This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

---

CAROLE THERIAULT. Why do they think that's a good idea to blare the same song over and over again? Over and over again? Over and over again?

---

ROBOT. Smashing Security, Episode 283: Disney's Social Dumpster Fire. An armful Ransomware, phishing, malware, darknet, LastPass, LastPass, darknet, LastPass, darknet, LastPass, darknet, LastPass, Smartphones and TikTok Tragedies with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 283. Carole Theriault.

---

GRAHAM CLULEY. And this week on the show, Carole, who do we have lined up?

---

CAROLE THERIAULT. We have the wonderful Anna Brading. Welcome, Anna.

---

ANNA BRADING. Oh, hello. Thank you for having me.

---

CAROLE THERIAULT. Thank you for making the time out of your busy schedule.

---

ANNA BRADING. Actually, I am very busy, but, you know, always make time for you two.

---

GRAHAM CLULEY. Do you have a busy schedule, really?

---

ANNA BRADING. I know what I mean. I mean, I have I have to clean the house. I mean, basically don't do anything, Graham. I think you're fine. I do a lot.

---

CAROLE THERIAULT. She does do a lot. How about we get this show on the road and thank this week's sponsors, Bitwarden, Sneak, and SoulCyber. It's their support that help us give you this show for free. Now, coming up on today's show, Graham, what do you got?

---

GRAHAM CLULEY. I'm going to be talking about a super hacker living in a very small world.

---

CAROLE THERIAULT. Okay, Anna, what about you?

---

ANNA BRADING. I'm gonna be talking about the Anom phone.

---

CAROLE THERIAULT. And I am gonna see how we can hold social media giants accountable. Plus, a great featured interview with Scott McCrady. He's the CEO of Soul Cyber, and he talks quite frankly about cyber problems specific to small and medium-sized organizations. Very interesting stuff. All this and much more coming up on this episode of Smashing Security.

---

GRAHAM CLULEY. Now, chums, chums, I'm going to start as I quite often like to start start one of my sections with a little bit of a song or some poetry.

---

CAROLE THERIAULT. So hold on, I'll just get the mute button. I wouldn't actually change anything. That would just mute me, wouldn't it?

---

GRAHAM CLULEY. Just mute you. Stop you from joining in. It's a world of laughter, a world of tears. It's a world of hopes and a world of fears. There's so much that we share that it's time we're aware. It's a small world after all. Was that the Shatner version? I couldn't remember the tune at first. It's a song that will strike fear into the hearts of many. I've often woken up in the middle of the night in a cold sweat, having a Vietnam-style flashback to the time I found myself at EuroDisney, tormented by that tune.

---

CAROLE THERIAULT. I was there. I was there. You were there with you.

---

ANNA BRADING. You went to EuroDisney together.

---

CAROLE THERIAULT. We did.

---

GRAHAM CLULEY. Well, we went there for work, didn't we? Not for fun.

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. We went there for work. We went to give a talk.

---

ANNA BRADING. I see.

---

CAROLE THERIAULT. We had to give a talk in the amphitheatre, you know, where they— it was really quite scary because kids were all the way up, way above us, all around us. There were like 1,500 of them.

---

ANNA BRADING. You gave a talk to kids?

---

GRAHAM CLULEY. Yes. It was a steep incline, yes. It was like a Nuremberg-style rally that we were the guest stars at. And we had a bad experience. Do you remember the bad experience I had, Carole, at Disneyland?

---

CAROLE THERIAULT. What, that I talked you into coming on to a really cool roller coaster?

---

GRAHAM CLULEY. Yeah, so you said there's this thing called Space Mountain, and I didn't know what Space Mountain was. I thought, oh, we're going to sit in a little train or something and we go chug, chug, chug. And it'll be just a gentle funicular is what I imagined.

---

ANNA BRADING. I don't know what Space Mountain is. I've never been to Disneyland. Tell me, Graham.

---

GRAHAM CLULEY. It's hell.

---

ANNA BRADING. It's hell.

---

GRAHAM CLULEY. It starts off. It starts off pleasant enough. Like a funicular, you're in a little train going up a slope. And I think, well, this is fine. This is very nice. We're going up a mountain. But then— It careers inside the mountain in the dark, rollercoastering round upside down at high speed, and you don't know which direction to vomit in. It is the most unpleasant experience ever.

---

CAROLE THERIAULT. But memorable.

---

ANNA BRADING. Well—

---

CAROLE THERIAULT. You're welcome for that memory that I gave you. Still vivid.

---

GRAHAM CLULEY. I had to have a sit-down with a fizzy drink in order to feel better afterwards, as I recall.

---

ANNA BRADING. And that's not like you, is it? No, not—

---

GRAHAM CLULEY. no, exactly. It was extreme circumstances. So other people have had negative experiences at Disneyland. It's not just me there. For instance, one chap who has is someone who's possibly the greatest hacker turned biological weapons engineer that the world has ever seen.

---

CAROLE THERIAULT. Mm, okay, carry on.

---

GRAHAM CLULEY. David Doe, or maybe it's David Doo, if that is his real name. He is Of course, as we all know, the person who created COVID-19. I know he created COVID-19 because he posted a message on Instagram announcing that he was responsible for it. Yes, you remember this.

---

ANNA BRADING. I don't.

---

CAROLE THERIAULT. I don't. I was obviously doing something important at the time.

---

GRAHAM CLULEY. He's also posted on Instagram that he's now working on a follow-up virus. It's like that difficult second album that he has called COVID-20. Now, despite being 2022. Yeah, exactly. Despite being a biological weapons expert, he hasn't twigged that COVID-19 is called COVID-19 because it came out in 2019, rather than it being the 19th version.

---

ANNA BRADING. So maybe it is the 19th. Did he invent the other 18 before that?

---

GRAHAM CLULEY. And they just flopped. He just put them into beta but didn't fully release them. Maybe. Who knows? But it's a bit like Windows 95. It wasn't the 95th version of Windows. Although Windows 3, you know, that didn't come out in 3 AD. So it's confusing sometimes, version numbering, isn't it? Companies can be inconsistent.

---

ANNA BRADING. Yeah.

---

GRAHAM CLULEY. Anyway, David Doe, he went to Disneyland, he says. And he claims that some of the staff were rude to him. Maybe they mocked him for his version number for his virus. I don't know. And he doesn't go into specifics as to how they were rude to him, but he got very upset. And that is why he plans to release a brand new virus of the coronavirus pandemic. This is what he posted onto Instagram. And he makes these claims on both Facebook and Instagram. And normally I'd tell you to ignore everything you read on Facebook and Instagram, right? I'd tell you, look, it's probably not true because it's been posted on Facebook and Instagram. It's probably the reverse is true, whatever you're reading.

---

ANNA BRADING. That's what you would say.

