Cyber Crises & Lessons Learned DDOS US Stock Markets
Disaster.Stream takes you inside the world of high-stakes cyber incidents and recovery operations, where seconds matter and lessons shape the future. Hosted by veteran network forensics expert Bill Alderson, this show unpacks the anatomy of disasters—from stock market outages to military communications failures—revealing what really happened, how teams responded, and what leaders must learn.
Through vivid case studies, expert interviews, and frontline war stories, Disaster.Stream highlights:
- Cyber & IT disasters — from DDoS attacks to zero-day exploits.
- Human factors — ego, culture, and fear that complicate recovery.
- Proven best practices — building resilient organizations that bounce back faster.
- Voices of experience — McKinsey, NetScout, ExtraHop, Cloud Range, and pioneers like Vint Cerf, father of the Internet.
More than technology, this podcast is about people under pressure, lessons hard-won, and the leadership required to turn disaster into opportunity.
Whether you’re in IT, security, leadership, or just curious how systems survive when the unthinkable happens, join us to learn how organizations respond, recover, and evolve.
👉 Got a story? Email [email protected] and share your team’s recovery win.
Transcript
Hello, and thank you for joining me for episode one of season one
2
:of this new podcast, Disaster Stream.
3
:We're going to cover the.
4
:US Stock market denial of service.
5
:Now, that's of interest to most people
regardless of whether you're technical or
6
:not technical, because when that happens,
it affects every part of an organization.
7
:And this particular problem affected
not just one organization, but
8
:many organizations because the
denial of service stops services
9
:of major stock market exchange.
10
:A big problem.
11
:And it lasted for a long time.
12
:Woody Allen said 90% of
anything is being there.
13
:In the times of Covid we couldn't always
be there, but we could be there virtually.
14
:Another famous guy, Chuck Swindall,
said 90% of anything is attitude.
15
:Attitude should be, can do,
yes, We can solve the problem.
16
:And here we go.
17
:So let's take a look at
what we have for you today.
18
:In each episode, I will introduce you
to people who speak at my conferences,
19
:who are in my round tables . So today
I'm going to kinda load up a little
20
:heavy cuz it's our first episode and
I want you to get a feeling for the
21
:type of organizations and consequential
people that we will call upon for
22
:various types of help and advice.
23
:So up first will be McKinsey and Company,
followed by NetScout Extra Hop and Cloud
24
:Range, which is a brand new capability to
run actual simulation training exercises
25
:for disaster recovery, incident recovery.
26
:Toward the end of the broadcast,
we're gonna have Venton Cerf, who is
27
:the father of the internet recipient
of the Presidential Medal of Honor.
28
:He's the guy who pretty
much put together TCP/IP.
29
:Promulgated with all the programmers
and he talked at my recent conference
30
:about TCP/IP being 50 years old and
some of the consequences of that.
31
:So you're not gonna wanna
miss these little vignettes.
32
:One or two minutes.
33
:Doesn't take long as you get introduced
to some of these great organizations
34
:and people, a little bit more about
the broadcast part of this is not
35
:just for me to tell my stories,
but I want to tell your story.
36
:I wanna give your team and yourself
some recognition for the great
37
:work that you're doing out there.
38
:So if you'll recommend security incident,
disaster recovery responders, anytime
39
:where data is being threatened or
impacted, we wanna hear about that.
40
:You can send that email
41
:You can listen on Apple, Spotify, Google
Tune in Amazon, Pod Beam and more.
42
:And we have this content available
to you not just in the audio
43
:format, but also in video.
44
:And we're going across many different
distributions we welcome new guests
45
:and industry participation, and
I'll run out of my stories after
46
:about 20 or 25 big issues that I've
responded to and definitely I wanna
47
:start integrating in the things
that you guys have done out there.
48
:To save the day.
49
:I call it pulling the baby
out of the lion's mouth.
50
:Pretty fun job to be able to do
this my entire 40 year career.
51
:And now I'm trying to help the whole
industry understand what it means to be
52
:a disaster responder and tell your story
and give you a good shot in the arm.
53
:All right.
54
:Now this is a little bit about me.
55
:It's my infographic bio.
