Thứ Ba, 27 tháng 2, 2018

Waching daily Feb 27 2018

Essential Oil Uses For Relaxation And Resort.

Among all functional home remedies, essential oils are safest ones that not only work but

also leave long-lasting positive effects.

The popularity of essential oils is increasing day by day and one of its core target areas

is relaxation.

A huge general population and professionals utilize essential oils for massage because

of its rich smoothness providing nature.

Sleeping Time Essential oils can help in increasing time

duration of sleep.

Some oils have the ability to alleviate specifically insomnia like Lavender oil'.

For this purpose just sprinkle few drops on your pillow before sleeping and that will

help you fall asleep quickly.

Message Therapy Cedarwood and lavender oil mixed with any

unscented lotion can be used during relaxation massage.

Depression Reliever is a common problem among our new general

population equally distributed all over the world.

There are a lot of remedies to feel relieved and to get rid of depression and essential

oils uses are one of them.

Essential oils can help people feel it as some of them have very pleasant odours.

A single drop of lavender oil can help you to deal with this dilemma situation.

To relieve anxiety, using one drop of oil on your hand, rubbing your hands together

and smell it.

Your nostrils will lead this pleasant smell to your pinpoints and will help you feel relaxed.

Rose essential oils used for the bath water can also be useful for relieving stress.

Body Moisturization Skin is the part of human body that is in

direct contact with air.

This can make it dry so that you'll feel like peeling yourself.

To get rid of this dryness in the most natural way, mix coconut oil, butter and any other

suitable essential oil and will help you in moisturizing the skin.

Crash or Detox Bath Oils can be used as antitoxic materials.

For this purpose Epsom salt, sea salt and lavender oil can be used for cleansing and

rejuvenation of body when mixed with warm water.

Mint Chocolate Cocoa

For instant minty chocolate, Menthe Piperita is added to cocoa in a very little quantity

such as 2-3 drops, which is peppermint essential oil that will offer you to see wonders.

A Remedy For Chapped Lips Due to moisturizing ability, oils can be used

as a home remedy for dry and chapped lips with no side effect.

Some oils help in recovering cracks of skin no matter if it's your lips or heels.

For healing of chapped lips, lavender oil can be used mixed with coconut oil or beeswax.

Calm Creating For The Upset Child Are you worried about your trouble-causing

kids?

Essential oils might also help you deal with that.

As children remain in contact with their animals and oils can be helpful to soothe their aggressive

moods, you can make them calm by just adding oils to their stuffed animals.

Lavender oil and chamomile oil can be used for this purpose.

Nourishement to Feet Everyone likes soft and smooth skin.

Few drops of lemon or eucalyptus oil in one litter warm water can help you soothe the

feet and have a pleasant feeling from head to toe.

Relaxer Some oils are edible and can be used as the

diet and some have a very pleasant smell that can flood your senses.

Oils can cause a cooling effect that helps you in immediate relaxation such as 2-4 drops

of chamomile or peppermint oils to your temples can make you feel relaxed.

Relaxation of Yoga Essential oils have the cleansing ability

too, such as clove essential oils can be used to clean yoga mats.

Before class, inhaling oils can make you feel relaxed during yoga.

Lavender oil or sandalwood oils can also be used for this purpose.

Don't Forget To Follow Us On Other Social Media :

YouTube : http://bit.ly/2e1vK3L Facebook : http://bit.ly/2kYKuD0

Twitter : http://bit.ly/2ksd98v Pinterest : http://bit.ly/2gh7g9U

Instagram : http://bit.ly/2z2YbZN Daily Motion http://bit.ly/2z389dB

Google Plus : http://bit.ly/2kqyrUa Tumblr : http://bit.ly/2xXbehS

Subscribe our channel for more!

For more infomation >> Essential Oil Uses For Relaxation And Resort. - Duration: 3:56.

-------------------------------------------

Down Feed for Gingery Shaper - The Axis for Dovetail Cutting - Duration: 12:47.

hi I'm Cressel Anderson this is Makercise in this episode I'll be completing

the down feed for the shaper project now the down feed allows the tool to go up

and down on the rotating head so you can adjust the angle for a dovetail during

that whole cutting operation the shaper is doing its reciprocating motion to

shave off material while you gonna manually advance the cutter down the

surface of a dovetail for instance the first step in preparation of the down

feed for the shaper project is construction of the pattern now you know

how much I love lost foam and the process for creating the pattern for the

down feed is pretty much the same as you've seen me do with other parts I

make thin slices off my big block and then I lay out the different parts of

the pattern I use my hot wire cutter to cut those parts and then I assemble them

together now in the past I've used hot glue but I feel like hot glue really

generates a lot of gases in the pattern relative to the polystyrene so I've

started trying to use super 77 spray adhesive and so far the results have

been pretty promising I really do like it

after I've got the parts cut out of the polystyrene I use my sander to clean

them up and then I spray on a little bit of adhesive and I test it with my

fingernail like the instructions say until it's tacky but won't stick to your

fingernail and then I assemble the part after I've got the part assembled I

check it on the machine to make sure it's roughly what I'm expecting finished

cleanup sanding and then encase it in plaster of Paris

I made a tree so that way I could cast all three of these parts at the same

time and then lastly I embedded in sand using my vibratory table

after the unfortunate collision between the pattern and the flasks side he's a

little bit of spray adhesive to repair the pattern I put it back down in the

flask very gently and then I just sprinkled a little bit of sand around it

so as to not disturb that compromised portion of the pattern that pattern was

just fine the metal flowed right through that little feeder from the main sprue

and just fine so I was really glad I didn't have to completely remake that

pattern you may have seen me using these drawings to build the patterns and

calculate the amount of material that I'll use for casting in case you're

interested in them I upload them over at patreon

rates

I followed my normal procedure for cutting the parts off of the sprue

cleaning them up with the sander and then scraping them in and if you want to

see a really detailed video on scraping you should check out the part 9 in lathe

project video series I go into a lot of detail about how I scrape these aluminum

parts for the Gingrey series of projects I cut some cold rolled steel to form the

clamps that mount to the bottom of the gallon feed and then I laid out the

looming holes I drilled some temporary guide holes I think those are three

millimeter holes then I clamped the guides to the down feed and put it in my

drill press vise and then I matched drilled the initial fasteners using

those guide holes and I always do just a single fastener to hold the clamps into

place where I want them once I've got that initial fastener in place then I go

back and do the remainder of the fasteners

so this is pretty much the same procedure that you've seen in previous

videos where I make a series of holes enlarge them tap the casting install the

fasteners and then align the clamps so that I can repeat the drill for the

remainder of the fasteners I installed all the fasteners onto the down feed I

did a little bit of filing on the guid to make it fit under that clamp the side

of the down feed slide ways and then I took the down feed back over to the

drill press to drill and tap holes for the give adjustment screws now these

screws are on the left side of the down feed and they adjust the pressure that

the Gib exerts on the down feed slide ways this allows me to adjust that give

so that there's minimal play in the down feed next I turned my attention to

fabrication of the down feed screw the last video that I made was a sinner in

jig that I used for placing the center's in the end of this rod stock and I

pretty much just put the rod into the drill press vise I slipped the centering

jig over the end of it and then that kind of guides the sinner drill while

it's in the drill press to drill a sinner that's much closer to the actual

center of the rod then I was able to get previously so I went ahead and installed

it in the lathe and got started turning down the part between sinners I really

liked turning between sinners it's even on a lathe a small lathe like this gig

relayed that I've made turning between sinners is a very stable

way to get a lot of precision out of a small lathe probably a larger lathe for

that matter but I just really enjoy turning between sinners where it's

possible I flipped the part around and finished turning the other side of the

down feed screw now the diameter that I selected is partly to help guide the die

that I'll be using to cut threads in the threaded portion of the down feed screw

and on the other end the was selected to correspond to a ball

crank that I had cast a couple years back during the lathe project back at

that time I didn't have the benefit of the experience I had on my recent video

on the shaper protractor disc where I learned that a taper makes the arbor a

lot easier to drive out I also didn't have a lathe at the point when I cast

this so there'd have been no way to turn the taper long story short I had to

drill out the arbor and then drive it out of this ball crank then I took it

over to my sander and cleaned it up I cast these extra parts along with the

down feed and the idea was that this would serve as a graduated disc and a

pointer that would go at the top because what I had on hand was a half inch ball

crank I went ahead and turned this to 1/2 inch instead of 3/8 of an inch like

in the book so what I'm gonna do instead is I'm going to use one of these

graduated discs that I have on hand thanks Bob and I'm going to have to open

it up a little bit because it's 12 millimeters in diameter this is a 1/2

inch shaft but at any rate I will drill this for a set screw I'll drill the ball

crank for a set screw and then I'll mount it all up I'll need to drill holes

in the down feed as well as a hole in the top of the rotating head and then

tap that hole and then I'll need to shorten up this down feed screw on this

end and probably need to shorten it up on this end as well

I'll grind a flap for the set screws to bear against and then I should be done

with the down feed I installed the down feed on the down feed slide ways and

used a series of straight edges and measurements to make markings on both

the down feed and the rotating head so that way I could

align the holes when I drilled them in the drill press so I took both parts off

of the machine mounted them in the drill press twice and then drilled the initial

holes separately I then reassembled the down feed to the rotating head put it

back in the drill press twice and drilled matching holes when I ran out of

travel on my drill press quill had to transfer the vise to the floor and use

my hand drill to finish it off I used the holes as a guide to tap the

hole in the rotating head and then I bored out that graduated cylinder in the

lathe I tested the fit on the down feed screw then I went ahead with installing

the set screws and a graduated disc and the ball crank I double-checked my

measurement and then I cut the threaded end of the down feed screw to link then

I cleaned up the cut on the belt sander this Chuck is awesome I mean just simple

stuff like taking this washer and making it so it's got a half inch hole on it

that that kind of stuff is super helpful just to be able to pop it in the chuck

done job done awesome this washer is called for in the book to provide a

bearing surface where the screw mates with the down feed flange to give a

little bit more clearance for the ball screw I cleaned up the half inch portion

of the down feed screw on the belt sander with the washer in place I was

able to mark the other end of the down feed screw and cut it to length as well

and back over to the sander for a little cleanup with the down feed screw

completed I returned the down feed to the shaper and I installed it and played

around with the fit I used a file to enlarge the hole on the down feed just a

little bit and I kind of scraped the down feed flange a little bit as well as

using some wd-40 to help lubricate the system after playing with it a little

while I felt like it really had a pretty good fit next up is the clapper box and

clapper block this should be one of the most interesting parts of the shaper

project I hope this project builds your

confidence to exercise your inner maker if you enjoyed the video click the like

button and if you enjoy the project consider subscribing to the channel

thanks for watching

For more infomation >> Down Feed for Gingery Shaper - The Axis for Dovetail Cutting - Duration: 12:47.

-------------------------------------------

Submarine Save Baby Shark | Dance Songs for Kids Do Do Do - Duration: 1:30.

Baby shark, do do do do do do

Baby shark, do do do do do do

Baby shark, do do do do do do

Baby shark!

Mommy shark, do do do do do do

Mommy shark, do do do do do do

Mommy shark, do do do do do do

Mommy shark!

Daddy shark, do do do do do do

Daddy shark, do do do do do do

Daddy shark, do do do do do do

Daddy shark!

Grandma shark, do do do do do do

Grandma shark, do do do do do do

Grandma shark, do do do do do do

Grandma shark!

Grandpa shark, do do do do do do

Grandpa shark, do do do do do do

Grandpa shark, do do do do do do

Grandpa shark!

Let's go hunt , do do do do do do

Let's go hunt , do do do do do do

Let's go hunt , do do do do do do

Let's go hunt!

Run away, do do do do do do

Run away, do do do do do do

Run away, do do do do do do

Run away!

Safe at last, do do do do do do

Safe at last, do do do do do do

Safe at last, do do do do do do

Safe at last!

It's the end, do do do do do do

It's the end, do do do do do do

It's the end, do do do do do do

It's the end!

For more infomation >> Submarine Save Baby Shark | Dance Songs for Kids Do Do Do - Duration: 1:30.

