The UNSECURITY Podcast – Episode 47 Show Notes

Here we go. The show notes for episode 47 of the UNSECURITY Podcast.

I’m writing these during the Vikings/Bears game on Sunday. Skol Vikings! Yeah, whatever, I’m late, but I’ve got excuses. I’m late because things are sort of crazy at home right now. I’ll try to explain:

  • I was in Bulgaria for a week (several weeks ago). My sleep was thrown off a little because Bulgaria is 8 hours ahead of us.
  • My wife was in China for 10 days. This means that I was left to my own devices (not usually a good idea), and I had no backup for my 14 year-old daughter’s manipulation. Seemed like there were more kids at my house than normal. I don’t know. The house is still standing, so that’s a win.
  • In the middle of this, I decided to quit smoking on Wednesday. After 30 years of 1-1/2 packs a day, I’m done. This is day four, and the withdrawals are a challenge (my PC word for it).
  • My wife got back last night, and now her sleep is all wonky. She was 13 hours ahead.

So, let’s give this thing a go, shall we?

Last week was a blur, but I think we did some really good things! Brad spent the latter part of the week offsite with FRSecure’s Senior Management Team (SMT), doing some strategic planning. I spent most of my time working on some timely SecurityStudio stuff:

  • Next week’s launch of S2Org.
  • SecurityStudio Partner Jumpstart
  • Roadshow preparation, hard to believe that we (me and John Harmon) hit the road next week already.

Do you know what we’re doing on the #S2Roadshow? Did you know that we’re using the “#S2Roadshow” hashtag? Do you know what S2Org is? Don’t worry if you don’t, we know we’ve got a lot of preaching to do!

Friday was highlighted by a great meeting with Minnetonka School District representatives (Mike Dronen, Executive Director of Technology and Dave Eisenmann, Director of Instructional Technology), Ryan Cloutier (repeat podcast guest and Chairperson of the Consortium of School Networking Cyber Security Advisory Panel), and Ivan Peev (SecurityStudio’s VP of Product Development). We discussed how we can work together to create a free S2Teen product for students and parents. There will be some great things coming out of this (eventually).

If you missed episode 46 of the UNSECURITY Podcast, here it is.

OK. Show notes…


SHOW NOTES – Episode 47

Date: Monday, September 30th, 2019

Show Topics:

Our topics this week:

  • Fundamentals
  • Roadshow
  • Parents and Kids

[Evan] – Let’s do this. I’m Evan Francen, it’s Monday, September 30th, and this is episode 47 of the UNSECURITY Podcast. My guy Brad Nigh is here with me. Hey Brad!

[Brad] You know Brad. He’ll say something because he’s nice like that.

[Evan] I know you were offsite with the FRSecure Senior Management Team (or SMT) the last half of the week. I love how you guys set an example by working hard and playing hard. How was it?

[Brad] Cool things.

[Evan] So, late last week, I had this meeting. It was the first time I’d met this guy who runs the information security program for a VERY important organization. I can’t share the name because I don’t like to out people like that. Anyway, he has many years of information security experience and seemed like he had all the right things to say. As the discussion progressed, I could sort of sense that he and I didn’t see security the same way exactly.

He knew all the acronyms and threw them around like candy at a parade. He’s also very well connected and dropped a lot of names. We knew some of the same people, but this was the first time he and I had met each other. He went on to say how they’ve built a good foundation for their security program, and now they want to take things to the next level.

One thing that became obvious is we don’t think about the foundation or fundamentals the same way. Let’s talk about this.

[Brad] He’ll agree because he likes to talk about these things.

Fundamentals Discussion

Things to discuss:

  1. What is information security?
  2. What is risk?
  3. If I hire you to “do” information security for me, what is the first thing you would do?
  4. What percentage of SMBs…?
  5. Discuss last week’s discussion

[Evan] The basics man. How many breaches do we see where it’s just the missing basics? 

[Brad] Something…

[Evan] Complexity is the enemy. We’ve all heard it before. Really, this is what the SecurityStudio Roadshow is about.

Roadshow Discussion

  • Was called “Project Bacon”.
  • Mike Dronen brought me some bacon!
  • This week is Harrisburg, PA BSides
  • Hashtag #S2Roadshow

[Evan] Quickly, let’s talk parents, kids, security, privacy, and safety. Maybe we can devote a whole show to this in the future. Maybe we can get a guest to join us.

Parents and Kids Discussion

[Evan] Alright. That’s a lot to take in. Good discussion Brad. We could take any one of these topics and make it an entire show.

News

Here’s our news for this week:

Closing

[Evan] There you have it. I’ll be checking in regularly from the road. We have a mission dammit! Stay tuned. Hope you’ll follow along.

Thank you to our loyal listeners! Shout out to Kevin! Thank you for your tips and feedback. We’re working on it. For the rest of you, send us your feedback by email  at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Talk to you all again next week!

The UNSECURITY Podcast – Episode 46 Show Notes

Here we go, we’re on week 46 (already)!

Hard to believe how far we’ve come over the past 45 weeks. Our first podcast was recorded over a Zoom Web conference on a Sunday afternoon. Brad was at home and so was I. We kept up the Sunday routine for a while, at least until our wives requested their Sunday afternoons back. Thank God, because the quality of those early podcasts sucked, and we needed to up our game.

Anyway, there’s a story here. Maybe a story for another day.

This has been another incredible week.

The week started with a Sunday evening trip to Washington D.C. for a Monday afternoon meeting.

