaker":"Morten Weea","startTime":1704.839,"endTime":1709.069,"body":"comes in. And that's there are"},{"speaker":"Morten Weea","startTime":1704.839,"endTime":1709.069,"body":"some things you could do to just"},{"speaker":"Morten Weea","startTime":1709.069,"endTime":1714.619,"body":"start. And that's considered the"},{"speaker":"Morten Weea","startTime":1709.069,"endTime":1714.619,"body":"different threat actors. Now we"},{"speaker":"Morten Weea","startTime":1714.619,"endTime":1719.239,"body":"have the basic script kiddies on"},{"speaker":"Morten Weea","startTime":1714.619,"endTime":1719.239,"body":"one side of the hacktivist in"},{"speaker":"Morten Weea","startTime":1719.239,"endTime":1722.599,"body":"the middle on the new evolved"},{"speaker":"Morten Weea","startTime":1719.239,"endTime":1722.599,"body":"crimes in the kids, more up to"},{"speaker":"Morten Weea","startTime":1722.599,"endTime":1727.189,"body":"them, the nation states at the"},{"speaker":"Morten Weea","startTime":1722.599,"endTime":1727.189,"body":"end, and they're like us,"},{"speaker":"Morten Weea","startTime":1727.189,"endTime":1731.329,"body":"they're the horror, they could"},{"speaker":"Morten Weea","startTime":1727.189,"endTime":1731.329,"body":"be seen as some kind of stare"},{"speaker":"Morten Weea","startTime":1731.329,"endTime":1735.379,"body":"where the first step is this"},{"speaker":"Morten Weea","startTime":1731.329,"endTime":1735.379,"body":"rickety. It doesn't have a lot"},{"speaker":"Morten Weea","startTime":1735.379,"endTime":1739.189,"body":"of skills, it doesn't have a lot"},{"speaker":"Morten Weea","startTime":1735.379,"endTime":1739.189,"body":"of motivation. The goals are,"},{"speaker":"Morten Weea","startTime":1739.399,"endTime":1742.969,"body":"whatever comes along. And then"},{"speaker":"Morten Weea","startTime":1739.399,"endTime":1742.969,"body":"the persistence is like once"},{"speaker":"Morten Weea","startTime":1742.969,"endTime":1745.849,"body":"they're in, they're in the"},{"speaker":"Morten Weea","startTime":1742.969,"endTime":1745.849,"body":"moving on. So if you get them"},{"speaker":"Morten Weea","startTime":1745.849,"endTime":1750.229,"body":"out there, they're out. But that"},{"speaker":"Morten Weea","startTime":1745.849,"endTime":1750.229,"body":"being said, you shouldn't you"},{"speaker":"Morten Weea","startTime":1750.229,"endTime":1754.129,"body":"shouldn't let them in, you know,"},{"speaker":"Morten Weea","startTime":1750.229,"endTime":1754.129,"body":"because these are not persistent"},{"speaker":"Morten Weea","startTime":1754.129,"endTime":1757.909,"body":"at all they are, if the things"},{"speaker":"Morten Weea","startTime":1754.129,"endTime":1757.909,"body":"they have seen online doesn't"},{"speaker":"Morten Weea","startTime":1757.909,"endTime":1761.209,"body":"work, they go on them. Yeah,"},{"speaker":"Morten Weea","startTime":1757.909,"endTime":1761.209,"body":"they wouldn't know how to, you"},{"speaker":"Morten Weea","startTime":1761.209,"endTime":1764.569,"body":"know, escalate or evolve their"},{"speaker":"Morten Weea","startTime":1761.209,"endTime":1764.569,"body":"attack. So they move just on to"},{"speaker":"Morten Weea","startTime":1764.569,"endTime":1767.539,"body":"another target. That's why the"},{"speaker":"Morten Weea","startTime":1764.569,"endTime":1767.539,"body":"preparation should at least, you"},{"speaker":"Morten Weea","startTime":1767.539,"endTime":1774.079,"body":"know, indicate at what