Building Better Habits: Security Awareness

Welcome to Building Better Developers, the Develop-a-Nor podcast, where we work on getting better step by step professionally and personally. Let's get started. Well hello and welcome back. Welcome to season 23 of the Building Better Developers podcast, also known as Develop-a-Nor. Actually, it was Develop-a-Nor first, but I digress. I'm not going to digress by saying I am Rob Brodhead. I'm one of the founders and one of the hosts of the show. Obviously, I guess one of the hosts. That's probably like needlessly, just needless to say, and also a founder of RB Consulting, where we don't do podcasts. We actually, I guess we do blogs. We do newsletters and stuff like that, but you're not going to see my pretty face unless you're a customer. Usually, you don't want to because that means that you've already run into a situation where you've got technology issues. Your stuff got out of hand. You don't know what you've got. You don't know where you're going. You may question the team that you've got right now. Those kinds of things that are technology pain points, that is what happens when you have technology sprawl, whether you just, as we talked about last season, where you're not getting your documentation together, you really don't know what you have. We come in and help you out. We can assess stuff. We do, and we find a way to make it easier for you through simplification, automation, and integration. It's like take that big mess of stuff, clean it all up, make it work together, polish everything up, give you some documentation and a sort of a map of like you are here and let's talk about where you want to go. That's RB Consulting. That's what we do. Reach out anytime. Good thing, bad thing. Moving on through this. I'm going to go with the family kind of stuff. We have got, I get confused on this, because it would be a niece-in-law that has got a 21st birthday that just had that and is now coming into Nashville area for several days to go enjoy that. It is a full several days. Wife's been around doing a bunch of stuff with her. We're going to do some things with them today. We're going to do some things tomorrow. This is Saturday. We're going to do, you know, fill our weekend. We're going to have a big, our basically monthly family gathering of everybody, getting together, hanging out, eating food, stuff like that. So that's a good thing is just enjoying life. Bad thing is this goes back to like incremental and momentum and, you know, keeping up with stuff. As I looked the other day and I was like, I am due for an oil change, but I've got too much stuff going on. I'm like, I have got to find time. And with all this family stuff that go get an oil change. So, you know, first world problems, maybe, maybe, maybe, but on the other side, somebody that does not have first word, gosh, I came and speak today. Michael, introduce yourself. Hey everyone. My name is Michael Mollosch. I'm one of the co-founders, the developer and founder of Envision QA, where we help companies unlock their software potential through a comprehensive software quality assurance review and test services. You know, you can discover how all the areas of your software development teams from sales to QA can enhance customer satisfaction and improve software quality right from the initial conversation with their users. So don't neglect testing. Good and bad. A good thing this week, moving on with current customer, making some progress, completed another big milestone and we're getting ready for the next phase of work. So that was a huge lift and ready to get the next part going. Bad. Not too much bad. Only bad thing is daughter, unfortunately, got her flu and COVID shot at the same time and was out. So I had to help her a little bit yesterday. We as I mentioned, are starting the new season, season 23. And this season is going to be our folks going to be building better habits. We are going to talk about, we talked about the developer journey last season and some of the things that you need to do along the way. We're going to get more actionable this season. We're going to talk about things in a way we're going to have a topic we're going to look at. You know, maybe it's a skill set or a tool or something like that. And how do we build these into our life? How do we utilize these to become better developers? So we're going to talk about a lot of different skills and we're probably going to touch on some areas, potentially touch on some areas I think that you they're going to be new to you where you're going to be like, ah, yeah, I probably should know more about that. I should spend more time on it. As an example, because I think that's a great way to start the season as we're looking at what we've got ahead. I think I want to talk about security awareness because this is something that actually can affect anybody. It's amazing how often that some of these these phishing scams and things like that are successful, particularly when you get into social engineering stuff and how revelant they are. It's like if you if you've got a little bit of an eye for it, you know, looking for is amazing how much that stuff is out there. So it's really easy to you know, you could trip and stumble and next thing you know, it's like boom, you've had some sort of a hack or something like that. So and particularly us because we are technical people in general, I think a lot of us feel like I got it figured out. I know how to like see where that email address is coming from or something like that. So I know, but we can still have those moments. So I think one of the things this will be I think we'll use this as our example to start off and instead of doing like we're normally going to do a seven day challenge. I think this is something to because it's not a daily thing maybe as much is put it on your calendar for like say seven months or I would say for the next year is go just like you know, right now you can action item put it on your calendar somewhere, pick a little bit of time, probably I would say at least a half an hour to just