Video

Thank you. This was very helpful!!

This was a good one!

Thank you.

Thanks to everyone who attended and took something away from this webinar!

been seeing a ton of water treatment plant attacks lately...ps this panel is stacked!

Would it be best to consult (provide implementation services) first before becoming as assessor?

Where is the slide, please?

United Healthcare has 490 billion invested. Why? Who is really involved? Poor and middle class people aren't getting it. That's for sure.

Love the festive kraken Jake!

Hi, awesome content. Thank you. What platform did you use for the video?

Thank you! This was very helpful. I have an interview for a job that provides SOCaaS.

Surprised that this channel isn't more popular. Thank you for yet another good video.

Targarian AI FTW

Promo SM 😌

possible to get the link to the excel sheet Michael shared?

Big thanks! Once again, the CI team pulls together to help us all stay informed with sage advice and knowledge. As stated, this is not the end of this threat. Be vigilant.

Great discussion! Listened live

Hi, I want to get trained for and sit the CMMC certification exams. Please, how do I go about it?

Great webcast!

I figure how you two pay for your leafy lifestyles must have something to do with government grants, which of course do not require any actual services rendered or results delivered, only documentary fiction meant to make it appear as though you were ever qualified or equipped to produce anything other than a completed grant application. Nice un-work if you can get it; or it must be, since plenty of hot-air peddlers of your variety are riding that particular gravy train. (And I know you got my other messages, and have a pretty solid hypothesis on why you refuse to act on them.)

interesting topics, ty guys

Will there be a cap on the # of CCA & CCPs?

Thanks guys

Mike was on fire as usual!

To be fair, Mike had a pretty good kicker last week. The one about the privacy institute

Hello there world, I started the course online today and we will be digging into it as of Thursday. I can use any help if you don’t mind sharing

very important content.

Excellent talk

Star Trek Lower Decks for me 😊

Once the entire human experience had been turned over giddily and thoughtlessly to a vast mechanism of printed circuits without which ordinary human life is now regarded as inconceivable, this made it inevitable that continual threats to America's IT systems from multiple actors would by 2022, with a war on and all, be an easy selling point for continual and expanding federal intervention in order to protect them. And, by all appearances thus far, the rights of the people be damned.

Mike going to country music? What the heck! The rest of critical insight was good stuff.

As a survivor of the 20th century and the complete abandonment of an entire analog way of life which was overrun within a single generation by all this IT gimmickry, it appears to me that the potential for an analog component to the question of cybersecurity tends to be ignored. The overall purpose of any security for any enterprise is to protect that enterprise as a whole, whereas it looks like the cybersecurity philosophy limits itself to questions of whether the IT is secure or vulnerable or under attack, but does this obscure the potential for leaks and vulnerabilities themselves having nothing at all to do with the integrity of an IT system? As an example, here in Oklahoma, both State and local officials conduct official business on private cell phones so routinely that the bureaucracies' only answer to this behavior is 'it's fine, we do it all the time.' And in what amounts to a party-state run by the OKGOP establishment without appreciable opposition at any level, all the negligence and complacency and personal opportunism you might expect out of any party-state are plainly in evidence here. The official world here seems to take on faith (!) its own infallibility and invincibility, and upholds this posture as an official persona, there is a 'perfectly reasonable explanation' for everything, and the State is never, ever in the wrong, according to the State. Meanwhile, its IT systems leak like sieves, but the holes are not in the systems themselves, but rather the lax and self-assured attitudes of official employees who barely even have any concept of any kind of threat if it is not a direct threat on their own lifestyles and suppositions. If a potential issue raised by the citizenry does not appear to be a threat to the monopoly on power or the careers of particular officials, then that issue is simply ignored. Oklahomans are very, very skilled at changing the subject or just ignoring someone when what they say is not what someone wants to hear; it runs in the very fabric of how life is lived here. Folks apparently believe this is good manners. Oklahoma's vulnerabilities to 21st century threats are exacerbated by its apparent indifference to the prospect of actually joining the 21st century, beyond an infantile attraction to every new gimmick that comes on the market. But the only way this vulnerability is ever going to be proven to these dunderheads is when someone or some thing actually renders catastrophic damage to its government's systems. At which point the feds will take over, call it 'national security', and the Tenth Amendment is a thing of the past along with the rest of the rapidly-vanishing Bill of Rights. Maybe Oklahoma's government should just turn some of these toys off for good, while they still can.

Bjorn! Way to go calling out having to being able to understand the IT and Industrial system itself. I passed this video over to my former employer.