level do"},{"speaker":"Morten Weea","startTime":1767.539,"endTime":1774.079,"body":"we want to keep the bad guys out"},{"speaker":"Morten Weea","startTime":1774.079,"endTime":1777.709,"body":"before we need to focus or put"},{"speaker":"Morten Weea","startTime":1774.079,"endTime":1777.709,"body":"any money into responding to"},{"speaker":"Morten Weea","startTime":1777.709,"endTime":1783.919,"body":"this. So I would say the good"},{"speaker":"Morten Weea","startTime":1777.709,"endTime":1783.919,"body":"good advice is to have enough in"},{"speaker":"Morten Weea","startTime":1783.919,"endTime":1788.089,"body":"the beginning, just to get all"},{"speaker":"Morten Weea","startTime":1783.919,"endTime":1788.089,"body":"these nuisances away, so you"},{"speaker":"Morten Weea","startTime":1788.089,"endTime":1790.969,"body":"don't have to deal with them."},{"speaker":"Morten Weea","startTime":1788.089,"endTime":1790.969,"body":"You don't want to be owned by a"},{"speaker":"Morten Weea","startTime":1790.969,"endTime":1796.519,"body":"14 year old that just found some"},{"speaker":"Morten Weea","startTime":1790.969,"endTime":1796.519,"body":"cool tools, and then exposed all"},{"speaker":"Morten Weea","startTime":1796.519,"endTime":1799.969,"body":"of your data, you know, because"},{"speaker":"Morten Weea","startTime":1796.519,"endTime":1799.969,"body":"you don't know who can pick up"},{"speaker":"Morten Weea","startTime":1799.999,"endTime":1805.999,"body":"That data and say, if you have"},{"speaker":"Morten Weea","startTime":1799.999,"endTime":1805.999,"body":"the pipeline's a script doesn't"},{"speaker":"Morten Weea","startTime":1805.999,"endTime":1809.809,"body":"know what he's dealing with, he"},{"speaker":"Morten Weea","startTime":1805.999,"endTime":1809.809,"body":"just puts it online to see it,"},{"speaker":"Morten Weea","startTime":1809.809,"endTime":1813.109,"body":"look what I found. And then some"},{"speaker":"Morten Weea","startTime":1809.809,"endTime":1813.109,"body":"bad guys could just pick it up"},{"speaker":"Morten Weea","startTime":1813.109,"endTime":1816.199,"body":"from there, they don't even have"},{"speaker":"Morten Weea","startTime":1813.109,"endTime":1816.199,"body":"to tack you don't end it, that"},{"speaker":"Morten Weea","startTime":1816.199,"endTime":1820.129,"body":"kind of information. So so"},{"speaker":"Morten Weea","startTime":1816.199,"endTime":1820.129,"body":"that's not, that's unfortunate."},{"speaker":"Morten Weea","startTime":1820.279,"endTime":1823.909,"body":"So you should just move up on"},{"speaker":"Morten Weea","startTime":1820.279,"endTime":1823.909,"body":"the stairs until you're, you"},{"speaker":"Morten Weea","startTime":1823.909,"endTime":1829.459,"body":"know, confident with not having"},{"speaker":"Morten Weea","startTime":1823.909,"endTime":1829.459,"body":"to handle this, and you're"},{"speaker":"Morten Weea","startTime":1829.459,"endTime":1832.159,"body":"prepared to handle, you know,"},{"speaker":"Morten Weea","startTime":1829.459,"endTime":1832.159,"body":"the more advanced just"},{"speaker":"Robby Peralta","startTime":1831.0,"endTime":1833.7,"body":"to be a little"},{"speaker":"Robby Peralta","startTime":1831.0,"endTime":1833.7,"body":"more concrete here, what are"},{"speaker":"Robby Peralta","startTime":1833.7,"endTime":1836.4,"body":"these smaller steps like"},{"speaker":"Robby Peralta","startTime":1833.7,"endTime":1836.4,"body":"ransomware? For example, that's"},{"speaker":"Robby Peralta","startTime":1836.4,"endTime":1838.17,"body":"like one of those things that"},{"speaker":"Robby Peralta","startTime":1836.4,"endTime":1838.17,"body":"you shouldn't have to deal with."