---

GRAHAM CLULEY. Yeah, that's what I would say.

---

ANNA BRADING. You're part of the mainstream media.

---

GRAHAM CLULEY. Well, should you believe anything in a podcast? In this particular case, he posts those messages, including some rather racist and homophobic things, not from his own Facebook and Instagram accounts, but instead the official social media account of Disneyland. What?

---

CAROLE THERIAULT. So what, he hacked in?

---

GRAHAM CLULEY. Yes.

---

UNKNOWN. Oh.

---

GRAHAM CLULEY. He hacked into the official social media accounts of Disneyland on Facebook and Instagram, posting about Coronavirus 20, which he's been working on and is about to release, and how he was insulted in various unpleasant things of a racist and homophobic nature. Now, it's very hard to know if David Doe or David Doo was really the person who did this. He claims his name is David Doe and David Doo. Or David Doo. Probably not both. Not Doo Doo.

---

ANNA BRADING. So what you're saying is poor David Doo Doo has been working on the next version of coronavirus, and someone has hacked in to the Disneyland social media accounts, and they're framing him.

---

GRAHAM CLULEY. Pre-announcing it. And they also posted a picture of someone who claims to be David Doe or David Du, but who knows who that is? I mean, it's not the normal behavior of a hacker to post his photograph as well as his name when he does this. So we have to be a little bit suspicious as to whether he's really the one responsible for the defacement. It may be an innocent party who he's naming here, but it does provide a potential clue worthy of investigation should law enforcement agencies be so inclined. I mean, they're probably busy, right? They're probably investigating Who created coronavirus? Or who hacked the Instagram account of Disneyland? You know, maybe the same team. Maybe the same team are working on it. I don't know.

---

CAROLE THERIAULT. I kind of feel like maybe David Doo is suffering from a bit of mental issues, perhaps.

---

GRAHAM CLULEY. Well, which can be caused, of course, by going to the Disney resort and hearing that doo-doo-doo-doo-doo-doo-doo.

---

CAROLE THERIAULT. Yeah, and maybe he went on Space Mountain as well.

---

GRAHAM CLULEY. Rattle. You know, my brain was fairly rattled by that. And I'm not sure—

---

CAROLE THERIAULT. Never recovered.

---

ANNA BRADING. Yeah. I am also.

---

CAROLE THERIAULT. That's why I'm here. Explain that a lot.

---

ANNA BRADING. That's why I'm here. I had this at Legoland.

---

CAROLE THERIAULT. Oh yes.

---

ANNA BRADING. I had, so I don't know if you've seen The Lego Movie, Graham. But the Everything Is Awesome, that song.

---

GRAHAM CLULEY. Yeah.

---

ANNA BRADING. Just over and over. And I stayed there when it was sweltering heat. I stayed in the hotel. And just for 48 hours, I just had that constantly. So I understand your pain.

---

CAROLE THERIAULT. Why do they think that's a good idea to blare the same song over and over again?

---

ANNA BRADING. Because my child loved it.

---

GRAHAM CLULEY. Yeah.

---

ANNA BRADING. I hated it.

---

CAROLE THERIAULT. They're making them addicts.

---

GRAHAM CLULEY. I've stayed in the Lego hotel as well. And it is—

---

ANNA BRADING. Oh.

---

GRAHAM CLULEY. It's horrendous.

---

ANNA BRADING. It's just a lot of stimulation at all times. It's just too much.

---

GRAHAM CLULEY. If you're over 4 foot tall, then you're not going to enjoy it.

---

ANNA BRADING. I know.

---

CAROLE THERIAULT. What, do you have to like crawl in everywhere?

---

GRAHAM CLULEY. Well, I don't know. It's just—

---

ANNA BRADING. Yes, yes.

---

GRAHAM CLULEY. It's just all a bit bright and noisy.

---

CAROLE THERIAULT. Anyway, we digress, Graham.

---

ANNA BRADING. We digress. Yes, yes, yes.

---

GRAHAM CLULEY. Sorry. So this attacker, he claims to be a super attacker. I think that's probably about as accurate as his claim that he created COVID-19. It's much more likely someone at Disneyland was sloppy with their password. Maybe they got phished. Maybe they used the same password as somewhere else. Maybe they hadn't enabled multifactor authentication.

---

CAROLE THERIAULT. I thought we were gonna play that game of guess what the password is. Password for the Disneyland account was.

---

GRAHAM CLULEY. It's disappointing, isn't it, that they haven't? It was probably something fairly goofy though. I think we can make—

---

CAROLE THERIAULT. Oh, probably goofy.

---

ANNA BRADING. Yeah.

---

CAROLE THERIAULT. Stop taking the Mickey. Stop taking the Mickey.

---

GRAHAM CLULEY. Oh, good one. Yeah.

---

ANNA BRADING. I've got nothing.

---

GRAHAM CLULEY. Millions of people follow these accounts and some of them weren't very happy and they were saying it's an outrageous— I've been grossly offended by these messages. And Disney have now secured the accounts. And they are conducting an investigation with their security team. And you can imagine that Disney security team, they're going to be pretty shit hot, aren't they? Well, they probably aren't shit hot. You can't use words like that on Disney, but they're going to be pretty tough. They're going to go in and try and get to the bottom of it. So this can happen anywhere, even in the Magic Kingdom. Everyone needs to be on their guard for super hackers like David Doe or David Doo.

---

CAROLE THERIAULT. He doesn't sound like a super hacker.

---

GRAHAM CLULEY. He claims it, Crow. I mean, why would we disbelieve him? Why would we disbelieve him?

---

CAROLE THERIAULT. Maybe he just needs a hug and a sandwich or something.

---

GRAHAM CLULEY. I wouldn't always recommend hugging a hacker. I think—

---

CAROLE THERIAULT. Oh yeah, especially in COVID times. Especially.

---

GRAHAM CLULEY. Yeah, hug a hoodie.

---

ANNA BRADING. Hug a hoodie hacker. Hashtag.

---

GRAHAM CLULEY. Anna, what have you got for us this week?

---

ANNA BRADING. So Graham, Carole.

---

CAROLE THERIAULT. Yes.

---

ANNA BRADING. Imagine that you're a master criminal. Are you in character? Yeah. So you need a way to get in touch with your other master criminal friends. Maybe you need to set up your drug deal. Maybe you need to order a hit on someone. Carole, anyone you're thinking of?

---

CAROLE THERIAULT. Yep, yep, I am, definitely.

---

ANNA BRADING. You got a picture in your mind? Yep. So how are you going to do that? You're not going to do it on your regular iPhone. Maybe your Nokia 3210. That's not going to cut the mustard, is it? So you know what you need?

---

CAROLE THERIAULT. A pigeon.

---

ANNA BRADING. Do they— Can they order hits? I mean, yeah.

---

CAROLE THERIAULT. Carrier pigeons could carry the message over.

