What Game of Thrones Can Teach Us About Cyber Security

Dr Gerald oer let's give him a round of applause awesome all right thank you everybody for coming out today very excited to talk to you a lot of uh old friends uh that I recognize and a bunch of new ones that I'm hope to meet but today what I wanted to talk about was what Game of Thrones can teach us about cyber security now a little bit about me before we get into it some of you may know me some of you may not allow me to introduce myself um I currently run a a YouTube channel but it's grown into a much larger uh community of inclusion and support and it's all about cyber security and Good Times called simply

cyber uh encourage you to check that out also as you can see from the merch I'm wearing right now we are actually hosting our first cyber security conference which will be virtual which means all of you can absolutely attend this Wednesday so the timing is quite nice encourage you check that out and I teach at the Citadel and I have a family my two boys are right here in the front row which is really really cool thanks and if you want to connect with me at all simp simply cyber. socials has like everything that I do so you can connect with me there okay so why are why why did I choose this talk by the way first

keynote ever which is like pretty cool like a career achievement unlock type thing I was thinking you know when I I've been in the industry 20 years and when I think about like watching a TV show or a movie or hear a song or see something in in life that has nothing to do with cyber security I commonly think like oh like you know a PE control there would have stopped that you know like they obviously didn't do background screening on that dude right so what I was thinking you know what would be really cool taking something that's so um iconic and so immersed in our society and some some of the young people unfortunately someone brought this to my

attention yesterday some of the younger people uh may not even know what Game of Thrones is so I'll do my best to bring it bring you all up to speed but I feel like Game of Thrones has a lot of opportunity and there's so many parallels which we will go through here today between what happened in Game of Thrones and real life and cyber security and the idea here is that with the power of Storytelling I can tell you like a million times over not to tell a lie right but if you like all of us know the story of the little boy who cried wolf right like it's it's burn burned in our mind so the power of Storytelling has

the ability to convey Lessons Learned and be able to translate it and make it applicable for ourselves now this talk in my mind is geared for people who are breaking into the industry people who are new in the industry but even people that have been working in the industry for a very long time some of you very uh you know gray in the hair right like I you will empathize with this you will hear these stories and be like absolutely Jerry like 100% might even get a preach in the back row back there okay so that is what I'm trying to do and who I'm trying to approach and please take some of the Lessons Learned

I give you in this um because there's there's so many things that like you never you will never ever ever learn in a textbook right you can go to a million classes but the way that the CFO is like fidgeting in a meeting and not talking about not like undermining your agenda and not giving you budget and stuff like you're never going to read that in a textbook you have to learn it so by learning from other people first you don't have to make those uh mistakes okay so obviously real quick is anyone here not seen Game of Thrones but has a desire to see it at some point because I'm going to destroy every spoiler all right I'm sorry boys

okay my two kids are the ones who I'm going to ruin okay that's very uh game of throny okay all right so just as a very very very quick I mean it's like eight books 5,000 pages eight seasons like I'm going to compress it into 30 seconds this is This Magnificent world of um well not Westeros but the world that George R Martin built for Game of Thrones effectively think of it as like North America South America Europe and Asia right I mean he kind of borrowed um most of everything happens over in the North American space seven families waren factions political agendas there's this like Undead Zombie Nation thing going on up at the top um and but

they're in fighting all over the place sounds a lot like a business right so that's what that is now I've broken the talk up into like categories first we'll be talking about different roles and how they apply we'll look at characters in Game of Thrones and you'll be able to immediately see uh how they applied to different roles in industry and in business then we'll go through process capability uh the case study is no longer here I scrubbed it for the sake of time and then I'm huge on Career growth Career Development helping people level up their career what's up Joseph so I put a bunch of slides in here on on Lessons Learned for career okay so let's

introduce our players in the Game of Thrones Ned Stark right first guy you meet in the in the show Wicked awesome he's got high integrity you know he he follows the rules 100% he Winter's coming like that's that's like their motto at Stark house right they're just like we're always on the um we're always ready for whatever right this is like the cisa okay so obviously I'm super biased right because I think that information security is high integrity right we we're always prepared but he's the head dude so he's the siso right he's always worried about threats are coming winter is coming cyber threats right like all day every day we're constantly like basically um Manning the wall if you

will however I don't know if you guys know Joseph Sullivan here uh part of the problem is because of that high integrity Joseph Sullivan was the ciso at Uber um he got thrown under the bus by the executives of uber he was found guilty of I can't remember what the actual crime was he he didn't actually go to jail but um basically Uber got hacked and he made like a backd door deal with the hackers paid him off and said don't tell anyone and the hackers said we won't tell anyone like of course they immediately told everyone and uh it was a shareholder SEC thing so he got really really screwed by that but it's

the same with Ned Stark Ned Stark basically found out that you know Cersei was doing some weird things with her brother and you know situation was bad and he's like oh you have to tell everyone I'll let you do it like you take the high own she's like absolutely and then she basically had him framed and then and then executed right so kind of similar uh to what happened the our friend Joseph Sullivan but political intrig um allies turning on you cesos need to be mindful right if you're going to go that path it's it's a lonely road and philosophically we could talk over a coffee later of the question is is a ciso accountable or is a ceso

