This led me to back to thinking about the new normal again. Things are changing rapidly and continuously, as we all know. And in getting back to normal, that is not going to change. That is one of the aspects of getting back to normal that is here to stay. So, we see things like the Exchange Server attacks by Hafnium (a Chinese threat actor) that we learned about in February, 2021, or the Solarwinds attack that we first learned of in December, 2020. These things are going to continue to happen. And faster, more rapidly than ever before.

Side note: In the Solarwinds attack, 18,000 entities globally were vulnerable. But only 10% or so were actually breached by malicious actors. In the Exchange Server breaches, over 70,000 entities were vulnerable and it appears that 30,000, or so, were breached by malicious actors. The changes in magnitude are quickly exploding.

At the same time, so is the change in our own networks, applications, and infrastructure supporting our schools, governments, companies, and homes. Over the last 12 months we have seen organizations move ALL of their data and applications to cloud computing, whether to something like Amazon Web Services or to Software as a Service like Sales Force or to Storage as a Service like Dropbox. They are moving, or have entirely moved, their traditional network infrastructure (authentication, file services, email, office productivity) to the cloud as well: Google Drive, Microsoft Azure, Apple iCloud have all been great beneficiaries of this. Many of these organizations are maintaining crazy hybrid environments. All in a quest to support their business that is seeking to survive this insane time we are going through.

But all of this leads us to how do we, security professionals, deal with the inevitable problems that this is going to introduce in to our networks. Unpatched systems, poorly configured authentication, new vulnerabilities, and more. How do we deal with the cyber hygiene problems?

I’m going to suggest that now is the time for even more of the basics than ever before. Every vendor under the sun is going to try and sell you some miraculous tool to solve your problems. It will be magical for the low, low price of just XXXX. And I’m going to tell you that your first instinct should not to be to buy some magic silver bullet. We’ve been chasing the silver bullet in security for decades now. If that was going to work, wouldn’t it have worked already?

What I can tell you from decades in the business, as both a practitioner and a vendor, is that the organizations that solve the basics are the ones that do the best when confronted by security challenges.

But, just like everything else about Getting Back To Normal, there are going to be changes you need to make to the basics. You have to patch faster. You have to look deeper into your environment. You have to connect on-prem and cloud systems better. You need more resiliency in your defensive layers. And, most importantly, you have to figure out how to detect and respond to bad things much faster.

If you do, your organization stands a chance in the new normal.  

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Getting Back To New Normal and Good Security Hygiene appeared first on Security & Cigars.

And that really means all sorts of things. We are going to see people returning to working in offices, children back in schools, bars open, regular travel again.

However, the world changed dramatically 12 months ago. Businesses transitioned to a completely remote work force and no travel. Schools moved to online education. Bars are allowed to send you cocktails via Uber Eats. The genie of a modern, networked, computerized world is well and truly out of the bottle. In our desire to “get back to normal”, we haven’t realized that there is no going back. You can’t stuff the genie back in the bottle.

And this new world is going to be difficult and challenging, fast paced, and ever changing. March 11, 2020 is as much a world changing day in the history of the world as November 11, 1918 or September 11, 2001 or August 6, 1945.

I will be seeing the Mariners play baseball in person, working from home, supporting clients globally, and traveling somewhere this summer with my family. And perhaps all of that explains my thinking in joining Milton Security a few weeks ago. I had literally left my previous employer just a few days prior. In the past, I’d always taken a little while to figure out what is next, what I want to do, where I want to go. This time, though, it happened very quickly, just a couple days.

And that is part of this “new normal”. Things change. Rapidly. You have to adjust and adapt just as quickly. An opportunity to do really great things in this brave new world popped up and I jumped on it. A company by veterans, dedicated to supporting veterans, and committed to the mission of protecting clients. What could be better?

So, here I am …. and yes, there will be cigars and FUD, not just blah blah about security stuff. Meanwhile, I’m the Chief Operating Officer of a great company, working with one of my best friends, taking care of great people.

As Jim McMurry and I say to each other … #BLESSED

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Back to Normal appeared first on Security & Cigars.

