2019 New Directions in IT Education Conference

/in /by

This was a wonderful opportunity to talk to some fascinating people; people tasked with helping us create the future talent of our industry.

It was also the fourth talk at the fourth conference of the week, so things were getting a little weird. Regardless, I always enjoy this and I’m having fun!

About the 2019 New Directions in IT Education Conference

This is an annual conference attended by “educators and industry experts”, sponsored by the Minnesota State IT Center of Excellence.

According to the conference website:

Minnesota State IT Center of Excellence, invites industry professionals, employers, and Minnesota State faculty members to convene at our annual free IT conference that takes place in May.  Explore emerging employer needs, identify specific implications for student learning outcomes, and map out actions that individual faculty and departments can implement, and identify comprehensive innovations to be developed collaboratively.

A really cool opportunity to speak and collaborate! I was here for two reasons:

  1. Deliver a keynote talk
  2. Participate on a panel of experts

I was with some experts, but I’ll apply that word loosely to myself. The full conference schedule is here.

Keynote Plan A

If you know me, you know that I wing it a lot. This makes me very hard to manage, and it can get frustrating for people who work with me. It’s just how I roll.

I prepared my talk for this conference four (maybe five) days ahead of time. That’s crazy good for me! My talk was/is titled “Seven Facts About Unicorns”. I put a lot of work into the presentation and I was excited to give the talk (at the time I wrote it).

Keynote Plan B

There wouldn’t be a need for Plan B if I had just stuck with Plan A, but what fun would that be? Driving on the way to the venue, I changed my mind. I didn’t want to talk about unicorns anymore. I even said to myself in the truck, “Seriously Evan?! Don’t do it.” Thankfully, I was 45 minutes ahead of schedule, so I pulled off at a local coffee shop to create a new presentation.

Some people (I/me) never learn.

I grabbed a cup of coffee, tore my laptop out of my bag, and begin pounding away on the keyboard. What would I talk about though? Hmm. Got it! I will cover the first 38 of 100 truths about information security. I started the #100DaysofTruth series 38 days ago, at the time of the talk (at the time of this writing, I’m on day 50). I felt like hitting some hard truth with the educators in the audience. So, that’s what I did. The title of Plan B was “38 of the 100 Truths About Information Security”.

Whipped the slides together, and away we went!

The talk went extremely well. The audience was engaged, and there were some great questions afterwards. We’ll save the unicorn talk for another day. 😉

Here’s a copy of the presentation if you want to look at it or use it.

Want to see the Seven Facts About Unicorns talk? What’s it worth to you? Just kidding, here it is. I still might deliver this talk someday.

Panel of Experts

This was cool! I just got to sit there and answer questions. Not all the questions, but only the ones where the other two panelists didn’t answer. I suppose I also added a few things here and there to their answers, but the other panelists were dead on I think. You know how you have to add something once in a while to make people think 1) you’re still paying attention and 2) you’re smart and stuff? I did some of that.

It was an honor to sit on the panel with Ryan Manship from RedTeam Security and Sahar Ismail from Legacy Armour

Overall, it was an awesome conference and a great way to end a crazy week.

2019 Secure360

/in /by

Almost caught up with my conference and talk summaries from a couple weeks ago!

Secure360 is arguably “the” security conference in the Twin Cities each year. 2019 was the 14thyear for the event and it was very well-attended.

About Secure360

In the words of the Upper Midwest Security Alliance (“UMSA”):

This marked the first year that the event was held at the Mystic Lake Center in Prior Lake, and it was a perfect venue. Secure360 is a two-day conference, and I showed up in the afternoon of day two for my talk. I wish I had been able to be there for more, but business kept me away until then.

My impressions were very positive. The event was well organized, and there were people everywhere. I ran into a bunch of people that I know, which made the event comfortable too. I didn’t spend any time in the vendor area because I hate being sold stuff. Walking through the vendor areas at conferences sometimes feels like trying to survive a lions den with a T-bone hanging from my neck.

Judging from the published program, the quality of speakers and the content of talks was very good.

2020’s Secure360 conference will be held at the same place on May 5thand 6th. It will mark the 15thyear, one heck of an accomplishment!

What was I doing there?

Just two things this time.

