I'm a Christian*, a husband, a father, a grandfather, a friend, a business leader, a CISO (that's Chief Information Security Officer to the layman), a hacker, a Certified (SCUBA) Rescue Diver, a biker (Harleys mostly), a welder (not professionally), an American Mexican (like a Mexican trapped in an American body), a cancer survivor, a recovered alcoholic, a harsh self-critic, a problem solver, a problem creator, and LOTS of other things.
My world, like yours, is far from perfect. My world, like yours, is pretty f@cked up sometimes.
Regardless of my imperfections, and despite myself (I'm always my own worst enemy), my world is REAL and my world is f@cking AWESOME! The truth is, SO IS YOURS!
*DISCLAIMER: The words "Christian" and "religion" or "religous" are often misunderstood and misused. I'm a Christian, but I mostly despise religion. I call myself "a dirty Christian". A future blog post here.
Experience
Completed
Superpowers
Before Money
Hi, I’m Evan Francen—a straight-talking, 30+ year veteran of the information security industry on a mission to fix this broken industry. I’m not here to sugarcoat things or dance around tough conversations. I call it like I see it, and I believe that’s exactly what the world of cybersecurity needs right now.
As the co-founder and CEO of FRSecure and SecurityStudio, I’ve spent decades helping organizations—from Fortune 500 companies to small businesses—navigate the ever-evolving landscape of information security. I’ve developed tools like the S2Score to measure risk, created the first-ever CvCISO® certification program, developed Project Broken Mirror, and founded the free CISSP® Mentor Program, which has reached over 100,000 students in 120+ countries.
I’ve been privileged to serve as an expert witness in high-profile cases, advise boards and legal teams during massive breaches, and write extensively about security challenges. But my favorite role? Being the guy who says what others won’t and gets the job done.
When I’m not buried in cybersecurity work, you’ll find me tinkering, scuba diving, or spending time with my family—I’m a proud dad of five and grandpa to eight. Whether I’m diving into code or the ocean, I always bring curiosity and drive to the table.
Let’s fix this broken industry together. Join me on the journey—no BS, just results.
Fix the broken industry.
Yeah, I'm ALWAYS working on "projects"! Maybe you'd like to help me?
ADHD is my superpower. You read that right!
Imagine taking a guy with ADHD and giving him a mission (purpose). Now, take this same guy and somehow give him 30+ years doing what he was built to do.
I did a lot of things that I guess you’d call “illegal” in today’s world. Everything was driven by curiousity and showing off to friends. Using things beyond their intent or whatever boundaries there were. Thank God for the Statute of Limitations!
I know I’m biased, but this is the BEST information security consulting company on the planet. It’s the best because the PEOPLE who work here are the best!
100+ employees ALL devoted to the MISSION.
I was told we have a shortage of talent in the information security industry. So, I decided to offer free training to anyone/everyone.
In the first year, we had six students. Last year, we had 21,000+ students from 150+ countries! This has been an AMAZING ride so far.
There was a chapter of life before FRSecure, filled with crazy information security adventures! Working for companies like Jasc Software (makers of PaintShop Pro), US Bank, United Health, Wells Fargo, MGI Pharma, etc.
A SaaS platform to serve partners, customers, and underserved markets with proven solutions that we’ve learned from serving 1000s of customers over the years.
We made cool things here like the S2Score, S2Org, S2School, S2Vendor, S2PCI, S2Team, S2Me, and others.
The Target Breach of 2013 was arguably the most widely recognized breach in history. Somehow I got hired by a group of high-powered, highly-skilled lawyers investigating the claims in derivative litigation.
It was a wild 21 months! If you want to read the SLC’s motion to dismiss, you can read it here.
Work in progress I suppose.
Most people say good things, but some are afraid to say anything. Telling the truth without beating around the bush is appreciated by some and offensive to others. If you know me, you know that I appreciate EVERYONE'S perspective.
“You are extremely transparent, honest and candid. And Yes, thats a good thing! And that’s what we all love about you as this pioneer and godfather of cybersecurity that you are!”
“I don’t think I’ve met a more successful guy in this industry with less bullshit”