},{"speaker":"Robby Peralta","startTime":1838.17,"endTime":1838.38,"body":"Right?"},{"speaker":"Morten Weea","startTime":1838.86,"endTime":1841.08,"body":"That's an attack"},{"speaker":"Morten Weea","startTime":1838.86,"endTime":1841.08,"body":"that's on on the lower part. But"},{"speaker":"Morten Weea","startTime":1841.08,"endTime":1844.47,"body":"I was thinking threat actors as"},{"speaker":"Morten Weea","startTime":1841.08,"endTime":1844.47,"body":"well, because the threat actors,"},{"speaker":"Morten Weea","startTime":1844.47,"endTime":1849.15,"body":"just foreign things are they"},{"speaker":"Morten Weea","startTime":1844.47,"endTime":1849.15,"body":"they want to do some some harm"},{"speaker":"Morten Weea","startTime":1849.15,"endTime":1853.41,"body":"against you. And then they have,"},{"speaker":"Morten Weea","startTime":1849.15,"endTime":1853.41,"body":"they have different skill set"},{"speaker":"Morten Weea","startTime":1853.41,"endTime":1859.26,"body":"the motivation, etc. So they are"},{"speaker":"Morten Weea","startTime":1853.41,"endTime":1859.26,"body":"just evolving. So crime, crime,"},{"speaker":"Morten Weea","startTime":1859.5,"endTime":1863.37,"body":"or crime syndicates, they they"},{"speaker":"Morten Weea","startTime":1859.5,"endTime":1863.37,"body":"want to do, you know, they have"},{"speaker":"Morten Weea","startTime":1863.37,"endTime":1866.37,"body":"this kind of goal, they want to"},{"speaker":"Morten Weea","startTime":1863.37,"endTime":1866.37,"body":"make money on you, or whatever,"},{"speaker":"Morten Weea","startTime":1866.55,"endTime":1872.07,"body":"no selling information that you"},{"speaker":"Morten Weea","startTime":1866.55,"endTime":1872.07,"body":"have to other parts. And then"},{"speaker":"Morten Weea","startTime":1872.07,"endTime":1874.71,"body":"the nation states, they have"},{"speaker":"Morten Weea","startTime":1872.07,"endTime":1874.71,"body":"this one goal that they really"},{"speaker":"Morten Weea","startTime":1874.71,"endTime":1877.77,"body":"want. So if you're a target of a"},{"speaker":"Morten Weea","startTime":1874.71,"endTime":1877.77,"body":"nation state, then well is"},{"speaker":"Morten Weea","startTime":1877.8,"endTime":1882.54,"body":"you're going to be on some way"},{"speaker":"Morten Weea","startTime":1877.8,"endTime":1882.54,"body":"or another because they, they"},{"speaker":"Morten Weea","startTime":1882.54,"endTime":1885.12,"body":"may, they will get it now. Yeah,"},{"speaker":"Morten Weea","startTime":1882.54,"endTime":1885.12,"body":"but they make zero days, and"},{"speaker":"Morten Weea","startTime":1885.12,"endTime":1888.66,"body":"they exploit zero days, and they"},{"speaker":"Morten Weea","startTime":1885.12,"endTime":1888.66,"body":"get in and get information. And"},{"speaker":"Morten Weea","startTime":1888.66,"endTime":1892.14,"body":"then you need the visibility to"},{"speaker":"Morten Weea","startTime":1888.66,"endTime":1892.14,"body":"see them and know what's going"},{"speaker":"Morten Weea","startTime":1892.14,"endTime":1897.57,"body":"on. And maybe learn from that"},{"speaker":"Morten Weea","startTime":1892.14,"endTime":1897.57,"body":"attack to later. So we don't"},{"speaker":"Morten Weea","startTime":1897.57,"endTime":1901.8,"body":"have to build enough preparation"},{"speaker":"Morten Weea","startTime":1897.57,"endTime":1901.8,"body":"to withstand the nation state"},{"speaker":"Morten Weea","startTime":1901.8,"endTime":1906.48,"body":"because you can can't do it."