Antisyphon Training Anticasts | The Absolute Truths of Cybersecurity with Doc Blackburn

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

DANGER AHEAD.

In this bold, no-nonsense talk, instructor Doc Blackburn will reveal the Absolute Truths of Cybersecurity, hard realities that challenge everything you think you know about “being secure.”

🛝 Webcast Slides -
https://www.antisyphontraining.com/wp-content/uploads/2026/04/Absolute-Truths.pdf

Join us for a free one-hour training session to learn why security isn’t a product, why prevention is a fantasy, why encryption fixes almost nothing, and why your biggest risk might be you.

You'll learn to see your role differently — not as a gatekeeper, but as a mission-enabler, risk translator, and resilience builder.

This Anti-Cast isn’t about firewalls or frameworks. It’s a total reset on how we view cybersecurity.
Chapters

(00:00) - Intro - The Absolute Truths of Cybersecurity with Doc Blackburn
(03:40) - Vera's Origin Story
(08:19) - Learning Security?
(10:08) - Security isn’t what you do!
(11:17) - 14 Truths of Cybersecurity
(12:59) - Truth #1: There is no such thing as security, only varying degrees of insecurity.
(15:26) - Truth #2: The network doesn't exist to be secured.
(21:29) - Truth #3: When security gets in the way of the mission – Security is wrong, not the mission
(22:54) - Truth #4: Prevention is ideal – Detection is a must. Detection without response is useless
(28:43) - Truth #5: Security must always be driven by business need
(31:04) - Truth #6: Security is a cost center, not a profit center
(34:04) - Truth #7: Security is a process… not a product
(35:58) - Truth #8: You cannot process encrypted data… EVER
(38:42) - Truth #9: All good security is custom-fit Compliance does not equal security
(44:28) - Truth #10: In security, the most dangerous thing in the world is what you think you know.
(47:14) - Truth #11: You cannot secure what you do not control
(49:49) - Truth #12: You cannot prevent what you allow
(51:02) - Truth #13: Security is, first and foremost, a people issue
(53:24) - Truth #14: Some things cannot be fixed They are simply reality
(59:11) - WORKSHOP: How to think like a Cybersecurity Defender

Credits
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Creators and Guests

Guest

Bronwen Aker

Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.

Guest

Doc Blackburn

Doc Blackburn is a seasoned (old) cybersecurity instructor with decades of experience in IT, security, and compliance. Over his career, he has worked in many areas of IT, including systems administration, programming, network design, cloud services, web development, and risk management, bringing a broad technical foundation to his teaching. For more than 13 years, Doc has trained students and professionals to understand, implement, and maintain effective security practices, drawing on real-world consulting experience in compliance frameworks such as NIST SP 800-171, CIS Critical Controls, and MITRE ATT&CK. Known for making complex concepts accessible to all audiences, he blends technical depth with practical insights, preparing learners to address today’s evolving cyber threats.

Guest

Mark Williams

Producer

Ryan Poirier

What is Antisyphon Training Anticasts?

Podcast audio-only versions of weekly webcasts from Antisyphon Training

Ryan Poirier: 00:12

Hello, everybody. Welcome to today's Anticasts for Antisyphon Training. We've got Doc Blackburn here. He's gonna lead our feature presentation for today. Along for the ride is Bronwen and Mark.

Ryan Poirier: 00:25

They're gonna they're all gonna participate in this webcast. It should be a lot of fun. I hear there's a there's a trivia or something going on later on, so there's a little bit of teaser for that. And I'm gonna go away in the back stage myself and let the three of them take it over. So good luck.

Ryan Poirier: 00:46

Break a leg. It's all yours. Thank

Doc Blackburn: 00:51

you so much, Ryan. Hello, everybody. I'm Doc Blackburn, and I'm sure if you're watching this later or you're watching it live right now, you're already noting noticing a disconnect because the the talk I I I forgot what what we're calling this. It's the it's the absolute truths of cybersecurity. And you're also seeing on my screen the title says how to think like a cybersecurity defender, and you're thinking, wait a minute.

Doc Blackburn: 01:20

There's a disconnect here because the the title of the talk and the title that's on the screen isn't making sense. And you're right because this anticast is actually it's an infomercial. It's better than an infomercial. But let me tell you what what it actually is is I have a four hour workshop that I will be presenting on Friday next Friday, not this one, but a week from now. And so that what's the date?

Doc Blackburn: 01:51

Somebody throw the link into a Discord for us there. And I'm pitching that by also teasing a part of the course. And so what you're literally getting here are the first I believe it's the first 21 slides of that, of that course, of that four hour workshop. And so how's that? Free content for everybody.

Doc Blackburn: 02:19

Right? Isn't that cool? Free is good. I know. Free is a great price.

Doc Blackburn: 02:24

And the when I was putting together this presentation, I was thinking I needed to create a separate slide deck for this so I could put the right title up and all of that. And I said, no. Forget that. What I'm gonna do is I'm literally just gonna teach off of the slides that are in that workshop. Alright?

Doc Blackburn: 02:48

So that's why we're seeing that disconnect there. So I've got a lot to talk about. I've got my two buddies here, Mark and Bronwen, to help argue points with me on these things. So let's go ahead and get started. Now all of this on their side, on Mark's side and Bronwen's side, is probably going to be very, off the cuff and, not rehearsed at all because they haven't seen the slide deck yet.

Doc Blackburn: 03:15

They don't know what's coming up. And the ink is still wet on the slides for me, so I barely know what's coming up. I literally finished this part of the course last night about twelve hours before now. Yeah. So it was midnight here where I'm at when I was finishing that up.

Doc Blackburn: 03:40

But I'd like to start by telling you guys a story. This story is very familiar because it is I'm gonna introduce two characters, and these two characters are an amalgam of people that I have met over my career. First, we've got Walter. Walter is he's an old guy. He is a seasoned cybersecurity professional.

Doc Blackburn: 04:09

And he's retired, but he has this neighbor, Vera. She's a she's a young woman who grew up next to him. She was born in that house. Oh, by the way, there's something that I want to I wanna put a poll up in Discord, and I want to you folks to tell me what city does Vera and Walter live in. Alright.

Doc Blackburn: 04:39

So if we could put that poll up and so people could vote, we've we've got some cities that are possibilities there, and I've already got answers coming up. I'm not gonna validate anything yet. But Vera has grown up next to Walter. She he's watched her grow up and all of that, but now she's a young woman. She's got a job at a help desk, and she just recently was promoted.