responsible for information security in business if a business gets breached is the ceso actually should they be blamed or they just an adviser to the business I'm I'm a huge advocate of the adviser to the business I don't know that's so I can like shun responsibility but that's that's what I think then we got our kind of um antagonist in the story Cersei Lannister I already covered her little exploits with her brother um but she represents everything like the master Game of Thrones player she's ambitious she Maneuvers she she takes advantage of every opportunity she sees a threat like Ned Stark the ceso and she has him removed basically from the board uh talking about budget power play she

controls remember the house of Lannister was all about straight cash right so they could you know maneuver they could buy people off sell swords she was a political Mastermind much like our Business Leaders now you know political Mastermind and Business Leaders you may want to put a green assault on that because there Business Leaders come in different shapes and sizes but if you think about the Business Leaders in our environment I'm talking the CEO the CIO who's often the CES so's boss the CFO who holds the money which you need in order to get your projects funded VCS if they get you know their hands into the mix they are very much involved in the power dynamics and

sabotaging agenda so like you might have this great idea like oh man like we're going to roll out Network segmentation right like massive opportunity we're going to roll it out risk reduction all this and then you either don't get funding or they're like oh yeah we absolutely fund it but we're going to have the networking team actually Focus on VPN cuz we're you know because of post-pandemic Co we need them to focus on that so you can roll out Network segmentation but you don't get any like support from the networking team which basically means you're not going to roll out Network segmentation like it's a fun it's a fun idea but you're going to fail

so what I want to share with you is the power of Partnerships okay like I'm not saying you need to like like bring a dozen donuts to the CFO and like buddy buddy and Chum up but what I would say is when opportunities present themselves that better serve the business leaders than they serve you you should absolutely take advantage of those because at some point you're going to need to go to that business leader or Business Leaders and have them be a champion and on your side and this is basically like the power of networking you aren't you want to pay into that bank basically so at the one time you need to pull out of the bank you have an

ally you have a champion on your side who's at that business leader table and speaking for you because you know just as a quick aside I don't know if you guys have ever done this but like as a ceso or a business leader you can literally tell the business like guys we have massive problems we need to roll out MFA for example right that would be tragic not to have MFA or multiactor authentication and they're like yeah like that's a lot of noise but then you hire a consultant to come in they're like yeah you really got to roll out multiactor authentication the business is like yeah yeah you know what that sounds right why don't we do that so

power of Partnerships okay all right small Council I'm sure some of you some of you uh you know long in the tooth folks already know where this is going but the small Council was basically like the king's right- hand table of you know consigli Aries right the king's out there like you know dancing and shaking his butt and and doing like glad handing a you know shaking babies and stuff or not shaking babies you know what I mean shaking hands kissing babies I don't know in Game of Thrones maybe they were shaking babies but but but the small councils basically you know the CFO like the the chief Finance the master of coin I think

they call it the master of like War um you know the meister for you know kind of tutelage type stuff medicine whatever gen pop so this is what they do make key decisions very similar to and I'm sure many of you already see this one the board right not all organizations have boards right and the board could kind of fall into Business Leaders but if you are at an organization large enough to have a board the board members are typically older not always but typically older they come from a different generation they are not very very seldomly right like so this isn't a complete but I would say like 99% of the time they are not

Information Security Professionals often times they're not it professionals right so when they say things like what are we doing about AI like you're like oh my God like just can you pump the brakes on this for a second so but but they have the ability to set strategic direction for the business they have the ability to allocate resources and ultimately they are responsible for risk management for the organization so the one key thing I would say here is when you do talk to a board you typically get like five to 10 minutes max maybe one or two slides Max so drilling into like how sick like um like I don't know like Citrix bleed is is not a good idea like

they don't care they're going to tune out and be on their phone so you need high impact you need to speak their language you need to understand that to effectively communicate to the board or to people like that that that they care about money right so you need to talk in the frame of money uh which by the way in this Game of Thrones like money really did drive a lot of uh decision making quick shout out to Tyrion this is kind of a slide I threw in tyrion's my favorite character in Game of Thrones I think he's wicked cool I didn't have a direct correlation for Tyrion but I do as I think about my own career and uh

you know like Brandon's career back there like a lot of people are thrown in to a situation where it's like heyy we don't have an information security office but like you're information security now right so like you're a matrix network engineer and now all of a sudden you're responsible for infos SEC or some con consultant came in and said that you need to have somebody responsible for information security now because the insurance company said you have to have somebody responsible for information security so they hire one person and you're wearing a blue hat you're wearing a GRC vest you're talking to the business you're trying to do budgets and stuff you're responding to fishing emails and people clicking on

dumb stuff right so shout out to Tyrion cuz he really had very little going for him right I mean he was a Lannister which was wicked cool but he had like you know kind of a physical uh disability he got blamed for multiple murders right I don't know if you remember he got blamed for like killing bran then he got framed for killing Joffrey like poor guy didn't do any of that and he was a war hero and still got screwed over on that so if you do find yourself in a situation which you may very easily uh be underfunded underresourced underutilized leverage what resources you do have at your availability to the maximum okay like a new shiny like for

example a new shiny like poo Alto firewall or gigamon or whatever like yeah 200 Grand like yeah okay you get budget approv you throw it in the rack and there you go but do you have the manpow or person power to manage that system do you have the knowledge and expertise to even interact with that interface like oh it's a firewall is a firewall is a firewall yeah but interfaces are different the way that they work is it is it bringing like wildfire like real time automatic updates I don't know so before you get you know YOLO and go into like some piece of like expensive Tech leverage the things you have right there's a lot

of free technology out of there that you that you can use like security onion or the elk stack right and then you can use that money to get uh Professional Services to help you tune it up all right continuing with rolls a quick shout out to the OS Merchants this would be like Europe on the map if you call a couple side players but very interesting we had the iron bank of braavos right they they could fund things fund armies the golden company which was like basically a a you know a Professional Services Company um right I mean they were they were they were soldiers and then the Faceless Men which were like straight up

