Our C-level Friend

We all have a friend that’s made it to the upper echelons of success, they’re a C-level exec. They’re the ones with the tailored suit, VIP passes, and corporate cards that can help out friends in need.

But sometimes you do wonder how they ended up in the position they’re in – as did Kav, who told us all about Randy and their C-level friend Jhom. (names have been changed to protect the guilty innocent.) 

I have people to do that for me

Jhom likes to talk about technology, like how a shark talks about dental hygiene. Sure, it’s probably a concept the shark understands, but there’s no way it could hold a toothbrush in its fins.

Whenever called out about his lack of hands-on technical skills on any system after 1991 Jhom responds with, “I don’t need to know how to do that, I have people to do that for me.”

Social media what?

Jhom doesn’t know how to use social media. The only people that don’t use social media are people in prison without access to the internet, or members of weird religious cults.

For many years Randy and I told Jhom he should create a Facebook account to at least secure his identity. When he failed to do so, some unknown people setup a Facebook account under his name.

These people would post on Jhom’s behalf, made a whole bunch of new friends, as well as connecting with some old school friends.

Luckily, before things got out of hand, Randy and I were able to track down the culprits and gain access to the account before handing control over back to Jhom. I shudder to think what would have happened had we not been there to watch his back.

Instead of being thankful Jhom accused us of being behind the account all along.

If that’s how he treats his friends, I’m glad we don’t work for him.

Fanboi

Jhom refuses to own any electronic device that isn’t made by Apple. He believes linking all his devices through iCloud is the height of convenience.

One time, in a WhatsApp group chat, Jhom disclosed he wasn’t aware of what a “meme” was. For the sake of education, Randy and I started sending photos of “infosec memes” to Jhom – not realising that autocorrect had changed “infosec” to something else.

These somewhat unsavoury photos ended up in Jhom’s iPhone, and synched to his photo library, from there they were synched to his iCloud account. The photos in his iCloud account was used by his AppleTV box as a screensaver on his television at home.

Fortunately Jhom was working at home and valiantly jumped over the coffee table to rip out the cables to the TV before his wife and kids came into the room.

His shin hurt for a few days, but he learnt a very important security lesson that day.

Presentations

Despite only having 3 stories, Jhom is a rather competent speaker who knows how to work a crowd.

What he isn’t good at doing, is remembering to turn his phone off, or disabled notifications on his Apple Watch before going up to present.

Whenever Randy and I know Jhom is on stage, we start a barrage of calls and texts to remind him to turn his devices off.

We’re just nice people like that.

Hold my phone

Because we continually remind him to disable his phone during presentations, one time Jhom left his phone with Randy and I before going up to do a presentation.

While Jhom has a passcode on his phone, the camera was unlocked. So, we decided to take a bunch of selfies and weird photos for the full 60 minutes that Jhom was on stage.

We’re sure Jhom’s family was delighted to see our smiling faces on their AppleTV screensaver.

Podcast editor

We started the Host Unknown podcast three years ago. After a hugely successful pilot podcast, we recorded the second episode which Jhom said he would edit by the end of the week.

We’re still waiting for the final product. I sure hope he doesn’t deliver security initiatives with the same enthusiasm!

Hold my phone again

One time at RSA in San Francisco, Jhom and I were at an evening event. He left his phone on the table at some point and I thought I’d check to see if he’d secured his camera. Which to his credit he had.

So, I thought I’d check to see if Siri was disabled, unfortunately it was not. To test it out, I said, “Siri, send a text to my wife saying, I’m ever so sorry, please forgive me, I love you.” By accident Siri actually sent the message to Jhom… waking up his wife in London at 3am.

Clearly that was Siri’s fault, and nothing to do with me – and Jhom’s learnt about different threat vectors. 

Brutal Feedback

Jhom doesn’t mince his words. That’s not to say he’s a rude person – but if he feels like you did a bad job, he’ll tell you to your face. He won’t anonymously leave negative comments, and he certainly won’t shy away from a difficult conversation.

But perhaps more important than that is that Jhom is also very welcoming of brutal feedback. He understands how to separate the person from the problem, not afraid to admit when he’s wrong – and take steps needed to fix any issues.

And that, maybe, is why he’s far better-suited to being a C-level exec than I am.

Bugger… oh… Congratulations Melissa!

We sat with the tension of an Australian entertainer looking forward to the morning’s Daily Mail until late Wednesday night as we awaited the results of the pwnie.com awards. We nursed our coco/vodka/champagne (Jav/Andrew/Thom( respectively) as the news trickled in.

We had a few key people on the scene, recounting the experience to us.

BuZjTV-IUAAFqRO.jpg-largeGiven the competition, we had the champagne on ice, the shisha warmed, and the alarms set (we were after all operating in the much more civilised Greenwich Meantime).

Given the timezone differences though, we went to bed, and set our Google Alerts for the impending winning announcement.

Bugger.

joey-loses-award-o

We awoke to the news that we hadn’t won. Unfortunately our beautifully coloured, tempo’ed, written and choreographed song didn’t tweak the judges auditory senses as much as the dulcet tones of @0xabad1dea with a beautifully timed Christmassy SSL thematically themed jingle.

We are gutted, but happy for the ultimate winner (of course).

Congratulations @0xabad1dea / Melissa, you were a worthy opponent.

RSA Europe has them now, part 2: dirty clothing causes problems

Following on from last weeks post, our legal team flagged this message to us. As such we are once again forced to reissue our statement that the actions of these individuals does not represent the views or opinions of Host Unknown.

HU RSA teaser 02Stay tuned for their full report on their time in Amsterdam, because they really do have some explaining to do.

Host Unknown Caption Competition; and the winner is…

Last week we announced an impromptu caption for a picture taken of our three presenters during one of their planning sessions. We were inundated with entries, and not surprising since the prize is an exclusive Host Unknown gift!

And now to announce our winner. Our heartiest congratulations go to @InfosecGeekLady, with the following:

HU Caption Winner

We will be sending your prize out very soon @InfosecGeekLady, we hope you like it!

Here is a selection of the very best of the other captions submitted, and thank you to everybody who took part and kept the boys feeling loved.

submitted by @GeekChickUK

“and you think we know what we’re talking about? Hehehe”

submitted by @atarii

“and then he said it must be in the flash controller… he still doesn’t realise it was just me with an infected floppy disk!”

submitted by @NodeZero_Linux

“and then he said CISSP is useful”

submitted by @wimremes

“Did you say PCI 3.0?!?”

submitted by @k3r3n3

“no one is reading your emails. we were only looking at metadata”

“sure we pay bug bounty fees – with a McDonald’s gift card!”

submitted by @infosecmo

“so a cyber, APT and cloud walk in to a bar…<redacted>…”

submitted by @krypt3ia

“and the ‘Most Creative manscaping’ award goes to…”

submitted by @_hoolers

“@ThomLangford & @sirjester get to see @J4vv4D’s new infosec rockstar moped”

Hoolers Scooter