First, just like the Loffler event, this was a great opportunity to say “hi” to a bunch of people that I don’t get to see very often. I ran into some people that I haven’t seen in a very long time! Fun to catch-up.

Second, I gave another talk.

The Talk

The title was Speaking Information Security. A copy of this talk can be downloaded here (link) and it’s also available on Secure360s site.

Like the other talk earlier in the day, this one was also well-attended. This room was mostly full, which sort of surprised me. I was surprised because my session was in the last group of sessions on the 2ndday (last day) of the conference. I didn’t think people would still want to hang out. They did. Here’s what I said to them (in jest, of course).

“Ever throw a party? You know when the party is winding down, and there are those folks that just won’t leave? They keep milling around, you’re tired, and you’re trying to shoo them out the door… That’s you. You’re though folks.”

The Secure360 party was coming to an end, but these infosec party animals wanted to keep going. They were committed!

This was essentially the same talk I gave earlier in the day at Tech Fest, but I was bolder with this crowd. I might have been a little ornery because I was getting tired (3rdtalk of the week), or maybe it was because I was talking to members of my own tribe (information security people). The point of the talk was to drive home the fact that we don’t speak the same language in our industry, and to make matters worse, we don’t have any good translations either. Take slide 7 for instance (pictured below).

Information security is… What? Just about everyone in my talk was a security person, but nobody wanted to give me an answer. Why? As I continued, through the presentation, there was head nodding everywhere. Slide 20 made sense to everyone it seemed. People were taking notes anyway, and nobody spoke up in disagreement.

By the time we got to slide 31, you could see skepticism growing on some people’s faces. S2SCORE for free?! FRSecure has sold millions of dollars worth of S2SCORE assessments over the years. Why would we make it free?! The simple answer comes from our mission; to fix our broken industry. Our mission is this, not to make millions of dollars on something that everyone should have. Let’s spend more time and money on fixing things.

I asked the audience, “How many of you are skeptical?” Only a few raised their hands. To the rest, I said (in jest again), “I thought you were all security people. I’m disappointed that more of you aren’t skeptical!”Laughs (maybe just obligatory ones). To the skeptics:

Help us. Join us to make a singular information security language that ALL can speak, and ALL can speak freely.

To the obstructionists; buzz off and get out of the way.

The talk was well received. People genuinely seemed interested, and a dozen or so stayed to talk with me afterwards. Met some new people and I’m looking forward to working with some of them toward some common goals. Oh yeah, I gave away some more books too. I like giving stuff away.

Overall, Secure360 is a great conference. I highly recommend it for the quality of the content and the wonderful people everywhere, which makes for great networking opportunities. Way to go UMSA!

Loffler Tech Fest 2019

/in /by

Where does the time go? Loffler Tech Fest 2019 was held at the St. Paul (MN) RiverCentre on May 15th, and I couldn’t get around to writing this short summary until now.

Ugh.

This was the 2nd talk I gave (of five) that week, and the first of two I gave that day. This is my short summary.

About Loffler Tech Fest

It’s rare to find a quality event that’s free these days. Heck, it’s becoming rare to find a quality event period. Loffler pulls it off each year, and it’s fun to be a part of it. I don’t know how many people were there exactly, but I’d guess there were 1,500, or so. Highlighting the event was the keynote given by PJ Fleck, Head Football Coach, University of Minnesota and the IT Panel Discussion Featuring Twin Cities Business Leaders. Seated on the panel were:

  • Ben Davis – Executive Vice President & Chief Digital Officer at Cambria
  • Cindy Trousdale – Chief Financial Officer at Shaw-Lundquist Associates
  • Steve Molander – Chief Information Officer at Frandsen Financial Corporation
  • Barry Doerscher – Chief Information Officer at Midwest Dental

I know Ben and Steve, and they are amazing IT leaders. If the event only had the keynote and panel, it would be a success. There was more though. There were four technology sessions, prizes/vendor showcase(s), and a networking happy hour.

What was I doing there?

Three things, I think.

First, I stole PJ Fleck’s badge and showed it to my friends. The chances of me passing myself off as PJ Feck were very low, so I gave it back. This was more about having fun than anything else.