Doc Blackburn: 05:08

Her manager at the help desk saw that she had a lot of potential and not a lot of experience. So there was an open position at the company that she was interviewing for. Her manager recommended to her that she should try out for this junior cybersecurity analyst position. And she got the job. Great.

Doc Blackburn: 05:34

So now as we, as I was introducing that story, we've got a bunch of different answers here. We I didn't see the poll go up, but I see a bunch of different answers, a lot of different cities there. And then yeah. So we've got it. Viper Nile got it by posting posting that that great GIF of the of the baby cheering with a Pittsburgh Penguin's jersey.

Doc Blackburn: 06:02

And so those who and Bram s l I one, I believe. And then we've got Zaff and Avalon Hawk and n a n a h. Thanks. I'm I'm do you know what? If I'm totally v host, also, if I'm messing you guys names up or whatever, I'm I'm sorry.

Doc Blackburn: 06:23

I'm just I'm reading these without my glasses, and they're making me do so because when I put my glasses on, my screen reflects off the glasses. So sorry, folks, if I don't see And oh, and Cheddar is here. Cheddar is always at all of my talks. Cheddar, do you go to all of the Anticasts events, or are you just always going to mine? Because he's always there.

Doc Blackburn: 06:47

Oh, Chet Cheddar says yes to he goes to all of the Cheddar?

Bronwen Aker: 06:52

He's he's always here. He's he's one of our our sanchard fans.

Doc Blackburn: 06:57

Yeah. But Love to have love to have you here, Cheddar. Always. Cheddar, it's awesome to have you here, but you really missed an opportunity there, Cheddar. All you needed to do was lie to make me feel better.

Doc Blackburn: 07:11

The right answer would have been, oh, I just attend all of yours, doc. Alright? And nerfs. They see nerfs got it. I only show up to yours, doc.

Doc Blackburn: 07:23

Exactly. Nerf, you are now my best friend. Yeah. Okay. Alright.

Doc Blackburn: 07:27

So now that we've got that. Told you this is gonna be fun. Right? Wait. I didn't say it.

Doc Blackburn: 07:31

Ryan did. And so far so far, we're having a good time. So Fira gets promoted, and she has no idea what a cybersecurity analyst does. So what does she do? She starts reading books.

Doc Blackburn: 07:45

For those who are old enough to know, what we used to do is print out web pages and bind them together under a cover, and so you could read the Internet on a printed page. I know that's that's way too archaic for you guys. Who the heck reads books anymore? Well, Vera is reading books on cybersecurity, and she's walking home. And she's got so many books.

Doc Blackburn: 08:12

Yeah. She's got a backpack with books, and she's also got them in her hands as well. And Walter's like, hey, kid. What do you got there? And Vera tells him, I got a promotion at work.

Doc Blackburn: 08:23

I'm going to be a cybersecurity analyst. Now what Vera didn't know about Walter, because for as long as she's known him, he's just been the neighbor next door. Right? Walter says, cybersecurity. Well, did you know that's what I did?

Doc Blackburn: 08:39

I I was and so this is something coming full circle, guys. Walter understood computery things a little bit when he enlisted in the army. And his sergeant one day said, hey. So so Walter, you understand about these computer things. Right?

Doc Blackburn: 08:57

Well, he's like, well, I've I've been in front of one before. Yeah. Well, you're now our computer, analyst because there's a computer in that box, you need to get that running. Remember, Walter and are they are amalgams of people that I know. All of this is true.

Doc Blackburn: 09:15

I'm not making any of this shirt up right now. All of these things are true. They're just different people for Walter and Vera, And I'm telling a story. Alright? But this is not this is not a made up scenario at all.

Doc Blackburn: 09:28

Walter learned computers because his sergeant told him, well, there's a box over there with a computer in it. You need to unbox that. And he got into security as well because what did the army want to do with that computer? They wanted to encrypt things. They wanted to be able to hide their communications from an adversary.

Doc Blackburn: 09:48

And so Walter was learning cybersecurity just like Vera did. Didn't know what he was doing at the beginning, was just learning it. Well, Walter learned a lot over his career, retired as a chief information security officer. And Vera's like, well, I didn't know that about you. That's really cool.

Doc Blackburn: 10:05

Can you tell me about it? Now Walter being an old kodgy fellow that's been there, done that, seen it all, a little crispy around the edges still from being burnt many times. He said, well, kid, the answers are not gonna be in those books you've got. Aker was wondering, what do you mean by that? And then Walter says, sorry, kid, but security isn't what you do.

Doc Blackburn: 10:36

Now if that doesn't get you excited about what this talk is going to be about, you might as well turn off your computer and leave right now because this is this is gonna be fun. Right? Now you see this introduction to cybersecurity, that's part of that course. Let's just get right through that slide. And I left this here because it's a good teaser.

Doc Blackburn: 10:55

We're gonna talk about the absolute truths of cybersecurity, But you'll notice in this introduction to cybersecurity section, we also talk about things like the principle of least privilege, the CIA triad, prevent, detect, respond. We're gonna focus on the absolute truths of cybersecurity as that teaser. Now I'm not the one who came up with the 14 Absolute Truths of Cybersecurity. Keith Palmgren did. Keith Palmgren is one of those figures who is Walter.

Doc Blackburn: 11:31

He's that codge of the old retired cybersecurity professional. He has he created these 14 truths that are immutable. They're absolute facts that we cannot escape in our industry. And he retired, and I consider him, for one, a friend, two, a mentor of mine, and he has graciously allowed the community to just use his 14 absolute truths, and so this is open source material. He's aware that I am teaching this, to others.

Doc Blackburn: 12:05

And the most fun about this is I like to argue with him about these things. And that's why I brought Bronwen and Mark on board, for this talk here is that we're gonna yeah. We're gonna argue in real time about these things. And so, I mean, Keith and I, we argue that's okay. I am okay with him being wrong.

Doc Blackburn: 12:30

So the truth still holds. Right? But are you guys ready? Is everybody online ready to get into the 14 absolute truths of cybersecurity? And I want you folks online to argue with us, Bronwen and Mark, if you could watch on Discord.

Doc Blackburn: 12:45

If people are bringing up points that I don't see that we really wanna talk about, let's do it. Here we go.

Bronwen Aker: 12:52

Got Discord up, I'm monitoring. So you're you're covered.

Doc Blackburn: 12:55

Bronwen. Truth number one pulls no punches. Right off the bat, here we go. There is no such thing as security. There's only varying degrees of the insecurity.

Doc Blackburn: 13:12

Boom. Wow. And we call ourselves cybersecurity professionals. And then we must acknowledge the fact that security isn't what we do. What is really true here is that and over the next two truths, so truth number two and truth number three is going to support this statement, the three of them work really well together, there's no such thing as perfect security.