Yet another example of the federal establishment's continual long-term quest to eliminate 10th Amendment local self-governance outright, by funding and task-forcing State authorities into 'compliance' with ever-expanding federal requirements which essentially reduce State sovereignty to a kind of obedient provincialism. Current circumstances in eastern Europe (etc) continue to provide ready rationales for a federal posture of permanent emergency, which serves as an adaptable template for the engineering of endless federal incursions into State and local law enforcement, jurisprudence and regulatory application: the old catchall of 'national security' being stretched ever further to eventually include every detail of every American life's being regarded as potential evidence, merely awaiting appropriate casework to plug it into. Programmatic justice on a nationwide scale, flying first in the face of, and eventually out of the reach of, any residual notion of constitutional civil liberties, has long been the primary objective of the bloated and permanently entrenched federal establishment. None of this epic crusade toward eventual total DC hegemony over every aspect of American life has ever had anything to do with partisan politics or factional alignments. The DC regime is a faction unto itself, geared primarily toward the eventual aim of being a law unto itself, and being the only law there is. States do business with the DC machine at their extreme peril: any asset, program, budget or work force a State might regard as its own affair to govern can be and in time will be over-run by this strategy of fund-then-hijack which the DC executive branch has used, for generations, to reduce State governing powers to federal policy implementations required of DC's subordinate provinces, irrespective of the electoral or legislative preferences exhibited within any State. 'Cybersecurity' is just the latest in a long series of jingles deployed, in order to soften the countenance of what amount to, again and again and again, federal-executive Enabling Acts designed to erode civil liberties still further, in order to remove them as obstacles to continued expansion of programmatic DC powers. In the case of the matter at hand, the State of Oklahoma's prosecution service, its District Attorneys Council, may labor under an illusion for the time being of having its own way with all these networked surveillance systems it now aims at random citizens for its own murky ends; but in coming weeks and months may discover that the USDOJ and other federal entities may have uses of their own for all this DAC/UVED spy equipment, and perhaps even more so for all the data already generated and stored over the more than three years' time the program has been up and running. In short, when I applied for a driver's license in Oklahoma, I never signed some agreement that any information the State might manage to gather about my personal movements, by any means it has in its capabilities, might one day become part of some vast collection of personal, federal, dossiers kept on the citizenry in general. So I stopped driving automobiles altogether. The State has made the activity untenable for me with its experimental surveillance project, and may well end up being compelled for grant funding's sake to turn over every bit of intelligence it has gathered on me to some federal 'task force.' If this program is not shut down immediately, it is only a matter of time before it becomes just another outpost of federal surveillance powers, to be used for any purpose at any time in the future. How any of this careless playtoy foolishness, of pointing cameras at passersby and then seeking to extort them, was ever meant to serve or protect Oklahoma, escapes me. But what all this data thus generated, for no good or legally defensible reason in the least, might come to be used for in the future, and by whom, is a matter of conscience and civic duty right now, to all those who have enabled this UVED program, and all those who continue to allow it to operate.

Always enjoy the weekly updates. One suggestion, could you please get rid of the old CI Security youtube channel? I always end up on that wrong channel when looking for this one. :)

Hi, during the webinar . You mentioned the DOD CIO has mentioned that every one holding CUI at level 2 will undergo third party assessment. This is different from what I previously understand where only some vendors holding critical CUI at level 2 will undergo C3PAO assessment. Could you provide me link to where DOD CIO have mentioned this. Thanks

Very interesting thanks.

Isn't Jayke one of Will Smith's kids?

Would be lovely if we could afford that 24/7 monitoring...

Not a lot of specifics other than best practices. Ilo has not been on an add-in card in like two decades, it's on the motherboard.

If folks are interesting in reading more about a "Black Swan" this is a good book: www.thriftbooks.com/w/the-black-swan-the-impact-of-the-highly-improbable_nassim-nicholas-taleb/246328/#edition=5465404&idiq=4405987

So this is interesting. The huge Microsoft patch which addresses lots of vulnerabilities.. do not resist, except on domain controllers. One problem I discovered the hard way: it will HOSE your domain controllers. Do NOT install the latest update on your DCs. Must resist. It will apparently also screw up Hyper-V hosts too. It caused my DCs to boot up, 2 minutes later basically BSOD .. forcibly reboots. Both physical and virtual machines it happened. Thankfully I know better than to patch all DCs at once, so I still had a good one while I spent hours trying to uninstall the patch. There's a big reddit megathread in r/sysadmin. MS has only changed the status to 'investigating'. Anyway.. glad we could beta test the patches for MS. Looks like it's gonna be another month before we can patch the DCs.

How long could this have been exploited before detected? Does it go back to a particular patch?

Thanks. It's going to be a wild ride!

Thank you, great overview and very good explained

For someone who recently moved from technical to management side it was really informative and helpful.

Amazing video Saludos From mexico

Sound levels are bad and unequal. One guy’s volume is so low and mumbling. When I turn up the volume so I can hear him properly, I get blasted by the sound from the second guy.

I really wish someone could refer me to a step by step guide for setting up a Windows logging server for the small shop solo sys admin types like me. With details what to log on and how long. I run 30 Windows servers. Obviously there's a wide range, of things one could log and for how long but even an example of setting a decent baseline. I have a couple spare Windows servers with lots of storage I could use for a log aggregator.

Thank you for pointing out how many consultants suck taxpayer dollars up without actually solving problems or fixing anything. They also make great scapegoats for leadership when a technology initiative fails so government loves them. Unlike a managed service, consultants don't have any stake or incentive for long term success. In my opinion, they usually get paid confiscatory amounts of money to write long-winded documents stating the obvious.