Second, this was a great opportunity to say “hi” to a bunch pf people that I don’t get to see very often. I love people and I love seeing them when I can.

Third, I gave a talk.

The Talk

The title was Speaking Information Security. It was well-attended. Maybe 80 people. I didn’t count, but the room was full. (I gave a talk once ~8 years ago where nobody showed up! Another story for another day).

This was a new talk, and I planned to deliver it twice that day; once here at Tech Fest, and again in the afternoon at Secure360. Not only does this save some time and frustration with PowerPoint, but I wanted to judge the audience reactions in both venues for a couple of reasons.

  1. The Tech Fest audience was mostly IT folks, not necessarily security folks. The audience in the afternoon would mostly be security folks, not IT folks.
  2. I’m the CEO of two companies; FRSecure and SecurityStudio. The Tech Fest talk was delivered as the CEO of SecurityStudio, while the afternoon talk would be delivered as the CEO of FRSecure.

A copy of this talk can be downloaded here. Arguably the biggest deal in the talk was the announcement that we’re going to be making the S2SCORE (self-assessment) free! I hadn’t even officially told my team yet. More to come on this later…

The talk was fun, as most are. The talk went over well, I gave away a few free books, had a few laughs, and answered a bunch of good questions. Stayed another 30 minutes(ish) to talk with people before I needed to leave for the next conference.

Overall, I loved the conference. Kudos to Loffler and all the cool people there for pulling off a great event!

The UNSECURITY Podcast – Episode 29 Show Notes

/in /by

Hi again! It’s time for the episode 29 show notes, and I’m on time again. That’s three in a row if your keeping score.

Hope you all had a good week! Most of my time was spent trying to catch up, but that’s the norm. I only had one trip this week. On Thursday, I made my way out to Denver to give a talk (or workshop) about security incident management. The workshop was hosted by the Denver ISSA Chapter. The Denver ISSA Chapter is the largest ISSA chapters in the world, and you could argue it’s one of the best too. Some of the best people I have ever spoken to about information security. I’ll write a separate post about the experience. For now, we’ll just say it was awesome!

Last week, Brad and I discussed a crazy week that included five talks, four conferences, two classes, and a panel. Episode 28 was fun, as are most episodes. This week, we’re switching things up.

SHOW NOTES – Episode 29

Date: Monday, May 27th, 2019

Today’s Topic:

A special show and tribute. You’ll need to tune in for the details.

[Evan] Welcome! This is episode 29 of the Unsecurity Podcast! I’m Evan Francen, and joining me as almost always is my good friend Brad Nigh. How you doing Brad?

[Brad] Alive and well

[Evan] Brad, as you know, it’s Memorial Day. An important holiday in the United States. The holiday is specifically set aside to remember and celebrate the honorable men and women who have served our country and have passed on. We’re going to put a little remembrance about information security into today’s episode. What do you say?

[Brad] Yes. Let’s do that.

[Evan] The special treat for today’s episode is something that’s been around for a long time. Some of us who’ve been around for a long time will remember the day fondly, others will want to listen and know what life was like in information security.

[Brad] Sounds good! I know what you’re taking about and I think people will love it.

[Evan] A little more background and intro to the audio, then cut over.

Audio – A classic security discussion.

[Evan] Alright, we’re back. What did you think?

[Brad] Awesome. Such a classic.

Short discussion about the audio.

Less than three minutes.

Closing

[Evan] Alright. Thank you Brad. Don’t forget, you can follow me or Brad on Twitter; @evanfrancen and @BradNigh. Email us on the show at unsecurity@protonmail.com. That’s a wrap! Have a great week.

2019 North America CACS Conference Recap

/in /by

Each year, the Information Systems Audit and Control Association (ISACA) puts on a really good event in North America; the CACS Conference. This year’s conference (2019) was held at the Anaheim Convention Center from May 13 – 15. Read the conference brochure here.

This was my first time attending this conference. ISACA put on a great event in my opinion. Kudos to them and the 1,500 or so who were in attendance.

I was there for two primary reasons; to give my talk and to sign copies of my book at the SecurityStudio booth. Turned out there was a third reason that might have been more important than my original two; to meet a bunch of really cool people! The coolest of which were my wife, Kevin Orth, and Skylar Wickland (representing SecurityStudio).