-------------------------------------------

9 Essential Oils For An Earache & Ear Infections - Duration: 2:12.

9 Essential Oils For An Earache & Ear Infections

Earaches are primarily experienced in children, but there are many adults who regularly suffer from this condition as well.

When various infections get into the ear canal or perhaps cause inflammation behind the eardrum, it can cause intense pain.

For this reason, constant crying is a sign that your child may have an ear infection.

The other common symptoms include muffled hearing, nausea, dizziness, and the constant sensation that something is in your ear.

Not only can this condition be annoying, but the underlying cause can be dangerous to your overall health.

Therefore, the use of at-home essential oils for an earache is an excellent idea, particularly for those people who suffer from chronic ear infections.

List of Essential Oils for an Earache.

Lavender Oil. Garlic Oil.

Oregano Oil. Peppermint Oil.

Mustard Oil. Basil Oil.

Tea Tree Oil. Olive Oil. Thyme Oil.

For more infomation >> 9 Essential Oils For An Earache & Ear Infections - Duration: 2:12.

-------------------------------------------

Watch: New Girl Group SHA SHA Debuts With MV For "You & Me"(News) - Duration: 0:54.

Watch: New Girl Group SHA SHA Debuts With MV For "You & Me"

SHA SHA has officially entered the music industry!.

The new girl group consists of members Aryeom, Gowoon, Seoyeon, Ian, Seoyeop, and Garam. Their debut single You & Me is a dance track with elements of disco and vaporwave, a musical genre inspired by electronic dance music. Soompi. Display. News. English.

300x250. Mobile. English. 300x250. ATF.

For more infomation >> Watch: New Girl Group SHA SHA Debuts With MV For "You & Me"(News) - Duration: 0:54.

-------------------------------------------

Why Relationships Are Hardest For People Who Overthink - Duration: 5:31.

Why Relationships Are Hardest For People Who Overthink

"i let you see the parts of me that weren't all that pretty and with every touch you fixed

them.

now you've been talking in your sleep.

things you never say to me.

tell me that you've had enough…i'm sorry i don't understand where all of this is

coming from, i thought that we were fine.

your head is running wild again my dear we still have everythin' and it's all in

your mind" – pink

Relationships are hard for anyone.

Add anxiety into the picture and someone who overthinks and it's almost unbearable sometimes.

Moments of doubt and confusion.

Problems created that aren't actually problems.

Overthinking is what potentially ruins relationships.

But people who have anxiety can't help it.

They just hope and pray they meet someone who tries to understand and can work around

this flaw of theirs that dictates so much of their life.

It's understanding their mind plays tricks on them.

Understand they are paying really close attention to everything you say.

They are paying attention to every look, every eye roll, every gesture.

Picking up on little things that might not mean anything.

But they analyze it and think too much about it creating problems in their mind.

Simply put, anxiety is just a warning of something bad that could happen.

But it's those what-ifs and maybe that make things hard.

Overcome with fear of those things becoming a reality sometimes it just paralyzes the

person.

It's reassuring them often that things are fine.

Whether anything happened or not, just tell them things are okay.

That you still care.

That you're still there for them.

And it sounds silly but people with anxiety appreciate that.

Even a lack of a response you might not think needs an answer will throw someone with anxiety

off.

It'll lead to them thinking they've done something wrong.

At the start of relationships, every little thing they are going to worry about.

They are almost too cautious sometimes.

But once they grow to trust you more and become more confident in you, you'll see the anxiety

fade.

It's being the one who is always sure because they never will be.

People with anxiety are very indecisive even about little things.

They are going to ask your opinion and what you think and what would make you happy.

It isn't that they don't know how to stand on their own two feet but a lot of times those

with anxiety have encountered people in the past who have made them unsure of themselves.

Understand it isn't their fault.

It's just how they've been programmed.

It's being able to read them carefully.

When they respond with one word, something is probably wrong.

When they use the word 'fine' they probably aren't.

When they are looking constantly at their phone, they are waiting for an answer.

When they drive too quickly it's because they are worried about being late.

When they fiddle with their hands standing at a party, they are trying to be calm but

really nervous to be there.

Everyone with anxiety has their little ticks.

Things they might not even notice that they do.

Learn them.

Learn every curve.

Learn every flaw.

Learn to love them and love the things about themselves they struggle to.

It's valuing communication because that's essential.

Their minds will wander and make every assumption possible.

Talking things out is so important.

Addressing an issue and finding a problem, not letting them think about it and dwell

and spend time upset.

Understand that any fight you might have is going to hurt them more and they will beat

themselves up more than you ever can with silent treatment or hoping they learn.

People with anxiety are harder on themselves than anyone and they will internalize everything

and take it personally.

They care.

They care about saying and doing everything right and making someone happy and that's

what it comes down to.

If you can understand the root of fears and worrying is caring maybe it will help you

to understand.

It's knowing how to talk them down when they worry.

Understand there are some things you won't be able to fix.

Moments where you're just going to have to ride this rollercoaster of emotions just

listening to everything they say until it's out of their system.

Moments where you might see them fall apart and breakdown and there aren't going be

words to fix it or anything you can do or say.

Sometimes just being there is enough so they know they aren't alone.

It's loving them for exactly who they are.

Someone with anxiety will look at themselves and this part of who they are and they'll

never fully like it or accept it.

How can you accept something about yourself that only seems to cause problems?

As their partner it's your job to love them in those moments they don't love themselves.

It's your job to be sure when they are doubting everything.

It's your job to hold them when to them their world is falling apart.

It's your job to not think much of it.

The double texts you might get.

The calls.

The apologies.

The questions.

For more infomation >> Why Relationships Are Hardest For People Who Overthink - Duration: 5:31.

-------------------------------------------

Masha Lollipop Finger Family Colors Learn For Babies | Nursery Rhyme - Duration: 3:21.

Daddy finger, daddy finger, where are you?

Here I am, here I am. How do you do?

Mommy finger, Mommy finger, where are you?

Here I am, here I am. How do you do?

Brother finger, Brother finger, where are you?

Here I am, here I am. How do you do?

Sister finger, Sister finger, where are you?

Here I am, here I am. How do you do?

Baby finger, Baby finger, where are you?

Here I am, here I am. How do you do?

For more infomation >> Masha Lollipop Finger Family Colors Learn For Babies | Nursery Rhyme - Duration: 3:21.

-------------------------------------------

2017-18 CACR Speaker Mitch Parker " What is Cybersecurity Doing for the Organization's Mission - Duration: 1:10:50.

>> Welcome, thank you for coming.

I know it's a busy time of the semester,

so we appreciate you making an effort for some pizza,

and hearing what I'm sure is going to be a fantastic speaker,

and a great discussion to follow.

For you guys, if this is your first time, this is our second,

now, Cyber Security from the C- Suite Series.

We kick the series off in the spring with Brad Wheeler, IUCIO,

VP for IT, Kelley professor, the one holder

of the true ring of power by all the [inaudible,

laughing] he did a great job,

talking about a huge range of issues.

Got a bit of feedback there.

Today, though, we are going to be focused on health care.

Health care and cyber security, a bit on IOT,

but moving forward, we are going to continue the series,

so we'd love to hear your thoughts

of this particular sectors, hot topics,

whether it's block [inaudible], Active Defense, you name it,

we can bring in people really at the forefront of those debates.

So we want to have this be a back and forth

and useful for everybody.

It's a big tip, right?

Also just so happens that we have, if you're interested,

some brochures for IU Cyber Security,

Risk Management Master's Program up here as well so if any

of you guys have questions about that,

we can talk about it more afterward too.

But we are honored to be co-sponsoring this,

with the cyber security program and CACR.

So without further adieu, I think that Von, Von Welch,

Director of CACR, is going

to be introducing our distinguished guest speaker

today and we will be around,

though to help facilitate the Q&A and afterward,

so Von, thank you again.

>> Thank you Scott.

And thanks for co-hosting.

It's always exciting to be back over here in Kelley

This is, by the way, the last CACR seminar talk

of this semester.

We will reconvene in January, January 11,

what looks to be a really exciting talk.

We are going to have Rob Templemen

the Chief Cyber Security Engineer from Crane

to talk, so that is on January 11.

So take a look for that in emails coming up.

Now, without any adieu,

let me turn to our guest of honor today.

It's my pleasure to introduce Mitch Parker,

who is the Executive Director for IU Health, in Information,

Security and Compliance.

So I know since he's joined there it has been what,

a little over two years now?

>> Little bit over a year.

>> Little bit over a year.

He has done at least two years of wear though,

in that little bit over a year,

redeveloping their cyber security program,

and Mitch is also a very prolific speaker on a number

of different events, HIMS, Itripoli Tech Night,

and so he has Bachelor's in Computer Science

from Bloomsburg University, and MS and IT leadership

from LaSalle, and MBA from Temple.

So with that, I'm looking forward to hearing from Mitch

on this, and ask you to please join me in welcoming him.

[ Applause ]

>> Thank you very much everybody.

So the purpose of today's presentation is

to illustrate what we can do to protect ourselves,

and stop the illusion of technology

and its supporting people and processes are enough

to mitigate the current threats.

A little bit of background, before I was in health care,

I've been at IU Health a little bit over a year, before that,

I was at Temple Health as their Chief Information Security

Officer for 8 years, and before that, I spent 6 years

as a defense contractor.

So, I actually come to this from the DOD world,

and a lot of the practices I use, I learned in DOD.

So again, that is why I talk about stopping the illusion

that technology is enough, because that is what a lot

of people are pushing these days.

And so the areas we are going to cover and learn from is,

first of all, cyber security is a business problem.

Second part what we're going to talk

about is what the DOD has been saying and doing all along.

And why this is different than what industry normally does.

We are going to then talk

about destructive technologies enabling competition

as I call it, the two biggest I'm going to talk

about are block chain and cloud, because like it or not,

block chain is everywhere these days, and we really have

to get our handle on it, and how it is going to disrupt business

and how it is going to make sharing part of its death

and destruction, and technology for technology sake,

so I put Facebook and Uber up there, because again,

people have put technology out there, and they've done

so without fully recognizing social consequences,

and it has led to some large scale cyops operations.

Many of which you've read about in the news lately,

and the other thing I'm going to put in there,

AI may not be fully ready.

And then we're going to talk about the current situation

in the government, and how it has already forced sharing

and co-competition for cyber security, and we are also going

to bring up the supply chain.

Now, more than ever, this really matters,

and this is an area people really haven't focused on,

unless you're some of the larger companies, and how we need

to structure our companies to execute on our mission

and protect it from outside threats.

So cyber security is a business problem.

I put some statistics up here for everybody.

So [inaudible] and petchis [phonetic spelling] slash

not-petchis showed that this year.

So Mayer, the big international shipping company, has recorded

over a $300 million dollar loss because of

that ransomware attack.

Merck has reported $310 million dollars in losses so far.

Nuance gave advanced warning to the stock market

that their quarter three and quarter four were going

to be significantly lower due to this attack.

And of course we bring up Equifax.

That company may end up going out of business.

The current bet among myself and a number of my peers is

that they're going to go the way of Enron and get broken

up for parts, and Yahoo, due to their series of breaches

that weren't caught, had a $350 million dollar impairment

charge, due to their breach, not to mention a complete loss

of credibility, I mean, who uses Yahoo Mail anymore?

Who wants to use it?

Who knows?

Who has your Yahoo mail information?

And the thing we're looking at is we're looking

at future write-offs from Verizon due

to further revelations as Verizon continues

to absorb that infrastructure.

They're going to find more,

as if everything wasn't enough already.

And so it's a business problem.

Both Equifax and Yahoo have management issues and both

of them didn't listen to their security officers,

and put systems in with no regard to privacy and security.

So personal example, I actually know Yahoo's former Chief

Security Officer, Justin Somaini.

He resigns, because Marisa Mayer basically handicapped him,

told him he was going to get no funding for what he needed,

even when he presented her

with direct evidence of security breaches.

He resigned rather than have

that be a black mark on his career.

And the nickname she gave him and his team, The Paranoids.

That's not a good sign of good management.