Doc Blackburn: 13:41

It just isn't going to happen. And I doubt that Bronwen or Mark will argue with me on that point.

Mark Williams: 13:48

Oh, come on. Oh, okay. They're gonna argue. Come on.

Bronwen Aker: 13:51

Come on. Alright, Mark. Hey. I'll give you I'll give

Mark Williams: 13:54

you perfect security. Unplug it, tear the disc out, bury it in the backyard,

Doc Blackburn: 13:59

and do that with other Internet. That's one of the other truths. That one's coming up. So, yeah, Mark's Mark's got it. Yeah.

Doc Blackburn: 14:05

How how can we be secure is to to literally avoid the risk, to stop doing the thing that now it's secure.

Mark Williams: 14:14

Now I'm with you.

Doc Blackburn: 14:15

Okay. Mark's on board.

Bronwen Aker: 14:16

Years ago when when car alarms were first becoming popular and people would say, oh, yeah. It's gonna protect your car. It's like, no. Somebody could come up with a flatbed, pick your car up, and drive away. And and, you know, it's it's the same thing with whether it's physical security, cybersecurity, whatever.

Bronwen Aker: 14:34

There is no such thing as perfect security. Just

Mark Williams: 14:39

That is always an absolute truth, it doesn't matter in your life. I always talk to people about varying degrees of risk, I'm sure you're going to get to this doc, but I always say in my class is, look, you got out of bed this morning, you could have done what Jack Daniels did and gotten a splinter in your heel and get gangrene in your leg and finally die from it. But it didn't stop you from getting out of bed this morning. The miniscule risk that is associated with that did not stop you from doing anything. And that's the point, isn't it, Doc?

Doc Blackburn: 15:14

Yeah. Absolutely. So what I'm hearing is between me and Bronwen and Mark, ding ding ding ding. We've got alignment on truth number one. Alright.

Doc Blackburn: 15:23

So let's move on to truth number two, and there's already been some alluding to this truth. The network, and I would say the business itself, the organization, it doesn't exist to be secured.

Bronwen Aker: 15:40

God knows it's hard enough to secure.

Doc Blackburn: 15:44

And it it was never designed to be secured. It was never meant to be secured. Yeah. The network exists to support the mission of the organization. Somebody said we need to be able to share information or share resources to communicate, and a computer network then was created to fulfill that mission, which means that the network was never meant to be secured.

Doc Blackburn: 16:15

It's there to support the mission's objectives. And we don't see we we, in our own industry, don't see things that way. We all see it as unicorns and rainbows of, you know, we'll put a firewall, an IDS, an IPS in place. We'll do all of these things and somehow, you know, brings sprinkle the magic security dust, and it's now secure. Bronwen's got

Bronwen Aker: 16:39

Hey, doc.

Doc Blackburn: 16:39

Something to say about this.

Bronwen Aker: 16:41

It was never intended. I mean, the whole idea of the Internet and this wide area network, it was never originally intended to be secured anyway because it was supposed to be a friends only network. So, you know, quick quick time travel. There's a lot of space stuff going on right now, and and, a lot of our modern space science is it exists because in the nineteen fifties during the Cold War, Dwight Eisenhower was displeased when the Russians put a little basketball sized satellite in orbit around the Earth. And he caused a think tank to be established, the Advanced Research Projects Agency, which was later later folded into the Defense Advanced Research Project Agency or DARPA.

Bronwen Aker: 17:37

And they were the ones who created the Internet to solve a specific problem. And the problem was in the event of a global nuclear exchange, How do we provide continual conversations with our troops so that we can deploy them and do all of that stuff? And the problem that that the reason that they had to think outside the box of that time was because radio, radiation. Hey. It's not a coincidence.

Bronwen Aker: 18:08

So if there's radiation and radioactive fallout, radio comms are not going to happen. So the idea of yeah. It was Sputnik. Mhmm. The the idea of having ground based, wire based communications with the wires on or underneath the ground and having this decentralized system with lots of redundancy, totally new concept.

Bronwen Aker: 18:38

It was only ever intended to be used by friendlies. So the idea of adversarial interactions over the Internet was never part of its foundations because it was only intended for our ground troops and other troops to use to organize their activities. Sorry.

Doc Blackburn: 19:02

Exactly.

Bronwen Aker: 19:02

Your history moment.

Doc Blackburn: 19:04

That's awesome. Thank you. Bronwen, I learned a few things on that. Thank you. And the other group, the other groups that were involved with ARPA were all public universities, all that trusted one another.

Doc Blackburn: 19:17

And speaking of supporting the mission, what is what is the mission of a university? It's to acquire and share information, And that just screams computer network. Right? Oh, we can acquire and share information at a distance and at very high speed. Yeah.

Doc Blackburn: 19:34

They were all about that. But, of course, the universities were all trusting one another. And so it's all a matter of as Bronwen said, these groups working together, we're all working at a high level of trust with one another. I know Trust is really important here to Mark's got yeah. You know what?

Doc Blackburn: 19:54

The this that that book, The Speed of Trust by one of the Covis, absolutely. I'm all about trust.

Mark Williams: 20:03

It's it's funny. You know? The the fact is is that we at one I mean, if we look at our world today, you know, we've got a zero trust model and there's a reason for it. There's a there's a big reason for it. When when we were when back in the seventies and eighties, when I first worked on mainframes, you know, we we didn't worry about it.

Mark Williams: 20:27

We were isolated. We had a data center. You had individual terminals. Everybody connected basically hub and spoke back to a terminal. You didn't I'm sorry, back to the computer.

Mark Williams: 20:42

You didn't go from one terminal to another. So this idea of trust became, you know, things like the token ring network where you pass the token from one user to another, and you trusted that everybody would give it up when it was necessary. Do you know one of the first hacks, of course, was taking over the token and basically doing a DoS attack on a token ring network by hogging the token. So, yeah, we haven't trusted each other for a long time, I'm afraid.

Doc Blackburn: 21:12

No. But we'll talk about that, I'm sure. Right, doc? Certainly the thing. Oh, yeah.

Doc Blackburn: 21:15

It's It's coming up. It's coming up. So let's go ahead and introduce truth number three, putting this this triad together of these three that support each other. When security gets in the way of the mission, security is wrong, not the mission, because the mission is never wrong. The mission is the reason the network and the organization exists.

Doc Blackburn: 21:45

And so It's one of those things

Bronwen Aker: 21:47

where it's like the customer is always right even if they're deaf, dumb, blind, and stupid. Still always right.