explore security awareness. And the way you can do this is go use your favorite search engine and look for security awareness tools or vendors. And most of them have some sort of free content available. Sometimes they've got stuff that's just you know, it's always available. They've got some evergreen stuff and things like that. A lot of them will run specials. They may have a little trial period or something like that. So you can check out a few things and they do for most part. They tend to update those regularly with some of the latest things and scams that are out there. I think that is a great thing to do for all of us on a regular basis. It's one of those I've looked at these. I've gone back to security awareness vendors on multiple times over the years. We'll talk to a lot of customers about them have not implemented a plan yet at RB. But that is one of the things that I think is that is definitely on my my roadmap of things to do is once we grow a little bit more as we will probably have a security awareness program that we hit on on a regular basis because even as a you know, somebody that is is I would say I'm not a security guy, but I am fairly aware of those things because I do go back to these on a regular basis. I hear a lot of horror stories from customers and even people I meet in the street. So I sort of keep up with it. But still, it seems like every time I go back through, you know, one of those kinds of awareness programs or I look at stuff, there's something new out there. And it's not something that's been me. It's maybe something that's not even on my radar or something like that. But it's kind of it's the the scope, the audacity. It's one of the things that are out there is amazing. And it is informative if not for you. I think it's something so that you have that on your radar so that when you're talking to family members and coworkers and things like that, is to just sort of like drop those little nuggets occasionally and say, hey, by the way, you may want to double check that because there's a scam going around that is that. And you'll see it a lot on social sites, whether it's your your Facebook or one of those kinds of things where you'll see people talking about, hey, is this a scam? And it's actually it's a great way to check on stuff is like, hey, I got this. Is this a scam? And if it's not great, but you can get stuff that looks very scammy. I actually got something as an example before I throw it over you, Mike. I want to get an example as I got a bill that was a tax bill that from the state that they hadn't sent me, they had sent me, but they'd sent it to an address that I hadn't lived at in like 20 years. And they had sent this like once a year for, I don't know, for for 10 years. It was like it was insane how long they'd done it. And they'd never reached out to me. They finally decided that after all these years and this that 10 years ago or they whatever it was when they did it, the place they were sending it to, I hadn't lived in 10 years before that. So I don't know why they even had that address. I don't know why they weren't sending stuff and then suddenly were. But they never reached out by phone. They never reached out by email until after a decade. And they said, oh, by the way, you've got like all this stuff, all these like back filings that you need to do. And it wasn't a big deal. It was like, I know, 100 bucks a filing or something like that. It wasn't huge, but there was a bunch of them. And the funny thing was they didn't have the they didn't have the ability for me to even submit all of those. They were like, you got 10 of these and we're going to find it. Like, wait a minute. You never notified me. And we walked through all this stuff. The key to this, though, was I got an email out of the blue that was just like, hey, this is what we are. And so I was looking all I researched the heck out of things like, is this a scam? I finally went and looked. I looked at the phone number and it was like, oh, hey, this is a valid phone number for a department that makes sense. I looked at the email address and I was like, OK, the email address that it says looks good. Everything seems like legit. So I actually sent them an email and said, hey, or maybe I left a voicemail. I can't remember which one. But I was like, hey, I think there's a scam going on that's related. They're using your information because I have no relation to any of this. And it looks like it's a scam. And ended up going back through stuff and talking to them and found out, oh, no, it actually is legitimate. And I had to go through like eight different channels because I didn't want to be, you know, something where I say, hey, you're scamming me and the scammer says, no, I'm not. This is legit. So one of those things where you want to be aware and sometimes you will be you will overdo it like I did, maybe. But it's better to overdo it than underdo it and get bit by it. So what are your thoughts on? Actually, I guess it's first because I've taken up all the oxygen in the room. I can go ahead and write your thoughts on the season ahead and then maybe your experiences and some thoughts on security awareness. Yeah, so the building better habits, I think, is going to be a great. Task for us and our listeners to really better themselves. I like your pivot that we start out with security in part because really near and dear to my heart, a family member actually got scammed and lost a lot of money through a social engineering hack, so to speak. And it really I guess the hokey movie that I can relate it to is if you watch the movie Beekeeper, that happened to my family member or something similar to that, where they got some spyware on their computer, their machine locked up. They basically ransomware and they took over and they she called and it just was bad. With the idea of reviewing your security profiles, you know, what's out there, you know, what kind of security hack scams are out there. The other thing I would kind of add in with your task or your challenge there, Rob, is to also review all of your online