And while yesterday's, yesterday's testimony in front

of the Senate was an act of contrition,

she did not address the root cause,

which is she didn't fund security.

She blew security off, and because of it, a lot of people

that trusted Yahoo, don't.

And she pretty much single-handedly killed the brand

by not listing security.

And Equifax, when their former CEO testified,

what ended up happening?

He threw a single employee under the bus, even though,

and I'll be very blunt about this,

when we did our initial analysis of this,

and like to thank the people at Renaisac [phonetic spelling]

for some of the great discussions they had,

because I had to do a 48-hour turnaround of a presentation

to our leadership team of what happened with Equifax.

I pulled more information from the Renaisac mailing list

than anywhere else, and literally put

up there this is what happened, this is why it happened,

all the evidence pointed to a gigantic systematic failure

that if one person could do it, could cause that fail to happen,

they would be Superman.

Superman couldn't even pull that one off.

And every other brief we've discussed, and I'll tell you,

I talk about breaches with the leadership

at IU Health on a regular basis.

We talk about the biggest thing that always comes

up with a cyber security breach is do care.

Biggest example we've given was OKIEM,

the Office of Personnel Managements,

where approximately what, 26 million records,

including the records of everyone

who has ever held a security clearance

in the United States ended up in the hands

of an unknown foreign adversary why?

Because the system was running

on something called Oracle Forms.

Something Oracle hasn't supported for probably

about six years now, and when they requested money

from Congress, they said, because the system was old,

not because the system was teeming with vulnerabilities

and anyone could have broken into that system,

and it was well-known for a number of years

that foreign hackers have been targeting the United States,

specifically Oracle Forms,

because it's easy to break into it.

So do care is the cause of most of the data breaches

that we've actually seen.

So the business problem is, this is right under people's noses.

Companies need to continually assess,

score and address their risks.

And the perception has been that business and IT are separate,

and they don't interact much.

And to be honest, we do IT risk assessment,

most of us don't roll up to the Enterprise Risk Management

program most large companies have.

Now, speaking of someone

that recently got their MBA two years ago and did

so after working in the business world for a number of years.

Enterprise Risk Management is actually now covered

in most MBA curriculums, and I suspect

that it's covered here at Kelly.

I mean, it's here.

So, cyber risk is not covered.

It's not covered that much in an ERM class.

They talk about all other types of risk but Cyber, it's there,

but the people running the programs don't understand how

cyber rolls up, other than to say data breach.

So that is something we really have to work on.

And the way I've done it is I've actually done

that in my program.

I went to the ERM people, I said what's your scoring system?

I will turn in risk assessment CU

that uses your scoring system.

Because one of our executives, the one in charge

of enterprise risk, went to an entire room

of IU Health top executives, and came right out and said

if you do not use my scoring system,

I'm going to ignore what you say.

So we use our scoring system, because we want them

to understand what we do.

So comes back to IT hasn't come out of the computer room

that much since the 1970s.

Back in the 1970s, computers used to be in separate rooms,

or separate buildings, with climate control,

and you pretty much had to be vetted

to work in those buildings.

I worked with a lot of those people back

when I was a defense contractor.

And it really hasn't changed that much.

Even though IT sits in nicer areas.

And awareness training focuses on scenarios,

not the business itself.

And with the latest attacks,

there is no denying there is a business impact.

It can't be buried as a one-time earnings charge.

I always give the example of J.P. Morgan.

J.P. Morgan, a few years ago, talked about--

after their major hack, which was caused

by somebody having a Windows server 2003 unpacked server

up for the purposes of employee morale, welfare and recreation,

and it wasn't patched, they said oh,

we're going to spend all this money on cyber security.

And the first question I had when a security exec

from a major antivirus company brought it up was,

shouldn't you have been spending that money in the first place?

And the second thing I thought was, I just finished accounting.

I know what a one-time earnings charge is

and I know it doesn't count against net income,

and I know that means they're going to spend that money

and not worry about affecting their share price.

So the attack was used as a convenient excuse

to fund their cyber security budget they should have been

funding all along.

One-time earning charges only work once,

and I think the market is getting a lot smarter,

especially the SEC and their 10K forms.

And what else contributes to this?

IT has been thought of as a cost center, and not strategic.

Not strategic.

It has led to a project based mentality

that discouraged what we called post-go live work

and risk assessments.

So, to give you an example, you have somebody from IT do work

on a project after go-live, upper management will go

to them, why are you doing that?

The project is live.

Don't work on it.

Even though you're supposed to continually assess risk.

And this mentality has led to the further division of IS

in the business, because it means IS is only brought

in when needed for projects, and they go away when it goes live.

But the expectation of numerous federal, state,

and international laws, specifically HIPAA in high tech

and health care, [inaudible] for any publicly traded company,

GEPR, coming May 25, 2018, be prepared.

Then this standard, and in finance, the FFIEC standards,

the standards we have to follow up

and continually assess risk as, so not only ourselves,

but as partners to people in our core business.

And because of that, we're not doing that.

There is little communication on day to day expectations

of actually managing these systems on what to do.

So, again, bringing it back to the days of the computer room.

Even though those days are over, and the computers are

in the cloud, the division is still there.

You might as well still have that floor

of your building dedicated to the mainframe.

So what did DOD get?

Why is the Department of Defense better at security than we are?

They've been open about it, let's be clear.

They've been very open.

Ten years ago, I could have gone on Google,

and basically sent DOD security plans to Google,

and Google said oh, here is ISC.dissa.mil

[phonetic spelling].

Here is how to secure every Windows workstation

to DOD standards.

Out there in the open.

You could download everything.

You wanted to complete-- secure and configure a Cisco router,

or Microsoft Active directory, they had everything available

for you, U.S. Citizens.

Granted, it wasn't for people in Poyang Yang,

but you don't want them doing that anyway.

And the NSA has actually been incredibly good

about publishing security documentation

and contributing to Linux.

I can't think of a major Linux [inaudible]

that doesn't use SE Linux these days,

and that came from the NSA.

And they've been working with their vendors

about integrating security

into their business via certification

accreditation frameworks.

They were using a number of frameworks for a number of years

across the services, but they finally standardized on this,

which is pretty much the one true standard

across to governments.

And the advantages that they incorporated everything

into their business structure.

We're going to get into that.

They're not perfect.

Certification and accreditation

when I was a defense contractor took over a year.

It was an arduous task.

Mainly because I'd have to sit there, as a contractor,

educating billion dollar companies,

this is how you get software

through the certification process and DOD.

This is how you get it so you actually pass,

and a general signs off and says yes you can use this.

Which was your authority to operate.

But, however, even though CNA took a long time,

they set the expectations for all team members correctly.

The standards got applied to cross agencies and services,

so if you went and had something that was DLA, you could go

to Army, you could go to Air Force, you could go

to Marine Corps and say this is what we did.

They review it and say yes, you pass muster.

And the deviations, this I think was another big item.

They had to be approved by upper management.

Usually it meant a general.

So if you had a network security deviation, it went to a general.

So another example I can give it is when I was at Temple Health,

I worked for a surgeon who had just come off a couple of tours

as Lieutenant Colonel, running military hospitals

in Iraq and Afghanistan.

He did an honorable job for our country.

One of the things he did was he was doing telemedicine projects,

where they were trying to get telemedicine, so that doctors

and specialists could virtually see patients in Iraq

and Afghanistan, and the first words out of my mouth

to him were, because it was such a deviation, is, Dr. Guy,

what general, because you probably have

to have a three-star sign off on this one.

Just because the deviation from standards for doing that was

so high, and the assumed risk was so high,

it would have taken a three-star to do so.

But the other thing DOD did, they assigned people to roles.

You had a project manager that went through certification

or accreditation, it didn't go for certification

or accreditation without a list of who was responsible,

and who was going to be doing the day to day work.

And for that work, there was a standard education plan behind

the roles and responsibilities for the security officers

and everyone else on the project.

So it was called DOD instruction 8570.1, which is why the number

of CISSPs over the past 15 years has gone through the roof.

Simply because DOD made it a requirement

that if you had a security role on a project,

you had to either have your CISSP, your security plus,

or your sans GIAC [phonetic spelling]

and they were literally, I'm from the Philadelphia area,

anyway a major CISSP training center in Bushkill Falls,

Pennsylvania, they were busing 30 people at a time up there

for a week for CISSP boot camps, because they had

to meet DODI 8570.1 standards.

That is how big it was.

This was about 2004 they did this.

So it was incredible, they did that, and it has led

to a pretty well trained work force, and why it was different,

because there were standards, because there was education.

It was easier to communicate the security requirements,

because everyone was at the same required education level.

You wanted to be on this project,

you had to be a level 2 [inaudible], what do you need

for a level 2 [inaudible], oh, you need your CISSP,

you need these trading courses.

Literally it was almost like school, and the standards fit

in the common criteria, nest in other national

and international standards.

The two biggest we used in DOD were common criteria

and NIST [assumed spelling].

And the current, the only [inaudible] really follows a

similar model is finance.

I would actually venture to say health care, in terms of medical

and professional education with nurses, but even then

that is state by state.

Give you an example, state of Pennsylvania requires nurses

to take 30 hours a year continuing education credits.

Indiana does not have that requirement.

Finance, to be a financial auditor, you actually have

to undergo federal training very similar to the DOD

to be certified to be a financial systems auditor

for FFIEC.

And the big issue, however, is that the only federal agency

that was really enforcing this was DOD, and a number

of other government agencies, they really didn't do that.

This led to having systems to support DOD,

biggest one being OPM, being compromised.

So DOD proves one thing.

It proves you're able to do security well,

but of your supporting agencies,

your collaborators don't do it well, you're going

to have some serious issues, and you might

as well have been compromised yourself.

So how can you make this better?

Number one, collaboration.

You expand the work at FFIEC and financial services,

and the FSI sec have done, across multiple industries,

and also venture to say DOD as well,

although not as regimented.

And expand that work, get other industries doing it.

And there is another thing finance has done, and learned,

doing some research for my MBA.

Finance, most big financial services companies have a Chief

Risk Officer that is a direct report of the CEO.

Which is a recommendation that the federal government has made.

That way, risk always has a seat at the table with the CEO.

And because of that, you can assess and address risk as part

of the business, because when it goes up to your CEO

and more importantly, it goes to your board, you address it.

And the other thing you can do, share information and risk.

And you really have to share, you have to collaborate.

The days of security being done in isolation, they've been done

for years, most people just don't realize it yet.

When we talk about collaboration and sharing,

biggest example I'm going to give that is going

to enable that is Blockchain.

And the reason why,

it's basically a distributed [inaudible], that's what it is,

it has got cryptographic validation and verification

of all the entries by all participants in the pool.

And it is very useful for ensuring the integrity

of transactions and that they're valid,

and that they're not altered.

And it solves a very, very useful problem

with distributed general ledgers, and verification

and validation of transactions across organizations.

This is a gigantic issue businesses have.

How do you ensure the integrity of your general ledger?

That is one of the biggest accounting problems out there,

because right now, you pretty much have to assume

that the organization hasn't done anything nefarious.

This is a way to cryptographically prove

that you haven't done anything nefarious, and show [inaudible].

And it is not the transformational system

that people think of yet.

So I'll give you an example.

You get people out there saying Blockchain

and Bit Quit are going to replace BEGS [assumed spelling].

Biggest challenge you have with BEGS is that the entire banking

and finance system in the world is based

on a little something called fractional reserve banking,

which basically means your money exists in two places

or more, up to 10 at once.

I learned that in economics class in my MBA.

So Blockchain is based, and Bitcoin,

are based on the assumption that money exists in any one place

at any one given time.

So those little satoshi's [assumed spelling] you have only

exist once.

So there is no provision in Bitcoin right now

for fractional reserve banking, which means that it's unsuitable

for replacing our current financial system,

and replacing banks, and quite frankly to people that are

on tech [inaudible] talking about this,

they need to take economics

at their local business school before they go spout off

about Bitcoin replacing banks.

It's not that, but it is an excellent starting point

for the future.

However, there are three key trends to make it succeed.

To make it work.