Assassins right super ba people all right to me these are security vendors and I I I know that I'm giving them a lot of credit vendors and I know there's some vendors in the room so I'm not trashing on you okay but like with the iron Bank of braavos if you did not pay when they said the check is due they would literally pull your resources and then fund your adversary to crush you okay to me this is a correlation right SAS products are awesome right the Cloud's going to save us we can scale up scale down save money CFOs love it ends up in reality costing more but we'll talk about that another time well with

SAS they can turn the water off they can turn the spet off right and like what are you going to do like pay your bill right when it's when it's on Prem it's a little harder for them to rip that out but um SAS no pay no play right um with the golden company I said IR response staff right our mandant are IR people they come in Pro services and then uh The Faceless Men I use Pegasus spyware uh NSO group right they want to be assassins they come in and we can have this specialized stuff so all right moving on White Walkers you guys thought I was going to leave these ones out okay

zombies um they're they're pretty cool um very shr in mystery no one really knows what they come from where they go they kind of like uh propagate and and and multiply somehow through some type of like magic or mysticism um and they're very deliberate like you know the the they're even though they're like Mindless zombies they're kind of controlled and they're kind of focused and they can be deployed in a very meaningful way to me these are arthri actors right whether they're APS or you know Romanian cyber criminals or just punks like Anonymous Sudan or something like that we don't know like one crops up we don't know about it until it crops up right we've got some thread actors

that re recur right so like like you know like reval gets taken down and all of a sudden you know a new like clop ransomware pops up and there's ttps that match but we don't really know what's driving this uh and where they come from even um like scattered spider I don't know if you've seen this one right scattered spider is the new one that hit MGM recently MGM Resorts but they're so arrogant they're like clearly young like 18 to 25 no offense to the 18 to 25y olds in the room but um typically thread actors that are older don't they don't brag as much okay but the the the thread actors um you could see oh I even added

botn Nets cuz botn Nets multiply wildly just like um the white walkers did okay so that's the rules let's talk about capabilities for a hot minute all right The Sparrows you remember this guy all right uh like Che he was basically the pope um for them The Sparrows were this religious sect they had like very little power very little they were like basically kneecapped uh at this point but Cersei Lannister thinking that she was like super awesome like weaponized The Sparrows gave them their faith militant back which was basically like the Knights Templar some type of like you know Army if you will uh religious sect and she thought that she was going to weaponize that that Army and

eliminate her adversaries unfortunately she she was fully compromised right if you guys remember remember um she got brought in for again the exploits that she had with her brother multiple times um and that was definitely not cool with the church and they became so powerful that she was no longer able to control them so what is this capability risk analysis yes GRC so check it out I love GRC that's a spoiler okay I love GRC I think GRC I'm trying to make it socially acceptable right red team and blue team you guys are so cool but like GRC is pretty good okay so let's think about for a second when cersei's like oh yeah you know what I can I can weaponize this

Faith militant and I can have an army for cheap right cuz I can control them she didn't do a risk analysis man she did not even think about the threat of them growing and being out of control right she misunderstood what motivated them she thought like she basically gives money to everyone right like a lot of people are financially motivated she pays them off she hires cell swords she wants someone to turn a blind eye she pays them off these money doesn't matter to these guys this guy didn't even take his bath the whole time he was on the show right he doesn't care about money so um I put over permissioned access for sure they were able to go

anywhere and everywhere they wanted um which by the way is a huge problem with Cloud um and in order to correct the problem it was a massive cost which I have a slide coming up in a minute so I won't ruin it although all of you probably remember how Cersei solved this particular problem okay all right yes this is this is what happens when you don't do a risk analysis you get drug out and and and yelled shame right all the all the cesos in the house who have had to do the Walk of Shame all right moving on capabilities the knights watch right talked about that white walkers up at the North I love this one and um like spoiler alert

any blue teamers in here are going to it's going to resonate with right now the knights watch when they when they join the Night's Watch it's like for life okay and they have this oath that they say and it's it's like their Pledge of Allegiance basically but parts of it that I've extracted here for the bullets I Am The Watcher on the wall so they're they're constantly watching right the horn that wakes the sleepers okay like when there's a problem they alert okay I'm seeing some parallels here right and then the shield that guards threats of Men We Are The Last Resort for mankind for the organization they are SE Ops okay the knight's watch is hands down

it's a such a parallel to the blue team okay they protect the organization like it or not this is this is the industry guys this is cyber security so you constant vigilance is like Paramount right you like I I know we take time off and we spend time with family but like if if the phone buzzes right I mean this is why some people don't want to do blue team operations because thread actors don't care if it's Christmas Eve thread actors prefer to attack on Long weekends Fourth of July and stuff because it's a softer Target right sovs does triage alert and respond of course and then threats are always evolving the key difference though I

