Staying Afloat in a Tsunami of Security Information

final destination check for besides Philly Airlines this is staying afloat in a tsunami of security information and as you'll see there is a black screen behind me so I'm going to do something very unusual and I'm gonna do my presentation without slides I have them in front of me and I'm going to describe them to you so welcome to theater of the mind our tech people are hard at work here but you came here to learn some stuff and I'm going to talk you through it so this is very unusual so please bear with me I will make my slides available at the end so I'm Tracy Meili if you may or may not know me from Twitter is InfoSec Sherpa

the reason why I'm here today is because I am new to information security the reason why I have that strange title for my presentation you know tsunami is because of this quote by a writer with published in the Washington Post in January 13th 2001 he wrote in the nonstop tsunami of global information librarians provide us with floaties and teach us to swim and I come to you from the library world I have a master of Library and Information science degree and I was a librarian at a law firm for ten years and before that I work for QVC and some academic institutions so what does that mean to you I know how to find stuff I know how to make connections I

know how to do the organization and information that you all hate I have seen some of the spreadsheets security people have sent me in they're atrocious I love to organize information so I'm not trying to tell you how to do your job with this I'm trying to share my vast experience of some resources that you may not know of and some approaches you may not have thought of because again this is not a technical presentation I might lost going to show you but some of the things I might be talking about you know you might think to yourself I can you know I can code a Python script to do the same thing okay well Mazel Tov but

that's not the point the point of this is to show you that there is some information that has already curated it for you and out there you don't have to parse through you know an ugly CSV to figure out the information some of this is already there so again I will post the slides later so you can see all the cool things that I'm talking about so my first slide it talks about the social media landscape in 2016 and it's a mess there are tons and tons of social media sites that you probably haven't even heard of and I wanted to show you this as an example of for all the sites that you think you know there's probably

not ten but you didn't know exist it up do we have okay so this particular web site called Fred Cavazos which is a good resource and I put a little French flag next to it to remind myself that it's mostly in French so see to leon full say-so ipod to pop with them but if you don't speak French then that's like it has pretty pictures but it's a good resource for social information they break it down to publishing sharing messaging discussing collaborating and networking so again if you parse out social media in those ways that might help connect you with the information that you're trying to find it's also important to stay on top of what's

disappearing if you've heard a yak yak well it's kind of dead no Natalie was it was an anonymous mostly on campus site that most reports I've seen is pretty much gone did anybody ever use peach it was around for like a week anybody yeah it's pretty much like gone so things come and go some things stay but again just keep in mind that there's more than just like the five or six that you already always hear about my next slide would talk about leading social networks worldwide as of September 2016 ranked by number of active users Facebook is way ahead of the way ahead of the pack and following up our whatsapp which I take exception to

because of really I find that as a messenger not social media per se but some of the other ones are things like QQ WeChat is that sound familiar to anyone they are as hopefully they do they are China based sites so again I have another slide I'll get to in a second is there are some social media sites based in in their own countries that you may not know up so again if you're trying to find some specific information and you're not finding it on Facebook or something that's us-based think to yourself does that country have its own social media platform that I might not know about I believe it's I'm drawing a blank but I

know that Brazil has one that's that's popular as well and the other thing I was gonna mention about this is this list here doesn't have snapchat why is that well because snapchats creator-owner founders little quirky and he only insists on reporting number of daily users while as everybody else plays nice in the sandbox and they report monthly active users and that's what you want to look at as a baseline is what their monthly active users are Mau and then the another snapchat and the pretty graph that you can't see came to you via statista which is a resource I wanted to mention sta T is ta it's one of those freemium sites there's free resources and then there's the

subscription things and why it's cool I have to make this bigger so I can read it it provides statistics and studies from more than 18,000 sources so I just did a screenshot of a cyber I selected cyber breach because that was its default that it came up for a search and it gives you statistic forecast market analysis studies dossiers industry reports topics infographics sources so again it's kind of like one-stop shopping now within those results you might find ones that might cost you some money but then you know what's out there then you can always find another way to get it right because you guys are gonna get doing that okay so my next slide is telling you the most

recent results of the top three Chinese based social media sites so it's on Tencent QQ WeChat and um all these guy always mess up this name sign a white Weibo if anyone knows how to pronounce it okay those are the top three Tencent QQ has 850 plus million active monthly users WeChat I wanted to mention because Scheiner on security you're all familiar with his blog he actually has a recent blog posts about WeChat and some of the functionality of searching it for Osen so check that out is this working for y'all this dumb best year sir okay the other thing I want to mention is I have this really cool graphic it's from 2014 but it's still pretty much