First of all, you've got to make sure you have multiple entities

participating in your Blockchain pool,

because no one entity should be controlling more than 50%

of your computer power.

Bitcoin has had a lot of problems.

I think it led to that last fork they had a few months ago,

because there were miners in China that had 51% control

of the pool at any given time.

The issue with that is when you control 51%

of the computers doing the mining,

you can control the entries in the Blockchain.

You can make them say whatever you want.

And you can corrupt the ledger.

That is dangerous.

And the other thing is, you have to have good collaboration

and good business partners to show that you've got less

than 50% of the pool to show that you can validate and verify

that your entries are valid.

You don't want to be in 51% control,

because that basically means you control it,

and we're back to square one.

You have got a general ledger that you control.

But the problem is, you're back to the old assumption

that you are in full control of it, not anybody else.

That is something a lot

of people really haven't thought about.

And the other thing, system security.

The way the Blockchain systems have been hacked is

through poor security and system implementation.

So the example I always give is Mount Gox,

which was on the first Bitcoin exchanges out there.

Big challenge with Mt. Gox was that the guy

that put it together thought he could write everything possible

in the programming language PHP.

One of the things he wrote in the programming language PHP,

which originally stands for Personal Home Page, by the way,

which was written so somebody could write web pages back

in the late 1990s, he decided

to write something called a secure shell server,

which is used for secure mode administration

of computers in PHP.

Now, the way the secure shell protocol works is it's very

timing dependence.

PHP is not what is called a timing-dependent language,

the C-programming language is, so the problem is

that very basic attacks could have been used

to attack Mt. Gox, and basically take out,

just take out his servers, because there was no security,

because the security had a secure shell protocol,

just wasn't there, because of how he implemented secure shell,

and why is this important?

All systems that participate in Blockchain need to be

at a reasonable and appropriate level of security,

or else the entire trust bails.

Everyone has to make sure

that the other participants have good,

full lifecycle vulnerability management

and defense in depth, period.

You can't just assume everyone's got it.

You've got to make sure they do, because again, you're going

to have Mt. Gox again.

You're going to have Coinbase again, because someone is going

to do something without doing due care, and what's going

to happen is you're going

to have somebody making a crazy error, and $300 million dollars

in crypto currency goes invalid in an instant.

Just like happened yesterday with [inaudible].

And of course the other part

that really hasn't been addressed, and yes,

I've been through the Blockchain block format, identity

and access management.

Because right now, Bitcoin is very good for one thing,

sending anonymous transactions to people

so they can't be tracked.

Now in the Silk Road case that happened a few years ago,

the FBI had to do a lot of forensics work, basically go

through to Blockchain, identify all the transactions that went

to Silk Road, and associate them with people.

And they were actually able to do so very successfully.

However, it took them years to be able to do that,

to be able to build that case against Mr. Olbrick and put him

in jail for three life terms.

So that's all well and good, and if you want

to pay off ransomware or buy drugs online.

However, if you want to do real transactions that will stand

up to a Big Four auditor, you have to verify

who made the transactions.

To do that, you need strong identity and access managements.

You need to have the final process

to show how identity was provisioned,

how it was assigned, how they were assigned digital

certificates and encryption keys to make the actual transactions

on the block chain, and show good key management processes.

Because all of that, and I will take this back

to the American Institute for Certified Public Accountants,

their cyber security guidance directly references cyber

security key management.

You need to be able to have that.

And you need to have strong identity management,

because that is a basic tenet

of any regulated transactional environment.

I don't care if it's HIPAA in health care,

because HIPAA says it, high-tech says it, FFIEC says it.

American Certified Public Accountants, they all say it.

And DOD, you don't get access to one of their systems

without strong identity management, period.

So if you don't have it,

Blockchain is not going to succeed.

And the other way we have to structure it is with the cloud

and open compute projects.

There are two completely disruptive technologies

that show how co-competition works.

There is a large number of great technologies out there.

The two biggest I can think of are Open Stack,

originally developed by NASA, and now Champion Byte,

companies such as Microsoft, Cisco, and Rex Base.

The Open Compute project, where you have companies like Google,

Facebook, and Microsoft, all coming together

to share server designs, and the big impact this had,

the open compute projects, several quarters ago,

Hewlett-Packard enterprise reported a major drop

in earnings, that affected their share price,

and caused thousands of layoffs.

You want to know why?

Because their largest customer was Microsoft,

who started building their own servers,

using the Open Compute project, and stopped buying truckloads

of Proliance servers for your data centers.

That is what happens.

That is disruptive.

People don't buy servers that much anymore.

If they do, they buy it from Dell or another company.

IBM sold their server business off.

Why? Because products like Open Compute Project got rid

of the need to actually have servers,

and people now share server designs.

The biggest beneficiary now is Intel,

who now sells directly to Facebook.

I think Facebook is actually--

Facebook or Google is Intel's single largest customer.

And I know Microsoft basically validated arm on server

because they came right out and said, oh yeah, we're testing ads

on our data centers, on arm chips.

With a version of Windows.

Which meant that probably 50,000 servers running it right now.

And there's a number of shared libraries

and projects supporting resilient computing.

Facebook has done a lot of that work.

Uber has done a lot of work,

because they published almost everything as open source,

so you can go out there

and build your own resilient solutions, whereas 15,

20 years ago, when I got started with the dot com 1.0 revolution,

you had to spend hundreds of thousands of dollars

on [inaudible] hardware, F5s, load balancers,

clustered Microsoft environments.

Now, I can literally spin up on a couple of raspberry pies,

something 10 times more powerful and resilient,

because companies have made this open source,

and you can literally put it together in an afternoon.

Like downloading a VM.

So what does this mean?

Business before was inward focused.

It was focused on individual corporate performance.

This is no longer the case.

Data is now a shared risk,

and that is what you should be thinking

of with the word Blockchain.

Companies can now work together to increase the resiliency

and provide verifiable transactions across enterprises,

which is in everybody's benefit,

especially for audit and compliance.

And that means you open things up when it comes

to security standards, and you prevent single points

of failure.

So security now is becoming more open, whether we think it is,

don't think it is or not, it's open,

it's out there, it's happening.

And the future of security is collaboration using Blockchain,

using cloud technologies, strong vulnerability management

and strong identity management.

I'll make it very clear, when I first started at IU health,

the first pronouncement I made is we are going

to look cloud first for security.

I got to meet somebody very great

at Itripoli Tech Night back in March in California,

a guy by the name of Danny Lang.

Danny Lang is the former Director of AI for Uber.

The former Director of AI for Amazon.

And if any of you play any games

of Unity 3D, he runs AI for Unity.

First comment he made to me about security, he goes,

"When it comes to security don't run your own stuff.

Amazon does it better.

Amazon has 1,000 people doing security.

They're going to do it better than you."

I took that advice to heart.

Long before I had to have Danny Lang verify

and validate that for me.

The cloud provided to do it better.

Google does it better.

Microsoft does it better.

Apple does it better.

You don't hear about many big data breaches outside

of people misconfiguring what has already been provided

by the cloud providers.

You follow what they tell you to do, you're probably going

to be pretty resilient and secure, and I can tell you

with AWS, it's pretty hard to deviate.

You've got to seriously screw up and not follow best practices,

to screw up an AWS, since the way that happened

with the breach just a few weeks ago.

So why is this becoming part of business?

Because Co-competition helps solve verification

and validation problems that have existed since the dawn

of accounting with cryptography.

That is just-- that's it.

You now have a verifiable process behind the general

ledger, and the focus on these issues, plus the focus

on shared accountability, Equifax brought that to light.

You know how many companies trust Equifax

with their information?

They bought a company called a Work Number.

The purpose of the Work Number?

Because companies didn't want to pay somebody to sit there

and take those phone calls whenever somebody applied

for a home loan, or applied for a mortgage,

to say that they worked there, and they made the salary.

Equifax made a billion dollar business out of it,

that they recently acquired.

When we presented this to leadership,

that was the first question?

What about the work number?

Same question a major pharmaceutical company had.

What about the work number?

So shared accountability is key.

And if your company doesn't have legal contracts already in place

to handle this, shame on them.

And because of that, you have to keep systems up to date.

You have to continually assess and address for risk.

And because now it affects your transactions.

It affects your business.

It is a core business issue now, and I think the events

of the past year, if the Board

of Directors now can call security an IT problem,

they need to replace them.

So talk about replacing, and talk about a big C change,

big change I've seen over the past couple

of years has been the content of the internet.

It's gone from curated content,

originally when the internet started,

everything was like: duck, duck, go.

I remember the first time I submitted my website to Yahoo

to have it included in the search index,

and somebody actually hit this, this was 22 years ago.

So now, everything is highly automated and delivered

with little human intervention.

The problem is, it allows memes and messaging

to be delivered very, very quickly,

and I will tell you a big example.

That is major newspapers.

I go onto any major newspaper's website,

whether it be Indianapolis Star, USA Today, even though I call

that "McNewspaper," the Washington Post,

photo off the Inquirer, New York Times, New York Daily News,

or NewJersey.com, yes I moved here from New Jersey.

And you take a look at any of these websites,

you have content there, but most

of the web page is not content provided by the newspapers.

It is pretty much scanning content provided by a lot

of non-US based companies, that show a bunch of scamettes,

and I actually clicked through the explanations on two of them,

which were Tabouleh and Outbrain

and they basically said we've run automated systems,

and it takes someone flagging-- see this is a fake ad or a scan,

before we'll remove it.

Which basically gives you about, if you're a good scam artist,

you're good at intelligence, you've got 30 seconds

to a minute before, and I could literally having a bot doing

this, putting up these scam ads, putting up these deceptive ads.

And I'm going to tell you something, even CNN has this.

I mean, I literally was reading through a CNN ad a couple

of days ago when I was preparing this presentation

and the first thing I saw there was, as I scrolled through,

there was all this stuff about CNN Money,

and then there is like,

Bill Gates doesn't want this to happen.

Dentists are furious when you do this.

A bunch of scam ads, and a bunch of scam content,

right below a picture of Anderson Cooper.

So basically we are at a point right now where because

of the fact that, well first of all, newspapers

and news media are losing a lot of money, thanks to Craig's List

and other sites like that, these are money-losing enterprises,

they prop themselves up by basically hosting scam ads.

And what ends up happening is, you have these systems

that have been exploited by people either looking

to make a quick buck, or create divisiveness

and cyops operations.

So, in other words, everything we talk

about that requires a lot of intelligence,

no it doesn't require a lot of intelligence.

I could be sitting in an apartment in Brooklyn right now,

and pretty much put all this stuff up there, and the fact

that it took Facebook several months to determine it,

110 million plus people saw these fake news ads,

shows how big the issue is.

Because these automated too much without good human intervention

and curation and we've created our own monster.

And what has this done?

What is the effect?

We've rolled back 100 years to the early days of journalism.

So give people a little bit of background.

The Spanish American War of 1898 was basically caused

by William Randolph Hearst,

who apparently made a quotation along the lines

of "I'll make the war happen,"

and I'll give you the news, and give you the war.

What happened was there was a bunch

of fake news stories circulated in 1898 around the imprisonment

of somebody in Havana, Cuba.

This incensed populations so much, it incensed the people

so much, there was literally a clamoring to go to war.

Culminating in a staged event called the Explosion of a ship

in Havana harbor, which led to a full-scale invasion of Cuba,

Dominican Republic, Puerto Rico, and the Philippines

by the United States Army.

We literally caused a war

with fake news 120-- over 125 years ago.

And it was given a name.

When historians wrote it, it was called yellow journalism.

The Hearst family made billions and billions

of dollars off of yellow journalism.

And right now, history repeats itself.

We're getting a prime lesson in it.

And we've attempted to replace, it's because we're attempting

to replace humanizing judgment

with automation it has been taken advantage

of to deliver negative messaging.

It really has been.

This isn't the days of 2008 when Barack Obama used social media

to basically win the presidency.

Now it's being used to deliver dark and divisive messages,

it's being done completely automated,

and the out that these companies have

to deliver these messages is,

"if we see something, we get rid of it."

It's not an out.

It's not an excuse.