---

GRAHAM CLULEY. Yeah, they could send the message.

---

ANNA BRADING. That's true. Okay, fine. So the end of my story. That's it. Done. No!

---

GRAHAM CLULEY. Carole, what have you got for us this week?

---

ANNA BRADING. If there were no pigeons—

---

CAROLE THERIAULT. All the pigeons are dead. I don't know what I would do.

---

ANNA BRADING. Imagine your pigeon, your carrier pigeon's died.

---

CAROLE THERIAULT. Okay.

---

ANNA BRADING. You need an Anom phone. Except the Anom phone, this is not a non, Anom, isn't exactly what it seems. It looks very normal. So it could be a Google Pixel. It can be unlocked with a PIN, just like all our phones are. It has apps on it like Tinder, Instagram, Netflix. Except the apps don't work, and tapping on them does nothing. So they're more like a sort of wallpaper covering over a secret door. So if you reset the phone and you type in a different PIN, it opens up the secret door into a separate section of the phone with different apps, like a clock and a calculator. And the calculator is another front, and opening up that app takes you to another login screen. It's very—

---

UNKNOWN. It's—

---

GRAHAM CLULEY. On the calculator, do you—

---

ANNA BRADING. Yes.

---

GRAHAM CLULEY. Do you enter 5138008 and turn it upside down so it says boobies?

---

ANNA BRADING. Yes.

---

CAROLE THERIAULT. Yes, yes, we do.

---

ANNA BRADING. 6006. 6006.

---

CAROLE THERIAULT. Yeah, which wouldn't work at all.

---

GRAHAM CLULEY. That's your boobies, girl. That's not gonna work.

---

ANNA BRADING. Isn't it poo? Mine's more like 100— Oh no, hold on. Ignore that.

---

GRAHAM CLULEY. Can we stop entertaining the listeners with ASCII art of your breasts, please? It's not gonna work.

---

ANNA BRADING. I'm sure there's an app where you can upload pictures and get it to turn into ASCII art. I'll do that.

---

GRAHAM CLULEY. Link's in the show notes.

---

CAROLE THERIAULT. On it, on it.

---

ANNA BRADING. Back to the calculator. So, I think you do have to type in something, but to get it to open up the special login screen, which logs you into the Anom messaging app.

---

GRAHAM CLULEY. Very cool.

---

ANNA BRADING. Yeah. So the app, it uses XMPP to communicate, which is pretty standard for instant messaging, but then wraps those messages in a layer of encryption. And XMPP works by having each contact use a handle that looks like a sort of email address. But one of the contacts in the AnonPhone, handily for the criminals, for you, Carole, for a customer support channel that you can use if you're having problems with your phone. But another contact is one called Bot, which works like a ghost contact and hides itself from the user's contact list. So they wouldn't even know it was there. And Bot is sneaky. It does things like copy users' messages along with any location information it can gather. So in many cases, that was actually the precise GPS location of the device when it sent the message.

---

GRAHAM CLULEY. What could possibly go wrong?

---

ANNA BRADING. I know, right? So it's a bit like when those people were Zoom bombing at the beginning of COVID but just with fewer boobs and a bit more stealth. It just sort of hangs out and listens and then sends everything back to the FBI. And the end-to-end encryption doesn't need to be broken because Bot is inside the walls sending the information back.

---

GRAHAM CLULEY. So the FBI are running a NOM, or they've compromised the Bot?

---

ANNA BRADING. They're running a NOM.

---

GRAHAM CLULEY. Right.

---

ANNA BRADING. So Bot is what the FBI is using, and other law enforcement, to eavesdrop on the criminals, take their messages, and take the GPS location as well.

---

CAROLE THERIAULT. And so why do the bad guys get a hold of these phones? So they— what, they— well, word on the street is they're the best.

---

ANNA BRADING. Yeah, I mean, I guess there are other phones like that, um, that we've seen organized criminals using before, but, um, I guess it's just one of many. Um, but last month the FBI announced hundreds of arrests as a result of the Anon phone, um, and said that they had intercepted 27 million messages from 11,800 devices. So it's like big-time drug traffickers, and they seized a load of stuff like weapons, cash, drugs. One of the drug deals apparently included smuggling cocaine in cans of tuna and hollowed-out pineapples. So— But other interesting things on the phone. So it allows for PIN scrambling. So it rearranges the numbers. So it's much harder for someone watching you to work out what you're typing in, which I think all phones should have. And there was a status bar at the top of the screen which had a shortcut to wipe your phone. And you could also set a wipe code that you type in from the lock screen, which wipes the phone. So when the police say, "Hey, what's your PIN?" You say the secret PIN code, and that wipes your phone.

---

CAROLE THERIAULT. You know, yeah, I just did the maths on your numbers. For each phone, that's 2,500 messages or so on average. So, I'm surprised they can do anything else but sit there on their phones.

---

ANNA BRADING. Well, they probably have a similar screen time to me, Carole.

---

GRAHAM CLULEY. It would be quite fun to look at a criminal's phone, wouldn't it? Because even if they're drug dealers— Drugs? Well, yes, because I suspect— I suspect we all imagine that it's always like, 'Have you got the hollowed-out pineapples?' or whatever. You know, they're talking about the drugs deal or the smuggling.

---

CAROLE THERIAULT. Yeah, their secret language.

---

ANNA BRADING. Yeah.

---

GRAHAM CLULEY. But I'm sure there's also a fair amount of sharing cat GIFs and just jokes and all the social media memes which are probably going— Texting their wife.

---

ANNA BRADING. Right. Yeah.

---

CAROLE THERIAULT. Okay, so I'm guessing Anom is going to tank now with this news story. So they've lost that phone.

---

GRAHAM CLULEY. Well, the FBI will just rebrand it, I suppose, won't they? They'll just come up with some other name. For all those people annoyed that the Anom Phone was run by the FBI, here's the new FBI Phone or something. They'll just give it a different name.

---

ANNA BRADING. They'll never guess.

---

GRAHAM CLULEY. They'll run the same scam again. What a brilliant way it is to snoop on criminals and what they're up to.

---

ANNA BRADING. Well, it means you don't have to break into the phone, doesn't it?

---

GRAHAM CLULEY. Very crafty. Very crafty. Have you bought one of these, Anna?

---

ANNA BRADING. No, but you know—

---

GRAHAM CLULEY. Because you've always reminded me a bit of a gangster's mole. Because you know, you live down in Reading and things, which is a bit dodgy.

---

ANNA BRADING. What was my nickname? Jugsy Malone?

---

GRAHAM CLULEY. Jugsy Malone. Links to the ASCII art in the show notes.

---

ANNA BRADING. Anyway, moving on.

---

GRAHAM CLULEY. Carole, what have you got for us this week?