I know the other day I was somewhat flip, and absolutely critical, of a common social media behavior used by many in the sales, business development, and marketing professions. But, perhaps, I wasn’t clear on two things. First, why this behavior is so wrong and second, that I absolutely like, need, and want good sales folks in my ecosystem.

What has happened is that many folks in sales, marketing and business development have turned to using social media in the same way that they conduct direct email marketing. When I announced that I had a new job on LinkedIn a couple days ago, I immediately (within minutes) got hammered with private messages. And they said things like:

“Congratulations Eric!!! I would like to discuss <insert product here>”

And I know a bunch of you folks are scratching your head wondering why this upset me. After all, the point of social media is to give you a platform to connect with me. Well, yes, it is. But there is a reason why this social media behavior is a bad idea and misses the point of social media.

Social Media: Virtual Gathering Space

Facebook, Twitter, LinkedIn, etc are not email or phones. They are virtual meeting places. It’s sorta like a big gathering hall, with tons of people in it, and they are all slowly circulating, interacting, and making friends, talking trash, and much more. By trying to turn LinkedIn (and the others) into a more effective direct marketing tool, you are not just missing the point. You are upsetting the rest of us who view these forums as a big virtual social gathering space.

What you are missing is that you have done nothing to build a social relationship with me. You have not gained my trust, established that I want to talk to you, made a friend, etc. So, your message is going to get treated just like the email that you also sent me. It’s going to the bit bucket. And every message/email after that. Because you haven’t given me a reason to care.

To be clear, I need products, people, and processes to have a great Information Security program. Which means I need sales people to help connect me to those things. But you have to use your tools correctly. And social media is where you build relationships, friendships, and trust. If you do that right, when you do pitch me on your products/technology/services, I will be open to hearing what you have to say. And you will naturally enter into the selling phase of the relationship.

Facebook 0 Twitter 0 LinkedIn 0Shares

The post How To Get My Attention appeared first on Security & Cigars.

When I shot her a quick note this morning about the bonus offer, Katie got excited all over again. I asked her if she had a travel credit card, and she said that was next on her “being a grown-up” list of things to do. Thinking about what travel credit card to advise her to get, I asked if she was loyal to a specific hotel chain. After saying “wow, imagine being fancy enough to prefer a particular hotel chain”, then Katie said to me “please advise” ….. hence the new blog tags of “please advise”, “being a grown-up” and “doing adulting right”.

Millenials are the biggest group of new travelers, with cash in hand, that the airlines and hotels have seen since the Baby Boomers …. And travel was radically different in the 1960’s and 1970’s. And the airlines, hotels, credit card companies definitely are not going to help you with this topic. So, I thought instead of just texting Katie advise on this, I’d write a blog post about picking a hotel chain (which is a little complex right now). That’s coming next.

But first, back to that travel credit card. This should be fairly easy. The first thing is, you need to know if you have a good credit score. I could write a whole blog post on just that (and probably will). But here’s how to find out. Go to Discover’s credit scorecard and signup. You’ll get your FICO 8 score via your Experian credit report. You want your FICO score, which ranges between 300 and 850, to be in the “good” range for general ability to get a credit card without having to jump through a million hoops. If you have low/poor credit scores, that is an entirely different topic for another day. Meanwhile, if your FICO score is over 670, you have a great likelihood of being approved for a good travel credit card.

This infographic is a great review of the basics of how a FICO score works.

There are really two choices on travel credit cards that make sense.
The first is to get a credit card co-branded with your airline. I travel with Delta, so I have a Delta branded American Express. Every dollar I spend on that card gives me a mile on Delta. Every time I buy a Delta flight with it, I get 2 miles per dollar. Plus a slew of other benefits, like Delta SkyClub access, rental car insurance coverage, a concierge line I can call and have them book flights and hotels for me, etc.

The second choice is to get a general purpose travel credit card or charge card. These include choices like American Express charge cards (Amex Premier Rewards Gold is a great choice) or Chase Sapphire credit cards (with a FICO score above 670, reasonable income, low credit utilization, you can likely get a Sapphire Preferred card fairly easily).