applies today I'm not sure if you're aware of this it might make sense 1/2 G here you're like oh yeah that's like that's why only my mom and her friends are on Facebook each social media platform pretty much has a demographic sweet spot so think of it this way if you're looking for information and you're not finding it is that target in the sweet spot of that social media platform so snapchat skews the youngest LinkedIn's kind of skews the oldest Facebook is you know kind of up there too so again think about that a Pinterest skews mostly women so just think about that if you're king of really trying to find information and you're not finding it think about those

things think about location think about demographics think about who it would be using that product that you're searching and the other thing that you need to remember is that for the most part these social media platforms we're not designed to be search engines right so guess what if searching them is painless so it's a little wonky so you know there's been many times with Twitter that one day a search I will craft that I knew worked especially like the night before presentation I go to do it during the presentation and it doesn't work so you know you have to double-check things things change all the time Twitter is infamous I swear they like or they know when I'm going to present

because they always make major announcements right before I give big presentations or Twitter's integral to that presentation I need to get it change this slide well I mean keep talking wallet oh hey thank you yes round of applause thank you hey here's my pretty grass it said so I haven't found one more recent that I like as much as this one so I keep using this one let me go ahead and finish and then if we have time we'll go back to the ones I missed because I have a lot of slides okay I hate the slide but I'm showing it to you for a reason just hear me out I mean I think the slide

aesthetically is very a good visualization somebody decided that these were the benchmark posting times for social media now I disagree because when I was working in Center City here in Philly my peak times on social media were in the early morning and the late afternoon when I was on the train I mean I wouldn't have time to look at at Twitter 1:00 to 3:00 in the afternoon so talking to security folks if you're doing oh scent this is how I turn this around for you so if most people have this beaten into their heads that this is the prime posting time when would be a good time to go fishing or go looking for stuff

when everybody's posting stuff or when they think they're supposed to be posting stuff so this is the only reason why I mention it is that so many times I've either heard social media instruction classes or read articles and everybody cites these numbers and things like that and of the thing that always makes me laugh is people don't realize that it means for their time zone so somebody be like well that's stupid that's really I'm in England like like for that thank you yeah like no no 3 1 2 3 p.m. in that yeah so for example I I actually get paid by some companies and organizations to do the social media and a lot of them

are international so I just have it going round the clock because it's you know it's a peak Twitter time somewhere right what where's reddit it's not on here that's can't read it's caimen except read it read it's special it has its own list okay I'm gonna talk about Twitter the most because hi if you haven't followed me on Twitter it's my jam I love Twitter just so quick funny story I was actually one of the first adopters of Twitter in 2006 but it was crap it was it was it was remember that Dave Chappelle's sketch about what the internet was it was a mall like he goes it's like a real seedy mall I see some people know what

I'm talking about you youngsters look it up on YouTube it's really funny that was what Twitter was it was like the Wawa West it was just creepy and whatever so my husband and I would use it to message each other just joshing what do you want to do for dinner library Sherpa cuz that's my other identity I don't know what do you want to do and then after like a month I'm like okay this is stupid I have SMS like why am i why am I doing this so I kind of chilled on it I think I even deactivated my account because I was like digital footprint blah blah blah and then six months later the rest

of the world joined me and it was like oh this thing called Twitter I'm like hello where were you people so I got back on library' sharpest shocking was still available I've actually asked Twitter to backdate my join date because they had me joining us 2007 and I'm very indignant ly I said to them no if you check your records and you'll see that I was 2006 shockingly they do not care about my vanity you know it was just it was heartbreaking so my first phone Twitter fact for you Twitter the bird whose name's Larry and this is proof because this stone when the co-founders confirmed it is Larry Bird is the Twitter bird and this came about as one

of the did a presentation like this and I wanted to talk about my love of Twitter and I had this heart and I said you know Twitter a love story and I had you know Larry loves Tracy and I was like who's Larry I'm like Larry Larry Bird the Twitter bird so I never no one believed me so now I incorporate this proof into my slides okay sorry for a second seriously for a second I forgot it was it was up here I was about to explain what this was okay just quick show of hands out of curiosity how many of you knew that Twitter had advanced search functions okay that is about normal all right I