---

CAROLE THERIAULT. Last week, the New York Times reported that parents, two sets of parents, had just filed a lawsuit in a Los Angeles court calling out TikTok for how it affected their young daughters. And the suit revolves around the blackout challenge videos. Do you know anything about those?

---

ANNA BRADING. I don't know about them.

---

GRAHAM CLULEY. Oh, my goodness. I think I may have read something about this. Is this where kids are trying to encourage each other to sort of—

---

ANNA BRADING. Do a Michael Hutchence?

---

GRAHAM CLULEY. Yeah, to asphyxiate themselves. And of course, some people actually hurt themselves as a consequence, or die even. Is that right?

---

CAROLE THERIAULT. Exactly. Exactly. So it encourages people to intentionally hold their breath until they pass out due to lack of oxygen.

---

ANNA BRADING. Oh my God.

---

CAROLE THERIAULT. And now brace yourself. These girls, okay, these girls were 8 and 9.

---

GRAHAM CLULEY. Oh my God.

---

ANNA BRADING. Okay.

---

CAROLE THERIAULT. And they both died.

---

GRAHAM CLULEY. For God's sake.

---

CAROLE THERIAULT. 8 and 9. Like I was playing with my Lite-Brite toy and trying not to, you know.

---

ANNA BRADING. I loved that.

---

GRAHAM CLULEY. The mind boggles what a Lite-Brite toy is, but yeah, okay.

---

ANNA BRADING. It was lights alive here, I think.

---

CAROLE THERIAULT. Right, no, come on, Graham, don't make it gross.

---

GRAHAM CLULEY. I'm not, I don't know what a Lite-Brite toy is.

---

CAROLE THERIAULT. You had these little plastic kind of coloured nibs that you would put in perforated paper, and then you'd light it from the back. So it'd be kind of like on a dark background, you'd have these little lights, a bit like a Christmas tree, basically. Oh, cool. Yeah, it was very cool.

---

ANNA BRADING. It was cool.

---

CAROLE THERIAULT. The light bulb was very hot and you'd burn yourself on it. So, you know, 1970s toy.

---

ANNA BRADING. Fires all over the place.

---

CAROLE THERIAULT. Exactly. Now, the suit claims that TikTok knew or should have known that its product was addictive and that it was directing children to harmful content. Okay. And the suit highlights this For You page on TikTok, saying that it showed a stream of videos selected by an algorithm developed by TikTok that, that is based on a user's demographic, likes, and prior activity on the app.

---

ANNA BRADING. Yeah, it's like the feed, isn't it? The For You page, I think.

---

CAROLE THERIAULT. Right. So how the heck does this get into an 8 or 9-year-old girl's feed? So what's interesting is after one of the girls' death, the police looked at her device and told The Guardian that she did not commit suicide. According to the lawsuit, a police officer showed the videos of the Blackout Challenge and said the girl had been watching the videos on repeat.

---

ANNA BRADING. Oh no.

---

CAROLE THERIAULT. She did seem to be online a lot. The article talks about a 20-hour car ride where she was effectively online the entire time, hoovering up things like TikTok. So, okay, so right now at this point, I would say to you, what does your brain say? Do you feel TikTok is responsible in some way or not responsible at all?

---

ANNA BRADING. I think TikTok is definitely responsible in some way. It's difficult. And I mean, they're obviously built to be addictive, aren't they? A 20-hour car ride on TikTok is difficult, isn't it? But then also, kids are so annoying in the car.

---

GRAHAM CLULEY. Kids are so annoying, you know.

---

ANNA BRADING. Oh yeah, sorry, that's what I meant. It's really hard. It's awful.

---

GRAHAM CLULEY. Just put them on Space Mountain for 20 hours. That's what I'd recommend.

---

ANNA BRADING. Yeah, subject them to everything that's awesome.

---

CAROLE THERIAULT. Well, TikTok is kind of, I would say, ducking from blame. Let me see what you guys think. So according to the New York Times, this has been the response so far. So quote, this disturbing challenge, which people seem to learn about from sources other than TikTok, long predates our platform and has never been a TikTok trend. And it linked to a federal report about deaths from a choking game from 1995. To 2007. Then they say, we remain vigilant in our commitment to user safety and would immediately remove related content if found. Our deepest sympathies go out to the families for their tragic loss.

---

ANNA BRADING. Uh, I feel like just because it happened all those years ago doesn't mean that you can sort of say wash your hands of it, if it's right.

---

CAROLE THERIAULT. Yeah, I was gonna ask you guys to rate the sincerity of their sympathies there.

---

ANNA BRADING. Zero.

---

CAROLE THERIAULT. Yeah, exactly.

---

ANNA BRADING. What's the age range for TikTok? Because Facebook and Instagram is 13, isn't it? I don't know what—

---

CAROLE THERIAULT. That's interesting. I don't even know that answer.

---

GRAHAM CLULEY. I would think you have to be 13+.

---

ANNA BRADING. I was at a park the other day, and a dad was off to film his children that were very much younger than 13 to do TikTok, doing TikTok dancing.

---

GRAHAM CLULEY. I think you have to be over 13 and under 23. I think there should be an upper age limit for some of these apps, because I see grown men who are addicted to TikTok as well. I just think, for God's sake, you know, really, I can't get into it.

---

CAROLE THERIAULT. Yeah, it seems to be 13 and above, so that's interesting. I didn't consider that before. That's an interesting point. But I mean, parents are worried, right? Parents are worried about their kids being online all the time. And in fact, there's a new social media bill that California is currently working on, and it's kind of interesting because of how it's going to approach social media giants. So the bill is aimed solely at social media companies that make more than $100 million in the previous year.

---

ANNA BRADING. So the big guys.

---

CAROLE THERIAULT. Yeah, big guys. And Bill is trying not just to protect those under 13, but all kids. So what they're, they're claiming under 18s. And their argument is basically this, or one of their arguments certainly, is like social media platforms earn substantially all of their revenue through ads. And the more time users engage with the platform, the more ads the user sees, and the more valuable they become to the advertiser, right? And ipso facto, addicted consumers are particularly profitable because of their consumption behavior. For these profit-driven reasons, social media platform companies intentionally invent, design, and deploy features that are intended to make it hard for users to stop using the platform, which makes sense, right?

---

ANNA BRADING. Yeah, there was that research not that long ago about how Facebook intentionally designed it to be addictive. I'm sure they all do.

---

CAROLE THERIAULT. The Facebook Files. That's right. Let's segue to that a bit, because the Facebook Files basically said that Facebook was absolutely aware that it had a negative impact on teenage users of Instagram, and harmful content had been known to be pushed through Facebook algorithms reaching young users. They were aware of that, and that included anorexia posts and self-harm photos.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. So California is trying to deal with this by saying that when a social media platform creates designs or implements or maintains features for users, including child users, right, that the company knows is addictive to children, they should be held liable for the harms that result.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. And that's interesting because there's other bills out in the States that are going on. There's one in Minnesota that would prevent platforms from using recommendation algorithms when it's targeting children. And in the US Senate, there's a sweeping bill called the Kids Online Safety Act, which would require social media companies to create tools that allow parents to monitor screen time or turn off features like autoplay. But I think that the US Senate bill seems to make it the parents' problem.