What is the right choice? Well, a lot depends on you and your airline choice. That said, if you have committed to a single airline for travel …. Which early on in adult travel, you really should …. Then your best first option for a travel credit card is the one co-branded with your airline. It will give you mileage earning on purchases directly with the airline AND all your other purchases. Plus, likely, it gives you a free checked bag, early boarding, and more. Plus, accumulating all those frequent flyer miles will help you to take leisure travel for free while having your employer pay for your business related travel (that you book on your personal travel credit card). Most employers are totally okay with you double dipping this way, so you absolutely should.

I take my family on a large vacation pretty well every year. And the airfare is always covered, for a family of 4-5 (depending on which kids are around), by my Delta skymiles. This year, four of us are going to Europe for 2 weeks!

One important caveat – Credit cards are not “extra money” for you to spend and then make minimum payments to your credit card company. This will heavily impact your credit score, your ability to get more credit, and your opportunity to use that credit card appropriately. You need to commit to your credit utilization being 20%, or less, of your total credit line. If your credit card has a $5000 credit limit, you should never end a billing cycle with more than a $1000 balance on your card. If that doesn’t work for you, then a travel credit card strategy is not for you.

So …. First steps for a young person wanting to be “a grown-up”, as Katie would say, is to pick a single airline for all your travel, both business and leisure. Then figure out your FICO credit score and make sure it is over 670. Then get a travel credit card with your airline. There’s a lot more and this topic can get really advanced, but there’s the starting point. Have fun!

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Travel Like a Pro appeared first on Security & Cigars.

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Trolls appeared first on Security & Cigars.

Courion acquires Core Security

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Eric Update appeared first on Security & Cigars.

One of the things that was going to be key was to share my experiences on tanks and to show pictures of tanks. And, because of the awesome contributions of Adrian Crenshaw, I am able to share not just the slides and pictures of tanks, but the entire presentation with you.

Everything I Know About Information Security, I Learned Shooting Tank Guns!

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Information Security and Tanks appeared first on Security & Cigars.

Homeland Security And Cyber Threats

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Emergency Preparedness and Cyber Security appeared first on Security & Cigars.

Be that as it may, I’ve been thinking about something and thought I would put it out there.

I often hear that perfection when it comes to risk is critical for airlines and the aviation industry. But that perfection is not possible for the security industry and we just have to do our best. Now, let’s think about this for a minute. Does it really makes sense to just blithely say we can’t do it, throw our hands in the air and give up?

When I was a kid growing up I remember roughly an airplane crash almost once a week on the evening news. It was sort of common place. Today? We are shocked when it happens. This chart, which is available from Plane Crash Info, makes really clear the change over the past 40 years.

Notice the steep decline that began around 1990. How did this happen? Simple, the aviation industry made a very clear choice to reduce risk. Instead of shooting for perfection, though, they spent time identifying risks and deciding how to eliminate the risks. They took each small thing that posed the risk of an accident and found a way to reduce or eliminate the risk. The chart above is impressive considering the dramatic increase in passengers, planes and miles flown that began around 1990.

Now, let’s do a thought experiment. Suppose that the risk reduction efforts hadn’t happened starting in the 1980’s. As the number of planes, passengers and miles flown doubled and then tripled, what would that chart look like? How many crashes would occur regularly? Fatalities? Impact to airline profitability? Impact to flying trends? Costs of insurance? And so on.

We security types need to look at the aviation industry for our model. Each time we identify something that poses the risk of a breach, we need to invest in that small risk reduction. Rather than trying for perfection, we need to address each small thing, every day. Incremental improvement. And suddenly you will look back and realize that your risk posture today is much lower than it was in the past. Your chart can look like this one.

Take your pick. I know which way I will go.

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Thinking About Reducing Risk appeared first on Security & Cigars.

His question revolved around what a board member should be asking to get informed about the security program of the company he was responsible for as a Director. This is a fantastic question. One I think more Directors need to think about. After all, they have a fiduciary responsibility for that company.

I wrote my former CEO a long (for me) email around all of this. After thinking about it a bit, I realized that this is something that should be shared more broadly. So, stripping the personal content out, I am including my answer to John in full for your reading pleasure.

————————————–

I think a board member’s focus should be on whether the security program has good governance, visibility at the right level and is addressing key threats and issues. Questions to ask, include the following. And you should follow up with more questions, based on the responses to these.