want to point out says to not to deter some of the younger people in the audience like my boys from going into pck Ops the Night's Watch you were never allowed to leave okay like once you're in you're in for Life uh unless you find a loophole like John did and get killed and then resurrected but um set Ops you're allowed to leave okay you can punch out in fact for mental health it's actually encouraged you punch out and take a break okay uh pledging your life is optional you do not have to die in the sock all right that's okay and one of the things that they say in their chant or whatever is that we'll

we'll take no family we'll take no money we'll take no glory okay if you take down a threat actor and you save the organization from ransomware or you like defang something and you do something cool you absolutely should take take a lot of Glory you should be you should do a Victory lap around the room and you should definitely like at you know tell the ciso that like don't forget about this when it's time for uh pay raises buddy right so get the glory all right the Ian if you guys remember vyrian he was you know he was the weakest and kind of the the the smallest of all the dragons U Daenerys Targaryen had three

dragons right thean was the smaller one but he was still the dragon right that's still super cool uh he was wicked powerful he could you know he could fly obviously he could breathe fire on command which was wicked good he was in an advantageous weapon system I'll cover this a little bit more later but like if you have a dragon you can pretty much dictate what's going to happen next right like you are in command you have an advantageous weapon system unfortunately um the Zombie Nation there they threw like an ice bolt through his chest somehow and took him down and then resurrected him as a zombie so they were able to get him so they weaponized them

and we see this all the time with threat actors taking things that are like we are using as Defenders and as it infrastructure to deliver services and risk reduction to our organization and they weaponize it poers shell famously right right Empire the post exploitation framework is all in Powershell Cobalt strike is a popular One For Thread actors even though it's a legitimate commercial product thread actors can set up shell companies and get instances and stuff like that I do want to give a shout out because I didn't know about this um again I'm a GRC guy so you know you got you you blue teamers keep cool stuff away from us and red teamers but

uh LOL B- project that's living off the land binary application scripts d project in this website just is a list of things that are native to Windows systems and Linux systems that you can use to do privilege escalation exploitation persistence uh C2 uh stuff like that so this is like like obviously go to Simply cyber. socials to connect with me but if you take one thing uh that website is incredibly valuable if you did not know about it already the unsolid all right you guys remember this this was like the the army that like I think the guy like cut himself like on command like the these guys are loyal to unbelievably loyal like they don't even

have their own thoughts right uh the story writers did do a little bit with this guy where he started to get like a little romantic and having his independent thoughts and stuff but they're highly effective unwavering vigilance and their training was renowned it it like they train all the time consistent training as a capability is so valuable and I I just want to pause for a minute because I personally believe that information security awareness training is one of the three most like in in the realm of like Risk reduction to an organization right like high high value low cost information security awareness multiactor authentication and security operations like an MDR or IR something like that

are the three if I go into an organization before I even do a risk assessment before I see what the hell is sorry Kennedy before I before I see what's going on like that's that's what I do first those three things have to be in place and so when we think about the once a year PowerPoint right like that's not information security awareness that's actually kind of like sand in my shorts like it's annoying it's irritating no one wants it uh there are ways to do it but if we do end user awareness and focus security training like all of like us as practitioners going and learning how to use Splunk or going to a training to do Advanced

detection engineering and stuff like that like leveling up ourselves that is going to make us much more effective as a capability also don't sleep on table top exercises with ransomware the way it is you absolutely should be doing ransomware tabletop exercises with your business okay weapon systems advantages okay so this is Daenerys and most of us think of Daenerys Targaryen um in in scope of the um the dragons she had because they were so so powerful but I want to call your attention to these three particular instances the sacka asapur this is where she buys the unsolid from the um from the the people who train the unul whatever ever they're called the astorians I sure right so

they said we'll sell you the unul but it'll cost you one dragon and she's like ah these are my babies and they're like well that's the cost bro and she's like ah all right so she immediately does the transaction the Dragon Goes On The Other Side she immediately orders the unly to kill all of them and then she takes her Dragon back right that is an unbelievably powerful weapon system that she had she had an army and she immediately executed on it the Battle of marine this is where she uses her three dragons to just annihilate a fleet like an entire Navy eviscerated instantly super powerful weapon system she didn't have the numbers she didn't have the

brawn and she she took him out in like a minute and then finally the loot train attack she had access to the Dothraki which were basically like horse riding uh Mongolians effectively right and they were this this group was coming back from raiding uh Dorn and she basically just took him out very similar to what the United States did in Iraq way back in the day on that that long train ride uh if you guys know what I'm talking about but anyways the the point is she had multiple weapon systems which gave her unbelievable advantages in uh these conflicts so we can use next gen Tooling in our instances right sore in AI again I put this bullet here not to make you

guys chuckle or smile to yourself but to to take a moment and really like face these headon if you can use Ai and or security orchestration Automation and remed in effective ways it's a force multiplier for your organization right you're only going to get so many FTE at your business right unless you're an organization that has 85 FTE for 1500 employees somehow which happens I guess but many of us are the Tyrion right many of us are the oneperson shops the two-person shops you you're trying to deal with like you know the best you can so using those orchestrations in AI allows you to uh level it up also just quick shout out I I did some work with

