From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 477

Episode Audio

Recorded: August 18, 2016

Listener Feedback: To Be or Not to be A Contractor - 6:00PM-6:30PM

Hey Paul. Long time listener, first time caller.

I have a question about my career development and would love your input and the input of your guests.

I have been working in IT security for the last three years as an employee. Recently I've been filling in as a fixed term 
employee and my term is coming to an end.
My manager had talked to me and he is unable to bring me on as a permanent employee due to a head count and wage freeze. 
He is working on getting approval to bring me I as a contractor, potentially at a higher rate.

I've never worked as a contractor before. I know I will have to incorporate and that I will be working through an 
employment agency due to procurement requirements.

I have spoken to other contractors at the company, but I would love more input to help decide if this is a 
good career move for me.


  • If you are looking to get started in security, should you be a contractor?
  • What are the pros and cons of being a contractor in the security industry?
  • What precautions should you take as a contractor in the security industry?
  • How should you promote yourself as a contractor in security?

Security News - 6:30PM-7:00PM

Paul's Stories

  1. What Mr. Robot Can Teach Businesses About Security
  2. "Unsecured DNSSEC Easily Weaponized
  3. GPG Patches 18-Year-Old Libgcrypt RNG Bug
  4. How to disable WPAD on Windows so hackers can't hijack your computer
  5. Hacker Jeopardy: When manhood is the question at Defcon - CNET
  6. Snowden Thinks Russia Hacked The NSA
  7. Baltimore Police Accused Of Illegal Mobile Spectrum Use With Stringrays
  8. Iran Investigating Possible Cyber Angle On Oil Fires
  9. Kaspersky Uncovers Malware Riding On The Back Of Google Adsense
  10. IoT Sockets Make For Another Big Security Problem
  11. People Ignore Security Alerts Up To 90% Of The Time
  12. Is Russia Hacking The US Election?
  13. Fortinet Follows Cisco In Confirming Shadow Broker Vuln
  14. Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities

Larry's Stories

  1. Weak RNG weakens PGP
  2. MongoDB fail - Don’t forget to sanitze your inputs…Chatbot gets mongo commands, and dumps the database…I’m so trying this.
  3. Shadow Brokers, Extra Bacon - Woah. EXTRABACON and FALSEMOREL together doe. Also this.
  4. Powershell to go open source, bringing to Linux, OS-X - wait, what? Is it April fools day?
  5. Stingray dusrupting calls

Jeff's Stories

How PCI Acceptance Has Improved Security [1] The PCI Council is celebrating its 10th anniversary this year. Has PCI helped? Hindered? Just been a nuisance? What is the future of payment security?

[2] NSA Hacked?

Interview: Alex Horan - 7:00PM-8:00PM

Alex is a security focused IT professional with strong experience leading and motivating IT teams and departments. He is experience in project management, meeting with customers, prospects and analysts to determine best areas of development and effective at communicating the needs from those communities to engineering teams. And understands the balance needed between providing a secure environment and allowing an organization to perform their business operations. He has presented at large conferences for both technical and managerial audiences.

  1. Three words to describe yourself.
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.