Q1 – to the CEO – how often do you interact with the security leadership of your organization. Do you know the top 3 security threats facing your organization? You and I interacted at least once per quarter the entire time I we worked together. There was great value in this.

Q2 – to the Leadership generally – How have you empowered the security leaders to address current security issues? How confident are you that you will not be the next Target, Community Health, Anthem or Premera?

Q3 – To the senior leader responsible for security – How is the security team organized? What level of the organization does the security leader report to? Is he/she buried too deeply in the leadership hierarchy?

Q4 – to the leadership generally – How is the leadership of the system assuring itself that they have a security program that meets their fiduciary responsibilities to the owners/sponsors, to the system itself, to the patients? Does the security leader meet regularly with leaders, with business unit leaders, with the Board, etc. Is there a system of measurement in place to demonstrate maturity and efficacy of the security program?

——————————-

In my experience, Board members are not having these conversations with senior management. If Board members don’t do this, then senior management is not going to dig in to security. It’s that simple.

Facebook 2 Twitter 0 LinkedIn 2Shares

The post Advice for Board Members appeared first on Security & Cigars.

I’ve been writing and presenting on what is going on for years now. For example, there is this piece I wrote in July. In it I said that you could reduce 80-90 percent of the risk you face by doing the following:

• Patch and Update (yep, they listed it first)

• Good fundamental policies

• Security education

• Encryption where it’s warranted

• Serviceable perimeter protection

• Identity and Access Management

Based on the onslaught of breaches since then, this hasn’t sunk in yet. Nor the 14 other times I wrote some variation of that piece. In Jan, 2008 I gave this presentation to the ISSA CISO Forum …. notice that most of the things I call for Information Security leaders to do is still the focus of presentations being given today.

Today, I was reading an article in CIO that sparked this rant. This gist of the article is that 2015 will be much worse than 2014. Sadly, I agree with this. And that Boards will become very involved in what is now clearly a fiduciary risk. Worse, the CSO won’t be able to answer the questions asked by the Board. And the CSO won’t have done the fundamentals needed to build a good security program ALTHOUGH they will have spent millions on fancy next generation firewalls and end point incident detection (you know just who I mean, I don’t really have to name names, do I?). As the article points out:

There are four foundational responsibilities that companies must address; these responsibilities include asset identification, configuration management, change control, and data discovery. Many organizations have no idea what someone has plugged into their networks. They don’t know how people have configured these assets. They don’t manage change, and they don’t know where their critical data is located. “If you fail in those four areas, you can spend $50M on security products, and it’s not going to help you because the underlying vulnerabilities that create risk are still there,” says Cole.

Once again I am going to get on my soapbox, the one I’ve been on for like a decade now, and tell you security executives to fix your s**t or you are gonna get fired. Get your basics in order. You need to patch your systems now. You need to know who is going to attack you and how. You need to have encryption in place.

Don’t complain to me that your organization doesn’t support you and your CEO doesn’t care. Frankly, you’ve been paid huge amounts of money to figure out how to get the support of your organization. You need to do your job. And I promise your CEO cares about security. He or she does not want to become Greg Steinhafel.

So get your stuff together, figure out how to collaborate, how to communicate the issues up, down and sideways in the organization. Design a plan to get the basic foundations of good information security in place. Build a capability to detect problems. Have a plan for how you will respond to a security incident. Be prepared to solve the problems. What are you going to say when your Board calls you in to answer their questions?

Do the security basics well.

Either do that or get a resume ready.

Okay, end of rant. Return to your daydreams of fancy systems designed to fight off the dreaded APT.

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Do The Security Basics Well ….. AGAIN (and again, and again) appeared first on Security & Cigars.

Lagavulin, Graycliff and a Montecristo

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Cigars appeared first on Security & Cigars.

What’s the value?

By moving through this model, organizations will simultaneously 1) reduce risk exposure and the likelihood of a breach 2) gain ongoing visibility into true business risk, improving future decision-making 3) align IT, information security, and the rest of the organization in the direction of strategic business goals and 4) significantly increase operational efficiency. It’s not merely an ideal model from a security perspective; it’s a no-brainer for the business.