Raymond James recently and they actually patented this thing called the moad it's the mother of all decoys and I want to give a shout out on it because it's really interesting if they find a thread actor in their environment Raymond James is a financial management company so of course like lots of money going in there if they find a thread actor in their environment they can deploy this moad and it shuns the thread actor into that it it's basically a honey network but it is a massive honey network with tons of end points tons of real traffic going on people logging in at 9:00 a.m. logging out at 5:00 p.m. going to lunch their computer's idle and they basically

monitor what the thri actors doing and the thri actor just burning all their all their infrastructure all their ioc's all their everything it it's really really interesting that's a an example of a nextg tool you're not just sitting there like combing through exchange online quarantine emails and and like that's what you're doing for cyber risk reduction also don't sleep on fundamentals guys I know it's really cool and sexy to have sore but like maybe multiactor authentication right maybe long passwords all right we got varies the master Whispers sometimes people find this guy a crowd favorite I kind of liked him he grew on me over the years but one of his key things that he had was this

extensive spy Network right I don't know if you guys remember he had like me kids running around he had high-end political figures everybody was like kind of feeding into him what was going on and he used that information he took he analyzed it and then he either gave it to certain people or he withheld it from certain people in order to achieve his ends his means drive his mission right I mean I don't know but that's all day long that's threat Intel right we get tons and tons of raw data coming in we have as analysts we analyze it we figure out is this valuable can we attribute it can we integrate it with other knowledge and then what can we do

with it to help the business achieve risk reduction I I I love it I love it like this guy thread in tell all day long probably you know I know he was a unic but like probably former military worked in you know like NSA kind of thing and then you know went went went went on his own right I love it all right so let's talk about some processes now right this one I like I almost wanted to put this slide first because this is the one thing about Game of Thrones that absolutely irritated the Jesus out of me okay the catspaw dagger you guys recognize this this this dagger comes up multiple times through the show

I think Arya is the one spoiler alert boys it's the one Arya uses to end the night King but it was first seen in like the second episode of the SE first season because Cersei and Jamie are are doing things that they shouldn't be doing together Bran Stark the youngest sees what's happening Jamie pushes him out of window trying to kill him he doesn't die so he needs to be eliminated so an assassin breaks in with the catspaw dagger and tries to to assassinate the M gets involved and the Assassin runs away right leaves the cat's paw dagger key evidence used in the trial of Tyrion Lannister for who who did this right so here's before I flip the

slide here's what really annoys me about this they had the weapon they had the motive they had everything right and they blame it on Tyrion and he goes to the IE for like a trial in he does a trial by combat which Braun gets involved in all this other stuff but they just abandon that story line like the entire thing of evidence that they hinged the entire case on is that uh Peter Bish right that little finger he's like oh Tyrion won that dagger for me in a poker game and they're like oh there you go that's it like Tyrion did it like that one piece of evidence the problem is and we see this all the time unfortunately and some

of us uh who have worked together in the past it's it's it's actually an inside joke that we talk about if you don't do root cause analysis on big incidents big issues you can lead to misattributing what happened how it happened how it initially occurred you cannot button the holes of the problem and have it happen again the city of Dallas a month ago got ransomware the city of Dallas got attempted ransomware they inter intervened but they started getting hit again last week okay they got hit and they just responded and fixed the problem and recovered and then kept going and then they got hit again right you it's it's it's incredibly important not always

like a fishing email you like forget about it you're not even going to do it like somebody clicks and downloads something stupid and runs it on their workstation no you don't you're not doing root cause analysis on that you're not like breaking out the war room but when there's a massive incident you like like this catspaw dagger assassination attempt you need to do root cause analysis you need to figure out how it happened who's it attributed to what was their motivation is it going to happen again how can we prevent it who was involved How deep did the Compromise go and it's hard that's the thing guys like that is work that's why we're employed

it's hard work and it's easy to be like that because no one's going to be able to question you if you're like no it's fine it was Russia like no one no like no one in the business knows if you're telling the truth or not that's why they hired you and if you don't if you don't do it um you're you're really flirting with fire now we got Sam Sam tarley he was at um he was at um the the the the Nights Watch up up North and then he got you know basically again it's forever unless you're Sam tarle who did not die and get resurrected he just got to go down to Oldtown I think they were training him

up to be a Meister to go back to the Night's Watch anyways long story short while he's there at the library down at the Citadel no no uh no relation to our Citadel Military College he goes through all this documentation he finds out that there's a huge C of dragon glass which is like the only thing that can kill the threat actors the white walkers uh underneath Dragon Stone he figures out that this like incurable disease grayscale has a cure which they use later in the show all because it was documented right we don't document for crap in our industry guys like especially with all due respect to the IT people too like people don't really

document right and documentation if you get too granular it doesn't Port well and people like why are we wasting time documented get out of my way but the thing is documentation has massive value for scaling up your skill your team your organization and I know it sounds trivial but the first time you reach into some documentation and it helps you quickly that's where it becomes really powerful and by the way with AI like chat gbt and stuff I suspect within the next 12 to 18 months you're going to be able to deploy like the type of chat GPT stuff internally to your organization so instead of like you know opening documents control left looking for stuff