56
:I've responded to a lot of various
things and I've been out I wrote a
57
:really nice paper about 50 pages on
the Solar Winds breach that people
58
:still say is the best one out there.
59
:Happy to get that to you
if you're interested.
60
:Lots of conferences.
61
:Net World Interop had hundreds and
thousands of people at my conferences.
62
:Wrote a column in Network
Computing magazine.
63
:Some of you may remember me
from that certified 3,500
64
:network forensic professionals.
65
:And involved as a board member in ISSA.
66
:I'm considered a Vietnam era veteran.
67
:Worked at Lockheed Built Secure.
68
:Networks with crypto gear back in 1980,
and I had to start looking at data
69
:scopes and packets in 1980 to figure
out how all of that stuff worked.
70
:Pretty cool.
71
:Then I worked for the creator of the
sniffer at the startup of network
72
:general corporation, which is.
73
:Known as NetScout through acquisitions
that's a little bit about me, so
74
:you have an idea of what I do and
look forward to getting to know
75
:you a little bit better over time.
76
:I wrote a white paper recently in
preparation for this podcast as I,
77
:I build case studies out of each one
of my high stakes, high visibility,
78
:lesson learned type environments.
79
:I'm always wanting to pull out.
80
:The lessons learned, and I'll talk
to you more and more about that
81
:because it's much better to learn from
somebody else's lesson learned than
82
:to have to learn the lesson yourself.
83
:How do we deal with disaster?
84
:What are the phases of disaster?
85
:I'll talk about that over time.
86
:Journaling makes sure you remember what
happened incrementally so that you can
87
:then pull those lessons learned out and.
88
:, like I said, best practices
and it's all about tiger teams.
89
:I've been privileged to come in and lead
various tiger teams at the Pentagon,
90
:9/11 recovery, where, we had to come
in and diagnose very critical problems.
91
:Do triage find big network diagrams.
92
:Packet flow diagrams, application
flow diagrams, the metrics and then
93
:troubleshoot each one of those things.
94
:Troubleshooting is like peeling and onion,
and there's the diagram there, and I'll
95
:talk to you more about that in the future.
96
:Just want to do a setting for
you where, we, we talk about.
97
:Problem analysis, disaster recovery,
and responding to these problems.
98
:You record these things, you gather
the lessons learned, and then you
99
:build out best practices so that.
100
:, you can have crisis avoidance in your
organization or disaster avoidance.
101
:It's the ultimate in credibility
not to have a problem on your watch.
102
:We'll try and help you learn
those things that were hard won.
103
:People at the Pentagon died
in order for these lessons
104
:learned to be brought forward.
105
:So we should respect them and use them.
106
:We're not repeating the same problems
that we found at 9/11 when we went to
107
:recover their communications systems.
108
:The fingerprint of every organization
is as unique as the individual's
109
:fingerprint, whether you started it
at, with a distributed architecture
110
:or a centralized architecture,
centralized as the bank, distributed as
111
:retail . Your network has a fingerprint.
112
:You have 50 or a hundred
different vendors, and every one
113
:of those mixes are different.
114
:So every organization has a unique
fingerprint of their mission critical
115
:enterprise, and we talk about that.
116
:How to deal with that.
117
:That means that every enterprise has to
be completely managed, very focused and
118
:quite different between enterprises.
119
:One size doesn't fit all.
120
:So you have to really customize
your response, your tools, your
121
:systems, your planning, to meet
your particular fingerprint.
122
:When we talk about best practices.
123
:These are best practices that have
been tried and true, refined, and
124
:if you put them to work, if you
impute them into your organization,
125
:you'll have intrinsic data recovery.
126
:You will have intrinsic disaster recovery
for the most part sometimes so that
127
:you don't have to have the disaster.
128
:That's the great thing.
129
:You can obviate disaster many times by
impeding and applying best practices.
130
:if you have a large organization,
you might need somebody like
131
:McKinsey and Company or.
132
:Deloitte, Booz Allen, GDIT to
help you implement those systems.
133
:But we are here to help you identify
those, focus on those so that you can
134
:build them into best practices so you're
not repeating the same problems and you're
135
:putting forth the best way forward for
your organization to respond to disaster.