Doc Blackburn: 21:53

We're just checking. Oh, so now graphically, was trying to decide how would I how would I show this particular one. And I was working with my AI bot. His name is Al, by the way, true story. Al and I were brainstorming and we came up with, well, what if an injured person was trying to get into a hospital, but they couldn't because the door was locked?

Doc Blackburn: 22:17

Right? And so mission failure at this point. Yes, the hospital is more secure, but they've failed in their mission. So those first three there really come together to then frame the other 11 that we're gonna talk about here. But, I know all of you that have, taken courses with, John Strand, those of you who have taken taken courses with me, in your introductory to cybersecurity courses, it's all about prevent, detect, respond.

Doc Blackburn: 22:51

Right? So truth number four is prevention is ideal. That's the goal. That's what we're trying to reach, But we know that it will fail. So detection, when something gets by our preventative measures, we must be able to detect that.

Doc Blackburn: 23:09

And as now this is one of those areas where I am going to argue with Keith, and it's a it's a fair fight because he's not here to defend himself, is that he says detection without response is useless. I I've argued with him on this one before. I say, well, detection without response has minimal value, but it's not completely useless because and I'm gonna ask folks on, Discord. There is a a a field inside of cybersecurity that is all about detection without response. Does anybody know what part of cybersecurity I am talking about?

Doc Blackburn: 23:52

And we've got already I've got those a few different people responding and so I give folks some time. But we got some great answers here. A lot of people are yeah, folks are folks are getting there. You're you're getting there. Absolute now the deception and ocent and things like that, that's not necessarily detection of the adversary in your network or on your computers.

Doc Blackburn: 24:18

Somebody got it earlier, digital forensics. Yeah. Isn't forensics the detection but without real time response? And Keith would argue with me, well, forensics is the response. It's like, but that's not the spirit of this particular scenario where we have to detect and so not so we can figure out be able put attribution to the adversary or things like that, but so that we can kick them back out.

Doc Blackburn: 24:46

Right? What do you guys think? Bronwen and Mark.

Mark Williams: 24:49

Doc, I I got a question for you. I I noticed there was a question in the chat, and I'm not sure whether you saw it. What if the mission severely compromises security and modifications to the mission have to happen?

Doc Blackburn: 25:01

I don't know if that I can agree with that one.

Mark Williams: 25:05

I I I'm wondering. Indeed. The way we've already said it, I'm not sure it's possible.

Doc Blackburn: 25:10

And I like how you said that. Whoever said that They're anonymous. They're anonymous, unfortunately. Anonymous. Okay.

Doc Blackburn: 25:20

But that's a really interesting thought exercise. Because the thing is, can anybody give me an example of somebody who changed the mission because of a security concern? And just because I can't think of one doesn't mean that they don't exist. I I'm certainly not the smartest person in

Mark Williams: 25:42

Okay. The Maybe I can try taking this on on behalf of the the anonymous questioner first. I think that, we might say that process procedure, not necessarily the mission itself but our execution of it, might be changed because of security concerns. But to Doc's point, can you really say a mission changes? If your mission is to build a building, do you change the mission just because there is a security concern, or do you change the design of the building?

Doc Blackburn: 26:24

I could see us changing objectives, but it doesn't mean we're changing the mission.

Mark Williams: 26:28

Right. Right.

Bronwen Aker: 26:29

It's an

Doc Blackburn: 26:29

interesting thought. I really like it, and that's one of the reasons why I love doing these. And by the way, something else that I want to to to put out there, we teased it on Monday. Folks, you are really the first to to hear about this. So groundbreaking moment here, everybody.

Doc Blackburn: 26:48

The reason Bronwen and Mark are here with me during this talk is the three of us are writing a book. And the working title of that book is Security Isn't What You Do. And one of the one of the things that has brought about this book has been these difference of viewpoints. Yeah. And I've been teaching this concept around the world, literally around the world.

Doc Blackburn: 27:17

Did some workshops in, Canberra, Australia at their big ASOS Cybersecurity Conference and learned so much from them as I'm teaching them these concepts. Whoever that anonymous person was, Bronwen Aker Markless, make sure to make a note of that. I want to explore that. And one of the things that Bronwen, I'm sure, is quite horrified by is that me and Mark have been working on writing this book for over two years now.

Mark Williams: 27:47

And Oh, it's been a year and a half

Bronwen Aker: 27:49

for me. Don't eat a year and a half, doc. I have books that I've been working on for decades. Do not. Don't go there.

Mark Williams: 27:57

Change it. Okay. Alright.

Doc Blackburn: 27:59

But but here's the thing is that the reason the book isn't finished yet, that isn't because it's it's not that we can't write a book. It's that as we are exploring these concepts, we are still evolving our own viewpoints. And I love when folks bring those parts of the discussion in. So thank you for that. I really appreciate that.

Doc Blackburn: 28:22

I gotta continue on with the truth, sir, or we'll never get through them all. And I would be so embarrassed if that happened. Alright. So prevent, detect, respond. Let's get on to truth number five.

Doc Blackburn: 28:34

Security must always be driven by the business need. So here's another interesting This is a truth stacked up on top of a truth. We were just talking about the fact that the mission cannot be wrong. Well, that naturally then creates the dynamic that security must be driven by the needs of that mission, of the business. And by the way, so folks, this superhero that's holding up the business, that's supporting the business there, that is an AI artist rendition of what I look like in in my own head.

Doc Blackburn: 29:17

Yeah. So so for our anonymous person and for Mark and Bronwen, what do you guys think here? It's just kind of this is this helps bring that that first statement home with a second statement.

Bronwen Aker: 29:37

Well, it's it's easier to have that cooperation between the business and security when there's mutual respect, and there often isn't. I mean, I've I've seen so many times when just the IT department was trying to support the business, trying to save them from themselves, and was basically told, all you're doing is making life difficult for us. Sadly, there's a lot to that. I mean, I I can't even wait. I've got one, two, three four different password managers.

Bronwen Aker: 30:19

Some for work, some for personal use. And and, you know, this is this is part of the challenge is that right now, doing security well is hard. And over and over again, I see where it's it's not even about acceptable loss. It's it's about the fact that that business honestly believes many times that they can't get anything done if they have to do it securely.

Mark Williams: 30:50

Can I can I jump in here for a second? Absolutely. But that's something about Yeah. I I I gotta

Doc Blackburn: 30:56

let you talk, but I have a feeling this is where Mark is going here because Bronwen already, yeah, the solution. A nice

Bronwen Aker: 31:04

setup. Right?

Mark Williams: 31:05

Yeah. Exactly. Well done, Bronwen. Look. The fact is is that we are the people who say no oftentimes.

