Aug 14 2020 37 mins
Show Notes:
Links:
Whirly Board
OWASP Top Ten
Detectify
Kolide
WWIV
Trade Wars
Security Researcher Hall of Fame
Full Transcript:
Josh:
Yeah. It's called a Whirly Board and it's a local... Well, not local. It's a US small business apparently that makes them. I forget where they're located. Not in Washington. It's like a skateboard. There's I've seen other balance boards that are made for standing desks, but none of them have the... This has also side... You can balance on the edges of it as well so you can rock back and forth between the outer edges and balance.
Starr:
Oh, that's really cool.
Josh:
Apparently you can do a tricks. You can 360.
Starr:
Of course you can.
Josh:
And... Yeah. You can ollie.
Starr:
So I was imagining literally a skateboard on top of an exercise ball where if you lost your balance it would just fly out from underneath you.
Josh:
Yeah. This is not... One of the big exercise balls?
Starr:
Yeah. Yeah, exactly. One of the big ones.
Josh:
No.
Starr:
You probably wouldn't have enough ceiling in your room to... The ceiling wouldn't be high enough to-
Josh:
Yeah. It would not be. Yeah.
Starr:
Well, that's cool. So that's supposed to work out your core or something or give you a better balance?
Josh:
Yeah, I think all of the above. I more just got it to give myself something to do while I'm standing. It's kind of fun. It's a sport you can do while working at your desk.
Starr:
Oh, that's cool. Sometimes at my standing desk I find that I'm fine. I find that I'm standing, but I'm standing in this very rigid way. And I have to remind myself to not do that. So maybe that would help.
Josh:
This definitely stops you from doing that. You have to... And I think this one is very... It's not stable at all so it's probably on the more unstable end of the options out there.
Starr:
I was trying to work that into a sick burn against, I don't know, Node or something, but-
Josh:
Put it in there somewhere.
Starr:
... couldn't do it in time. I'm a little bit tired. Feeling a little bit tired. So on Thursday... Wait. Yeah, Thursday I took the day off and drove down to San Francisco. It was a 13 hour drive. And then I had a-
Josh:
Pretty good time?
Starr:
Yeah. I had appointment, came back the next day and another 13 hour drive. I didn't really sleep very well. I mean, honestly, it wasn't as bad as I thought it would be. It was very long, but I've done that before. It's about the same distance from the bottom of Texas to Guadalajara, which I've driven several times.
Josh:
Yeah. It's not too bad.
Starr:
It's boring and you feel like mush. You feel like oatmeal after the end of it, but...
Josh:
Yeah. Get a good audio book or podcast or something.
Starr:
Yeah.
Josh:
I mean, our podcast doesn't work well for long road trips because our episodes are 30 minutes.
Starr:
I just binged our own podcast the whole way down there. I just binged it. It's so bingeable.
Josh:
So you binged on the way down, and then you binged it again on the way back?
Starr:
Yeah. So my biggest travel tip that I... Something I did different this time. It really probably only works. I mean, maybe you could swing this if you're flying. The reason I drove instead of just taking an easy one hour flight is that I don't want to die. And that seemed to be the less lethal option at this point. So I was able to take my yoga mat. I don't do really complex yoga, but just having this ability to stretch after I arrive at a place after driving many hours and, I feel much less pretzelified than I normally would after a trip like that.
Josh:
That's a good idea.
Starr:
Yeah.
Josh:
Did you go down by The Golden Gate Bridge and just out on the beach and stretch at dawn, do some yoga at dawn on the waterfront?
Starr:
I'll let you imagine that. Yeah. That's a great image. I'll let all of our listeners imagine that, that I have that kind of life.
Josh:
Yeah.
Starr:
That sounds wonderful.
Josh:
Yeah. I've done that drive more times than I probably should have.
Starr:
Do you all mind if I cross promote my Insta on here? I'm just kidding. I don't have an Insta.
Josh:
You're a lifestyle influencer?
Starr:
Yeah.
Josh:
Yeah.
Starr:
So yeah. What are we talking about today?
Ben:
I was just thinking about security in the context of our compliance work, which thankfully is just about wrapped up. I checked on the auditor portal this morning and all of the evidences have been accepted.
Josh:
Yay.
Ben:
So now I think it's just getting the final report written is the only thing left for them to do. So I'm pretty excited about that.
Josh:
You knocked those out fast, Ben.
Ben:
Well, it only took, what, several months of preparation to get to that point.
Starr:
Fast.
Josh:
Yeah, the last couple of weeks it seems like you're like, yeah, they gave me another list of 40 things that we have to do. And I'll maybe get to them over the next couple of months. And then a whole week of doing things, and then it's ready.
Starr:
You posted a screenshot and it was all gameified. It looked like Xbox achievements or something.
Josh:
Oh, right. Are you going for HIPAA now?
Ben:
Oh man. I so want to. You have to envision this since you're listening to this podcast, but imagine a dashboard that shows you circle charts for completion. What we're working on, and what we've been working on, the compliance is SOC2. And on our dashboard for the auditor's tool, their web based tool they use to track all this stuff, there is a little circle chart that shows you what your completion is towards your goal of getting SOC2 compliance. Well, next to that chart are other charts that show you what your progression is towards other compliance games that you could use, like HIPAA or ISO 27001. And it's totally game mechanics, psychological kind of thing, where they're like, "Hey, look how close you are to this other thing that you could also do and spend a lot more money and time to get compliance certified for." And it just made me twitch because I'm totally a sucker for that sort of thing. I'm like, oh, I could get that, and I could get that. Yeah, it's been rough. I have to resist the urge to double down and do HIPAA and other things like that.
Josh:
Yeah. Does SOC affect... If a medical business needed to use us that needed something... I don't know. Does it help us at all in the medical field, or do we need to go for HIPAA if we're going to deal with that?
Ben:
HIPAA, like SOC, there's not a checklist of things. It's a bunch of guidelines, and-
Josh:
Yeah.
Ben:
There's a bunch of guidelines, and you need to assure an auditor, and your customers, that you adhere to certain practices and procedures that make you a secure organization. So there is a lot of overlap. So, for example, that percentage goal thing that they showed in the dashboard. When it was showing SOC2 is 87% completed, it was showing HIPAA at 82% complete.
Josh:
Yeah.
Ben:
So there is a lot of overlap there.
Josh:
Okay.
Ben:
But the way that, typically, I think we will handle that, instead of just going for a full HIPAA ce...