It means that they're doing a really poor job

of due care and judgments.

So what has this done?

How does this affect the security community?

Why do I care?

Because it has made it very hard for people like me

to communicate meaningful messages, because we now have

to educate on the legitimacy of our sources,

and due to the cross top with computer security messages,

there's a lot more falsehoods and stink being promulgated,

especially about computer security.

Those scam ads they talk about, those have been chunked in there

for scam entity, by scam [inaudible] malware solutions.

What do you think they do?

They install malware, they install malware and viruses.

And that alone makes it easy to spread phishing, falsehoods,

scam software, even malware,

because if I use all these channels

to deliver a fake malware package,

or a fake anti-virus package, the next thing you know,

I can deliver malware, I have a bunch of PCs I can control,

and I have a whole drone network I can use to do more scams,

more negative messaging, and more fake accounts.

And the other reason why I care?

Because these ads include a lot

of computer security ads, and superstitions.

And we have to work against that.

How do you combat it?

We send people to-- instead of sending people to websites,

instead of telling people to go to a website, I tell people,

I give them breadcrumbs.

I tell them in plain English to go to a certain spot

on the entry, and this is where to go, click on this,

click on that to do their job.

And we don't want to make assumptions

that people know what we're talking about.

The other reason why?

I type in certain things.

I'll give you an example.

A few years ago when we had the Microsoft Windows tech support

issues, where people were calling up, the scammers

in India figured out really quickly that if they bought ads

on Google, for Microsoft Tech Support,

they could take advantage of the Google ad words algorithm,

and what they could do, when you Google

for Microsoft tech support, the first answer that will come

up will be sponsored ad for a scam shop, located somewhere

in Bangalore, that would be willing to take $250

to install malware on your computer.

This really happens.

So you can't make any assumptions out there.

You can't make assumptions you can trust anybody,

let alone a search engine.

The other case I can give is To Core My Eyes.

This was a case where a Russian immigrant in Brooklyn, New York,

sold fake glasses online.

And the reason why he was able to sell millions of dollars

in fake glasses, and basically threaten and harass people--

this guy did federal prison time for this, by the way,

was because he figured out a hole in Google's algorithm,

where he basically keyword loaded all of his websites

for glasses brands, then

when anybody complained, he threatened them.

So this, again, really happens.

So what do we have to do?

We have to barnstorm.

You have to be out there, and constantly talking

to your customers with your message.

So in other words, it's not enough to send out emails,

and say oh, I put something up in the entry,

I've done my job for the day.

No. You have to be out there, shaking hands,

talking to everybody, telling them what you're doing.

And you keep the messages small, and you keep them digestible.

I learned that lesson from my MBA program as well.

No more than 12-word sentences.

Keep the personal touch.

Let people know who you are, and you win with the action,

you win by being accessible, and you win by engaging.

Every company out there is an employee engagement program,

you need to be part of it, because you contribute

to positive employee engagement.

And you want people to ask you questions.

And they're only going to ask you questions

if you're personable, and being part of the business.

That is what does it.

If you're somebody that sits there and gives the impression

that you're Uber security guy and you know what you're talking

about and you're going to look at people with disdain,

they're going to ignore you.

They're not going to engage.

They're not going to call you.

They're not going to--

people are not going to feel comfortable with you

if you're an idiot, it's what it comes down to.

If you're not engaging.

If you're not a comfortable voice on the other end

that is going to assure people that you're going

to do whatever it takes to resolve their issues,

they're going to ignore you.

And that has been a big problem computer security has.

Too many people act that way.

And I'd actually made it very clear with my company.

We will not do business with companies that act like that.

Period. We have made it very clear to them,

you will either act professionally,

you will be personable, you will meet our standards for ethics.

You'll meet our standards for employee engagement,

where we will not even consider it.

I know there is at least one company.

We will not engage the company because the CEO posts messages

on LinkedIn that are disdainful of people.

Anyone does that.

I see that on social media?

We just won't do business.

Because it's not the right message.

I had a talk at 11:00 last night with the CEO

at IU Health about this.

I have run a referral-based business for computer security.

Half my business, my security team,

comes from customers calling us up

and saying they have an issue.

If I act, or my team acts,

in any way unprofessional we don't have business.

People don't report security issues,

and issues like major malware incidents happen

because of that.

The next thing you know, you're back to square one,

and as a [inaudible], probably looking for a new job.

So speaking of jobs, current government situation.

There are a number of pieces of legislation out there

where you're protecting our critical infrastructure.

However, there is Congressional gridlock.

Nothing is getting done in Washington.

However, President Trump's Executive Order

on Cyber Security is very comprehensive.

It addresses the key drivers

as to why cyber security events occur.

I've read through this Executive Order with the presentation,

and I thought it was incredibly well-written,

and if Congress could actually execute on it,

it would be incredible.

It would be great.

However, there's a few factors to keep in mind.

First of all, it's the first year of a new administration.

Democrat, Republican, doesn't matter.

Because of the sheer number of appointees

and senior government executive positions, for the first year

of administration, it is chaos.

The reason why?

Because there's a lot of key appointments to be filled.

Again, this is not a political issue.

It's the way Washington works.

And a lot of the current government executive staff,

they're interim positions,

I'd say 70 to 80% are still interim positions right now.

The current government staff,

the current senior executive service, or GS people

that are filling in for these roles,

they're doing two or three jobs.

They're overwhelmed and there is a lot

of uncertainty over other issues.

Very specifically, the budget.

So what's happened?

The information sharing advisory councils

and infra guard have been effective at getting a lot

of information to people, and they've stepped in.

However, due to the lack

of guidance outside the [inaudible] membership,

people have been self-organizing to group security.

Best two examples I'm going

to give are Red ISAC and [inaudible].

I am now on the Red ISAC mailing list.

When I was in Philadelphia,

about 27 different higher education institutions all work

together and collaborate on information security.

And literally, the biggest message we saw

on the mailing list we had in Philadelphia was, who is going

to EduCause [phonetic spelling].

Because people in that market were all getting together,

all the higher eds were talking about how they could collaborate

to a group security and they were doing this

without university administration knowing most

of the time.

In health care, you have the National Health ISAC,

you have HIMS, High Trust,

and a few other large groups, in health care.

Again, we're self-organizing.

We're already doing the work.

Financing of FS ISAC.

But the difference with FS ISAC, financial services,

has been that the New York and Massachusetts State Departments

of Banking, plus the banks, have pretty much mandated membership

as a condition of doing business.

And this is very big, because where are most major financial

institutions located?

They're located in New York City or Boston.

So, therefore, by default,

if you're a large multi-national bank, you have an office

in Manhattan, you're already a member.

Also the other big thing is that a lot

of the large banks underwrite the cost of FS ISAC,

because it's good business for them.

Biggest example I can give is Bank of America, who came right

out and told me they spend millions a year on FS ISAC.

And it helps the entire ecosystem

because small community bank, they're not going

to have $8 million dollars to plow in like Bank

of America does, but everyone benefits,

because those banks transact Bank of America.

And the medical-- the vice vendors.

I'll be very clear about this.

I've spoken with Merck, I've spoken with Eli Lilly,

I've spoken with numerous other manufacturers.

I can tell you even though it's not published in the news media,

pretty much every major medical device manufacturer is talking.

The reason why is because there are 20 different sets

of legislation in the states about medical device security,

they're all working towards standards,

and the security people from these companies all talk.

The two biggest examples I can give are Merck and Eli Lilly.

They've been talking for a while.

I know both CSOs of both companies very well,

and I can tell you they are not unique.

And the other thing, the lack of a comprehensive legislation

or end in sight to the current situation,

this is what it has come down to.

We're doing it ourselves.

And those IT and security companies you hear about,

you will see groups of security people all talking

at these conferences, sharing information.

That's how it is happening right now, and it happens just

as much as, you know, going to the sessions, or networking,

or even seeing the vendors.

People doing it themselves.

And there is a lot of activity that I alluded to,

especially in eastern Pennsylvania.

And a lot of private round tables financed by the big four,

the [inaudible] by the big four, and a number

of other consulting firms,

they've been sharing info as well.

There is one group, E-Health Initiative in Washington, D.C.,

I would say pretty much every major pharmaceutical company

and most of the top 20 health systems

in the United States are members of that round table.

So you go into that room, you will literally sit there

and talk to 10 different pharmaceutical companies

at the same time, everyone is talking the same language, just,

that's not getting out there.

We're working on it.

And speaking of big challenges, we have supply chain.

Everyone now talks about the internet of things,

and what that really means.

What it really means, what we really should care

about is now we have to really care

about the entire value chain that delivers devices

and information, is reasonably secure.

Instead of worrying about IT, now we've got to worry

about everything, because everything is a network

connection, everything is an end point,

because one weakness can cause a cascading [inaudible].

So I'm going to give an example of that

which is android, and smart phones.

Probably a number of you here have android smart phones.

So one thing you should think of,

if you have an android smart phone, if it has one device

that has, if it has one component

that can't support a newer version of Linux,

or newer version of android because of bad device drivers,

[inaudible] I'm looking at you,

the entire device cannot be updated.

You just can't do it because android is not going

to support it.

And Google, they tried to fix this with a number

of initiatives, but there is-- you're only going to be able

to address [inaudible] level device drivers so much.

You just can't, without seriously breaking

newer functionality.

And right now, because of this, there are a number of phones

that cannot or will not be updated, and we have issues

because one little part of the supply chain,

one little component doesn't have a new device driver

for android.

Doesn't have it.

So you can't update the phone.

So another major issue is sourcing chips and components.

What other component has a hardware, software back door?

How can components be compromised

to break into systems?

Both the NSA and other intelligence agencies are really

good at doing that right now.

And how can weak encryption

or hardware weakness leave you wide open?

Give you an example over the past couple of years,

a lot of hardware implementation

of a [inaudible], they've been broken.

So how do you guard against that?

How can you be sure the trustworthiness

of your components?

What if you have counterfeit components making their way

into your value chain?

So example of that, that happened to Cisco twice.

That has been published in the news media.

So in both those cases, somebody who got themselves permission

to deal with the U.S. government, sold the Navy,

counterfeit Cisco gear, from some dubious source in China.

We don't know what was on those routers.

What was on those routers or components they sold,

we don't know what kind of back doors there were.

But compromised equipment was sold

to the Defense Department at least twice.

There are some people doing some serious prison terms

for this right now.

But that doesn't-- that pales in comparison to the fact

that in the value chain that powers our nation's defenses,

we had counterfeit gear with backdoors.

Cisco. Of all the companies that it happened to,

it happened to the one that is pretty much the five letter word

for networking.

[Inaudible] brought other--

brought one other item into light.

What happens when you have components

of your value chain shut down because of cyber attacks?

So I'll give you three examples.

People had shipments and boxes delayed because of Petscha.

Maersk, big international shipping company.

Fed Ex. And UPS.

All have ton of machines offline because of ransomware attacks.

Merck couldn't produce drugs and medication,

and we're seeing this now in Puerto Rico as well.

Because of the power outages caused,

and the devastation caused by hurricane Maria,

Medtronic has reported

that certain medical devices can't be made

because the main production line for them was in Puerto Rico.

So you have to think about it.

Malware is now just as dangerous as a hurricane.

So what happens?

You have alternate sourcing arrangements in place.

What happens if a cyber attack hits a major supplier?

In one post I had on social media, what happens

of you're a restaurant,

would you have enough breadsticks and pizza?

Cisco actually led the way.

They actually have a dedicated [inaudible]

for their supply chain.

Edna Connolly, she works on these scenarios,

and I think Edna is the first of many great [inaudible]

that are going to be out there working

on the supply chain issue.

So, how do you structure your companies to come back?

There are five major components of our companies

that need to work together.

Info sec, legal, privacy, compliance,

and our Chief Risk Officer, Human Resources, Supply Chain,

and finally our core business.

And we are going to discuss the newer additional roles

in augmenting our corporate structure.

So information security is responsible for assessing,

categorizing and communicating risks throughout the entire

value chain.

And they are the team that defines

and develops the policies and security requirements,

and communicates to the rest of the organization.