Mark Williams: 31:12

But I think more importantly, we have to recognize that I believe that what Bronwen's saying is absolutely accurate, but that's because we aren't recognizing security the way it should be. Security, to Doc's point earlier, is not something that we do. It is a concept, certainly. But the question is, when does it become enough? And I think that's where many of our brethren in the business space don't get that if they would express to us what they really want to achieve, we would be able to help them do it securely.

Mark Williams: 31:56

Unfortunately, we also believe in this ivory tower of security where this is what good security looks like. And that's the problem I'm having with it, is that business people don't understand security the way we do. And so we're we're basically talking two separate languages. So while Bronwen has four different password management applications, for example, do we even need one? I mean, what's the business purpose?

Mark Williams: 32:25

And if we can't explain the business purpose to the businessman, how can we expect them to give us a million dollars to do it? You know?

Doc Blackburn: 32:33

Exactly. And then and then here's the the the tough part is that we get the million dollars. We got exactly what we asked for. And I start worrying at that point because what does the, what does leadership now believe?

Mark Williams: 32:49

We're secure. We gave him a million dollars.

Doc Blackburn: 32:51

Secure. Yeah. Exactly. I I am always afraid when the business gives me exactly what I asked for because now they're assuming that we're secure. Right?

Doc Blackburn: 33:01

Some we must be secure. Somebody paid a lot of money for that. One of the things that I'd like to Bronwen, if you could put this into Discord. I don't have a a keyboard on the little device that I'm watching Discord on. Let me know.

Doc Blackburn: 33:15

Put our our website playingcyberdefense.com in there. Folks, for those who are interested in this book that the three of us are writing, we have a mailing list. And that mailing list is not something we're gonna spam you on. I've sent a grand total of zero emails out on that mailing list. We are just gonna let people know when the book is is ready.

Doc Blackburn: 33:36

So playingcyberdefense.com is that is that website that will will be announcing the book. Now let's move on to truth number seven. Security is a journey, not a destination. Right? What does that mean exactly?

Doc Blackburn: 33:58

It's someplace that we will never get to. It is a journey that once we start it, we will forever be going on that journey, and that's one way of looking at. Another way of looking at it is it's not a product that we can buy. And so if you've got some salesman that isn't Borat, just happens to have curly hair, is tall, has a mustache, and is from Kazakhstan, and says very nice a lot, but it isn't Borat for obvious reasons, He tells you that if you put this device on your network, it's going to be secured. Your network, ring magically, is secured.

Doc Blackburn: 34:44

They're lying to you. Do you know how to tell when a salesperson is lying to you? They're They're moving their laptop. Yeah. Exactly.

Doc Blackburn: 34:54

So we know that that isn't true. But it isn't security isn't a product that you can put on your network. It isn't a product you can buy. It's not a tool. It is how it's practiced in the organization.

Doc Blackburn: 35:09

And we've got a truth coming up about people in the organization of how security is really a people problem. How's everybody feeling so far there? Man, we've got lots of Borat references. And remember, this is not Borat. I do you know how I know this isn't Borat?

Doc Blackburn: 35:25

Because when I told AI I wanted a picture of Borat, I said can't do that. But what I could do is and then they described what Borat looks like. I said, yeah. Do that. And so what did the what did AI do then?

Doc Blackburn: 35:36

Al drew me drew me a a Borat. Right? So truth number eight. And this is a this is quite an interesting one right here because we've we're always being told, oh, well, that data is sensitive, encrypt it. That data that's being sent, encrypt it.

Doc Blackburn: 35:54

Encrypt this, encrypt that. HTTPS everywhere, DNS, sec. That's all well and good, but that is only protecting your data when you're storing it or when you're transmitting it. But it's not protecting your data all of the time because we cannot process encrypted data. So when we need to use our data, we decrypt.

Doc Blackburn: 36:23

And attackers know this. Most of and I believe the last number I saw was 85% of data stolen was encrypted at some point, but the attackers got ahold of it anyway. Did the attackers break AES? Did the attackers break RSA? No.

Doc Blackburn: 36:48

The attackers waited for you to decrypt your data, and then they stole it. And you have to decrypt your data in order to process it, in order to use it, in order to read it. And that one really hurt me when I first read it. I was like, well, you know, I mean, encryption solves everything. Right?

Doc Blackburn: 37:10

Well, encryption only solves the problem of storage and transmission if we do it right. Otherwise, we still need to use that information.

Bronwen Aker: 37:20

And that's a big if. Yeah. That's a big if. I mean, one of the one of the things with AI I keep telling people is that, look, we're already not doing the stuff that we're supposed to do, and a lot of the attacks against all these AI implementations are basically using the usual suspects, authentication, API connections, all of that stuff. And we're already not doing it well.

Doc Blackburn: 37:49

Exactly. Linux Girl says truth number eight is wow. Wait until we I've got another one for you, Linux Girl, that you're really going to go that would just head explode truth here. We're we're getting out of the basics of the truths, and now we're getting into the ones that really hurt. That that that just they stab you right in the heart, and then they twist that knife, that blade a little bit on you.

Doc Blackburn: 38:15

And this is one of those where it does that. But before we get into some of those real special truths, here's another one that goes along the line of security isn't what we do. It's that all good security is custom fit. And there's a few different ways for us to look at this. For one, compliance, which is supposed to be, you know, a fit for everybody.

Doc Blackburn: 38:37

Here's here's a compliance framework to meet, and then we're all trying to meet that compliance framework. But the other part is it's all about spending the right amount of effort for the protection that you're trying to get. In this example here, this graphic that I've got is imagine we make these suits of armor for all of the soldiers, and they come off the assembly line, all the suits are the same size. And for some of them, it doesn't give them the right protection. For others, they can't even move or see in it because there's just too much of it.

Doc Blackburn: 39:14

But then what I want to do is I want to focus on compliance for a second and something that we had talked about moments ago, but let me go ahead and frame this for you. Compliance. And I've been in the area of compliance for quite a while. I was the manager of risk and compliance for the University of Colorado, was dealing with that every day. Let me tell you where compliance frameworks come from.

Doc Blackburn: 39:37

They're old because first, we need to see that there's a problem. Oh, that's a problem that we haven't solved before. We need to solve it. Compliance won't solve that new problem. Right?

Doc Blackburn: 39:48

So we start trying things. We throw some stuff at the wall and we see what sticks. Right? And then after time, couple or one idea rises above all the rest and we say, Okay, this is good. This is what we should be doing for this new problem.