accounts, make a list of all your user IDs, all your passwords, put those in something secure like key pass, password one, whatever, add that to your list. Now, that's not something you want to do once a year. You probably want to do it every 60 days, 90 days, maybe go through and review and update your passwords. Also, be careful not to use the same password for multiple financial institutions. If you get hacked at one or they get hacked, they potentially could then get into all your other financial institutions and drain your accounts. You don't want that. The other task with that I would recommend is keep as you're doing this review, like Rob suggested, make sure you use your tools. Most browsers nowadays will tell you if you've saved your password, hey, your password has shown up on X and X hack or your email has go change those passwords. Don't ignore those. Go out to those sites. Legitimately go to those sites. Don't click emails. Don't go through website. Go to the email or go to the actual site. Like if it's Facebook, go to Facebook dot com. Don't click the link in the email. Go to the dedicated sites. You will find nine out of 10 times email communication or text of some sort saying that your account has been compromised is probably social engineering or a hacker trying to get your information. When in doubt, go straight to the source, make your changes there or contact the institution that's reaching out to you. Like Rob said, he went through and did the research. Anything governmental, they will not call you. They will send you a letter, then call go online or call your local government office and ask them who to talk to. Don't go through the communication, go through them and nine out of 10 times you'll find that it's either valid or it's a scam. But that's the quickest way to kind of rule out any third party mediators. Go straight to the source. Go ahead, Rob. Sorry. Oh, nothing. Go ahead. You look like you still you were on a roll. I did not want to get in the way of your momentum. So the other thing, too, and I've noticed this like you, Rob, more and more is, you know, not just mail, email, but I've started getting more and more calls and texts from random sources, which is strange. Now, if you have an iPhone, you can actually block a lot of this. I think Android Samsung's getting better at that. They've added some new security tools. Look at your devices. You know, if you have an iPad, an iPhone, Apple, there's so many security things you can turn on that are built into the device to protect you as a consumer. Turn those on. Yes, they may become an annoyance at the beginning. But once you realize the value, do it. Microsoft, especially. There are so many viruses targeting PCs. Make sure that you are protected. You know, get those antivirus software's get those spy blockers. You know, put those tools on your computers. You know, that is a part of this security review that we're talking about. Make sure that you protect your machines and your data. You do not want to be one of those people that are victimized by a ransom hack or ransom attack where you can't get to your information and they're holding you hostage, especially if you're a big organization or building or company. What are your thoughts on that, Rob? I agree. I think those are it's this is part of the habits. I do want to point out that this is typical of a of the professorial background that Michael has is that we say here's your homework and then he adds three other homeworks on top of it. And I may or may not be anti academia. We will leave that as just a let the let the jury decide that let the public decide. But those are all very key things. I think in particular, and this is why we do this. This is why building better habits is one of the things we're going to talk about. And this is why I mentioned. Let's go ahead and start with security awareness and do this on a regular basis, because the things that Michael just listed out are the things that you're going to see probably in every single security awareness program. They're going to talk about things like password complexity. Don't use password or one, two, three or your dog's name or something super simple like that. Use something. Use complex stuff. There are tools to generate insane random passwords. Utilize those things. Utilize multifactor authentication where you can. It's not going to it's not the be all and end all. But boy, it will help a lot. And it is very easy to put that into almost anything that you're dealing with, especially if you're building something. Go ahead and utilize that. If you if you're tired of doing things and you like, I've got too many things that I've got to connect to, then work on like, you know, learn about single sign on and some of those kinds of things. Those steps are all very useful steps to protect yourself and your your data, your company, your family. There's a lot of these things that's just it again goes to let's build better habits. Let's have these things on in our mind on a regular enough basis that we can take some of these and we can build on those habits and say, oh, yeah, I need to look into this regularly. For example, if I'm going to do a monthly security awareness catch up, part of that may be I'm going to go look back through and see is there some passwords I need to change or there, you know, there's some sites that I need to close down or, you know, in my subscription. Am I getting too many stinking emails from somebody? But yeah, those kinds of things I think are going to be very valuable to you moving forward, which are why we want to do this this whole season really is to say there are these things that we. Way too often, I think we sort of feel it's like a it's a one and done or, you know, maybe a one or two off and you just sort of do it and it's like, OK, I'm done with it. I've like, I've learned that or I've I can check it off my box. There's a lot of these things that we actually do want to revisit on a regular basis because things change because we want to stay current with whatever that topic is your thoughts. Yeah, and