was believing I was terrified all hands were gonna go up on but like all right thanks goodnight thanks for coming okay because Twitter just has a fukaku business model they don't make anything easy to find do they so in order to find the advanced search you can go to this this really easy to remember URL and I'll explain why I included the language in a second or you can go to the magnifying glass type in whatever go to more options and all the way down easy peasy right isn't that fun so the next screen that'll come up that I'm not sure if I included in my slides but it'll have all kinds of fill in things that

you can do with advanced search but because I'm a little bit old school and I like to type out my search queries I have examples of what you can do with some search strings that you can just put into the little magnifying glass that'll pull up some stuff so the reason I included the language is because this is the default is English well if you just backspace and you put an fr4 French yes for Spanish de for German you'll be able to search in the native Twitter client of that language so if your need to search non English material you can do that the last time I checked Twitter supports about 40 or so languages and

they actually have a help site that gives you all the codes if you're trying to find it reason why I mentioned this is you can search foreign or so I should say you can search non English language terms in the English in this but I have done side-by-side comparison and you get different results if you search in the French client versus just throwing in French words so again if you're really trying to find something keep that in mind it's like oh am I using the English version let me switch over to the French version okay so these are some things you can do you know Jack Dorsey current head of Twitter so there's a search feature where you

can do from someone to someone and I love this one because no matter how rich successful and famous you get you still have stupid tweets like telling your mom that you bought toothpaste cuz I'm sure the tweet that preceded it was Jack did you buy toothpaste this is important that you can look at two different Twitter handles because you can see again if targets have communicated with each other and it's really fun to see things like two companies go at it there's actually an article of like the ten best Twitter wars between companies so you can see if two establishments have gone back and forth this one I really love now remember I have a law

firm background so anything like litigation and and products liability just melts my butter so what you can do is you can search for tweets that are to an entity with a keyword or from an entity so if you search to Walmart and use the word effective Twitter will try to be helpful and be like did you mean detective no I meant defective a so then you're gonna have to make sure that you click that to get all the detective results out and then you'll get some things and actually if you try it so warning you might actually see pictures of bloody appendages that's usually what happens when I run that search people will cut themselves with something at Walmart and

then they'll take a picture and then they'll tweet it at Walmart as you do the most recent one I think was a chair that they left behind in a stadium parking lot saying it was defective so it's just this lonely chair sitting in there like or you can take it back to the store like what is very odd I like looking at things from companies what have they sent out if you don't want to use Ford for example or you could also use the the ticker symbol he could do from dollar sign F for Ford and that'll still bring up results so recalls always a good one if you have a defect and the the reason why is Kent sensing why I

have these two together if you have a defective product search to see if they manufacturer posted something about a recall tada that's why I put this together together okay so I was told ahead of time that the Wi-Fi might be a little spotty so I didn't really do I'm not gonna go live and do these but I'll just kind of explain okay so this crowd will usually get this joke most people don't usually laugh when I say this so the for any tweets that are geotagged you're relying on people being stupid enough to keep their gos and surfaces you know geolocation services on their devices enabled which I'm sure most of you are buried under many layers of VPNs

and whatnot so for those people who bless their hearts keep their geo-tagging on you can use some features to have tweets that are sent from that area it gets a leading if it's say a new york-based news agency tweeting about another part of the world so that's why it's good for things like traffic or weather wildfires this one I like to use Lori's is what they call trucks in England and bl3 is the first three characters of a postal code for Bolden England I just wanted to show that it works in other countries and this is also good if you just want to use to try and find um handles I had a client who

said I want to know all the bakeries in a certain city and what their Twitter handles are because he was a baker and he wanted to see was competition was regarding in social media so search that city and I used some key words about bakeries clicked on the counts and he got that one thing I'm in forgot to mention real quick okay Twitter trying to be helpful will always default to top results you don't want that that's gonna skew your results it's gonna skew promoted things things that are heavily favorited things are heavily tweeted things that are people that you know or people that you follow cook live live is going to give you more pure results and I don't know

if you know this but you can actually search Twitter and do all this stuff without logging in you don't need to log into Twitter there are some things you need to do that you need to be logged in but you can do all this without logging in hey who loves Brian Krebs if you want to see if any tweets mentioning Krebs had at least 100 retweets that's how you find it and if you want to see what Swift on security is up to you want to see if Swift on security has at least a hundred and favorites that's how you search you find that if you're trying to eliminate some information so your keyword is Chelsea