},{"speaker":"Morten Weea","startTime":1901.8,"endTime":1906.48,"body":"More or less. But you could pick"},{"speaker":"Morten Weea","startTime":1906.48,"endTime":1912.21,"body":"off a lot of the less advanced"},{"speaker":"Morten Weea","startTime":1906.48,"endTime":1912.21,"body":"attackers. But the DDoS is"},{"speaker":"Morten Weea","startTime":1912.24,"endTime":1916.89,"body":"mitigated fairly easy."},{"speaker":"Morten Weea","startTime":1912.24,"endTime":1916.89,"body":"ransomware Well, it's not he's"},{"speaker":"Morten Weea","startTime":1916.89,"endTime":1922.11,"body":"not necessarily prevented. But"},{"speaker":"Morten Weea","startTime":1916.89,"endTime":1922.11,"body":"it's the consequences can be"},{"speaker":"Morten Weea","startTime":1922.11,"endTime":1927.24,"body":"prevented that you just Backup"},{"speaker":"Morten Weea","startTime":1922.11,"endTime":1927.24,"body":"and Restore. And, you know, time"},{"speaker":"Morten Weea","startTime":1927.24,"endTime":1931.98,"body":"before the ransomware existed in"},{"speaker":"Morten Weea","startTime":1927.24,"endTime":1931.98,"body":"network. So yeah, you have to do"},{"speaker":"Morten Weea","startTime":1932.01,"endTime":1936.27,"body":"that kind of preparation. And"},{"speaker":"Morten Weea","startTime":1932.01,"endTime":1936.27,"body":"also you should practice,"},{"speaker":"Morten Weea","startTime":1936.51,"endTime":1941.43,"body":"practice a lot, tabletop"},{"speaker":"Morten Weea","startTime":1936.51,"endTime":1941.43,"body":"exercises, role playing, red"},{"speaker":"Morten Weea","startTime":1941.43,"endTime":1947.58,"body":"teaming, if you if you're"},{"speaker":"Morten Weea","startTime":1941.43,"endTime":1947.58,"body":"advanced, play around, have fun."},{"speaker":"Morten Weea","startTime":1948.03,"endTime":1953.04,"body":"It's when when people come"},{"speaker":"Morten Weea","startTime":1948.03,"endTime":1953.04,"body":"together and pretend they're the"},{"speaker":"Morten Weea","startTime":1953.04,"endTime":1957.36,"body":"bad guys, you can see the"},{"speaker":"Morten Weea","startTime":1953.04,"endTime":1957.36,"body":"imagination of your employees,"},{"speaker":"Morten Weea","startTime":1957.42,"endTime":1963.9,"body":"at least, usually when I was"},{"speaker":"Morten Weea","startTime":1957.42,"endTime":1963.9,"body":"going around and doing and doing"},{"speaker":"Morten Weea","startTime":1963.9,"endTime":1970.5,"body":"it. revisions audits are my"},{"speaker":"Morten Weea","startTime":1963.9,"endTime":1970.5,"body":"final question to my oddities"},{"speaker":"Morten Weea","startTime":1970.5,"endTime":1976.17,"body":"where if you were the bad guy,"},{"speaker":"Morten Weea","startTime":1970.5,"endTime":1976.17,"body":"and you had to do an attack"},{"speaker":"Morten Weea","startTime":1976.2,"endTime":1981.36,"body":"right now, what would you do,"},{"speaker":"Morten Weea","startTime":1976.2,"endTime":1981.36,"body":"and the competence and inside"},{"speaker":"Morten Weea","startTime":1981.36,"endTime":1986.25,"body":"knowledge that most of these"},{"speaker":"Morten Weea","startTime":1981.36,"endTime":1986.25,"body":"employees had led them to, you"},{"speaker":"Morten Weea","startTime":1986.25,"endTime":1992.82,"body":"know, make up this