So take a look. What do you think? Can you easily identify where your organization stands on the model, and steps for advancing to the next level? Looking forward to your thoughts and feedback!

PS This is free to the security community and completely focused on how security programs improve their ability to reduce the risk of breach. It is not a product, nor are we selling it.

Facebook 0 Twitter 0 LinkedIn 0Shares

The post The Threat & Vulnerability Management Maturity Model Arrives appeared first on Security & Cigars.

Below the fold are some of the pictures I took while I was up there.

Yes, I was 1480 feet above Dubai.

Burj Khalifa is the world’s tallest building

Looking down at a manmade lake from 1480 feet in the air

Looking out at Dubai

Straight down, camera over the railing

Another almost straight down picture from Burj Khalifa

Another view of Dubai

Facebook 0 Twitter 0 LinkedIn 0Shares

The post The Burj Khalifa appeared first on Security & Cigars.

23 years is a long time. I left Saudi Arabia on April 14, 1991. And I was prepared then to say that I would never go back to the Middle East. In fact, until a few months ago I would have told you that the only country in the Middle East I would ever willingly visit, unless things changed dramatically, was Israel. Obviously, now I find myself in the Middle East again.

It’s really an interesting experience. So many things are similar. The smells and sounds are the same. The color of the sky, the way the town and the horizon and the colors look. They are different here. It’s more brown, less green, of course. But really, it just looks different. And it all brings so many memories flooding back.

This picture at sunrise may help to explain the difference in sights and colors.

Dubai at Sunrise

And there are also many things very different. The UAE, especially Dubai, is much more cosmopolitan, secular and tolerant than almost ever other Persian Gulf country. Men and women are dressed anywhere from modestly western to very traditional Muslim. There is an incredible amount of construction going on in Dubai, as well. The number and variety of global businesses with a significant presence here is pretty impressive, too.

I’m here for the GITEX conference this week. My company, Core Security, is working with our partner in the Middle East, StarLink, at the conference. My focus, of course, is on security program maturity, advancing from vulnerability assessment to vulnerability management, making your program effective.

It’s been a long time, but I am actually in this part of the world again. But, thankfully, for a very different reason.

And yes, I will smoke a cigar or three.

Facebook 0 Twitter 0 LinkedIn 0Shares

The post 23 Years is a Long Time appeared first on Security & Cigars.

Brian Krebs announced last night that there has been a huge data leak at MBIA, the nation’s largest bond insurer. On Monday, he notified MBIA Inc. that a misconfiguration in a company Web server had exposed countless customer account numbers, balances and other sensitive data. Much of the information had been indexed by search engines. That includes a page listing administrative credentials that attackers could use to access data that wasn’t accessible via a simple Web search: https://krebsonsecurity.com/2014/10/huge-data-leak-at-largest-u-s-bond-insurer/

Let’s be honest, a misconfigured webserver simply should not happen. This is what makes this a preventable breach. This is the same class of problem as connecting a test server with a default password to the internet, like happened at Healthcare.gov. IT organizations should have quality, change and configuration management controls in place that prevent this in the first place. And even if that should fail, their information security teams should be performing testing of systems and continuous monitoring, because a set of check boxes on a change management form does not mean that all is well.

This sort of thing happens much too often, but that doesn’t make it okay or acceptable. This would be akin to leaving your car unlocked and the keys in the ignition. The person who steals the car definitely is the criminal, but you didn’t do the most elementary things to keep your from being stolen. Preventable, to say the least.

What can Information Security teams do to tackle the “Preventable Breach” category more effectively. They need to improve the maturity of their own program. This has two significant outcomes.

First, by doing so successfully, they will better monitor for issues like this. Not only that, but that improved maturity means that issues like this can be framed as Key Risk Indicators for their organization. A KRI tells the organization that there is a significant potential for impact to, or disruption of, significant operational or strategic areas of the organization’s business. This is where security teams can really contribute value to their business. In this case, the security team may well have known that the IT team wasn’t always great at change and configuration management. That knowledge can be used to alert the business that key eCommerce systems may be at risk of failure or breach, impacting the ability to conduct business on the web.