Doc Blackburn: 40:07

Well, took time, years to do that. We know what this new best practice is, but the moment that the best practice is defined as the best practice, it then becomes good practice. It's no longer best practice, it's what everybody is doing. Now, in order to make sure that everybody can meet that requirement of this good practice, we need to make it vague because different businesses, different organizations are gonna do different things to meet that new goal. And speaking of meeting the goal, we make the bar very low so that everybody can reach that point.

Doc Blackburn: 40:55

Right? If the point of compliance is that everybody can be compliant, we need to set that bar low enough so that everybody can meet compliance. And then That's why

Bronwen Aker: 41:05

we have eight character passwords still.

Doc Blackburn: 41:07

Yeah. Boy. And then we water it down where we make sure that between like, I worked a lot in health care security. I need to make sure that the largest of regional hospitals and the smallest of dentists' office and clinics, they all can meet those goals. And so we water it down so everybody can implement their way of meeting that compliance.

Doc Blackburn: 41:38

And so there's that problem. So so We can't specify.

Mark Williams: 41:44

Doc, we can't even specify what security means because as soon as you do that, if you are the regulator, then people say, well, we did what you told us and we still got hacked, so it's your fault.

Doc Blackburn: 41:56

You know?

Mark Williams: 41:57

So I mean, there's a there's there's a truth here about that that says that saying that it has to be, you know, express made or or, you know, bespoke. And the fact is the reason for that is is is because you won't trust anybody else to secure it for you.

Doc Blackburn: 42:14

Yeah. And as and because I don't have my glasses on, I can't say says, it's shocking that the range oops. And then somebody posted something else in that scroll up the screen. It's shocking the range of yeah.

Bronwen Aker: 42:28

That's pro compliance is on the floor, not the ceiling.

Doc Blackburn: 42:31

Yeah. It's the floor, not the ceiling. Exactly. And to your point, you're absolutely 100% correct, and now you're leading me into my third of four points that I want to make with this truth is that when I pass an audit, that is the worst day of my career. Because as we were talking about moments ago, it's like getting all of your funding.

Doc Blackburn: 42:58

Mark, if, if we pass the audit, what does that say to the boss? Mark's on mute.

Mark Williams: 43:07

We don't need you anymore.

Doc Blackburn: 43:09

Yes. There was remember, just moments ago, we were talking about the fact that security is a process, not a product, implying that there is no end goal there. If you pass the audit, some people are like, Yay. We passed the audit. Was like, No.

Doc Blackburn: 43:25

That means we've done everything. I've literally had bosses say, Well, are we compliant? So I'm not gonna say that because for one, I can't. I'm not the auditor. I'm the I'm the one who came up with how we're going to do this.

Doc Blackburn: 43:37

There was the implementers. I'm not the auditor. No. I can't tell you that. And I certainly didn't wanna tell this guy because I know that the moment I tell him, yes.

Doc Blackburn: 43:46

We're compliant. He's gonna see that as a checkbox that, oh, I don't have to fund that anymore.

Mark Williams: 43:51

Right.

Doc Blackburn: 43:52

And then the last, the fourth of the four things I wanted to talk about with this truth is attackers don't care about your audit. They are here to attack you, not to audit your systems. Alrighty. So truth number 10. Donald Rumsfeld said, there are known knowns.

Doc Blackburn: 44:13

There are known unknowns. So the known knowns are things that we know, and we know that we know them. Right? Unknown I'm sorry. Known unknowns are things that I know that I don't know the answer to that, but I know that I don't know the answer to that.

Doc Blackburn: 44:31

But the ones that really bothered Donald Rumsfeld were the unknown unknowns, the things that we don't know and we aren't even aware that we don't know that thing. And it goes back to that old saying, Evidence proves events. No evidence proves nothing. The absence of evidence is not evidence of absence. Right?

Doc Blackburn: 45:00

Yeah. And what I'm gonna do is I'm going through a few of these rather quickly because I know I want to spend quite a lot of, more time on number eleven and twelve than the others.

Mark Williams: 45:13

Okay. This one's a

Doc Blackburn: 45:14

rough one right here.

Bronwen Aker: 45:15

Doc, before you go on before you go on, we

Mark Williams: 45:18

had a

Bronwen Aker: 45:18

a question come through Zoom q and a. How do you convince your compliance dictator that compliance is not security and that security is more important in most situations?

Doc Blackburn: 45:35

Oh, my short answer is you're gonna have to buy our book. The answer will be in there. But the other thing is how do we convince them that the security is important? Well, here's the thing. It goes back to earlier.

Doc Blackburn: 45:55

Well, who are you to determine that security is more important than the thing that they're doing? You know what I'm saying? Who are we to say security is more important? And I'm gonna leave it at that. But the answer I love that question.

Doc Blackburn: 46:14

Bronwen and Mark, let's go ahead and capture that because, that is certainly something we wanna make sure to address fully in the book. And it isn't that I haven't thought about this before. You're absolutely right about that.

Mark Williams: 46:27

But Can I can I tease just a little farther?

Doc Blackburn: 46:30

Do it, Mark. Go for

Mark Williams: 46:31

it. So how do you convince the the the governance Nazis that you're actually doing the right job? You don't. And we will talk about that in the book.

Doc Blackburn: 46:43

Yeah. Absolutely. I I love that. That's that is a great that's a great thinker of a statement. So truth number 11 is we don't get to secure what we don't control.

Doc Blackburn: 46:54

And there's so we could do a week long discussion about this particular truth because there's so many different ways that we can look at it. In the interest of time, I'm just gonna cover some of the big ones. For one, defaults are not secure, and defaults can introduce insecurity. An example of that is I, I found what became known as Zoom bombing and responsibly disclosed to Zoom two years before Zoom bombing happened. I told them, this is going to happen if you don't do something about it.

Doc Blackburn: 47:33

And then they did nothing about it, and then Zoom bombing happened, then they did something about it. And it wasn't necessarily because Zoom was insecure as an application. It was that their default settings were insecure. And this all happened while I was at the University of Colorado. What we did is we actually changed our defaults so that when Zoom bombing did happen, we were not we were largely not affected because we changed the defaults.

Doc Blackburn: 48:02

As some people will say, the devil is in the defaults. Also, there's things that you can't control. Like, you're using if you're using Microsoft products and this Microsoft product has a bug and they do, that problem is now your problem and you can't fix that. There's also some areas of settings where we just for one, with settings, you only get to change what they allow you to change in their settings. Right?