136
:With that, we're gonna talk a little
with our friends at McKinsey, who spoke
137
:at one of my round tables recently.
138
:And here you go.
139
:We'll be back in just a minute.
140
:Here's an introduction
to McKinsey and Company.
141
:They're gonna talk.
142
:The Passwordless and some
questions from some people at
143
:the round table back in a minute.
144
:Okay, we're back now the DDOS
attack at the US Stock markets.
145
:Let's go through it one by one and just
take a look and see what we've got here.
146
:First of all, the Cyber attack
ties up the US stock markets.
147
:It affected Wall Street, the
brokers, the dealers, the customer.
148
:All sorts of implications when
something of this nature goes down.
149
:And it wasn't completely down,
and that's sometimes when it's
150
:a bit intermittent because the
denial of service kept hitting it.
151
:And it would it would go on and
off a little here, a little there.
152
:And some of the time you could get in.
153
:Most of the time you couldn't.
154
:And that's the nature of a denial of
service attack, is that it denies the
155
:legitimate traffic, the legitimate
services that the organization or the
156
:networks and systems are putting together.
157
:This is what it looked like.
158
:You got hackers out there and they
are sending in denial of service,
159
:SYN-ATTACKs to try and break your
system through brute force hitting them,
160
:asking for a connection . So here it is.
161
:It's a good picture, isn't it?
162
:There's the Wall Street Bull all tied
up just like a bull in the arena there.
163
:Trying to.
164
:Get away.
165
:And here the denial of service
attack has the stock markets tied up.
166
:I want you to hear real quick from Paul
Barrett, he's the CTO over at NetScout.
167
:And NetScout has these great tools
that can be distributed around the
168
:world in order to capture packets
so that you can bring them back and
169
:diagnose problems remotely, virtually,
and anywhere around the world.
170
:So let's hear from Paul
and then we'll be back.
171
:Okay, we're back now.
172
:Firewalls were melting down
because of the DDOS SYN-ACK load.
173
:The firewalls were getting so
many requests that they could not,
174
:You couldn't log into the things
for number one, because they were
175
:so busy responding to requests.
176
:Every once in a while a request would get.
177
:, but for the most part it
was denying the service.
178
:The legitimate users had to get in
to look at quotes, to look at buy and
179
:sell orders and that sort of thing.
180
:So it was a pretty big problem.
181
:Now, the firewalls had a lot of
rules on them and they were highly
182
:granular rules because there's good.
183
:To have quite granular, very effective
firewall rules, but because there's
184
:a lot of 'em, when these bulk attacks
started hitting, it really broke down the
185
:system with this Global incoming attack.
186
:And it was highly impactful.
187
:So you had all these people around
the world coming through and
188
:hitting and breaking your firewall
so that it could not take care of
189
:legitimate requests from the market.
190
:Now that affected broker dealers,
like I said, customers and the
191
:public, and it was not a good thing.
192
:Now, I was on the West coast at the
time this started, and they called me
193
:up and talked to me a little bit, and
then they said, Bill, police come in.
194
:We can't figure it out.
195
:It's been several days.
196
:We've got law enforcement, we've
got every vendor that we have in
197
:our portfolio, they're all here.
198
:They're all supporting, but we can't
figure out how to stop this thing.
199
:I popped on an airplane, went
back to the East coast to jump
200
:in and analyze this problem.
201
:What I found was very interestingly,
that it was indeed a SYN attack
202
:and the requests were coming in.
203
:Here's the thing I know tcp and
consequently, I know that when.
204
:Send a request to connect up to a
server or a system or an application.
205
:You send a send request.
206
:It's a synchronized, and so you're
trying to get a connection with this
207
:system so that you can then use the
communications path in a reliable manner.
208
:And the first thing that it
does is it comes up with this
209
:random number, the random number.
210
:Is one to 4 billion.
211
:And it essentially is a sequence
number, a starting sequence number.
212
:The purpose for this
is partially security.
213
:Security by obscurity.
214
:If every time you created a session it
started at zero, then 100 and 500, then
215
:somebody could very easily sleep slip.