Second, a security team that successfully improves its maturity will create a forcing function on other teams. If the security team begins reporting IT issues as KRI’s to the business leaders, the IT organization will have to do something about it. And they should improve their maturity as part of that solution. Security can become a leader in the organization as a whole maturing around Information Technology and Security. That’s a good thing.

My Threat and Vulnerability Management Maturity Model is something that all security programs needing improvement should consider adopting as part of their approach to eliminating “Preventable Breaches”.

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Another Preventable Breach appeared first on Security & Cigars.

Most people in the information security field … know that I am firmly convinced that the bad guys are currently winning the war we are engaged in. This move is, in many ways, because I want to do even more to change the situation. One key area where we can do that is by providing security professionals with tools that allow them to reduce the attack surface they have to worry about. Right now, organizations have to defend everything. CORE Security can help with how to defend what is critical in ways that are meaningful. Frederick the Great said, “he who defends everything defends nothing” … and that applies now in information security as much as it did in the 1700’s during Frederick’s military campaigns.

And that has really turned out to be my focus for the last 12 months. Providing tools and methods to Information Security and Information Technology organizations that enable them to be more effective, to focus on what’s critical and to improve the maturity and capability of their information security programs. I have had an opportunity to create the Threat and Vulnerability Management Maturity Model, which is already seeing adoption by organizations as a means of improving a critical component of their information security program. It’s so obvious that it is being adopted ahead of us officially releasing the Model for comment and improvement.

This adventure has been broader than that, though. My family has adjusted to me travelling to every corner of the US and a bunch of places globally, too. Not to mention that this job is a passion that consumes me. On the other hand, I think I am much happier, in general, than I was in the last couple years at Providence.

Over all, it’s been a great year. In a great company. And doing some really cool stuff. There have been, as there will be in small companies, some really high points and some really low points, amazing success and incredible challenge. But that sure makes life far more exciting and interesting.

Shall we see what next year brings?

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Year One appeared first on Security & Cigars.

I should also note that we appear to be ahead of most folks in this line of thinking. I read an article on financial services cyber risk today where it appears that someone (the SEC, perhaps) is developing risk management standards that “firms in the industry could better use to spot and block cyber-attacks.” Sounds an awful lot like our Maturity Model. Nice to know we aren’t the only folks thinking about this and glad to see others following where we are already at. 

I thought I’d share the mostly final graphic of the Maturity Model. This is something that anyone is free to use for their security program as long as you provide attribution to Core Security and I for our development of the Model.

Facebook 0 Twitter 0 LinkedIn 0Shares

The post The Maturity Model … Matures appeared first on Security & Cigars.

On Monday, with a little rest and a weekend under my belt, Core’s Communications Manager asked me what I thought about BlackHat and how it was different from the past. A couple folks chimed in, not just me, and there’s a good write up on the Core blog. I thought I’d put my relevant thinking in a quote here and invite you to read the whole thing, as well.

Sure, the conference has become much more mainstream,” noted our VP of Advanced Security and Strategy Eric Cowperthwaite. “Some have started to refer to it as ‘RSA Lite.’ I think that is unfair. This is a conference dealing with the concept that anything and everything can be hacked, broken into, attacked, cracked – that’s an idea that only recently went mainstream in the security industry. You now have CISOs and hackers, big and small companies, all mingling together because the security industry is finally embracing reality.

Seems like a good thing, to me, that the suits (myself included) are finally embracing the reality that BlackHat has presented to the security world for a long time now.

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Thinking About BlackHat – The Suits vs. The Shorts appeared first on Security & Cigars.

Then I’m gonna get some sleep, get on a plane tomorrow and head home now that Security Summer Camp is over with.

So far have seen many good friends, like RSnake, Bill Brenner, Alex Hutton, Katie Moussouris, Wendy Nather, Mortman, McKeay, Adam Shostack, Richard Stiennon, Mark Weatherford, Mike Yaffe, MattJay, Michael Farnum, Cindy Valladares, ThatDwayne … hmmmmm, not sure I can catalog everybody. Sorry for those I missed. It’s been great to see you, chat with you, get caught up and generally enjoy summer camp.

Facebook 0 Twitter 0 LinkedIn 0Shares

The post Just A Few Things Left appeared first on Security & Cigars.