Doc Blackburn: 48:32

Some other things, and in this graphic, I'm pointing out, just speaking of Microsoft, let's create a password policy that makes sense for our organization. But then we give that to to the systems administrator and the system administrator looks at Microsoft settings and for password complexity, it's just one checkbox that says requires complexity. And what does that mean? It means whatever Bill Gates set those complexity requirements to, which he went off of NIST, and we all know how, how that password issue, as far as length and complexity goes, decide three of the four of uppercase lowercase numbers special. So but, anyway, I'm gonna, speed along to this next one because this next one's really gonna break some people's brains.

Doc Blackburn: 49:20

For, Linux Girl, this one's gonna break your brain here. You cannot prevent what you allow. And Keith is so right on this one. It hurts. Going back to something that Mark said, going back to what Linux Girl said, what we can do in order to secure the business is to shut everything down.

Doc Blackburn: 49:49

Right? Let's close the doors. Mark, I said I'd be introducing this concept later when we were talking about the hospital case. Yep. If we let customers in the door, that means we let attackers in the door because they all look the same to us.

Mark Williams: 50:07

Yeah. They don't come in wearing masks, do they?

Doc Blackburn: 50:09

And they don't come yeah. I I made it kinda funny here that it's like he's coming in with a dollar bag signed bag and wearing a ski mask. Normally, he's coming in just looking at like a customer like everybody else. So we've got two more in about six minutes left in this. And so I'm going to go ahead and hit these two, and then we will wrap things up and do last thoughts and all of that.

Doc Blackburn: 50:35

This is a big one. I had mentioned it already. Security is a people issue. And almost all breaches, you look at Verizon data breach investigations report, the DBIR, and it tells it was what? It was, like, over 90 some percent of the breaches begin with some sort of a behavior, a human behavior element to it.

Doc Blackburn: 50:59

And what I'd like to do is, I wanted to talk more about this particular situation, but we just don't have the time to. If you look up the amazing Randy, he is Randy James or James Randy. He goes by both. He's he's since passed away. It was a real sad day for me.

Doc Blackburn: 51:18

He was a an anti magician. He grew up learning magic. He could trick anybody that any any possible way, but he had realized, you know what? He didn't like tricking people without their consent. What does that mean if you trick somebody without their consent?

Doc Blackburn: 51:39

If you were to go to Vegas, woo hoo, Vegas, and go to David Copperfield or Penn and Teller, and you pay to go inside and you sit down, you are consenting for them to fool your senses. You know its tricks. David Copperfield, Penn and Teller have no special abilities. They are just showing us illusions. So what the amazing Randy did not like is he did not like those whose claim they had special powers, those who could bend spoons of their minds or, you know, do all these things, and they they claimed it's because I have a special power that nobody else does.

Doc Blackburn: 52:20

He had a million dollar prize at one point where he said, if you can fool me, this million dollars is yours. And nobody ever collected the million dollars because with every single one, he showed us how that person did that thing. And his statement that really sticks with me when it comes to security is if a man can make it, I can break it. All of this technology is made by man, including in artificial intelligence. It's still made by people, which means that other people can break it.

Doc Blackburn: 52:58

And then bringing everything full circle so that we can spend our last five minutes talking about all these concepts together is bringing it all full circle. Some things cannot be fixed. There's no fix for them. And we've already talked about many cases of that.

Bronwen Aker: 53:17

So Is that the case of can fix stupid?

Doc Blackburn: 53:20

There you can't fix stupid. And here's the thing is that they can something can't be fixed, is it really a problem? It's just the reality that we live in. Right? And so that just kind of brings everything full circle.

Doc Blackburn: 53:39

And I I I wanna point out a quote, of Steve Gibson of Gibson Research. He does the podcast Security Now, one of the best security podcasts out there. He he always says, attackers, they always get better. They never get worse. And so we're always chasing.

Doc Blackburn: 53:57

And I am going to make Mark's head explode in the last three minutes of this presentation. Are you guys ready? Gonna make his head explode right here. And now I totally forgot how I was gonna do it.

Mark Williams: 54:09

Oh, thanks.

Bronwen Aker: 54:12

You teased. Right?

Doc Blackburn: 54:15

Defense watch watch Mark's head explode right here. Defense is always reactionary. There's no such thing as proactive defense. Everybody stand back or you're gonna get wet.

Mark Williams: 54:30

Yeah. You could get covered in brain matter here in a moment. Yeah. Starting to percolate. I like it.

Bronwen Aker: 54:38

I like

Mark Williams: 54:39

I what I I think you're right, though, doc. I mean, I think we can prepare. You know? We can prepare.

Doc Blackburn: 54:46

But but we're preparing for what? The things we've seen in the past. Right?

Mark Williams: 54:50

Right.

Doc Blackburn: 54:51

We can't protect against those unknown unknowns. I cannot put defenses in place for unknown unknowns. Well, Mark likes this. Folks, me and Mark and Bronwen, I think we argued about ninety minutes once over what was supposed to be a brain session for the book. We argued and argued and argued over this.

Doc Blackburn: 55:11

And it looks like Mark is finally coming to the dark side on this.

Mark Williams: 55:19

Oh, I don't know whether I'd go that far.

Doc Blackburn: 55:21

I don't think the advances that we put in place actually, do know what? I'm gonna give Bronwen this line because she says it very well. Bronwen, go ahead and explain about how defense is reactionary.

Bronwen Aker: 55:35

Sorry.

Mark Williams: 55:36

No. No.

Bronwen Aker: 55:36

Just My dog needed to chime in.

Mark Williams: 55:39

Me? What? Well,

Bronwen Aker: 55:42

defense is reactionary, and I have no idea what brilliant thing I may have said because we said a lot of things when we were having this conversation. And and, I mean, even if you are I'm try I'm trying to remember exactly what I said because there there were stages. So the the first time that that you're attacked or anything, your response is absolutely 100% reactive where you're you're something happened, you're reacting. Then afterwards, you can establish plans, your various playbooks, so that then if the same kind of thing, similar but maybe a little bit different, happens again, you have prescripted responses, but they're not triggered until something happens and they're triggered in reaction to something else. So even if you're planning a a response to some kind of incident, the act of responding is still a reaction, not a 100% response.

Doc Blackburn: 56:59

I think that's what I said. That was very very close to what you're saying before. Absolutely. But what I'd like to say is when, for those who watch sports, the defenses in sports are always watching videos of the offense that they're about to face when they've played other teams, and they prepare for what those offenses have done before. So the defense is reacting to what the offense does.

Doc Blackburn: 57:35

Right. Defenses are never proactive. We are not going to for somebody like Brett Favre, you are not going to put defenses in against the run when Brett Favre is just gonna throw the ball over your head. And so those are the types of things that that we need to understand is that we are defending where the likelihood and the impact of those adversaries are going to be the most damaging to us. So we're wrapping things up here, and I do believe of we're going to we get to do some post show banter and all of that.