you can literally just ask like what's the process for responding to a fish and it'll lay out your sop like your organization's sop right so that's powerful again going back to nextg tooling tactically ioc share with isacs um which is information sharing analysis centers operationally documented in sop or Wiki I've seen successful Wiki usage the problem is documentation takes time it doesn't feel like you're moving anything forward but I'm telling you it's helping the next person and it helps to process Improvement many really uccessful organizations if you look at why they became successful and why they're so good at what they do they have documentation which means they have standard procedures which means they have expected outcomes instead of just

some guy who's been there 25 years who's just like move like I can do it and like that that doesn't help anyone okay then we got Jon Snow now this might seem a little peculiar because I'm talking about capabilities and processes here and I'm now I'm bringing up old John here but hear me out again certain things piss me off this one's going to this one is a button okay so we got Jon Snow he gets introduced in he's basically a a bastard child his dad is Ned Stark but his mom is just somebody he met who's not Ned Stark's wife okay so he's an illegitimate Stark he grows up as like kind of a u you know a kid

who's not really part of the family but he's part of the family the mom regularly is prejudiced against him he gets the small chicken wing right he gets the small pork chop at dinner time all right he has no claim to Winterfell but then we find out because of documentation thank you uh Samuel tlie he's actually a Targaryen okay there was like some annulment stuff the dad was hiding it right he's Royal awesome he can ride dragons now which is super ba the name of the movie or the book of the series is Song of Fire and Ice we got Daenerys who's like fire and him he's Jon Snow right he's ice like oh this the

whole thing's coming together it's so brilliant George R Martin what a ride and John whatever okay so John and Danny Rock the Boat right I was trying to find a way to put this so my kids would okay so like he daer daer daer targaryan is John's Aunt okay but they get together and have so much love that they share some experiences okay you might think well this is this is classic right the targaryens inter inter sisters married Brothers right so like oh they're going to have a baby and that's going to be the King right cool he's got a claim a better claim to the Iron Throne like it or not I know in 2023

we're much more like Progressive and enlightened but back then this was a patriarchal world so you could be like 50th down the line but if the 49 above you are females you've got the claim to the throne so he had a stronger claim to be king than Daenerys had to be Queen even though she' done you know eight seasons of butt kicking right he's got Targaryen blood which means Maybe he could walk through a fire wicked cool what what are they going to do what are the producers going to do with this amazing complex intricate storyline that's paying dividends nothing they don't do anything they do nothing with it they build it up and then Daenerys

just like loses her mind I think John kills her and then like they just like ride off in the sunset it's so stupid it's it's this is this kills me it's like why did you why did you tease me man the abandoned projects do you okay so I have seen this so many times and we are so we are so lean for time and money and resources in cyber security that when you decide to move forward on something you have to see it through and I have seen so many abandoned projects and if you don't if you've never experienced this get ready and if you have you're probably like itching yourself from like PTSD right now okay

you have everybody's got this cool idea we should totally do this all right let's let's roll out security onion perfect example because this actually happened some of the people in the room know what I'm talking about we're going to roll out security onion yes like kick in the door kick off meeting bring it in bring networking in security operations we're telling the the the CIO about it we're going to revolutionize what's going on here then there's like no oversight no one's asking for updates no one's being held accountable there's no PM this is why I say sect Tech deployment and then you roll it out you install it there's no tuning there's no integration no one's looking at it and

it just it just like lists soften into the distance and no one sees it again and by the way to add insult to injury now you've got a server stood up running software on your Network that has privileged access that is not being maintained that people forgot about and and the the whole thing of it was a waste of time and it actually introduced additional risk to your organization it's boneheaded and it's so annoying to me like if you ever get yourself in a position where they're going to kick off off a project like ask the questions like who's running this who like what are the what's the Cadence for maintaining things right I've seen

multiple vulnerability management projects uh fail for this way because you you know like it needs to be responsible for this or this application order needs to be responsible for this and then they they just stop showing up to the meetings and you're like okay all right finally the SEPTA bayor okay remember I told you earlier The Sparrows the religious uh faction and how money couldn't drive them well Cersei has to take care of them and what she ends up doing is to deal with them is basically there's a huge amount of like super explosive think like you know kerosene or Dynamite or whatever underneath the sep which by the way is like very convenient plot device but

anyways she detonates it it's a huge I mean catastrophic failure it blows up this church and really eliminates all the risks that Cersei had how how not to do a disaster recovery okay let's just point it out really quickly okay again convenient plot points thank you um authors all material assets were in here every important person every important capability every important like the church building itself was an important element right in one swift stroke she eliminated there's a reason the president and the vice president of the United States do not fly together it's it's it's business coni it's Disaster Recovery 101 president goes down vp's immediately raised to the president and we're off and running this with all due

respect they did no risk assessment again just to kind of get into GRC for a hot minute right like for a minute if you just thought about it and said like is there any risk to all of us being in this room right now right zero contingency plan basically when she nuked this like the The Sparrows just disappeared from the story altogether so don't do Dr like this okay all right let's talk about career for a minute and then and this will be rounding out the talk um they say in this show the night is dark and full of Terrors I'm saying our cyber careers are dark and full of Terrors but we we we March forward into