---

GRAHAM CLULEY. I think parents play their part, but so do the social media companies as well. There's some social media sites, some video playing sites, YouTube for instance, there's a YouTube Kids, isn't there?

---

ANNA BRADING. Yeah.

---

GRAHAM CLULEY. Which I think is supposed to be a more pleasant, friendly place for kids to hang out. I'm sure that occasionally some bad stuff might sneak through there.

---

CAROLE THERIAULT. But you know if there's ads there?

---

ANNA BRADING. No, there isn't ads.

---

GRAHAM CLULEY. Oh, there not?

---

UNKNOWN. All right.

---

ANNA BRADING. No, but there was a video that we wrote about the other day. I think it was like a horror show, but it was called something like 'for kids' or something. And YouTube just passed it through. And then they couldn't reclassify it. It was really hard to reclassify it as not for kids, even though the developer was like, 'Hey guys, this is not for kids.' Right. So, yeah, it's all difficult.

---

UNKNOWN. It is.

---

CAROLE THERIAULT. Like, there's this Child Advocacy Institute at the University of San Diego, and they say that parental controls can't be the answer to what effectively seems to be an addiction, right? They compare it to tobacco companies giving parents nicotine patches to have them halt, you know, their kids smoking, you know.

---

ANNA BRADING. Yeah.

---

GRAHAM CLULEY. There's a bit of me which thinks, wouldn't it be great if these social media companies, rather than funding themselves through advertising, actually got you to buy a certain amount of access to their site. So you might say, I would like to pay you $10 per month in order to access, I don't know, 20,000 videos or however many it is that you want. Well, however many it is, right? Right. So you buy that requirement and then once you hit that, in order to see more than however many videos, because TikTok, you can just, I think you can just swipe through them really quickly. If you want to see more, then you're going to have to pay more and then you can control the addiction a bit. And I think that's a great idea. Until you begin to think, well, hang on, what about people who don't have very much money and might feel like they're being excluded from social media and aren't able to get information because they cannot afford to pay? I mean, we pay for our cell phone data, don't we? And we don't have a problem with that. It's not like our cell phones are interrupted when we're on mid-call with an advert, or here are other similar phone calls you might have enjoyed. Maybe you'd like to listen to other people's calls. There isn't anything like that. So you pay for however much data that you require.

---

ANNA BRADING. Yeah, and you pay for Netflix, you pay for Disney+, you pay for all that. Yeah.

---

GRAHAM CLULEY. So it's an understandable subscription model. So maybe something like that would be better, but how you'd enforce it and how you'd make sure there isn't some digital divide, meaning that people who don't have the funds can't participate, that's where it really gets problematical. But ads generally, and what that causes these tech companies to do in terms of targeting, is really, really ugly.

---

CAROLE THERIAULT. You know, in the 2020 leaked document from Facebook, okay, they're inside the document, there's a question, why do we care about tweens? And the answer to that question is they are a valuable but untapped audience. Right? So like, they're all over it because of money. So in short, until there's legislation that can catch up with the social media kingpins who seem happy to make a buck, even if it's from a tween, parents might have to do their best to control the content flow, right? Like, don't trust social media giants to do the right thing by you and more importantly your kids. No, because they're not going to do it unless they're forced. Just like Graham, right?

---

GRAHAM CLULEY. Sorry, I'm not gonna do what unless I'm forced?

---

CAROLE THERIAULT. Be nice to me.

---

ANNA BRADING. Oh well, go on, Graham, say something nice. Um, Carole, I think you're fabulous. Thanks, man.

---

GRAHAM CLULEY. Like all of you out there, we love security podcasts and we want to bring one to your attention today that you may want to check out. The Secure Developer is a conversational and insightful podcast that bridges the gap between dev and sec, hosted by Guy Pagani, one of the guys behind Snyk. The Secure Developer is a security podcast that developers will enjoy listening to and learning from. They've already released over 100 episodes, and I think many of you would like it too. So what are you waiting for? Check out the Secure Developer podcast from Snyk at smashingsecurity.com/thesecuredeveloper. And thanks to Snyk for supporting the show.

---

CAROLE THERIAULT. Bitwarden is an open-source, cross-platform password password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. Not only does Bitwarden offer enterprise-grade security, conducting regular third-party security audits, and is compliant with Privacy Shield, HIPAA, GDPR, CCPA, SOC 2, and SOC 3 security standards. This is pretty slick stuff. You can get started with a free trial of a Teams or Enterprise plan at bitwarden.com/privacyshield. Smashing. That's bitwarden.com/smashing. Or you can try it for free across devices as an individual user. That's bitwarden.com/smashing. And massive thank you to Bitwarden for sponsoring the show.

---

GRAHAM CLULEY. Thanks this week to our sponsor, Soul Cyber, who believe that it shouldn't just be the Fortune 500 that benefit from top-of-the-line cybersecurity security. They make managed security affordable and accessible to all small to medium-sized organizations. Check out SoulCyber's foundational coverage services. They include ransomware assessment and training, advanced email protection, endpoint detection and response, Active Directory abuse prevention and lateral movement detection, and 24/7 security operations center capability. As a SoulCyber foundational customer, you also get access to expedited great cyber insurance coverage and discounts of up to 30% off your premiums. Mention Smashing Security and you'll get 1 month free for every 12 months you subscribe to SolCyber's foundational coverage services. Visit smashingsecurity.com/solcyber to learn more. That's smashingsecurity.com/solcyber. And thanks to SoulCyber for sponsoring the show. And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.

---

CAROLE THERIAULT. Pick of the Week.

---

GRAHAM CLULEY. Pick of the Week. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny storybook that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security related necessarily.

---

CAROLE THERIAULT. Better not be.

---

GRAHAM CLULEY. Well, my pick of the week this week is not security related. My pick of the week this week is all about the trolley problem. We've spoken about the trolley problem before on past podcasts.

---

CAROLE THERIAULT. Yep.

---

GRAHAM CLULEY. If you remember the trolley or like the tram, as maybe we call it in the UK, you've got it coming down a line and it's about to run over someone and you've got a lever, which means that you can push the trolley or the tram onto another track and maybe there's as, you know, a grandmother on the other track or something. You've got a young person on one track, grandmother on another. Are you gonna pull the lever or not? And it gives you this interesting moral dilemma as to whether you do things well.

---

CAROLE THERIAULT. What, kill 6 people or kill 1 kind of thing?