The Talk

So, my talk was the first talk of the entire conference, in the Innovation Exchange.

Some Evan Drama

My talk was slated to start at 7:20am, but I thought it was supposed to start at 7:00am. I looked at the stage, looked around, and there wasn’t anyone there! Hell no. I’m not going to stand on a stage in an open space in the middle of all the vendor booths and talk to no one. I went over to the SecurityStudio booth, where my people were hanging out, and told them I was going to skip my talk. They were OK with that.

This slideshow requires JavaScript.

At 7:10am, one of the event organizers stopped by looking for me. She asked if I was ready to talk, and I told her that I was thinking about skipping my talk because there wasn’t anyone there. She said “What are you talking about? The place is packed, and we’re ready for you!” Turned out she was right, and the place was busy. ~100 people were there to hear my spiel (I mean “talk”).

What’s the most exciting thing to talk about on Monday morning, first thing? How about third-party information security risk management?! Maybe not, but there were plenty of people there and most were nodding their heads.

My talk was titled “Why?”. You can download a PDF copy – ISASC_CACS-WHY050719-FINAL-v2.

Book Signing

After giving my talk, people stood in line to get a free signed copy of my book. That was pretty cool.

This slideshow requires JavaScript.

Just when I thought I was done signing, the event organizers announced the book signing on the conference PA system. This brought a bunch more people. We only brought 150 copies of the Unsecurity book, and they all found new homes.

Cool People

My favorite part of the conference, by far, was meeting really cool people. This is usually my favorite part of conferences. When people came to get a book, I’d ask them two questions. 1) Where are you from, and 2) What do you do? I met some amazing people from Nigeria, Colombia, Belgium, Netherlands, Portugal, Spain, and all over the United States.

Overall, it was a very good conference. It was also a great way to start a new week.

The UNSECURITY Podcast – Episode 28 Show Notes

/in /by

Whaaaaaaat?! Is this two Friday’s in a row? I’m on time two weeks in a row? Sort of a miracle.

It’s been a crazy, crazy week. I won’t speak too much for Brad, but I think his was probably crazy too.

We started the week off with episode 27 of the Unsecurity Podcast. Special thanks to our guest Ryan Cloutier. I was in Anaheim, California while Ryan and Brad were in studio. We talked about information security in K-12, and equipping children for today’s (and the future’s) most pressing security and privacy challenges. Ryan’s insights were awesome and well-received.

We record our podcasts every Monday morning at 6:45am CDT. That made it 4:45am for me in California. Early start, and we ran hard ever since. The quick summary of the week consisted of five talks, four conferences, two CISSP Mentor Program classes and a panel. It was a really good week, but one where we had to hustle from beginning to end.

The five talks (conference, title, speaker):

  1. ISACA North America CACS Conference, Why?, Evan

  2. Loffler 2019 Tech Fest, Speaking Information Security, Evan

  3. 2019 Secure360, Disaster doesn’t have to be debilitating: The best way to build your disaster recovery plan, Brad
  4. 2019 Secure360, Speaking Information Security, Evan

  5. Minnesota State IT Center for Excellence New Directions Faculty Conference, 7 Facts About Unicorns 38 of the 100 Truths About Information Security, Evan

I’ll write something up about each talk and share the presentations later.

Turned out to be ~350 PowerPoint slides this week for the five talks, and two CISSP Mentor Program classes. PowerPoint hell, is what it was.

OK, enough. About the show. Figured we share our week and our experiences with you this week. There’s plenty of good nuggets in there.

 

 

SHOW NOTES – Episode 28

Date: Monday, May 20th, 2019

Today’s Topics:

  • The Week That Was; 5 Talks, 4 Conferences, 2 Classes, and a Panel
  • News

[Evan] Hey, hey. It’s time for episode 28 of the Unsecurity Podcast! I’m Evan Francen, your host for this week, and sitting right here next to me is Brad Nigh. How ya doin’ Brad?

[Brad] Brad tells us that he’s doing awesome! Because awesome people are awesome, DUH!

[Evan] Well, we survived the week that was. I wrote a little diddy online about my week. How was yours?

[Brad] His week was awesome! See above.