it very happily oddly enough so this is Sansa Stark and I actually think of all the characters in Game of Thrones she's the one who her story arc exhibits a cyber career more than anything this is her naive you know she's like at like a jousting event she's like Hercules right and then here's her like the next day she's like Queen of the North battle Harden look at this this woman you're like H gonna have to ask stanta for Budget not good okay so this is her on day one and this is day 90 and infos SEC right but but it really is a case study I say ceso case study because she she becomes the queen be but she starts off

completely naive to the world no idea what's going on trusting people she shouldn't saying things she shouldn't and by the end through all the experiences and she suffers greatly right if you know her story it's tragic I mean she gets married off like four different times um she she gets taken advantage of but because of learning from her past which all of us should um she becomes Queen of the North and is very very good at the Game of Thrones by the end of the thing so some some career things right we got the hound and Santa now their relation ship was hostile he was basically taking her and trying to bring her back to King's Landing but they have

shared experiences and one of the things around the complex morality of it is you know sansa's like oh you're a knight you're chivalrous right and like that's when she was this person like oh Knights are really cool they do the right thing and the Hound is like no they're actually cruel um they're powerful so they can just like smack people around if they want they take what they want they don't care they're monsters right so he so what I'm suggesting is giving mentorship he didn't have to but he saw he saw things of himself in Sansa and he gave mentorship he guided her and I wanted to point out he's not the typical Mentor when you think of mentorship

right it's not like he was you know a a daughter of a royal family right he was he was a kind of a rough rugged night guy and but he was still able to give mentorship so when you are giving mentorship to someone right don't don't think that you have to have it's you're like it's not like you are where they want to be you might have aspects of who you are that can help them but you don't have to think like oh I can't help this person because they're not going to grow up to be a ciso or something like that right so there is and you can help build confidence in that person continuing

sans's track around mentorship we have Elena Tyrell now Elena Tyrell she was the queen of thorns she kind of bucked the system again it was very much patriarchy down there but she was like the queen of her situation and she knew how to play The Game of Thrones quite well well so she recognized Sansa and you know her situation how naive she was and this was actually one of the first situations where Sansa begins to get true uh development and adjustment into understanding what is going on so Sans is taking the mentorship at this point so what I I wanted to get both sides of this coin if you are getting mentorship if you're getting

help from someone rather at scale right or individual one-on-one situations you got to remember like it's a it's a it's kind of like a living Bond like the mentorship thing right and not to make it goofy or romantic or anything like that but like if you are a a a like rude or in ill receptive right like oh like hey like oh check it out I want to be a sock analyst what do I do thank you I want to be a sock analyst what do I do oh do this lab okay do this lab okay cool and then like we meet in two weeks I'm like hey how's what what what problems did you have with the lab it's

like I didn't do it it's like like I'm not interested in helping you you because you're not interested in helping yourself I'm putting into this mentorship and you're not taking out of it and it's not fair it's not respectful all right so just a word to the wise it's easy to commit to something and get super excited again going back to the abandoned projects where you like amped up to kick off the project mentorship is one of those projects too right you're developing yourself but you have to be committed to seeing the project through okay we got Cersei and Sansa again just to round all this out Cersei uh is basically her mother-in-law at this point they live in King's Landing

Cersei the best at the Game of Thrones all together weaponizes and takes advantage she tells uh Sansa like hey come up to the red keep stay with me during this war I'll protect you and in reality she's like holding her basically as like a ward so she can have like uh an insurance Clause if she needs to get out so she lies she manipulates she undermines Sansa a lot and Sansa will be like I think we should do this and she's like that's the stupidest idea ever even though it was was like a good idea and the whole idea behind that is to control so what I want to tell you is avoid toxicity now in our industry if you've

been around a while it used to be way worse way worse it's gotten so much better there's a lot of people out in the community right now who are trying to change how to help people but I want you to know if you are at work or you are in a Discord server or something like that and someone's being a jerk you like you don't have to deal with that either you and and if they're piling on you leave the Discord server it's not you there's so many supportive incl communities to get access to and to work with you don't need to deal with it I've worked at organizations before where there were people in it who were kind of

weird and toxic and you know I didn't want to quit my job but I was able to basically compartmentalize and and and carve them off because toxicity will eat away at you and it will F you up and and it really isn't something that you need to deal with like not living rentree in your head okay so this is more of a mental health thing but I want you to know um all right so you Know Nothing Jon Snow was something that Egret said Egret was a wildling thing right uh JN grows up in this like sheltered life just like kicking butt eating good food got like a a cool mink on all the time so he's not

cold right that's fine that's fine but he did know some things right when he went into the north right so he basically gets kicked out of Winterfell he decides to join the Night's Watch and then he goes north of the wall and he's like fighting zombies and he's fighting wildings and everything he's getting real practical skills okay this is not I have a PhD right like I went to higher ed and went the whole Gambit right so I'm not crapping on higher ed and the value of uh continuing education but in our world right now practical skills hands on experience actually sitting at the keyboard actually tuning things dealing with thread actors dealing with end users that is incredibly valuable

and it should be used to complement the education that you are getting if you are in college right now and you're listening to this and all you're doing is going to classes you are going to be hard pressed when you graduate to deliver value to an organization okay and it's it's it's it's the reality of of the industry okay there's no easy button but there is ample opportunity there's an al- load of opportunity to get practical Hands-On skills so don't sleep on it okay we got Jamie I want to just tell you this really quickly super awesome night right he's got some questionable things he does recover his character Arc at near the end of the show but whatever that's not