And they're also responsible for security portions

of legal contracts and [inaudible].

Yes? And if you're in health care,

you have this [inaudible] agreement,

it has security requirements.

Surprise, you own it, no one else.

And they're an integral part of business responsible

for interfacing with the entire enterprise.

I want you to take a look at that right there.

They are no longer part of IT.

Even though they may report to CIOs,

you're no longer in IT departments.

And they are responsible for developing security plans

in concert with the core business.

Again, I put that there, core business.

Not IT. It's to augment the organization

and move them toward a more secure state.

Because you have to reduce risk at all costs.

And they work in concert with regulatory affairs.

In healthcare we have to worry about joint commission,

HPAP and a number of our organizations,

and with the business continuity teams because, surprise,

business continuity is a security requirement

to assess all risks to the environment as a whole,

and security risks, they're no longer separate.

You have to work on the tabletop exercises, downtime procedures,

and business impact analysis to assess

and address residual risk.

That is now continual exercise with the business.

Not IT. That saying of backups and restore is not enough.

It's that time between you're down and you're back

that you've got to worry about, and you've got

to maintain your business.

Anyone thinks differently, tell them to call Merck.

Tell them to call Maersk.

Tell them to call Fed Ex, or tell them to call UPS.

And you have to work with asset management

to catalogue your assets, and use that to determine your risk.

Why? Because if you don't know what it is,

how are you going to protect it?

And they're responsible for a data classification policy

and its associated plans and procedures around that.

They're also responsible

for developing an effective communication plan for new,

emerging and existing threats,

and maintaining the education plan,

including job appropriate training,

scenario-based training including your fishing

simulators, and training for regulatory compliance.

Surprise, you're now a training department too.

And they need to understand the environment

and the players better than anybody else.

Because you have to continue to assess risk.

That's your job.

And most importantly, we know two things about companies.

There's work structure.

That's formal on the books.

And there is a real work structure.

Need to learn what the real work structure of a company is.

Be able to secure it.

So that brings us to our friends in legal.

They're responsible for developing the requirements

in concert with info sect for, to store

and share a minimum possible information,

for minimum time possible, with a minimum amount of parties.

Or, as a settlement or [inaudible] we call that rights.

And they are also responsible

for developing this legal contract,

that they assign proper levels of liability,

assurance, and responsibility.

And they are responsible for ultimately making decisions

on acceptable risk levels for the organization.

Because quite frankly, CEOs aren't going

to make that determination.

Usually they're going to defer to their lawyers,

or Chief Risk Officer.

And they're responsible for the insurance policies,

and making sure they are adequate,

and cover what's needed.

I actually sit on our team

that evaluates insurance policies every year.

Every company out there, because it's now a condition

of doing business, has a cyber liability policy.

And most important, they develop, negotiate,

and implement the contracts, agreements and standards

that they need to have reverse standards for.

This includes your data interchange.

Your establishment of security standards.

Vulnerability management, which is now a contract item.

No matter what company you're in,

you don't have vulnerability management in there,

then you're behind the times.

And liability assurance responsibility

in case of a breach.

This is a major sticking point with most companies,

because a lot of companies don't want

to assume that responsibility.

Even if they're cloud-based and hold your data,

they don't want that responsibility.

And of course, incident management,

and cyber insurance requirements.

HR. People don't think of them that much,

but they're very important, because they're supposed to work

with info sect and legal,

and make sure we have the appropriate policies

and procedures in place for human capital management.

This includes your acceptable use policies.

And again, you have a case where you have to terminate somebody

or discipline somebody, you don't have the policies

in place, it's not going to happen.

Which includes your acceptable use policy,

your corrective action policy, especially for cyber actions.

I know there is actually a good bit of discussion

on the Renaisac mailing list earlier, I was reading

about people doing Bitcoin mining on university resources,

so that is something which ironically

when people wrote acceptable use policies about 10 years ago,

most universities already had that covered, thank God.

Training programs are very important, because it has

to be log in training and learning management system

or with all the other job appropriate training,

and surprise, that's required.

Also the employee background checks and recertification

for access to electronic medical record systems,

or certain financial trading systems, that's a requirement.

Also your verification, validation of access rights,

and collaborating on the access review processes.

Surprise: all HR functions.

HR is an integral part of your company.

So that brings us to supply chain.

They work in concert with info sect to assess and address risk

up and down the value chain.

They're responsible for sourcing

and providing alternative sources should an event occur,

or shall I put it, when an event occurs.

They're responsible for building up

and managing the effective distribution supply system

for the organization, which includes redundancies,

and they're integral to the disaster recovery

and BIA portions of any business.

So this is a major change for the core business,

because normally cyber security has been handed off.

They need to do the following.

They need to make sure they assess

and address risk at all levels.

They have to have resources

for their risk management program, definitely.

They need to work to mitigate these risks.

So, instead of saying IT handles it, they are now--

their boards are now saying you've got to do it,

you've got to track it,

you can't just say IT go do it anymore.

Not going to happen.

And you have to make good risk-based decisions,

and budget for maintaining operating systems.

Because you don't want to cut costs to look.

You don't want to do that, because if you cut costs

to meet some mythical ROI standards, you're going

to see bigger costs in the back end.

Why? Because if you cut the maintenance on the system,

you're going to have a breach.

And the breach is going to cost you 10 times more

than the maintenance did in the first place.

So where do you end up?

You end up at a negative spot because you tried

to make a quarterly profit, and that's not good.

And you have to have it be [inaudible] process

for each system access, which a lot

of businesses really don't understand.

You have to have continual risk, and that means looking

at who has access to your systems.

And your contracts and agreements have--

need to protect the organization and its constituents.

Sorry about that.

So security needs to be in a position

where it is most effective.

It can't be buried in IS.

Can be part of IS, but don't bury it

under the director of infrastructure.

It needs at least a dotted line to legal and compliance.

It needs to be empowered to communicate with everyone

without having to ask executive permission.

This is what kills most security programs.

If security is not allowed to talk to the business,

it will never succeed.

More visibility is required.

If you're not editing the board

for a Chief Risk Officer, you're not effective.

And the CISO [phonetic spelling] has to be

in constant communication with the business.

It is no longer an option.

It's no longer a technical position.

You are just as much a part of business as everybody else.

And a large number of my peers all have MBAs now because of it.

And it has to empower across the structure.

So it can't just be doom and gloom.

You have to empower the organization.

Because everyone is responsible for security, and a team needs

to use constant risk assessment

and address risk to provide guidance.

And people, they're aware of these issues.

The responsibility of security is to make sure

that people know what to do, not that the issue is out there,

not to scare people, not to intimidate people.

It is to empower an organization,

not to intimidate it.

And if you see something, you say something.

That little simple thing from Department of Homeland Security,

you have to be able to enable that environment,

empower people, make them feel comfortable

to actually say something, and you have

to build rapport to do it.

This is not an IT position anymore.

It's a business job.

It involves more aspects

of human resources than people realize.

Why? What are our conclusions?

What have we learned?

It's a growing-- cyber security is a growing part to businesses,

and it's no longer a technology issue.

It requires whole business involvement.

New and destructive technologies still need

to be addressed using conventional risk assessment

and addressing processes.

I mean, basic blocking and tackling hasn't got a way,

and I'm sorry, you can't buy a silver bullet

to have good security.

And continual risk assessment is the core

of what the organization needs to do now.

It is the core of the business now.

Along with whatever goods and services your business provides.

And security needs to expand that role,

they need to constantly communicate,

and constantly empower across the organization,

and other business units need to partner with and work together

to expand that role, period.

You are no longer an island, you are no longer part of IT.

Security, you are the business.

And most important it is no longer done in isolation.

You are the business.

And the reason why these new instructive technologies

out there, they require an encouraged collaboration

of community involvement.

I mean, that's just it.

This is where we are at.

This is no longer a case of security being security.

Security is the business.

And with that, thank you all very,

very much for your time today, and I'm willing

to answer any questions.

[ Applause ]

>> Thank you for the comprehensive presentation,

that was really fascinating.

Now, questions, questions from the group here?

>> Maybe while people are gathering their thoughts,

I'll kick us off, which, you know, I liked your discussion

about the organizational changes

in security becoming really comprehensive, in that sort

of environment, how do you see the decision making going

around acceptable risks and when to make--

when exceptions are allowed, and what sort

of the organization's risk tolerance?

>> My personal view of it is I've seen that actually go more

to the legal department than IS.

>> Hmm.

>> The discussions I've had over the past couple of years,

that has actually shifted from C-suite making that decision

to C-suite deferring to a legal team.

To make a determination on what acceptable risk is

for an organization.

>> Luckily a lawyer, so wise in such matters,

we're in good shape [laughter].

>> Well I'll tell you what, I'll tell you what I

like about the lawyers is, they're very good at one thing--

ferreting out where companies try and duck liability.

That is the number one issue I've had on contracts

for the past several years,

at a number of organizations I've worked at.

Companies want to duck liability because they don't want to be

on the hook if a breach occurs.

That is your major challenge right now.

So lawyers are getting a lot smarter when it comes

to cyber security, because they're treating the big issues

as liability issues, and with the cloud,

you're putting your data with Amazon.

You're putting your data with Microsoft, over Google.

And there's a lot of issues with liability.

There's a lot of issues with due care.

So you have to make sure you're on point.

The more importantly,

the vendors that you're doing business with,

that are doing Amazon back end and not telling you,

you've got to make sure you know where your data is going

and GDPR is going to get a big deal for that.

Because a lot of companies out there, give you an example,

several years ago I had mostly client server applications I

dealt with in healthcare.

About a year ago, it shifted to over 50% [inaudible].

>> Hm!

>> And this is, well what was happening is vendors are

realizing we don't want to put servers on site,

we'll just put our stuff on Amazon.

So now it gets to the point that you have

to make sure the company understands liability.

You've got to make sure they understand their process,

as opposed to seeing some box

of [inaudible] you could segment off to the rest of the world,

your stuff is in three different data centers

that Amazon provides.

And Amazon is not liable.

That company is liable

for configuring Amazon the right way.

As Accenture so learned a couple of weeks ago.

So yeah. Legal is now heavily involved

with the decision making process because quite frankly they have

to be, because the risk is just too great.

>> Just really quick, you did bring up GDPR a few times,

can you speak a little bit on how that is going

to change the status quo?

The decision making?

>> The reason why the European Union did general data

protection regulation is going to change is because it's going

to require companies that handle people's data to know

where that data is at at all times,

and know what machines handle it, know what the processes are,

know how it's protected, and know how and when

to remove it if someone asks.

So you're basically asking people

to do everything they should have been doing already.

Especially if you're in health care.

But now you're putting the full force

of European penalties behind it,

and it enforces a corporate form also with the use

of the data protection officer that cannot be the same

as the security officer, and usually in most cases,

as the privacy officer, to enforce GDPR.

So the European Union, I mean, it's a great initiative,

it's forcing companies to be more collaborative.

To understand what their core business is,

and to not segment off parts of a company from each other,

and continually assess and address risk.

Know who has access to what, under the risk

of great financial penalties, and more importantly,

the big black mark is going to be left if you're

under a GDPR violation.

So yes, it's going to change how we do business.

>> Thanks for that.

Excellent.

Other questions, comments?

>> So you're talking about the human resource aspect.

What strategies with it [inaudible] trend their

organization as a whole, is it a large sort

of getting large groups together,

financing budgeting the time and money that it takes

to do that, and communication?

>> I'll be very blunt, I do a guerilla effort.

I wrote all the training myself, so [chuckles] and I,

the only thing we didn't write was the fishing simulator,

but even then we wrote our own communication plan

around our fishing simulator of choice, and more importantly,

we get out there, we talk to people.

We develop training programs that are job specific.

We schedule time with people.

We talk to them.

It's more important for us to meet people,

understand what they're talking about,

understanding their needs, and put a face to the name,

that's the best training program of all that we found.

And it's just-- it's gradual.

You can't do it overnight.

We do awareness training.

We have mandatory training from everything from PCI to HIPAA

to security awareness to fishing,

while all that is great, people click through that training,

and we're not going to sit there

and say they don't, because they do.