use the - London - Clinton now say you don't want anything about Chelsea football in England the English Premier League so you're not good you're you're gonna still get tweets about the Chelsea Football Club you just won't get tweets that mention the word London in them and then if you want Hilton hotels you won't get Paris or Nikki but know what that also means you don't get Paris France so it's great to have these from you know these negatives disqualifiers but keep in mind of okay well what are you eliminating with that now if you put them all together and I always I hate to say I feel bad saying this I this is my

favorite search string that I created myself and it's horrible because it's a gas explosion that people died and I don't mean the result but you can throw all these together in one big search string and my example was this happened at the law firm was I think that there was some sort of explosion in New York was like the end of March sometime you know blah blah blah well this is good to get things like on-the-spot photos if you know if you're a journalist or an attorney and maybe want to find a witness for something what do people do anymore hey something Bad's happening let me post it so you can get people you want to interview someone maybe you want

to use something as evidence you can use a whole search string and get some really boiled down information ok another show hands here Twitter lists have okay two-part question has anyone at least heard of Twitter lists okay second part who actually uses them okay okay so Twitter lists it's basically but a file folder on your desktop that you just look at when you want to so the last time I gave this talk I had to use a filing cabinet because of the demographic of the audience but same difference it's a way to tuck something away it doesn't show up in your feed you can add up someone to a list and you go to that list to see

their tweets it doesn't show up in your feed you do not have to follow someone to add them to a list why would you want to look at a list true story I was doing a competitive intelligence project for a very large cybersecurity company and they said to me we want you to find out who the customers are of this competitor but we don't want you to spend any money we'll pay you for your time but you can't spend any money on resources so again coming from the library world I was like really like I thought things were different in this industry no they weren't so fortunately because that's what I was raised on I

was like alright so just for kicks I went to with the competitors Twitter account went into their profile looked at their Twitter lists I kid you not customers potential customers people to invite to parties and so on and so forth jackpot so you know and someone could argue wow they probably just put it out there as a red herring no I really think they're that stupid I really do so of course I saved the URLs but thinking that someone might wise up and make them private just screen capped everything so you can look at some so this is where I get to the difference between public and private lists you can make a list public

anyone can look at anyone can find it if you make a list and also with public someone will be notified that they've been added to that list so you don't want that if you're sneaking around you want to make it private because Twitter is always wonky I highly recommend that you test it first don't add your biggest competitor to a private Twitter list without testing at first okay but a Twitter list is a great way to on demand go look at information so you can have you know tweets about OPSEC you know all on this one list because maybe you don't deal with it every day but you want to learn more about it but you

don't want your feet cogged up with it you go there and do that so and then in the continuing saga how twitter isn't exactly user friendly you used to be able to in Twitter look for Twitter lists guess what you can't do it anymore they got rid of it literally the night before I was giving a presentation where I was talking about Twitter list though thanks you go to the Google's now no you might call this Google Dorking or Google hacking librarians call it doing their job so you could just use some advanced search techniques in Twitter you want site Twitter you want in URL lists and you'll get all lists so then you just

use either hash tag no hash tag whatever coding you know whatever term you want so you can put in whatever search term you want and you will get a Google result of all the lists on Twitter better public there are public and then from there you go but you know you click on it it'll send you back into Twitter and then you can follow that list or poach all the people from that list and do something else with it so all kinds of cool stuff and the last stuff I'm gonna say about Twitter is um you know if you need to get some on-demand information and you know there's the twylar 12 hood is a little bit better at

zeroing down geographically I assume you all heard of zero fox who might always call firefox i'm so sorry zero fox and everyone looks at me like I'm nuts they have a really good newsletter so there are security they they're a Baltimore based security company they specialize in social media their newsletter is really good actually so if you're having interest in social medias have involved security take a look at the newsletter snapper it was something that they debuted at blackhat DEFCON what's the other one besides Las Vegas duh hello awkward this thing called snapper that they developed and it's basically it's a Python script that will look at your tweets and then send you a tweet based

on what you've you've sent so it makes you think that it's a real person who's been following what you've been saying like yeah I hate that coffee from blah blah blah too and like here I found a place that you should try and said and we're like oh okay this person knows me and loves me and has given me a new coffee place click and then even fish so that is my really technical explanation of West Africa and I know one of the guys who created it so I know he'll be very proud that I totally butchered that but go take a look at it they actually have this stuff up on github and then

there's some great articles and on the Atlanta actually at the Atlantic Monthly wrote a really good article about them I briefly mentioned Google Dorking Google hacking whatever you want to call it I'm not gonna get into that because Jaime on Twitter give him some love I already wrote a really great blog post that I had like crazy amounts of use for alienvault so why recreate they will just go look at his blog post I know I'm he's a great guy just look at it okay so part of my session description was I was trying to help you know busy info set pros so in my mind there's a difference between content curation and content management so content management