[Evan] I figured we take a week off from a guest and talk about our week. I learned a boatload of stuff last week and the talks were really fun. Whatya say Brad? You game?

[Brad] Awesome! Again, see above. You’ll notice a pattern. 🙂

The Week That Was; 5 Talks, 4 Conferences, 2 Classes, and a Panel

[Evan] Last week was a crazy week, but it was a fun week, and it was a really valuable week. I want to take some time to chat about our experiences. I gave four talks last week, and I learned some really good stuff in each of them. Let’s start with your talk at Secure360 though. Tell us about it.

[Brad] Tells the story.

[Evan] Start with the ISACA talk, leading to open discussion.

Open Discussion About Talks, Classes, and the Panel

Blah, blah, blah and such…

[Evan] Cool! It was a great week for both of us. Everything taking us steps closer to our mission. Can’t say how grateful I am to do this stuff with our amazing team, especially you sir. [I’ll probably give Brad some sort of wink or nudge, like friends do] Let’s talk news.

News

Microsoft worm warning: Windows users urged to patch now

Microsoft Warns of a Monster Computer Bug, in a Week of Them

Two Years Later WannaCry Continues to Spread to Vulnerable Devices, Nearly 5M Devices Affected

Hacktivist attacks dropped by 95% since 2015

Why Are Cryptographers Being Denied Entry into the US?

Report Reveals TeamViewer Was Breached By Chinese Hackers In 2016

Closing

[Evan] That’s the meat of the show right there. What’s your week look like Brad?

[Brad] Awesome! (default now)

[Evan] Have anything special planned for next week’s show?

[Brad] We’ll see…

[Evan] Alright. Thank you Brad. Don’t forget, you can follow me or Brad on Twitter; @evanfrancen and @BradNigh. Email us on the show at unsecurity@protonmail.com. That’s a wrap!

OSINT (and Human Trafficking) Resources and Suggestions

/in /by

I’m writing this article for two reasons. To give props to our community and to summarize the quality responses that I got to a recent tweet.

Props

First off, I’d like to give HUGE props to our information security community. Last week I posted the following on Twitter.

I use Twitter like many people do, I’ll respond to interesting topics and post thoughts about things. I’ll get an occasional “Like” here or there for something, and maybe even a “Retweet” once in a while. My expectations are fairly low when it comes to Twitter.

Then, boom! At least boom for me. This tweet gets 442 Likes, 63 Retweets, and a boatload of good responses. THANK YOU INFORMATION SECURITY COMMUNITY! My faith in us is intact.

OSINT (and human trafficking) Suggestions

Here’s the discussion, in no particular order really because I suck or Twitter sucks. Either way, I had too much trouble figuring out how get conversations out in a nice format. Like stubbing my toe on a coffee table over and over again.

This slideshow requires JavaScript.

As you can see there are some great responses and resources.

Resources Cited

Here are some of the resources that were collected/referenced. They are completely unorganized, and I’m sure I missed a few. Keep coming back, I’ll organize more and add to this list. If you have more suggestions, comment on the post.

IntelTechniques.com (Web)

@IntelTechniques

@HumanHacker (Chris Hadnagy)

TraffickCam

Hetherington Group

Bellingcat (Web)

@Bellingcat

@kpadvocacy (Kate Price)

OSINTCurio.us

@OsintCurious (OSINTCurious)

Trace Labs (Web)

@TraceLabs

Layer 8 Conference (Web)

@Layer8Conf

@Ginsberg5150 (Frank Castle)

@ReconVillage

@InnocentOrg

Paterva (Maltego)

@hunchly (OSINT Framework)

@osintbrowser

Timothy De Block (Blog)

Open Source Intelligence 101 (April Wright’s talk at 2018 Wild West Hackin’ Fest)

@aprilwright (April C. Wright)

Polaris Project

National Center for Missing and Exploited Children

Certified Human Trafficking Investigator (CHTI)

@C_3PJoe (Joe Gray)

@Dolph_Lundgren (Yes, that Dolph Lundgren)

Dolph Lundgren’s Tech Talk

@HydeNS33K (Jek Hyde)

OSINT.team (Forum; ask questions)

@technisette

@dutch_osintguy

@InfoSecSherpa

@osintpodcast

@BadassBowden (Katelyn Bowden)

The Badass Army

@Sector035

@jms_dot_py (Justin Seitz)

Dehashed.com

pipl

Hunter.io

So, there you go. I was really impressed with this response, and I’m excited to watch my best friend find her way in all of this.