People ignore training, they forget it,

but they forget faces a lot less than they forget

that PowerPoint slide they forgot about because they had

to take training three weeks ago.

We want it so they know who we are as people, to ask questions.

We want people to be naturally curious and ask questions,

rather than give them some training program

that they're never going to use, and we're just--

we're being realistic about it, and we'd rather sit there

and have the conversations with people, let the executives know

who to call, let the staff know who to call.

Be the people out there that can talk to.

That is more effective than any training program you will

ever have.

>> We have time for one or one or two more,

if anybody else has ideas they want to dig into?

A lot of [inaudible], budget, management, my gosh [laughter].

>> This, I'll tell you--

you know how many medical billing companies

that are looking at Blockchain right now?

It's actually there is a company

out their former Chief Scientist Detective back in Cali in March,

and yeah, he was talking about a major--

one of the 10 biggest houses in the country trialing Blockchain

for verifying billing transactions.

>> Wow.

>> So yeah, we keep Blockchain on our minds.

>> Mm-hmm.

>> That's fascinating.

>> So thank you all.

>> Oh I want to get you to the one last one here.

>> Go right ahead.

>> Well so with supply chain, and IOT,

previous speaker we had was from Microsoft,

he says dueling IOT devices that could be better trusted,

until that occurs, from a business perspective,

risk management [coughing], you kind of--

sort of keep IOT devices how [inaudible], your facilities?

Are you managing which ones you allow in?

>> We have to manage what we allow

in because there is actually

in health care a significant regulatory issue behind it.

Give you an example.

Joint Commission, which pretty much regulates,

voluntarily regulates all member hospitals has requirements

on temperature monitoring.

So that means pretty much every refrigerator you have

in a hospital now that handles a controlled substance,

or handles something used for patient,

has to be constantly monitored

to make sure temperature is in the right place.

So what we have to do is we have to borrow a little bit

from the nuclear regulatory commission,

so NRC with nuke plants back in the 80s

and 90s developed this whole process by which,

which was actually barred from the military,

because who had nukes first?

They did, of where you have to constantly check, validate

and verify your devices.

Now, that might-- but healthcare is a little bit easier to do

because you have that controlled environment, but you have

to have that level of control now.

Because until Microsoft gets it right,

or other companies get it right, there is still too much risk,

unacceptable risk for organizations like mine.

>> Well Mitch, thank you so much again,

that was really [applause].

>> Thank you, thank you all very much.

For more infomation >> 2017-18 CACR Speaker Mitch Parker " What is Cybersecurity Doing for the Organization's Mission - Duration: 1:10:50.

-------------------------------------------

How to look rich roblox for free pt 1(you MUST turn sub titles on) - Duration: 6:14.

hi its shuki here

as you can see by the title im gonna teach you how to look like a pro :P

look at waht im wearing.its a voltron shirt.this will be what we are working on.the coco shirt and the roblox jacket will work fine too.

the thing is that we're not gonna make a shirt,but a t-shirt instead which is free for normal players like me :T

(sad life for us fellow 'noobs' out there ;-;)

lolz

if you find this vid to be helpful then pls care to subscribe and leave a like!

i have an instagram account of art too so feel free to check it out!

ill be doing art vids here too :P

Enough talking. lets get to work!!! :O

what i want you to do for now is to go to develope

the loading takes for ever...... T-T

ok so what i want you to do now is to click the t-shirt selection and stay there

im still learning to be a youtuber so pls dont judge my slowness TT_TT

so.....

:T

great we are here!

as you can see i already made multiple t shirts already :3

now just stay here because we will use this later :P

now what i want you to do is to click the link in the description and download it

choose the one suitable for you

NOW...

after you downloaded it you open the software and it should look like this

signing up is an choice for you to make

now what i want you to do is either read my texts or look closely at what im doing

first:go to the file option and click on ''new''

it should look like this

what im doing here is changing the text to 93 on the top and 95 at the bottom

the page color has to be white so it will be easier to work with

now that the setting is done you should have this

what you want to do now is to go to color circle and estimate the best you can to match the voltron/roblox jacket/coco shirt color sceme

if you know how to use medi bang go to color pallet and click the page next to the trash can. there you just have to enter the code 1A1A1A to get the voltron ,etc's color

im just coloring like a weirdo :T

and you can also estimate the skin tone from roblox so it will be easier for you to work with the shirt

now i will be designing my shirt so il see you in a few secs

there!

now all you have to do is to save it

name the shirt and make sure you change the 'Medibang Paint Pro'' to ''png''

its important to not mess this part up

after you save it you will see this appear

click the middle option.thats a must

click ok and your done with the design

now go back to develope

click choose file and click on the shirt you just made :)

ok i got my file ready to upload

lol :p

and we're done!!!

btw as we are waiting i wanna show you the tool i used to blend the colors

i use the tool air brush which is provided in the brush section

and again those who know how to use medibang this is the where you enter the code

the one im entering right now is the shirt color

heres my finish product which im proud of :3

and what im entering now is the skin tone code :D

ok so i got bored of waiting so.......:P

but at least my t-shirt is there :)

lol

btw i made this addidas t-shirt a long time ago :D

ugh i hate waithing for stuff to load :T

ha finally!!!!!!

this is my addidas shirt :P

anyway thx for watching!!!!!! pt 2 is next!!!!!!

For more infomation >> How to look rich roblox for free pt 1(you MUST turn sub titles on) - Duration: 6:14.

-------------------------------------------

Pepa Pig - Funny Cartoons for Children to Learn Finger Family Nursery Rhymes - Duration: 1:43.

Daddy finger, daddy finger, where are you?

Here I am, here I am. How do you do?

Mommy finger, Mommy finger, where are you?

Here I am, here I am. How do you do?

Brother finger, Brother finger, where are you?

Here I am, here I am. How do you do?

Sister finger, Sister finger, where are you?

Here I am, here I am. How do you do?

For more infomation >> Pepa Pig - Funny Cartoons for Children to Learn Finger Family Nursery Rhymes - Duration: 1:43.

-------------------------------------------

Search Continues For Woman Knocked Into Stockton Canal - Duration: 0:50.

For more infomation >> Search Continues For Woman Knocked Into Stockton Canal - Duration: 0:50.

-------------------------------------------

Lemon With Garlic Mixture: The Most Powerful Mix For Cleaning Any Heart Blockages - Duration: 2:01.

Lemon with Garlic Mixture: The Most Powerful Mix For Cleaning Any Heart Blockages

Lemons and garlic are definitely two of the most beneficial foods for our health.

They are full of nutrients and offer numerous health benefits, but they're even more powerful

when combined.

A combination of garlic and lemon is a potent natural remedy against numerous problems,

but is mainly aimed against cardiovascular problems such as high cholesterol, clogged

arteries, high triglycerides and poor blood circulation.

When the so-called bad (LDL) cholesterol starts accumulating in the arteries, it can easily

block them and cause a deadly condition known as atherosclerosis.

Atherosclerosis can have serious consequences on your health, and can even be fatal.

It significantly raises the risk of heart attack and stroke, and should be resolved

sooner rather than later.

Luckily, a lemon-garlic remedy can help.

Here's what you need to do: Ingredients

A cup of garlic juice Two cups of lemon juice

A cup of ginger juice Two cups of ACV

Preparation Mix all the ingredient in a pot and cook the

mixture for about 30 minutes.

Take it off the heat and allow it to cool next, then add 2-3 cups of honey in.

Chop 2 lemons and add the pieces with a few garlic cloves and water in a blender, then

mix well and add this mixture to the previously boiled liquid.

Mix well, transfer the remedy to a glass jar and put it in the fridge.

Take a tablespoon of the drink each morning before your breakfast for 3 weeks, then rest

for 7 days before repeating the treatment again.

Do it twice a year to clean your blood vessels and arteries and reduce the risk of life-threatening

cardiovascular problems.

Visit Our Website Here : http://bit.ly/2q90Dxh

Thank you For Visiting Our Youtube Chanel Please don't forget to subscribe our channel

Subscribe : http://bit.ly/2rRgSLG

For more infomation >> Lemon With Garlic Mixture: The Most Powerful Mix For Cleaning Any Heart Blockages - Duration: 2:01.

-------------------------------------------

Needling my skin is what I do for my skincare😵 NYAAM NYAAM! - Duration: 3:50.

Hi everybody! This is Lara

Today I'm going to tell you how I take care of my skin

So many people asked me to make a video about Korean skin care

How I take care of my skin

as you guys saw the title of the video

today I decided to tell you something.....

can be creepy? But irregular?

It's needling my skin

Actually the right term to call this, needling your skin

is called MTS (Microneedle Therapy System)

Lots of my friends are doing MTS

and they recommended me to do it!

and right now, I'm going to show you how I do MTS in the clinic!

This is my mom doing MTS

Your skin usually gets red after it, and it hurts

So, I really liked MTS, but there are some bad sides of it

If you go to the skin clinic

They'll basically needle your skin!

and that hurts!!

and also, that's really expensive

It costs around $60~$80

and if you go to the dermatology it's more than $150 for once

People recommend to do the MTS for once a week

but once a week?! It costs a lot!

Since doing the MTS in the clinic was so expensive

BUT very effective,

I wanted to do something cheaper than that

and I found this product

It's called, Nyaam Nyaam

Well it's a Korean cosmetic (Sponsored by ReGenAf)

that you can do the MTS at your home, by yourself

In this product, there's once Nyaam nyaam serum

and three other refill serums

so if you do the MTS in the clinic, it hurts

so usually you do the MTS

after applying the anesthetic creeam

But I have been doing this for two weeks

and this doesn't really hurt that much!

This also has some needles up here

but these needles are micro-needles

It's really thinner than your hair, so it doesn't hurt that much

and in this side, there's serum

This serum can make your skin look clearer and brighter

So here's how you do

First, you open the cap just like this

and press this part

Then the serum will come out

Slightly tap it on the whole face or particular parts

Give it a little tap with your fingers, and it's done!

Use this mask-pack for half an hour

and take a rest

It's the best if you could use this mask pack

right after it, because it has the mild soothing effect

This hurts less than the clinic

because you are doing it by yourself

so you can adjust the power of the pressure

so if you want more information of this Nyaam nyaam serum

Please click the link in the description that I put

So, how was the video?

Does it sound very creepy like, needling your skin?

Do you also do the MTS in your country?

Are you interested in doing MTS in your home?

Please tell me in the comments!

and if you liked the video, please click LIKE!

and hopefully see you next time too!

BYE~!

For more infomation >> Needling my skin is what I do for my skincare😵 NYAAM NYAAM! - Duration: 3:50.

-------------------------------------------

Coco Movie Miguel Playing Guitar and His Dog Puzzle Video for Kids #1 - Duration: 2:41.

Coco Movie Miguel Playing Guitar and His Dog Puzzle Video for Kids #1

For more infomation >> Coco Movie Miguel Playing Guitar and His Dog Puzzle Video for Kids #1 - Duration: 2:41.

-------------------------------------------

Решение для предпринимателей UDS Game - The solution for entrepreneurs UDS Game - Duration: 1:02.

marketing solution UDS game for entrepreneurs is

digitized customer base with a mobile application

individual page of the company where the address is given phone site site mode

price list and many other useful information communication with the customer base

With the help of push-notification and news feed the possibility of placing free

coupons statistics and analytics of new customers and

their purchases are objective feedback customers recommend your institution

thanks to an affiliate program they get bonus points from their purchases

friends and their friends to the third generation and for ordinary users of UDS game

This is a free mobile app where they can get a discount in your favorite

institution and save up to 100% thanks to points for buying your friends

want to know more go to udsgame.com and connect the free version of the link under the video

For more infomation >> Решение для предпринимателей UDS Game - The solution for entrepreneurs UDS Game - Duration: 1:02.

-------------------------------------------

"ATTENTION"...ALL LADIES & SOME MEN...FOR $350.00,YOU CAN DATE HIM TOO..."GETCHO" MONEY PLAYBOY!!! - Duration: 7:40.