Doc Blackburn: 58:17

Right?

Bronwen Aker: 58:18

But Hold on a sec. Yeah. Well, we can stick around for a while. I did wanna bring up something. One of the the Zoom viewers asked, what is the difference between a response and a reaction?

Doc Blackburn: 58:30

Ah, and Bronwen is gonna answer that in the post discussion. That's exactly, Bronwen, what you were answering before. I want to just plug the workshop and the book one more time and then let Ryan do his thing, and then we'll do our post show banter. Folks, I've just previewed for you, and we did a deeper dive of the these concepts. This is all gonna be a part of that workshop on how to think like a cybersecurity defender that is a week from this Friday, and the price is so reasonable.

Doc Blackburn: 59:06

It's like, what, $25? It's on the pay what you can platform. And so, folks, I know many of you here are saying, yeah. You're preaching to the choir. You know, we get this.

Doc Blackburn: 59:20

Your coworkers, your your friends and family who want to get into cybersecurity, but they don't know where to start, how about four hours and $25 on a a week from Friday? They will have a great start to that. Also, don't forget to check out the website playingcyberdefense.com and sign up for that book that's coming out. Oh, we don't know when the book is coming out, and

Bronwen Aker: 59:48

I stopped Actually, we've gotten we've gotten a bunch of reports that the newsletter sign up link is not working.

Mark Williams: 59:55

So if working. Oh. It's not working.

Bronwen Aker: 59:58

So give us a couple of days, and we'll we'll get working. Is there an email or an alternate way that they can sign up for the newsletter besides the form on the website?

Doc Blackburn: 01:00:11

Yeah. Let's let's let me think about that for a second here. That's that's embarrassing. I did not know that that link I don't know why that link should be working right now.

Bronwen Aker: 01:00:22

How long has it been since you actually looked at that website?

Mark Williams: 01:00:27

Blind. Or about that offline with Right.

Doc Blackburn: 01:00:30

Yeah. No. It's it's it's a disaster. Yeah. I know.

Doc Blackburn: 01:00:32

I know. It's it's not I haven't kept it up very well. I've been busy doing other things like writing workshops and books. I will I will get that information to you guys, and we'll we'll get that we'll get that going. Alright.

Doc Blackburn: 01:00:48

Ryan, I guess we need to stop talking so you can do your part.

Ryan Poirier: 01:00:52

Hey. You kinda did everything for me. You guys killed it today answering all the questions as you go. So that's awesome. Thank you.

Ryan Poirier: 01:01:02

Let's let's give these guys a round of applause for a fantastic webcast right up to the very end. They they just awesome awesome stuff. We if there's another question that we missed, ask it now. Maybe we can get to one or two more questions, but I think we got most of it. We got I should say, we've got links for the things in both the Discord resources.

Ryan Poirier: 01:01:31

If you go to slide dash resources discord and in zoom resources, there should be a button at the bottom of your screen or your application that says resources. You click it, it's gonna pop out a bunch of more links for you. I did put the the book updates website in there, so when that is working again, you can find that, both right now here in Zoom. It's also again in Discord. We like to use Discord because when we end the webcast here, Discord still exists that you can go back to and find those resources after we're we're all gone and wave goodbye and suddenly you have no more access to the Zoom resources.

Ryan Poirier: 01:02:15

So if you can, jump on our our Discord and, you can find not just this webcast, but links and and stuff from past webcasts that maybe you missed. If you wanna sign up for future webcasts and register for future webcasts, go to poweredbybhis.com. That's where we're gonna list all the upcoming webcasts that we do for Antisyphon, for Black Hills, for active countermeasures. We've got summits that that we do. We've got our next summit, which is the Threat Hunter Summit coming up in June.

Ryan Poirier: 01:02:49

And, we don't have a schedule announced yet, but we announced that event, So you can mark that on your calendars as something to look forward to. So again, thanks to everybody. I didn't see any other questions come in. Was there anything that came under the wire that we need to answer?

Bronwen Aker: 01:03:07

One question I didn't get a chance to answer yet. And what's the difference between a response and reaction?

Doc Blackburn: 01:03:13

So Let's cover that. But real quick, I was thinking about while Ryan was talking. Folks, I'm just about the only Doc Blackburn on LinkedIn. So if you have a LinkedIn account, link with me there, and I'll make sure I'll I post, you know, stuff there pretty regularly. As soon as what I'll do is once I get the website sign up thing fixed, I'll put a notification up on LinkedIn, and so watch for it on LinkedIn.

Doc Blackburn: 01:03:38

That's a good spot for it.

Mark Williams: 01:03:40

Awesome. Alright. Bronwen? So

Bronwen Aker: 01:03:44

So response versus reaction. So a reaction is nonthinking. You get so think about when somebody you you go to the doctor. What does he do? He taps your knees to see if you have a reaction.

Bronwen Aker: 01:03:59

And and that's exactly what happens. You're not thinking about what happens. You just react. You're acting without thinking, and it's hopefully proportional, but often a reaction is not proportional. Whereas a response has planning and thought beforehand.

Bronwen Aker: 01:04:19

So if you're responding to something, you have a plan. The trigger to the response is still a reactive act though, because you wouldn't be necessarily doing anything if there wasn't a need and somebody did something accordingly. So reaction versus response, how much planning or thought in advance went into whatever action is being taken. That's the difference.

Doc Blackburn: 01:04:50

I love

Ryan Poirier: 01:04:52

am typing a link in the Discord. I hate multitasking so I'm just gonna describe what I'm doing. I'm putting a link to Jennifer Shannon's upcoming training as well. So don't miss that. That should also be in the resources on Zoom.

Ryan Poirier: 01:05:10

So I think that's gonna wrap it up for today. Thanks for joining. Great job everybody Thank

Mark Williams: 01:05:17

you for having us.

Ryan Poirier: 01:05:19

Thanks for coming, Mark. You did awesome. Hopefully, it's not the last we see you on one of our webcasts.

Mark Williams: 01:05:26

Oh, I'll be glad. We're certainly

Ryan Poirier: 01:05:27

invited to

Bronwen Aker: 01:05:28

We'll drag him in with us. Yep.

Ryan Poirier: 01:05:29

Awesome. I love it. Okay. We're gonna say goodbye.

Doc Blackburn: 01:05:34

Till next Bye bye.

Ryan Poirier: 01:05:35

No b h i's webcast tomorrow but we'll be back next week with more awesomeness for you. And Megan, go ahead and kill it with fire.