216
:And take over your session cuz they
could anticipate what was going to go on.
217
:And so we use random sequence
numbers to begin a session.
218
:That random sequence
number was not random.
219
:In this particular case, they used the
same sequence number over and over again.
220
:Now the organizations that I
was working with were really.
221
:They had great coders and they went out
and investigated and they downloaded
222
:all of the source code of various
types of these script kitties that
223
:would generate these type of attacks.
224
:And in the process I said, Hey, we're
use, they're using the same sequence
225
:number over and over again, which is an
indicator that they're not that smart.
226
:So consequently, they found
the actual source code of.
227
:Software that the hackers were using to
generate this denial of service attack.
228
:Very cool.
229
:And as a result, we took that tool
in and we could see the various
230
:behaviors and that sort of thing.
231
:One of the things that it did was it did
source ip, random source IP addresses.
232
:So we couldn't tell
who it was coming from.
233
:It was basically indicating that if you
were on the internet, through all the
234
:randomization of the source addresses,
that it could have been anyone, and in,
235
:in fact, everyone was getting accused
of being the source of this particular
236
:problem because the IP addresses now a.
237
:We don't use that kind of routing anymore
and we've fixed that problem for the
238
:most part on the internet now because we
use reverse path forwarding algorithms,
239
:which means that you can't just put
an IP address on a packet and send it.
240
:Because the BGP routers on the
internet will not forward a packet
241
:that is not appropriately from
the network that you were on.
242
:So if it won't forward a packet
to that, it will not allow
243
:you to send a packet from it.
244
:So you cannot use spurious
IP addresses in many cases.
245
:Now, inside an organization you can.
246
:People can do that if the IP
addresses that they're randomizing
247
:are your internal addresses.
248
:So a university or a large
company or organization has a
249
:very large ip IP address range.
250
:They could successfully limit
it to that IP address range
251
:due denial of service attacks.
252
:Because the router that supports
you would then allow that to be sent
253
:out randomized, because the reverse
path forward would know that it was
254
:appropriately from that IP address range.
255
:Okay.
256
:So the the issue though was the,
257
:Firewalls that were being used were highly
granular and they could not filter on
258
:a single sequence TCP sequence number.
259
:And even if they could, every
time one of those requests
260
:comes in, it interrupts a cpu.
261
:And causes a whole bunch of consternation.
262
:So even if you could filter out that
one sequence number wouldn't make
263
:much of a difference because it would
still interrupt the CPU and consume
264
:bandwidth and traffic and that sort
of thing and processes so that it
265
:would still have the same effect.
266
:So we were scratching our
heads and trying to come up.
267
:Better way of resolving this problem.
268
:And of course we did.
269
:And we're, I'm gonna talk
to you a little bit about.
270
:Now I want to talk generally about a
disastrous problem and what it takes
271
:to resolve a disastrous problem.
272
:First of all you're probably
familiar with you know this thing
273
:called a square problem square.
274
:So you've got a team, you've got an
environment, you've got a problem, you
275
:have symptoms and that is what we know.
276
:We have, those are the symptoms.
277
:Those are the problems.
278
:And the status quo is that
today without new information,
279
:we cannot solve that problem.
280
:And if you're familiar with Steven Covey,
Seven Habits of Highly Effective People,
281
:he talks about paradigm shift in there.
282
:He was probably the one that
that really brought about the
283
:term in to, to have ubiquitous.
284
:In the world be the paradigm shift
because he talked about it, told
285
:stories about it, and it's really great.
286
:I may tell one of one of his stories
sometime so that it helps you understand
287
:this, but essentially a paradigm shift.
288
:Occurs when you have new information
and that new information has a payoff
289
:because you can solve a problem that
you could not solve yesterday because
290
:you didn't have new information.
291
:You had all the symptoms, you knew
all the, all that, but there was a key
292
:piece of information you did not have.
293
:So it's.
294
:Necessary to get that new information and
to find it and pursue new information,
295
:new findings, new visibility, new
knowledge, new best practices, root cause
296
:analysis to discover new things about
the problem that you didn't otherwise
297
:know, just like we went through at
the stock market to, to resolve this.