---

GRAHAM CLULEY. For instance, is another kind of question you might get asked. Now, if you go to the link I've included in the show notes to a site about absurd trolley problems, it will give you a selection of trolley scenarios. And they start off— They start— It's animated, so you see the trolley coming down the track, and you're given the opportunity to pull the lever. So for instance, it may be the trolley's heading towards 5 people. You can pull the lever to divert it to the other track, killing 1 person instead. What do you do? And it collects statistics. Can I just—

---

CAROLE THERIAULT. Yes?

---

ANNA BRADING. Their little mouths. They're screaming. Their mouths are moving. It's so sad.

---

GRAHAM CLULEY. So you're given these scenarios, and then you see an animation of the trolley crossing over. And at first, it's fairly easy, and you'll probably go with the flow. You know, I'll kill 1 person rather than 5. You know, that sort of thing. But then the questions get— as you go through, it then says, for instance, a trolley's heading towards 5 people, but on the other track is the original copy of the Mona Lisa, which will be destroyed. What do you do, Crow? Crow, you're an artist. Imagine it is one of your works.

---

CAROLE THERIAULT. Yeah, one of my works.

---

GRAHAM CLULEY. Would you have 5 people killed or—

---

CAROLE THERIAULT. Can I choose who those people are?

---

GRAHAM CLULEY. Or is it random?

---

CAROLE THERIAULT. I'm at one right now, which is like your life savings or 5 people.

---

UNKNOWN. Right.

---

GRAHAM CLULEY. Yeah.

---

ANNA BRADING. What would you do, Crow?

---

CAROLE THERIAULT. I'm keeping my life savings, I think. Is that outrageous?

---

ANNA BRADING. Would you?

---

CAROLE THERIAULT. I don't know.

---

GRAHAM CLULEY. There's another one which says a trolley's heading towards one guy. You can pull the lever to divert it to the other track, but then your Amazon package will be late. What do you do?

---

ANNA BRADING. Oh, that one's obvious.

---

CAROLE THERIAULT. I've got one here where I'm on the track versus 5 other people on the other track.

---

ANNA BRADING. Oh.

---

CAROLE THERIAULT. I'm definitely doing nothing. I'm not dying, no.

---

UNKNOWN. No.

---

CAROLE THERIAULT. No, I'm working on it.

---

ANNA BRADING. So I was playing with this the other day, 'cause I saw it on Twitter. And I was surprised about how much I did nothing. Even—

---

GRAHAM CLULEY. yeah. Just couldn't be arsed.

---

ANNA BRADING. Story of my life. When it was 5 versus 4, I just thought, well, you know, I don't— if I do nothing, I don't have to take any sort of responsibility for it, because I could just turn the other way.

---

GRAHAM CLULEY. I don't want my fingerprints on the lever.

---

ANNA BRADING. Yeah. Exactly.

---

GRAHAM CLULEY. Ooh.

---

CAROLE THERIAULT. 5 lobsters or a cat?

---

GRAHAM CLULEY. 5 lobsters.

---

ANNA BRADING. Obvious.

---

GRAHAM CLULEY. Yeah, what you rate. Yeah.

---

CAROLE THERIAULT. Obvious.

---

ANNA BRADING. Bye, lobsters. See ya.

---

CAROLE THERIAULT. Dinner.

---

ANNA BRADING. Give some to the cat.

---

CAROLE THERIAULT. Good one, Graham.

---

GRAHAM CLULEY. I like it. So Absurd Trolley Problems, link in the show notes, is my pick of the week. Anna, what's your pick of the week?

---

ANNA BRADING. Okay, so also one in the show notes for you guys to click on. This is weirdorconfusing.com. So I always try and find something interesting for pick of the week, especially since you criticised my TV programme choice once, Graham. I haven't got over that yet. Yeah, you did. I think you said it was a rubbish choice. So yes, I thought I'd have a Google, see what I could find, and I found weirdorconfusing.com. So you can describe it. So I've dropped it in the chat.

---

CAROLE THERIAULT. Yeah, do you want me to describe what I have, or—

---

ANNA BRADING. Yeah, you describe it.

---

CAROLE THERIAULT. So I've got, uh, prism bed glasses to allow you to read or watch TV lying down. And the glasses—

---

ANNA BRADING. first of all, when you go to the website, what it is—

---

GRAHAM CLULEY. yes, you have to describe what weirdorconfusing.com is.

---

ANNA BRADING. No, you go back.

---

GRAHAM CLULEY. You describe what happens first.

---

CAROLE THERIAULT. Why don't you go ahead? You go ahead, Graham.

---

GRAHAM CLULEY. So, what's happened? Let me jump in. So, okay, so if I click on the link, weirdorconfusing.com, I'm taken to a webpage where it says, 'Sell me something weird or confusing.' And there's a little button, and it's going to take me to a random place to buy something weird or confusing. Okay, so I'm clicking on it now. And I've been taken on eBay Oh, I've been taken on eBay to a book which is called Crafting with Cat Hair. Cool things you can make with the hair of cats.

---

ANNA BRADING. Perfect idea for Carole.

---

GRAHAM CLULEY. Perfect.

---

ANNA BRADING. Perfect.

---

CAROLE THERIAULT. Okay, I've just got a one, and I think this is just too marvellous. Very good, Anna. So this is Nose Aerobics Basketball Glasses Game.

---

ANNA BRADING. Perfect. See? Present ideas galore.

---

CAROLE THERIAULT. Yeah, you are going to be spoiled on your birthday, which is coming up.

---

ANNA BRADING. So I too like the cat hair one because you can— you, you basically take the cat's stray hair and you can— you can— it's a book that shows you how to put it into soft and adorable handicrafts. And at this summer at the moment, cats are losing hair all over the place. Also, one for you, Graham, maybe: Subtle Butt.

---

GRAHAM CLULEY. What's Subtle Butt?

---

ANNA BRADING. So it's a fart pad you put into your pants and it neutralises your bum odour.

---

GRAHAM CLULEY. Why would you—?

---

ANNA BRADING. It says, "Simply stick one in the right place, and you're ready for a chilli cook-off or an all-you-can-eat Indian buffet." Why would you say that on the podcast, Anna? Sorry, Graham, but it's— You know, we spent a lot of time working together. I just thought this might be handy for you. We— What?

---

GRAHAM CLULEY. Don't say any more.

---

CAROLE THERIAULT. It's activated carbon, Graham. It could be very useful. You're getting on in years. This is really age-friendly.

---

ANNA BRADING. This is really— When's your birthday, Graham?

---

GRAHAM CLULEY. This is just a bit arsey. What year were you born?

---

CAROLE THERIAULT. Oh, oh.

---

GRAHAM CLULEY. There's 40,000-odd people listening to this podcast, and you've just told them that I go around farting.