the point here he's like a really good uh sword guy he gets his hand cut off like season six or something like that and they replace it with a gold hand whatever the thing is he can't use it anymore so he has to become left-handed and he sucks at left-handed fighting but the point I want to point out is he actually finds other ways to deliver value to his organization he becomes a battle strategist he's been in a million battles he can he can General it right with one hand he talks to the king counsil he does diplomacy he goes as an Envoy to other places you can pivot within cyber it's actually quite easy right say you're a

red teamer and you're just getting burn out you hate writing reports do you know what sock analysts that do dete like really detection Engineers they are awesome if they come from the red team pen testing side because they know exactly how a threat actor is going to Pivot and move around the organization don't if you're getting burnt out or you're getting sour on what you're doing within the industry you can pivot around don't think just because like you're an Azure security architect doesn't mean you can't become a vulnerability management analyst or or whatever you want right it's there's a lot find your passion please it passion is so so important because we we put a lot of

ourselves into the industry into the work it's hard work all right we got the 998th Lord Commander this one if you remember like Lord Mormont he uh he Lord Commander Mormon he's leading the Nights Watch everything's cool up there he dies and then there becomes like a like a runoff election to hire the new one Jon Snow gets hired okay he wins a nailbiter election there's different factions going on but why I put this up here is because John wasn't the most seasoned the longest tenur anything like that but he had relationships he worked as a steward he helped build some stuff he worked as a warrior obviously north of the wall he did all these things

networking within our industry is so valuable you literally could be the valid dictorian of you're graduating class and like you're amazing like oh you're so amazing somebody who graduated middle of the class they can do the same work that you can do right maybe you can do it fancier or cooler whatever but middle of the if they spent instead of doing all that extra studying if they spent that time going to conferences introducing themselves joining communities delivering value they're going to get the job because I've hired people okay this is a a reality and some of you have hired people I know will know this and empathize I've hired people here's the thing I've got a need

I need someone to do GRC work right I have a need what I don't want is spending three months or four months going through resumés going through HR going through all this nonsense when I know that you can do the work I will call you and be like hey are you looking for work because to me time is valuable and I need my GRC work done now I don't need it three months from now and fair or not fair that's how the world works so networking is absolutely critical and there's a million ways to do it I gave a talk at while West hacken Fest a few weeks ago with James McAn actually on how to do this in many different ways so

I encourage you to check that out if you're looking final slides here the Dooms of Valaria right this is going back a little bit pregame of Thrones Fire and Ice but basically this was like the greatest civilization in the world this is where all the dragon Riders are flying around the targaryens were actually kind of like not even a powerful faction but they had a vision that this place was going to explode so year before they move out all right this is kind of my takeaways here be the CEO of you right like right now we're kind of in a recession inflations are high mortgage rates are high all the the industry or our our environment is

kind of tough right now all right you could be like oh I work for this company it's a family we have the greatest Christmas parties whatever they lay you off in a hot minute right it's not personal ex labor expenses is the highest line item on a balance sheet period end of story and if they can reduce 10% Workforce and tell the other 90% to absorb that work they will because the business didn't just lose any capability but they did shave off 10% of salary all right so what's that mean for you like oh [ __ ] what am I going to do now here's the thing always be networking always be scaling up don't

don't be sniffing around looking for work all the time contribute deliver value going back to this networking when you need it it'll be there just as a personal story and again everybody's mileage may vary on November 1st last year the CEO of my company called me on the phone he asked me how long can you go without a paycheck okay I said I'm not going to go without a paycheck what are you talking about he said hey we're having a cash flow issue we got some invoices that are going to come in but I just need you to go without a paycheck for a while I said okay I hung up I have a side business

again your mileage may very your your experiences will be different I called up one of my clients and I said do you want me to work for you fulltime he said yeah what are the terms I told him the same arrangement I had with my current employer he said done I hung up I called my CEO back I said I quit he's like Jesus that was faster than I thought and I said what do you what do you want me to do bro like you just told me you're not paying me anymore as far as I'm concerned you just laid me off and he's like oh but again that's years of me doing networking years of me putting in the

time and delivering to a community and a network okay so your mileage may vary but I'm telling you that's a case study of how it can be done I was unemployed for about 20 minutes okay all right your story is unfinished right everything like guys where you are now and where you're going to be you control it you can invest you can pivot you can Network you can do everything okay don't think you're shoehorned into something you're you're good at it you're a specialist at it in fact I'd even argue sometimes you get screwed for promotions because they're like oh we can't move we can't move Brandon out of here because then who's going to do ad

right so don't don't like control your own destiny that's like the the most important thing I can share with you okay find your passion all right OB viously um we're couple minutes out if you want to connect with me follow-up questions whatever this is the best URL to connect with me it's got a list of all the things that I'm doing including this conference I hope you got value out of this I hope you found it mildly entertaining uh I appreciate all of your time today especially my boys for being polite and respectful and if you have any questions I'll I'll happy to answer them otherwise thank you for your

time any any questions real quick okay I'll see you guys in the hallway thank

you