Tons of great advice, but think the best came from @SecurityTrails:

”She shouldn’t overwhelm herself with resources and trying to learn everything at once. Even learning how to navigate a Linux shell is a great starting point so that she can master more complex commandline tools. Welcome to the infosec family!”

Come back later too. I’ll be re-organizing and adding to this post later.

Again, THANK YOU!

 

The UNSECURITY Podcast – Episode 27 Show Notes

/in /by

Yes! It’s Friday, the sun is shining and we’re on time.

Hope you had a good week. Things are crazy busy at FRSecure and SecurityStudio which is good. It’s part of why we play this game.

Brad leads the show this week, and he’s put together the show notes. I’m currently in (or on my way to) Anaheim, California for the North America CACS 2019 Conference. For those who are unaware (and care), it’s one of ISACAs big annual events. I’ll be speaking at the conference on Monday morning. I’ll post some stuff about the experience in a future post.

Anyway, back to the show. Last week Brad and I discussed the topic of Ego and Arrogance in Information Security. It was a good topic. We could have talked about it much longer than we did, but we spared you. 😉

This week, Brad is joined by a special guest while I call in from Cali. The cool kids call it “Cali”. Our special guest is none other than Mr. Ryan Cloutier, a cool cat with some good security chops and a noble mission. Yeah, I just said that.

SHOW NOTES – Episode 27

Date: Monday, May 13th, 2019

Today’s Topics:

  • Introduction and Discussion with Ryan Cloutier
  • InfoSec in K-12
  • News

[Brad] It’s another Monday morning here at FRSecure/SecurityStudio world headquarters which means it’s time for another episode of the Unsecurity podcast. It’s Monday, May 13 2019 and this is episode 27. I’m Brad Nigh and I’m your host this week. Evan’s not physically here today but is joining us by phone. Evan, are you awake this early on the West Coast?

[Evan] Hopefully he’s had enough caffeine to be awake.

[Brad] Evan is out in Anaheim to speak at the ISACA CACS conference.  So today I’m joined in studio by a special guest. Joining us today is Ryan Cloutier! Welcome Ryan.

[Ryan] Probably says something here if his coffee has kicked in.

Introduction

We’re excited to have Ryan join us today. He’s very passionate about training and teaching children about Information Security. Things to talk about with Ryan:

  • What got you into information security?
  • What part of information security gets you excited?
  • Do you have a personal mission or purpose in the field?
  • I noticed that you do a lot of volunteer work, tells us about it?
  • In episode 20 we covered the topic of staying healthy in the information security industry. How do you keep a good balance between personal time, work, volunteering, social media (LinkedIn), etc.?
  • What sorts of things are you working on now?

Open Discussion around Information Security in K-12

[Brad] When we met last week it came up that you and I have a similar personal mission, teaching and protecting kids regarding Information Security in the K-12 space.  I’m a volunteer for (ISC)² Safe & Secure Online, https://iamcybersafe.org/.  Tell us a little bit about what you’ve been doing around this.

[Ryan] Talks about the things he’s doing

[Brad] Do you follow  https://k12cybersecure.com/?

[Evan] hopefully chimes in and doesn’t nod off since it will be 4:45am for him when we start

[Brad] OK. Thanks guys. Now some quick news stories from the past week.

News

Scott County Schools victim of $3.7 million scam (update: they recovered it!)

‘Unhackable’ Biometric USB Offers Up Passwords in Plain Text

Americans Overly Confident in Cyber Hygiene

Closing

[Brad] Well that’s all the time we have, although I suspect we could go for another hour without a problem. A special thanks to Ryan for visiting with us today! Thank you. Don’t forget, you can follow me or Evan on Twitter; @evanfrancen and @BradNigh. Email us on the show at unsecurity@protonmail.com. Ryan, how do you like people finding you?

[Ryan] Tells us how to find him

[Brad] Awesome. Thanks again! That’s it for episode 27.