---

CAROLE THERIAULT. You just don't like being the butt of a joke. Right.

---

GRAHAM CLULEY. Carole, what's your pick of the week?

---

CAROLE THERIAULT. Okay, I have a cute YouTube channel for you this week as my pick of the week. Well, actually, it's a subsection of a YouTube channel. This is Jay Foreman. Okay, he's got this YouTube channel and the playlist is called Unfinished London, and he does these short vignettes looking at London's kind of design eccentricities, right? So videos focus on like the unfinished Northern Tube line— why hasn't it been finished? What happened? Or unfinished motorways that just stop, or why does London have so many airports? He puts tons of work in these, right? They're scripted, punchy, funny, kind of a bit silly as well, but also informative. I think it's something you could watch with your kid, Graham. Actually, I think he'd find it really good and he'd learn some stuff. And he does loads of on-site videoing, and he also sources loads of historical visual content to underpin his essay. For example, there's one on why London has so many airports. It has 6 airports, has more than any other city in the world, apparently.

---

GRAHAM CLULEY. Yes, but some of London's airports aren't actually in London. There's an Oxford London Airport. There's Luton London Airport. And you think— Gatwick's quite firm. Yeah, and you know, it's— but isn't it basically to trick Americans into thinking they're flying into London? In fact, no, no, no, you've got another 3 hours to get into London.

---

CAROLE THERIAULT. But he refers back to like the 1930s where he calls, uh, what was going on was plane mania. And he says there was even a suggestion of an aerodrome in the middle of London on top of King's Cross Station, right? It would have 6 runways facing in all directions with planes taxiing around the edge like hamsters on a wheel. And the idea behind it was everyone could commute to central London by plane. So, all kinds of funny, wacky things to learn. Wow. And there are 13 of these videos currently on this playlist. And it could be a very entertaining night in for someone who wanted to learn a bit more about London's planning and failures. I like this.

---

GRAHAM CLULEY. This sounds very interesting. I am gonna watch some of these videos.

---

CAROLE THERIAULT. I think you'll like it a lot. I think you'll like the guy too.

---

GRAHAM CLULEY. So his name is Jay Forman.

---

CAROLE THERIAULT. Yeah, Jay Foreman, uh, it's his YouTube channel and the playlist is called Unfinished London, and that is my pick of the week.

---

GRAHAM CLULEY. Well, um, Carole, you've been busy this week. You've been speaking to Scott McCrady of Soul Cyber. I have.

---

CAROLE THERIAULT. He talks about the massive problems with securing a network efficiently and effectively and the Soul Cyber approach to streamlining the whole process. It's pretty interesting. Check it out. So listeners, today we are speaking with Scott McCrady. He is the CEO of SoulCyber, a managed security service. So Scott, let's start with you. What can you tell us about you and how you became the CEO of SoulCyber? Sure. Hey, Carole.

---

UNKNOWN. Hi. I've been in the managed security services space Most of my career, I was an engineer actually, coming outta university. So I was deploying networks and security devices, and I actually ended up spending a bunch of time overseas in London deploying security equipment way back in the early days. And what they realized was the security devices generated a lot of information and the traditional sort of network operations center didn't have anything to process that. That. And so the very first MSSP built was built out of the US in the DC area. And having tried to get analytics going around these security devices, I got hired by them as a young guy, and that started my managed security services career about 20 years ago. And through that time, I built out businesses in Europe, businesses in Asia, and then obviously I ran at one of the largest global MSSPs for a period of time as well. So it's, it's been in the DNA for a while, I Yes.

---

CAROLE THERIAULT. Do you mind if I ask you to kind of spell out MSSP for some of our listeners who haven't worked in managed services and all that stuff?

---

UNKNOWN. Sure. The, the traditional model around managed security services is the fact that organizations have an ability to get their IT operations handled. That could be either from a service provider, their telco, or an MSP, a local provider that does break-fix, maybe ships laptops, deploys Gold Images, but there is usually a gap around the high-end 24/7 security analytics. And so if you deploy even some basic security technologies, somebody has to gather the data that's being created by these technologies, right? And you want to look at it and analyze it and then hopefully be able to detect when a, when a bad guy is doing something so you can find them and you can stop them them. And that's a very traditional model. There are some gaps in that model, which we'll talk about why SoulCyber's here. But yeah, you go out and buy— the customer goes out and buys a bunch of security technology. Once they do all that, they deploy it, then an MSFP will monitor it, and they'll let the customer know when something bad's happening.

---

CAROLE THERIAULT. What a perfect time to introduce SoulCyber and explain what services you provide.

---

UNKNOWN. So when, when I created SoulCyber, there was really, we believe, a really big gap in the market. And the way I describe it was, I just felt like security, especially for the small medium enterprises, was, was stuck in the 1990s or the 2000s. And what I mean by that is, imagine that you wanted on-demand video entertainment, right? Well, the security model today is sort of like movies from 15, 20 years ago, you'd have to go out and buy 500 DVDs, you'd have to buy a storage network, you would have to buy a computer, you'd have to buy software, you have to buy TV, you have to buy cables, you'd have to string it all together, then you have to take your DVDs and put them onto your hardware. and then you'd sort of have on-demand video. And then two years later, Blu-rays would come out. You'd have to literally upgrade everything because there's more storage, more space. That's right. That is literally what we do in security. We tell a company, weave your way through the 3,500 vendors out there. You can consider those your DVDs. Find the stuff that's interesting to you. Yeah. Build it all, deploy it all. Yeah. And once you're done, wrap a managed security service around And we were like, that just doesn't work very well for mid-market companies. Sure, if you're Bank of America and you've got the tech stack and the people and the time, why not? So our view was, we just sort of need to bring a security outcome into the 2020s, right? And so we call it sort of like the Netflix of security or your favorite streaming service of security, insomuch that what you get from SoulCyber is you get, just like Netflix, you get everything. You get all the best top-tier security products, you get it all deployed, You get all monitored, you get it analyzed. If we detect something bad happening, we'll respond to it for you. And we package that all up in a subscription model. That's just a monthly fee. There's no install fee, there's no upfront fees. It's just a monthly fee for customers. And so that's really the goal here. In the same way that Netflix didn't build their content originally, they went out and got, you know, let's go and get some Star Wars, some action, let's get some comedy, right? Yeah. In the same way, we use best of breed technology. So the things we use are literally Gartner Magic Quadrant technologies, but we just pull it all together into a seamless, um, solution that gets you an outcome of amazing security. And, and that concept seems to really resonate with customers.

---

CAROLE THERIAULT. Yeah, because that's really interesting because, and of course a lot of larger enterprise really want the granularity and being able to configure things, you know, to just fit in within their very, very complex environment. But if we're talking about your target market, which is like the small to medium-sized business, they don't even necessarily have strong security, you know, knowledge within the firm, let alone, you know, know where to look. So I really appreciate that point of yours of, you know, having to go out and hunt down the best thing when you're not an expert in the area. It's really frustrating, I imagine.