the other thing is you're working on building these habits, you know, keep track of them, you know, go. Spin up a notepad or spin up a wiki and start keeping track of these things. Keep a journal, as we've mentioned in the past, as you build these habits, write them down, keep track of them as we go through the season. And the final thought on security awareness is also if you're a business, look in your industry because there might be some additional governmental security things you need to be aware of as well. So as I guess we've given you an action, I want to give you a little bit of tools. I did talk about just go out and do a query on like security awareness programs. So I'm going to give you two things here. One, this is even bonus material. Everybody gets this one. I've in the past and I've recently it's probably been a year or two. I think the last time I updated this is I've done some some research into the the SA security awareness world for some of my customers. And I have been able to as part of that and some of the conversations, it's probably going to be a little dated, but I was able to get things like pricing information and some comparisons like what do they provide? What don't they provide? What? And there is a when you get into this world, there is a lot of stuff that they may or may not provide because some of them also have like learning management systems as part of it and things like that so that you can as an organization build your own content into this program. They've got some of them gamify it. Some of them have some sort of a you know, it's more of a like checking off a list and making sure that you do regularly like, you know, review the material or watch the video or whatever, whatever it happens to be. Shoot us an email at info at developplanora.com and say, hey, I would like to see your, you know, that security awareness program summary or overview. You can take it with a grain of salt because it may or may or may not fit your organization, but I will be glad to put that together and send that out to you. A couple of names to just go with if it's too hard to search first. So the companies that stick out in the past is Know Before, K-N-O-W, the B-E and then the number four. They do it and they have a pretty they had a pretty good they were like pretty good price wise. I think they tended to be on the lower the lower cost and had a pretty solid just security awareness program. Mimecast is one that had a lot of good features to it is one that I remember being a I think it was actually a winner for the one customer that I was working with. And InfoSec is another one that they send stuff out on a regular basis. And I and I think the InfoSec I'm pretty sure always does every year there's a security awareness in October. And I think there's another month that they send out just sort of like a free, hey, we just want to make people more aware kind of packet so you can get on their email list. Know Before, I think, does that as well. And I'm trying to remember there was another one that disappeared, I think, now. It used to it was like, I don't see them as I'm looking at a search. It was like Security Ninja or something like that. I wish I can remember what that was. We know what I'm going to do a quick check there. Ninja. What was it? It made Ninja. There we go. In I in J I O. And there's was like just some really fun videos. It was really good stuff around security awareness. And it was again, it was a little more expensive, but it was I think they were the ones that. It was like it felt like a Saturday Night Live skit was a lot of their security and stuff like that. Or I'm sorry. No, there's are more they're animated, but it's usually three or four minutes of a good little cartoon. Basically, it walks you through some of those programs. So that's some bonus material for you. There's some there's great places out there. So that's your your homework as we come into this season is let's start off with go spend a little bit of time and get more aware on security. Awareness stuff is understand what's out there. Take a look at a couple of sites, you know, throw it throw like a spam friendly email address where you're just like, hey, I just want to get download some of their packets because you can. There's going to be some information there that's free. There are also as you do the searches, you're going to find I think there is a couple of sites that have free material they provide as well. So you may just want to dig into into that. That being said, it is time for us to wrap this one up. Not the season. We just did that. This one we're just wrapping up episode one of season 23 where we're going to be building better habits. So I'm really looking forward to this actually since Michael threw this out months ago. It's like, hey, how about this? I have glommed onto it and said, I'm really looking forward to this season. He's going to be a really fun one and it's going to be very useful for us. So as always, shoot me an email info at developer.com check us out at developer.com and go ahead and fill out our contact us form. We're out on X. You can go at developer if you want to see sort of what's going on there. You can go catch us on wherever you get podcasts. You can subscribe to the podcast wherever you get YouTube, which is YouTube. You can go to YouTube slash developer and you can go check out the developer channel where you can watch these things and also all of our prior material and future stuff. Because at some point we'll be getting back. We hate we do occasionally put some like tutorials and things like that out there as well. That being said, we're going to wrap this one up. Talk to you next time around. So go out there and have yourself a great day, a great week, and we will talk to you next time. Thank you for listening to building better developers to develop a newer podcast. You can subscribe on Apple podcast, Stitcher, Amazon, anywhere that you can find podcasts. We are there. And remember, just a little bit of effort every day ends up adding into great momentum and great success.