extreme path"},{"speaker":"Morten Weea","startTime":1986.25,"endTime":1992.82,"body":"of exploits that could just ruin"},{"speaker":"Morten Weea","startTime":1992.82,"endTime":1996.96,"body":"the entire company in minutes,"},{"speaker":"Morten Weea","startTime":1992.82,"endTime":1996.96,"body":"because they knew where all the"},{"speaker":"Morten Weea","startTime":1996.96,"endTime":2002.48,"body":"holes were and where the"},{"speaker":"Morten Weea","startTime":1996.96,"endTime":2002.48,"body":"vulnerabilities were. And, and"},{"speaker":"Morten Weea","startTime":2002.48,"endTime":2005.36,"body":"having that competency within"},{"speaker":"Morten Weea","startTime":2002.48,"endTime":2005.36,"body":"your own organization and"},{"speaker":"Morten Weea","startTime":2005.36,"endTime":2011.09,"body":"letting them partake in a in a,"},{"speaker":"Morten Weea","startTime":2005.36,"endTime":2011.09,"body":"you know, exercise could give"},{"speaker":"Morten Weea","startTime":2011.09,"endTime":2014.78,"body":"you valuable information. And"},{"speaker":"Morten Weea","startTime":2011.09,"endTime":2014.78,"body":"then it should just work with"},{"speaker":"Morten Weea","startTime":2014.78,"endTime":2020.24,"body":"whatever information you get"},{"speaker":"Morten Weea","startTime":2014.78,"endTime":2020.24,"body":"from the practice, and prepare,"},{"speaker":"Morten Weea","startTime":2021.71,"endTime":2022.76,"body":"either digitally,"},{"speaker":"Robby Peralta","startTime":2023.08,"endTime":2025.57,"body":"I've done that"},{"speaker":"Robby Peralta","startTime":2023.08,"endTime":2025.57,"body":"tabletop exercise, when I was"},{"speaker":"Robby Peralta","startTime":2025.57,"endTime":2029.17,"body":"22. I was at my one of my first,"},{"speaker":"Robby Peralta","startTime":2025.57,"endTime":2029.17,"body":"it was at ISF and was one of the"},{"speaker":"Robby Peralta","startTime":2029.17,"endTime":2033.01,"body":"first security conferences that"},{"speaker":"Robby Peralta","startTime":2029.17,"endTime":2033.01,"body":"I was at. And the guy just"},{"speaker":"Robby Peralta","startTime":2033.01,"endTime":2036.1,"body":"looked at me. His name is Hans"},{"speaker":"Robby Peralta","startTime":2033.01,"endTime":2036.1,"body":"Peter. He was like that was his"},{"speaker":"Robby Peralta","startTime":2036.1,"endTime":2038.53,"body":"job. His main thing was to do"},{"speaker":"Robby Peralta","startTime":2036.1,"endTime":2038.53,"body":"these tabletop exercises really"},{"speaker":"Robby Peralta","startTime":2038.53,"endTime":2042.37,"body":"good at it. He looked at me and"},{"speaker":"Robby Peralta","startTime":2038.53,"endTime":2042.37,"body":"he was like, you're the CEO. I"},{"speaker":"Robby Peralta","startTime":2042.37,"endTime":2044.68,"body":"almost cried that day. Because"},{"speaker":"Robby Peralta","startTime":2042.37,"endTime":2044.68,"body":"the whole room people watching"},{"speaker":"Robby Peralta","startTime":2044.68,"endTime":2048.73,"body":"you and making bad decisions is"},{"speaker":"Robby Peralta","startTime":2044.68,"endTime":2048.73,"body":"really intense. So it's, it was"},{"speaker":"Robby Peralta","startTime":2048.73,"endTime":2050.26,"body":"fun to look back and I learned a"},{"speaker":"Robby Peralta","startTime":2048.73,"endTime":2050.26,"body":"lot."