to me is you know sending things out pushing things out which I have to assume that most of you aren't involved with professionally you know personally you're pushing stuff out but so I use HootSuite I love HootSuite I feel like TweetDeck is the bane of my existence but some people love to eat tick so I'm not really going to get into management so much because that's not what this is about but curation curation is a way that you can you know kind of try to wrap your arms heard the cats of social media I'm going to talk about nuzzle and Storify I love nuzzle and I love Storify - but I love nuzzle alright so nozzles

beginning all kinds of accolades lately I tweeted at the founder yesterday that it's like the Hamilton of apps because it's been getting all kinds of awards this year it's been crazy it's an aggregator but what it does how I can see this okay so it's going to tell you if people in your network that you follow on Twitter have also tweeted or interacted retweeted this this article why is that important well if Troy hunt says something yeah I think I might want to read it so it's going to tell it's good for competitive intelligence it's also just good for your own professional development see who's interacting with what articles so you go to your home

page on nuzzle and you see that like you know 25 people that you follow have interacted with a certain article yeah maybe you might want to read it know what's going on like said or if you see the industry leaders have interacted with that article yeah you might want to read it so that's a kind of a good really like like low-maintenance heads-up of hey dummy you should read this this is why a little nuzzle and they also have a newsletter that you can either set on automatic or you can craft daily which I do and you can push articles out so I do this for my clients I craft articles that are that their

readers would want to see and I push it out to nuzzle and then they go to their own dashboard and they see things so it just aggregate some news and then it spreads it out and then it's the social media aspect that you get to see all the connections of who's interacting with what and it's free it's free you just you can actually look at nuzzles some parts of nuzzle without logging in but to really get the full functionality you really need to have a Twitter account Storify is I mean no Storify mm okay but you guys must know Tony right da underscore six six seven on Twitter okay so Storify is it's an aggregator in

a different way like the name implies it's kind of like a patchwork quilt it gives you the opportunity to literally stitch together tweets so that you can put them in order so people at Tony often like to tell stories about their InfoSec experience and I love this this graphic because it's like okay it's story time so Hotel story so I think it's about ten months ago the said Ted months ago he told this great story and I thought it was really good and I had the idea of like you know what I'm gonna want to read this later other people will want to read it later because you have to understand and Tim librarians will just share right we're

we're a sharing industry and community which was very much of a shock to me when I came to InfoSec where people don't necessarily like to share so much but librarians loved to share so I thought to myself oh other people would love to see this so I went in it didn't take me very long I stitched together all his tweets and it breathes as a single column and you go to Storify and you look at my InfoSec Sharper feed and it's there how else can you do this for OSA put in the topic you're looking for chances are somebody's already stitched together a story about it or a person you're trying to find a certain person

it may already be there so again it's free you absolutely have to interact with you can go to browse it but again if you want to create a story you need to have a Twitter account okay so now this part I can't help with too much because I can't make you go look at your stories later but if you want to save things to read I mean like I don't know if you're like me I have like 8000 emails that I send to myself when I'm surfing I'm like oh I'm gonna read this later and I send stuff to myself and I never say it well pocket helped me with this a little bit you can just know it's

an app that you that overlays and you just put it in the pocket and you read it later again I can't make you go back and read this later so you might have 10,000 things rack up in your pocket instead of your email but it's a great resource again if you see if you're someone who reads a lot of stuff and then wants to retain it or save it later you know just download pocket and save stuff into there so now I'm going to transition into just resources in general that I used a lot as an information professional that you might not know about that there's a variety of ways that you could use it so I'm going

to just kind of share these here scoop it's a weird name create website it's free you can go in and I see I did a sample search here so just type for cyber security and one fell swoop you can get SEC filings patents and federal cases how cool is that it's a very cool site it's using most often by journalists so beat them to the punch and if you're trying to find stuff but it's a great resource and like I said I think there might be some some pay options but everything I've ever done with it it's been free and it's pretty good because you know trying to track down all this you might need to go

to different places but at least these three things you can get from scoop this is pretty is the library specifically this is the Mechanics Institute in San Francisco and why I'm going to start with this one is they have a membership for 90 dollars a year you can use it what you're thinking okay great but I'm in Philadelphia well guess what they have an online database and they have access to Hoover's Hoover's is expensive if you don't go to Drexel or a university and have access to university resources people like me who still want all that cool information how are you gonna get it I want to pay $500 or more every time I want to look up a company I