---

UNKNOWN. It is. And the other thing we find is we also find a set of customers that actually do have decent security expertise. They just don't have the time. So if you just take one piece, which is, let's just call it endpoint, there's dozens of endpoint providers. So a standard model for these midsize organizations would be to do a proof of concept amongst at least 3 that they whittle down from usually 10. That process for most of these organizations is a 6 to 12 month process to actually get it, you know, go through, do your research, get POC contracts set up, get it deployed. You have to deploy them independently. So even if they have the security expertise, just the time and the effort is not usually something they wanna spend. They've got a job of trying to be nimble and be fast to make sure their product that they're competing with on a very competitive market is working, right? And customers are buying it. And so this spending tons of time trying to get your security working is very difficult. And Carole, one of the other things, this is also really applicable to the mid-market when it comes to cyber insurance. And so cyber insurance is really a challenge for the mid-market on two aspects. It's very time-consuming to get cyber insurance, and there's about a 1 in 3 response rate that's negative, that they get denied. And then two, prices are going up about 50% year on year. And so because of the fact that we pull everything into an outcome, the insurance companies love it. And so as far as I know, we're the first company in the US anyway, that has a partnership with the insurance industry, where if you're using what we call our foundational coverage, you get pre-approved for your cyber insurance coverage, and you get a 30% discount on the cyber insurance price. Wow. And the reason is, is they go, well, we know the stuff that we're doing is really top-tier level security, and it's all in one package. So instead of having to recommend maybe 8 different pieces of technology, you can just use Swole Cyber's foundational coverage, and that's good, and we'll, we'll recognize that security effort that you're putting in as a customer, and we'll reward you with making this process easy and making your renewals or your new policy much, much more cost effective.

---

CAROLE THERIAULT. That's a really interesting angle that I haven't heard brought up before. The idea of cybersecurity insurance. Are most SMBs taking it seriously and taking out coverage?

---

UNKNOWN. We are seeing a significant uptake in the mid-market, the SMEs wanting cyber and needing cyber. As you know, they're there. They recognize is that the threats against them have changed and that it's not uncommon anymore. Ransomware hits about 1 in 3 customers in the mid-market. So you're, every year you're playing dice with the fact that, you know, this may be your year, right? So the assumption is if you're not doing the right things around security, you're going to get a breach within the next, you know, 24 to 36 months.

---

CAROLE THERIAULT. And I wonder if somebody was listening to you now and thinking, I like the sound of this, I wanna learn more, like, what steps would they go through if they got in touch with you, or what would typically happen? Sure.

---

UNKNOWN. So one of the things we really try to do is we call it sort of modern, and modern to us is as transparent, as authentic as you can get. So our website has a ridiculous amount of information about what we do, including our pricing. Our pricing is just right out front. It's in this— I love that. In the same way you wouldn't go to Netflix and say, well, I have to call a salesperson to figure out how much they're going to charge my family, you know, that's, that's silly in today's So our pricing is literally listed on our website. There's contact sales listed on the website. You don't even have to work through sales teams. You can actually do things online. So we try to make it really simple. So one of the things that is not common in the managed security services space is what I call the business side. So if you sign, you have to sign a contract, and then that contract gets put in the email or in your contract storage. And of course, mid-market companies, they're like, ah, you know, Tracking contracts often is in email and places like that. And so what we do is we just take all the information, stick it on the portal. So you say, well, this is how much you're spending per month, and these are the services you purchased. And if you want more or less, you just click a button. And so the easiest thing is to pop onto the website. You can check the pricing. We describe what we do out there, and we're happy to have somebody contact you and walk you through the basics. A lot of times it's a daunting thing to try to get your security program in place, Security, and we do a lot of consulting just to make customers understand what's happening out in the world. If there's anyone listening that's just like, "I need to get this problem taken care of," give us a call, contact us. We're incredibly non-pushy from a sales standpoint. We try to be really helpful. Again, a lot of our information's on the website, and we can have this problem done and dusted for you in 14 to 30 days. We get a lot of customers that are like, "Wow, Scott, I've had this on my plate for 6 months." months. I know I needed to take care of it. It was just, I was like building out like these frameworks and walking through my plan. And then when they found us, they just, you know, we just worked together and they were up and running in 2 weeks to 4 weeks. And they're like, and it's done. Now they have a good security program in place. I mean, we're talking security awareness, phishing simulation, like really a proper, fantastic ability to get you to some amazing security. And then on top of that, if you're struggling with cyber insurance, ransomware insurance, uh, if it's getting really expensive, or if you're getting, you know, your application rejected, we can really help with that as well.

---

CAROLE THERIAULT. Now listeners, you've heard Scott. If you are a small to medium-sized business and you think you need a little tune-up, or you're excited by anything you heard here, please go to smashingsecurity.com/solcyber. That's smashingsecurity.com/solcyber, S-O-L-C-Y-B-E-R. And Scott McCrady, CEO of Fiber. Thank you so much for talking to us today.

---

UNKNOWN. No, I appreciate it. Thanks as always to the listeners who tune in.

---

CAROLE THERIAULT. Brilliant.

---

GRAHAM CLULEY. And that just about wraps up the show for this week. Anna, I'm sure lots of our listeners would love to follow you online, find out what you're up to. What's the best way for folks to do that?

---

ANNA BRADING. You can get me on Twitter @AnnaBrading. Shugsy Malone. I'm gonna reserve that now.

---

GRAHAM CLULEY. And you can follow us on Twitter @SmashInSecurity, no G, Twitter allows to have a G. And we also have a Smashing Security subreddit. And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Google Podcasts.

---

CAROLE THERIAULT. And mega thank yous to this episode's sponsors, Bitwarden, Sneak, and SoulCyber. And of course to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 282 episodes, check out smashingsecurity.com.

---

GRAHAM CLULEY. Until next time, cheerio. Bye-bye. Bye. Bye.

---

CAROLE THERIAULT. All right, marvelous. Okay, this site is so weird, Anna. What?

---

ANNA BRADING. I know. I've also got another one, but I'll put in the show notes because I thought it wasn't interesting. It wasn't as funny. Um, so you can, uh, you might like this as well. I don't know if it's old, Quick Draw with Google, but you draw and then, and, and then it guesses. But I think it's quite—

---

CAROLE THERIAULT. I think we've had that on the show before.

---

ANNA BRADING. Oh, have you? Okay, good. That's good.

---

CAROLE THERIAULT. It's good. I have— I have now a Chia Pet Bob. Bob Ross. Yep.

---

ANNA BRADING. Black monster beast werewolf killer ape adult hand gloves. Oh, sexy.

-- TRANSCRIPT ENDS --