},{"speaker":"Morten Weea","startTime":2051.1,"endTime":2055.36,"body":"So yeah, it's a"},{"speaker":"Morten Weea","startTime":2051.1,"endTime":2055.36,"body":"safe environment of messing up"},{"speaker":"Morten Weea","startTime":2055.54,"endTime":2060.64,"body":"and doing the wrong things. As"},{"speaker":"Morten Weea","startTime":2055.54,"endTime":2060.64,"body":"long as you're not you don't"},{"speaker":"Morten Weea","startTime":2060.64,"endTime":2064.63,"body":"have a culture of exposing those"},{"speaker":"Morten Weea","startTime":2060.64,"endTime":2064.63,"body":"kind of people punishing them,"},{"speaker":"Morten Weea","startTime":2064.78,"endTime":2070.21,"body":"but rather learn from what they"},{"speaker":"Morten Weea","startTime":2064.78,"endTime":2070.21,"body":"have not done the right way."},{"speaker":"Morten Weea","startTime":2070.66,"endTime":2074.47,"body":"Then you could improve the"},{"speaker":"Morten Weea","startTime":2070.66,"endTime":2074.47,"body":"process or whatever, to make"},{"speaker":"Morten Weea","startTime":2074.47,"endTime":2077.95,"body":"them do it right the next time."},{"speaker":"Morten Weea","startTime":2074.47,"endTime":2077.95,"body":"Because if there's something"},{"speaker":"Morten Weea","startTime":2078.49,"endTime":2082.03,"body":"someone that makes a mistake,"},{"speaker":"Morten Weea","startTime":2078.49,"endTime":2082.03,"body":"yeah. Rarely does is making the"},{"speaker":"Morten Weea","startTime":2082.03,"endTime":2086.41,"body":"same mistake again. So if they"},{"speaker":"Morten Weea","startTime":2082.03,"endTime":2086.41,"body":"already did it in a safe"},{"speaker":"Morten Weea","startTime":2086.41,"endTime":2089.02,"body":"environment, and they're"},{"speaker":"Morten Weea","startTime":2086.41,"endTime":2089.02,"body":"probably not going to do it."},{"speaker":"Morten Weea","startTime":2089.59,"endTime":2093.64,"body":"Hmm. When the when it gets"},{"speaker":"Morten Weea","startTime":2089.59,"endTime":2093.64,"body":"serious, huh. Awesome."},{"speaker":"Robby Peralta","startTime":2093.69,"endTime":2096.27,"body":"Well, Morten,"},{"speaker":"Robby Peralta","startTime":2093.69,"endTime":2096.27,"body":"thank you. Thank you for sharing"},{"speaker":"Robby Peralta","startTime":2096.27,"endTime":2099.84,"body":"your knowledge. I we had like"},{"speaker":"Robby Peralta","startTime":2096.27,"endTime":2099.84,"body":"some sort of a script but I"},{"speaker":"Robby Peralta","startTime":2099.84,"endTime":2100.5,"body":"don't know where it went"},{"speaker":"Robby Peralta","startTime":2107.02,"endTime":2109.42,"body":"Well, that's all"},{"speaker":"Robby Peralta","startTime":2107.02,"endTime":2109.42,"body":"for today, folks. Thank you for"},{"speaker":"Robby Peralta","startTime":2109.42,"endTime":2112.33,"body":"tuning in to the mnemonic"},{"speaker":"Robby Peralta","startTime":2109.42,"endTime":2112.33,"body":"security podcast. If you have"},{"speaker":"Robby Peralta","startTime":2112.33,"endTime":2115.21,"body":"any concepts or ideas that you"},{"speaker":"Robby Peralta","startTime":2112.33,"endTime":2115.21,"body":"would like us to discuss on"},{"speaker":"Robby Peralta","startTime":2115.21,"endTime":2118.18,"body":"future episodes, please feel"},{"speaker":"Robby Peralta","startTime":2115.21,"endTime":2118.18,"body":"free to send us an email to"},{"speaker":"Robby Peralta","startTime":2118.18,"endTime":2122.2,"body":"podcast@mnemonic.no. Thank you"},{"speaker":"Robby Peralta","startTime":2118.18,"endTime":2122.2,"body":"for listening, and we'll see you"},{"speaker":"Robby Peralta","startTime":2122.2,"endTime":2122.65,"body":"next time."}]}