298
:So the new input, it's
it changes it from a.
299
:To a cube, a square has four sides.
300
:A cube has six sides.
301
:So the two new I items is the new
information and which is new input.
302
:And then you get a payoff from that.
303
:So new input and you get a pay.
304
:Because you found some new information
and now you were going to be able to solve
305
:yesterday's problems because you have
information that allows you to solve it.
306
:Now, the sad thing is that every time I
go in and solve a problem, it never fails.
307
:Everybody says that was sure.
308
:It was simple.
309
:After you got the answer, it was not
simple before you got the answer and it's
310
:Oh, I should've known that type of thing.
311
:No, it's sometimes very hard.
312
:One hard to find and you have to
do a lot of work to find that,
313
:but that gives you the payoff.
314
:All right, now.
315
:The concept that we came up with was
a multi-tier bulk access firewall.
316
:So instead of just having one set of
firewalls where everything came into, we
317
:were going to have two sets of firewalls.
318
:The first set was to stop the bulk attack.
319
:The second set was to
process the granular rules.
320
:And so you're gonna see a little
bit how we go about doing.
321
:Yeah, and before we go through and
talk about that, I want to introduce
322
:you to Debbie Gordon of Cloud Range.
323
:Now, Cloud Range has a simulation
system to take people who are really
324
:smart people, but put them into an
environment where they can collaborate
325
:and solve problems together as a.
326
:Now, one of the things that I will mention
in the future is that, when I arrived
327
:at the Pentagon, there were people who
were missing because they were killed
328
:by the aircraft hitting the building.
329
:So they were down a lot of
personnel that they normally had.
330
:And this team, parts of it had
exercises for disaster recovery.
331
:They're a military organization.
332
:But think about it.
333
:If your organization got hit, would
your team be able to deal with the fact
334
:that maybe some people were affected
by a natural disaster in their area and
335
:they had to take care of their families,
not the company or the organization.
336
:So you might be down several people.
337
:Exercising with those people
and simulating disaster
338
:recovery is very powerful.
339
:And in this instance, she's talking
about a Cyber attack, but it can
340
:be collaborative training for any
of those things to bring your team
341
:together so you can educate and get
lots of training for the individual.
342
:But if the individual doesn't
know how to collaborate communi.
343
:And use tools and banter back and
forth to solve a problem as a group.
344
:Yeah, that's what this does.
345
:So take a listen to Debbie for a minute.
346
:We're back.
347
:The modified firewall architecture.
348
:Take a look, you've.
349
:A bulk attack firewall, and then
you've got the granular firewalls
350
:and the secondary granular firewall.
351
:So by putting the filter in for that
sequence number and stopping that
352
:particular sequence number from going
through it, put the burden on the first
353
:firewall, the bulk attack firewall,
eliminating the burden from the
354
:granular firewalls that were second.
355
:So imagine a primary and a
secondary set of firewalls.
356
:The first one was to
take the bulk attacks.
357
:The second one is all your normal
firewalls with the highly granular
358
:rules so that the bulk attack firewall,
all it had to do is take out the bulk
359
:attack, leaving only the good traffic
to continue through, not melting
360
:down the firewalls, not melting
down, the networks, not melting.
361
:The servers involved in that situation.
362
:Now, this happened to be with Cisco,
and Cisco volunteered a new bulk
363
:firewall that they brought with them in
case they needed it for an emergency.
364
:But the problem is that it wasn't
that simple because remember
365
:how I told you there was no.
366
:Filtering capability out of the user
interface to kill one sequence number.
367
:They said, We didn't think
anybody would ever wanna do that.
368
:And I said don't you have a pattern
match offset that you can set?
369
:At the time they didn't.
370
:But he said because Humpty
Dumpty, all the kings horses and
371
:all the kings men were there.
372
:We had some priority access to
things, if and so we got into
373
:the actual development engineer.
374
:At the Cisco Firewall Group and they said,
Hey, Bill, we'll write a hack version of
375
:the code that will filter out forever.
376
:That one sequence number.
377
:Now, being that one sequence number was
only one in 4 billion, if somebody used
378
:that legitimately, it would be denied.