paid $90 a year to use Mechanics Institute to use their Hoover's it's fantastic which brings me to my point is that don't forget about your library shameless plug for libraries Philadelphia Free Library Philadelphia if you live around here last time I checked if you are a permanent resident of the Commonwealth of Pennsylvania you can get a library card for the Free Library of Philadelphia they too have online information they have ancestry ancestry is good for OSINT right so you know and your local library might have something as well sometimes you may need to be on the premises to use it like my local library I can use ancestry for free but I have to go there okay fine

whatever but you can get access to all kinds of business resources another one you may not have thought of is your alma mater if you graduated from an institution I know for example in my case Penn State I get through my Alumni Association access to a special portal that has access to all the databases Newsbank that has 10,000 or more publications so just you know think about think about the resources that are already out there that you may not be using that you have access to the only thing they have to be careful about especially like with me being an independent contractor there may be some use use restrictions if you're using it for profit so you

know check before you use stuff because I'm also big on I'm kind of veering towards compliance so I'm big on like following copyright rules and permissible use and things like that so but yeah it's something that you may not have thought of another resource you may not have thought of is your tax dollars at work provided you pay taxes in the US so you know we have how many government agencies well they're all at usa.gov one-stop-shopping rather than like throw in dick Google like what's the name of the Department of whatever with trees or whatever you know you can just go to usa.gov and see what all the offerings are because there's all kinds of

material available quick story about when I was at the law firm I had a bill come in for these books that were $1,000 each and I went to the library I was like I want to see what a thousand dollar book looks like was this big thick book I was leafing through the book and because of my library knowledge superpowers I was like oh this is free online this is all government material three-quarters of that book was available for free online through the government one quarter of it was proprietary material they charge a thousand dollars for that book so cancelled all of them found material that was equivalent for a hundred bucks each and replaced all the books taught

the lawyers how to use the website bing-bam-boom save the money and I look good okay secures an exchange commission again dive a little bit further into government agencies so us a governor is going to get you to which agencies are out there then if you dive in a little bit the sec actually has its own social media page where they do things like they have their own twitter meet feed for enforcement's so they're just going to shove all the rats all the juicy stuff by the way that's they're just gonna shove that out all day on their Twitter feed so again you get a let's set up get some of these things going and then if you need to look at

want to see who's in trouble for what you can go just look they're keeping the theme of law stuff courthouse news service they monitor core cases all over the US and a lot of these articles that they post on their website for free includes the entire docket for free that you can download it as a PDF now they don't do it for all of them but what if it's the article that you're looking for tada you have the whole docket for free which then brings me to pacer now there's a whole argument of people saying that pacer should be free because it's federal information I'm not going to have that argument that's for another time class but pacer is really cheap I

think it's like eight or ten cents a page and they only charge you if you rack up 15 yeah that's mine with five minutes left I can sorry if you rack up fifteen dollars or more in a quarter it'll charge your credit card but otherwise you just keep someone on file or keep a gift card or something like that on file and it's long ago over $15 in the quarter it's a free resource kenley and Bailey Canada and Britain and Ireland basically the same thing except theirs is more free than ours so and then on the Bailey site there's actually even more resources in on continental Europe so again if you're looking for legal information pacer Kenley Bailey

and actually my my next my penultimate slide is okay rather than Amazon is great don't get me wrong I like Amazon too but if you're really trying to find out whether or not a book or publication exists go to the source go to the library congress catalog loc.gov they have a copy of everything they will be able to tell you so rather than try to you know sift through all kinds of pages of of amazon and other resellers go to the source it's just going to tell you whether or not something exists because i can believe me i've been on many wild goose chases of someone requesting a book that never existed that's your that's a resource to go to

is the Library of Congress and so we have about five minutes left so I left this for questions or if somebody had a resource that they wanted to share with the crowd and actually while you're thinking if you have questions let me go back and I'll show you some of those slides from the beginning okay so that's my pretty first slide that's the quote so I wasn't lying that's the landscape all kinds of stuff here some of these you may know some of you may not there's the cool graph I got from statista and there's what statista looks like and there's and there's my reminder just talking about the blog post and there we go full circle so

awesome thank you for being so patient and while we have this unusual presentation does any have any questions all right well hit me up on the Twitter's and InfoSec Sherpa thank you so much [Applause] you