Have a great week everyone!

The UNSECURITY Podcast – Episode 26 Show Notes

/in /by

Happy Friday! Er, I mean Saturday. I’m a day late again, but whatever. I had work to do and stuff.

Spring (finally) seems like it’s in full swing now here in Minnesota. That’s a good thing because the snow was really getting old. Actually, it got old in February and everything else since then was Nordic hell (so to speak).

Always a bunch of really good and cool things happening at FRSecure and SecurityStudio. At least we think they’re cool. Stay tuned for some announcements over the next couple of weeks/months.

Last week (episode 25) was the first time we featured a dial-in guest. A really fascinating guy, Christophe Foulon joined us from DC. It was a great show! Click the link above if you missed it. Some of the ways you can stay current with what Christophe is doing, also in case you missed it:

Christophe is a great asset to the information security community and we were very happy to have him join us last week.

OK, so on with it. What’s to come this week?

We’re switching things up a little this week. Normally, Brad would lead this one, but we’re going to sort of co-lead instead. We’re doing this for two reasons (primarily), 1) I will be dialing in for episode 27 from Los Angeles (more on this later), and 2) Brad may have forgotten to write his notes for this episode. Naughty Brad.

Episode 26

Date: Monday, May 6th, 2019

Today’s Topic: Ego and Arrogance in Information Security

[%name%] Good morning world. It’s time for another episode of the Unsecurity podcast. It’s Monday, May 1st, 2019, I’m %name%, and this is episode 26. Joining me as (almost) always is %othername%. Good morning, %othername%.

[%othername%] Good morning %name%. How’s things?

[%name%] Things are great! Transition into chit-chat.

This is where we chit-chat a bit. Either you like our chit-chat or you don’t. We’ll try to appeal to both sides as best we can…

[Evan] So %name%/%othername% (Oops, sorry. I mean Brad). Last week I wrote an article on my blog where I posed a question. Actually, the title of the article was “Are Information Security People Arrogant?”. Did you happen to read it?

[Brad] No. I don’t read your stuff.

[Evan] Oh. OK. Well, I wrote this blog post. I learned that people don’t like to be called “arrogant”. Imagine that. Let’s talk about it.

Are Information Security People Arrogant?

Discussion about:

  • Comments that were received.
  • Personal stories.
  • General thoughts on the matter.

[Evan] I have another thing I’m working on too that I’d like to get your thoughts on. As you know, I’m in the middle of writing the 2nd book. This one is about information security for “normal” people. You knew that right?

[Brad] Ugh. Yes. I know. &rolling eyes& (I’m kidding! Brad is super encouraging and I love him)

[Evan] So, I’m writing a chapter of the book, and I’m writing a section about how we assume that we know what “normal” people think. I claim that we don’t. Then it dawned on me, have I ever asked “normal” people what they think about information security, privacy, or online safety? No! No, I hadn’t. Have you ever made the mistake of assuming you know what someone else thinks, and been wrong?

[Brad] No. (Just kidding again. I’m in a mood.)

What “normal” people are telling us.

Communication is one of those skills that we’ll always be working to improve (hopefully), and we’re trying to figure it out (better).

  1. Discussion about the research survey responses (so far).
  2. Could always use more data (See: https://evanfrancen.com/must-have-more-data/)

Disclaimer: I use the word “normal” affectionately and not in any way as a disparaging remark.

Open Discussion

(time permitting)

Anything else we might cover, but probably not too much babbling.

[%name%] OK. Good discussion! Now some quick news stories from the past week.

News

Man, there’s a ton of news to cover. These were the three that stuck out to me last week. Another story that’s very intriguing is this story from Motherboard.com; Someone Is Hacking GitHub Repositories and Holding Code Ransom. Check it out. Comment. Send us your thoughts. Whatever.

Closing

[%name%] Another full show and another full week ahead. We have another special guest planned for next week’s show (episode 27), and there’s always bound to be some drama here or there. Be sure to look for next week’s show notes.

If you wanna be cool, you’ll probably wanna follow us on Twitter. Just sayin’. Brad’s at @BradNigh and Evan’s at @evanfrancen.

Email us on the show at unsecurity@protonmail.com.

Until next week…