379
:But it's no big deal.
380
:Three seconds later, it would
retry with a different random
381
:sequence number and it would work.
382
:So not a big deal to lose one out of
4 billion initial sequence numbers
383
:to solve this particular problem.
384
:And that's exactly what we did.
385
:We put that bulk firewall in.
386
:It had the hack version of the code that
filtered out that one sequence number.
387
:The firewall held up and was able to
filter out and block that one, and then
388
:the good traffic was able to continue
through to the more granular firewalls.
389
:So it worked great.
390
:Now, the packet analyzer
helped us identify the sequence
391
:number that was being used.
392
:The knowledge of theory and
understanding of protocols allowed us
393
:to understand and actually seeing the
packets of the particular problem.
394
:Now, this is a zero day
type problem, and if you.
395
:Are a large enterprise and you
don't have the ability to do packet
396
:analysis, I'm sorry, but you're
not gonna be able to respond very
397
:effectively to zero day problems.
398
:So somebody has got to look at it from
this highly granular view in order to help
399
:you find that solution to that problem.
400
:So this is the way it looks.
401
:If you can imagine you've got domino.
402
:Those dominoes are moving forward
to the bulk firewall and boom,
403
:they hit the bulk firewall.
404
:And that domino, that set of dominoes
effect stops at that first firewall.
405
:And then there's another set of
dominoes, which is a secondary firewalls,
406
:and those are not impacted, so the
dominoes couldn't get through to.
407
:F to cause the continued crescendo
into the firewalls and the servers
408
:and applications on the other side.
409
:So the solution worked really great.
410
:Everyone was happy and they promulgated
that change through law enforcement and
411
:other people to the other exchanges,
and they were able to do that.
412
:What we're talking about here
is business continuity, right?
413
:We're planning this.
414
:We're getting lessons learned.
415
:We're figuring out how to do recovery.
416
:We have all sorts of
metrics about recovery.
417
:How long is it gonna take to get
partial recovery or full recovery?
418
:How are we gonna build our
systems to be more sistant?
419
:What kind of procedures and best
practices do we need to put into place?
420
:So yes, that's what this podcast
is gonna be about, and we'll talk
421
:about that with various people in
the future and that sort of thing.
422
:Now want to introduce you.
423
:This is a very cool thing that
Brian Lairs of Extra Hop talks
424
:about is defending the win.
425
:With network intelligence, it's basically
the mid game from the time that your
426
:enterprise gets hit until and that's
the initial hit until you find it.
427
:So that's the dwell time
and that dwell time.
428
:If you somebody does get in, you
wanna have the systems and capability
429
:to act on that very rapidly.
430
:So Brian's gonna talk a little bit about.
431
:Okay, we're back Now.
432
:Cybersecurity, of course covers a lot
of different things, applications,
433
:networks encryption the fact that we have.
434
:The fear of encryption being broken
and that sort of thing here in the
435
:future we're con concerned about
that various end user education.
436
:I'm not a big one.
437
:It is important to educate, certainly your
employees, but to put the burden fully
438
:on an employee because your Cybersecurity
systems are not resilient and are.
439
:Finding and stopping
things with technology.
440
:So there's a balance.
441
:You can't and there's a move afoot
to fire employees who click on
442
:ransomware and that sort of thing.
443
:Frankly, I think that it's the technology
group's problem ultimately, and I
444
:certainly wouldn't advocate firing
employees who are great otherwise for
445
:what you hired them for because they
are not Cyber security personnel.
446
:So we just need to build better
Cyber security to meet those needs.
447
:Think you'll agree with me.
448
:So those zero day problems require
immediate new solutions You.
449
:Knowledgeable technologists who are
trained, skilled, good communicators,
450
:good writers, so that we can talk
about and communicate these things.
451
:Because zero day problems require
an immediate solution that's brand
452
:new, that's never been used before.
453
:That's very important.
454
:So the best practice amplification,
I'm gonna talk about that cuz
455
:that's what this is about.
456
:What did we.
457
:What did we learn about
the stock exchange?
458
:They were down for several
days before I got there because
459
:they didn't have their own.
460
:Network forensic people at the time.