For more infomation >> "ATTENTION"...ALL LADIES & SOME MEN...FOR $350.00,YOU CAN DATE HIM TOO..."GETCHO" MONEY PLAYBOY!!! - Duration: 7:40.

-------------------------------------------

Diarmuid Cowan for NUS Scotland President 2018-19 - Duration: 2:04.

For more infomation >> Diarmuid Cowan for NUS Scotland President 2018-19 - Duration: 2:04.

-------------------------------------------

WOW!Three slaps that Popeye give for special gift to spoiled SweetPea want milk her|Monkey Daily 325 - Duration: 10:50.

For more infomation >> WOW!Three slaps that Popeye give for special gift to spoiled SweetPea want milk her|Monkey Daily 325 - Duration: 10:50.

-------------------------------------------

Origami for Hable Construction 6Tier Storage Rack - Duration: 9:25.

For more infomation >> Origami for Hable Construction 6Tier Storage Rack - Duration: 9:25.

-------------------------------------------

Best knife for 40 $ ? EDC Woodcraft Bushcraft Outdoors Gear ! HXRock knife unboxing - Duration: 24:04.

best knife,review,schrade,extreme,survival,best,knife,test,knives,buck,gerber,cutlery,knife blades,bushcraft,batoning,cutlery knives,machete,kabar,bear grylls,ultimate,series,ultimate survival,tools,old timer,kershaw,survival guide,spyderco,survival kits,army,combat,survival pack,survival bag,best knives,throwing,sog,swiss,army knife,man,vs.,wild,kit,torture,camping,hunting,emergency,crisis,disaster,outdoors,stainless,gear,reviews,adventure,david canterbury,preppers

Hello YouTube, how are you today VD from VD gaming here with another video for you guys

This time around we're gonna do the unboxing of?

one of the items that I forth really really

Made my eyes on

1k best let's say and this would be the a cheeks outdoor-survival straight life

so

As you can see how let's show this item

seems to be

really really

Amazing right so we have

G to steal them. Sorry. That's a d2 material plate which is to my knowledge

the steel that pretty much all the good tools are made form then you gotta kinda sheet all in there and

Apparently

We have some sort of g10 handle

And of course the knife is also full tank now

The thing that interested me the most

Was the fact that they said that straight out of the box this knife should be sharp

To an extent that it can be usable

Also that the edge is so strong that

This guy

Here in in these pictures is able to pierce to a sheet of metal

And also he can cut steel wire

As you can see here in this picture easy to cut iron wire iron nail off

What does what does that mean is that this blade is not only really strong?

But is also very sharp and the edge should resemble

sort of a chopping

Instrument such as a machete or

Small hand axe

That being said

Stick with me guys. I'll be

shortly back with the unboxing of this product

All right you guys, so thank you for seeing with me now

We are getting to the part with the unboxing of the product so for that

We are gonna need of course another life

This is the number one rule when you unbox something have a nice knife ready, so

As you can see it comes really nicely packaged

Let's see so this should be actually really really easy to cut down

So the package is eerily ok you can get this other knife out of the way now

Let's rip this open I

Get to our knife so nothing else is in the box in the box in the package

But the package also has some bubble wrap in it, so this was really nice package so big on with you

now

Let's take a look at how this box looks

Rock

Has a lot of nice pictures on it all the writing is in Chinese of course

Ok

Sorry about that

Trying to work around my camera as I'm doing this

And let's see how can we Hugh may in the open this box without ripping it?

See what we have here

Okay everything comes out in a pinch so

Very nice, box. I'm gonna put this aside. Okay, so the box

And this is the knife the knife

Interesting

Slowly take it out wanna cut my hand or anything

Okay

Let me try and make some more light here

There we go, I think this is better now

All right

Everything is in order

So let's take a look at what we have here something did

the sheet

looks and feels like it's made out of

G10

It's a really grippy, it's not too aggressive in its own States

and

If we get focused a little bit you can see that there is some room here where a pond

Water can drip out if you are in an open

Flood or something like that and of course they also have this little

Tungsten diamond file on the side here to be honest I have never really

Used this with success this type of sharpening tool

but I guess in a pinch it's better than a rock you found on the side of the road right to sharpen your knife I

Know this comes out

It seems it's more inside here doesn't seem to get out of

the sheet

So you actually have to use it like this we will see this later on

now for the firesteel

This is a pretty decent sized

firesteel brand-new

Doesn't have the coating of

The handle I think

This handle I

Never

Quite liked the handles on the fire steels, they always seem to want to come off eventually

They're not really well glue Dean

but for the moment they seem sturdy enough

Okay, I'm struggling with it a little bit

So as you can see and thinking of the counting

With my bare hands

Which I don't know if that's nice

It's so good, but it certainly is not plastic painted plastic

So this might actually be a fire steel. We'll test it later on

And now to the main thing

the blade

Can I take it off yes, I can

It has a little scraper here, so this is definitely

Supposed to be used to scrape your fire rod, or your fire steel off

Has a really nice point to it

Let's see how we can grip this so you can grip this like this I

Have kind of medium sized hands, and this is I mean it's just perfect for me

From the sound of it this actually seems like hardened steel

We have here on the upper side of the blade

Some

Kind of autograph

Super TD or something. I don't know exactly who TV is, but hey nice to meet you TD. I'm BD

and

Here it really says D. - now that remains to be seen I know exactly how you can test

If the steel is well it is but

Other features on this knife well

First of all let me tell you something that this is really has a heft to it. It seems heavy enough to

actually be considered a

good

Bushcrafting knife if you know what I mean, so I really don't like a knife. That is so easy that you can

Basically lose it out of your hands when you're using it alright now here

On this side you see that you have two holes here

One hole here is clearly a lanyard hole, but these two are meant to be

Used for making this knife into a spear and

Honestly, I don't know that might come in handy

Who knows right and you also have a nice bumb?

That these are actually called a hammer head right hammer it says right here

It is still

Seems to be attached to the rest of the blade

Thus seem to be hollowed can the sound of it

But on the other hand

This is very good if you need to actually

break something like a window or

Maybe some rocks you need to break some rocks or maybe you found some nuts or something like that. You need to crack them open

Bone maybe you can break bone with this

Who knows, but this is quite interesting? I never had a knife with a built-in hammer head again

I never actually bought a

Gerber knife understand that Gerber knifes usually have

Hammerheads as pummelled but

This is quite interesting now

Give me just a second and we will

Test the sharpness of the knife as it came out of the box all right, so let's test now the sharpness of the knife

So this is rival box

You can see I didn't do anything to the edges just like before

I just want to pick up a sheet of paper so I can actually

Do an initial test on this

It does say in the ad for this product that you should really be careful with kids not to

Handle this around because it's really dangerous and really really sharp, so let's see if that has any meaning to it

How am I going to do this with a camera in front of me? I don't know but

Well does cut paper

Yep, this sharp is just an inconvenience for me to cut it like this because I have to keep the camera somewhat in between

my hands so this is going to be a

blast on the incoming test but

Just have to work around it

But it definitely is sharp prevent. I mean look at the way it cut the paper actually do you don't feel any kind of

Deformations here on the paper, so this is a really sharp

It will be careful with this, but is it razor sharp, so let's see

Let's get some spit

Almost cut myself with it

Let's see I'm getting some spit on the hand

and Australian shaver

I

Would say it's not really really

That sharp, but it does

Shave a little bit of hair out of here. I don't know if you can see this it actually is scraping off the

hair little bit out of my hand

See

So it does actually shave a little bit, not as I would like it to shave. That's another story all right

so I'll put this for tinder for testing the fire stuff later, but

it is fairly sharp all right so that being said let's

See how I can test this with a

Tough one of these tough sticks by having my home

Put this here

We'll try to

Cut a little bit in this

Again

This is not the greatest position to try to do feather sticks

But I can tell you

From the looks of it this actually works

Great

Even if

I'm struggling with the way. I'm situated between the camera and the knife

Rather the camera is situated between me and the knife

But as you can see you can actually do some nice feather sticks

so I have no doubt this is a

Decent let's call it a decent bushcraft knife alright, so how about some carving?

Well

For carving though

hmm

And I'm gonna pry apply enough pressure on it, but it's definitely

Well I

Wouldn't do any kind of serious carving with this knife

But if you want to cut a stick in half you can do that so the issue is that?

Because the fire scraper is situated here, and here you don't have enough of them

Knife back to work with so you're you have to put your finger here and actually it hurts

If you push on the stick like this it actually hurts when you do that, but if you take it like a chopper

Like a chopper as I said, and you just strike the stick

That actually works better

so

Is it a carving knife?

well, you can do some work with it, but now the still would prefer to have a

sharp Victorinox knife in my pocket to do the carving stuff and leave this one for

Other tasks like splitting wood and stuff like that

Unfortunately, I'm in my house right now, and the weather is quite terrible so I can go outside

I will test the chopping, but I'm pretty sure this is a chopper and you can put on with with it

I mean it looks like a beast so you can do that stuff

All right

so the cutting

part of the knife, it's

Surprisingly good. I have to be really careful with this not to cut myself actually

So what I am trying to do now I?

Want to test the

Fire starter of the knife and if we do that and that's successful then I can indeed

Take this with me in nature into the woods and try try it out for a month or two

To see if this actually works well or not

because for for now I'm indoors and

The limited tests that I can do are not sufficient to declare that however it does seem quite

reasonable sharp and

As I said it has a half to it

It's not heavy, but it is and actually it's it's quite balanced this knife

Which is really good for a chopper now this knife to be a real chopper. It will need to have

The plate a little bit

longer let's say kind of like here and

Following the same line just get thicker here, but then

Decreasing in thickness around here. That would be a good shopper a perfect chopper in my opinion

But this could also work. I don't have any coconuts in

The house I could try the coconut test to see if this chops a coconut, but I don't have any for the moment

So that's a test for the future to keep in mind

but for now

Let's take some out of here. Don't need that much

Let's put a knife here for a little second

so

Make this fluffy nice

And

Hopefully I'm not gonna burn my house down. I like trying this

This

stick pieces here

Okay

Okay, we have a little bit of team there. Let's take the fire steel how?

So this is I guess how you should keep this right?

Okay, this is going to be interesting starting a fire with the camera in front of you. Oh, man

Try this

Okay, we definitely have spark and there you go

So definitely a good fire starter or fire rod, I should say

Yep

Yep, this is really nice

Mm-hmm well guys the conclusion would be oh look it lifts it left a mark

On the black coating here when I scrape the ferrule

What did I guess it was to be expected because coating like this on a knife?

That you should use it in the outdoors

Well the way, this is intended to be used is put your thumb here

Put your tongue thump here

Grab it from here like this you

Should press this but if you do that?

This is going to leave a burn on your hand

So you always want to do this?

and if you do that you're going to cut yourself because this is a scraper and

scraper you just usually are grinded down to 90 degrees and

90 degrees is actually the starting of an edge so and you better be careful with that

If you keep your finger here, you don't want to do this fast because you're gonna cut yourself here, but overall for

the money that this thing costs

Say it's

It's ridiculous that

It's ridiculous because it's so good, so I'm impressed with Lena's knife

all right, let's put everything together, so

This will go like this

Look at that

Can you can't get this out of the sheet, this is ridiculous this

is

$100 knives right here

I

Hope that prepare mind 101

Chris sees this

Because he's a very good knife designer, but all his knife designed by him are

100 maybe

150 dollars

So this is 40 dollars Chris

Got them, this is a sturdy knife with a sturdy sheet

and

You also get a decent fire steel

In your package right there oh

There you go

Let's get this out of the way the knife here where we can see it

Guys thank you so much for watching this video it was a pleasure for me doing it. I'm so glad that this knife finally arrived

it took about

20 days to reach me which is not a lot

Keeping in mind that this came all the way from China

So it's it is a Chinese knife

This was just the unboxing video with some very fast

Very very fast ways of testing the knife that is I agree, this is not a conclusive test

so

In order to properly test this I will need a month or two

In the wild doing some serious testing on his knife and after that I'll just gonna come back and do a proper review

video on this knife until then thank you very much for your reviews, please like subscribe and

Have a good day. Bye. Bye

Không có nhận xét nào:

Đăng nhận xét