On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.   Blue Cross Blue Shield of Alabama sends out USB sticks Security elitists up in arms We've taught people to be suspicious - don't click, don't open docs, and don't use USB -- So how do we get our clients content? To my fellow security professionals- it's reckless to continue to stand with a firm "no" while offering no alternatives So what do we suggest? More important - what threat model vector are we saying that blocking the sending out of USB sticks would defend against? https://www.theregister.co.uk/2017/07/12/blue_cross_usb_card_mailers/ MySpace has a major account password reset flaw, allowing account take-over Wait ... MySpace is still around? But seriously, to exploit this last ditch feature for those who've forgotten everything else all you need is the listed name, date of birth, and username How many of our sites have this problem, or worse? https://www.wired.com/story/myspace-security-account-takeover/   This week we bring Shon Gerber onto the show to talk about defending the SMB and SME. Here are some of our talking points: SMBs/SMEs are uniquely challenged in that they can't afford good security any more than they can accord lack of security -- what's the answer? How do we achieve scale, in an area of industry with razor thing margins and tiny profit margins SMBs/SMEs are more likely to be catastrophically affected by an attack such as ransomware than big companies -- agree or disagree (#DtSR on twitter to talk back) Other challenges - including how to achieve scale   Guest: Shon Gerber Current CISO for multinational chemical company with approximately 10K employees Recent Past Security Operations Supervisor for multi-national company 100K employees  Senior Security Architect with multi-national  Air Force Red Team - Squadron Commander Multi-Disciplinary (Physical / Network Penetration Testing of Critical Systems)