461
:After this, I came in and helped train
them in some network forensics so
462
:that they had the skills so that they
wouldn't be down for multiple days.
463
:They could identify some
of these zero day problems.
464
:Anyway that's the purpose.
465
:So the organization takes a best practice.
466
:That's very powerful proven.
467
:And then we let the organization amplify
it, and that's why I talked about.
468
:If you want to put best practices that
the lessons learned that we talk about
469
:on this program you might need someone
like McKenzie Bain or Boston Consulting
470
:Group, Deloitte G D I T or Cap Gemini
to help you implement those far and.
471
:Okay, so that's just why what I'm talking
about now, smaller organizations, you can
472
:probably do that with your own team might
need some help, but in order to make any
473
:changes, you're gonna need some help.
474
:That's why those big accounting firms
or consulting firms are out there.
475
:Do you know that there are hundreds
of thousands of those very smart
476
:people working for those organizations
who basically take a problem and
477
:implement a solution very rapidly?
478
:It's not inexpensive, but
you get what you're paid for.
479
:Okay the first problem that I talked about
from my white paper my case studies is the
480
:US stock market denial of service attack.
481
:And so we'll be talking about some
of my 25 or 30 major lessons learned.
482
:I like to tell people, Hey,
you know what lessons learned.
483
:Would have prevented Facebook from
being down for a day last October 4th.
484
:Facebook went down for a day, and
I'll talk about this sometime,
485
:but what lesson learned?
486
:Had they implemented it and imputed
it into their environment, would've
487
:prevented them from being down for a day.
488
:I have the answer to that, and I'm
more than happy to share it at some
489
:future time, but this is why we're
doing this broadcast in order to
490
:help you and organizations implement
lessons learned that could save.
491
:Oh, let's see.
492
:I think Facebook lost about 5%
of its value, 25 to 50 billion
493
:with a B dollars in one four
hour period that they were down.
494
:So it's gonna pay dividends to implement
the very best of best practices.
495
:So I encourage you to come back and
and be with us on these broadcasts.
496
:I have a message from Venton Cerf.
497
:Vent is the father of the internet.
498
:He spoke at my conference on TCP/IP
and security a few, a couple of months
499
:ago, and I want to take his message
and introduce you to vent if you
500
:don't already know him as the father
of the internet and the recipient of
501
:the Presidential Metal of Freedom.
502
:A great guy.
503
:He's a VP at Google and you
won't forget hearing a little bit
504
:from vent and so here is vent.
505
:We'll be back after he
talks to us for a moment.
506
:Okay, we're back.
507
:Thank you so much for joining us.
508
:Recommend your folks anyone with a
disaster recovery security incident , any
509
:type of data, disaster recovery efforts.
510
:Send me an email [email protected]
511
:and then encourage people to
learn from these best practices.
512
:They can save.
513
:Potentially someday I'm gonna talk to
you about that Facebook solution that
514
:would've saved 25 to $50B billion for
Facebook had they implemented the best
515
:practice . And and maybe we'll have
some folks on who, who did implement.
516
:Capability and can testify
that it's highly valuable.
517
:I want to talk to you just a little
bit about what we're gonna talk
518
:about in one of our next sessions.
519
:We'll talk about the Pentagon 9/11 where
I flew in with five of my team and we
520
:brought the Pentagon communicating.
521
:So we're gonna talk about that in the
future episode and we're gonna have none
522
:other than David Wills who used to be
the he was at STRATCOM JOINT CHIEFS of
523
:staff at the Pentagon and US CENTCOM.
524
:He was chief of network engineering
to run communications for the
525
:Iraq and Afghanistan wars.
526
:Thank you so much for joining me.
527
:Do, let me help you give
your folks a shot in the arm.
528
:I'm always available to do a lunch
and learn to help your folks.
529
:I'd love to tell your story on our
podcast, and if you're a vendor who is
530
:working on solutions that are meaningful,
new and capable, like cloud range and
531
:some of these others, I'd be very happy to
introduce the audience your new technology
532
:and new disaster recovery capabilities.
533
:Thank you so much for being here today.
534
:We really appreciate your support.