The highlight on Tuesday was participation in the 2019 Minnesota IT Symposium at the Mall of America. I had the privilege to participate on a panel with two really awesome information security leaders; Judy Hatchett (VP, Information Security & CISO at Fairview Health Services) and David Young (CISO at Medica). The panel was moderated by my good friend (and SecurityStudio board member) Nick Hernandez. It was an amazing discussion, and it was an honor to share the stage with these guys.

Wednesday was an office day, trying to catch up. It doesn’t seem healthy to process so many emails in such a short period of time.

Thursday was arguably the highlight of the week. FRSecure held their 4th Hacks & Hops event. More than 200 friends and partners gathered at U.S. Bank Stadium to talk about security incident response. After the keynote, I was joined by some incredible information security peers; Jadee Hanson (CISO and VP of Information Systems at Code 42), Bill Boeck (Senior VP, Insurance and Claims Counsel at Lockton Companies), and our very own Oscar Minks (FRSecure’s Director of Technical Solutions and Services).

We discussed the importance of incident response planning, cyber insurance, shared some personal stories, and fielded some great questions from the audience.

One or our attendees summed it up well in his LinkedIn post after the event.

There is an incredible amount of work that goes into arranging an event like this. FRSecure’s Jess Kooiman led the charge, with a significant amount of help from Brandon Matis, Andy Forsberg, Christy Kleve, Renay Rutter, and McKenzie Adams.

Friday wrapped with some good SecurityStudio meetings, including one with Tyler Olson (Founder and CEO of SHYLD Academy). He’s got a good thing going there!

Great week and tons going on. I hope you had a great week too. If you’d like to share your week, get in touch with me or Brad. You can find us at unsecurity@protonmail.com. We’d love to hear your successes and/or help if we can.

If you missed episode 44 of the UNSECURITY Podcast, here it is.

OK. Show notes…


Just a quick note. Brad’s super busy, so these are his show notes written by me (Evan).

SHOW NOTES – Episode 46

Date: Monday, September 23rd, 2019

Show Topics:

Our topics this week:

  • Hacks & Hops Recap
  • Upcoming Speaking Engagements
    • Our upcoming talks
    • The SecurityStudio Roadshow
  • Mental Health
  • Industry News

[Brad] – Hi there, welcome to episode 46 of UNSECURITY Podcast. I’m Brad Nigh and joining me in studio is Evan. This is two weeks in a row where we’ve been together in studio. Want to say “hi” Evan?

[Evan] We record the show at 6:45am on Mondays. Who knows what sort of mood I’ll be in.

[Brad] Sheesh, we have another jam-packed show this week. I need to stop Evan from writing the show notes!

[Evan] Yeah, probably.

[Brad] Another crazy, but great week around here. One of the highlights from this past week was our Hacks and Hops event. Let’s talk about it and share some thoughts, especially for the listeners who couldn’t make their way to U.S. Bank Stadium on Thursday.

Hacks & Hops Recap and Discussion

[Brad] It was a great event! I didn’t mind helping you out with the joke you couldn’t remember either. Your welcome.

[Evan] I was stuck. Why are jokes so hard for me to remember?

[Brad] You and I have a bunch of talks coming up, and you’ve got the Project Bacon roadshow too. We’re going to be all over the place.

[Evan] We do. It’s exciting to spread the word, and we hope that we’re helping people along the way.

Upcoming Speaking Engagements Discussion

[Brad] This will be good. One of the things that you mentioned at the beginning of your Hacks & Hops keynote was the mental health. This is a topic that isn’t discussed as much as it should be.

[Evan] Yeah, we need to shine a brighter light on this.

[Brad] You wore a Mental Health Hackers t-shirt and gave some statistics. Let’s talk about Mental Health Hackers, the statistics you shared, and how this hits home for us here at FRSecure.

Mental Health Discussion

We could spend an entire series talking about the importance of mental health in our information security industry, but for now we’ll keep it fairly short.

[Brad] Talking about mental health openly is important. We are all in this together, and we all need to take a more active role in supporting each other.

[Brad] OK, as is the custom, we close this thing out with some news. Here’s the industry newsy things to discuss briefly this week.

News

Here’s our news for this week:

Closing

[Brad] There you have it. We talked about a lot!

Always grateful for our our loyal listeners. We love your feedback and appreciate the fact that you join us each week. Send your feedback to us at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan’s @evanfrancen.

Talk to you all again next week!

The UNSECURITY Podcast – Episode 45 Show Notes

Welcome back for another quick recap of the week and another dose of UNSECURITY Podcast show notes. Hope you all had a great week!

For last week’s show, Brad was in studio while I was calling in from Sofia, Bulgaria. Brad was joined by Ryan Cloutier, an awesome return guest. As far as I could tell, it was another great show. I had some connectivity issues, but who doesn’t have connectivity issues in Bulgaria? Brad did a great job holding things together while we chatted about issues such as liability and speaking information security with “humans”.

Catch episode 44 here.

I was in Bulgaria to visit members of our SecurityStudio development team, check out the new office, and spend some time planning future releases of the software. Bulgaria is eight hours ahead, so timing with U.S. resources was interesting.

This slideshow requires JavaScript.

The trip was very successful and we made significant progress on a number of fronts. While I was halfway around the world, Brad held down the fort. He’s a really good leader and I’m sure he has a bunch of things going on. I didn’t get to check in with him last week, so we’ll ask how he’s doing on the podcast.

Lots of other really cool stuff to share, but I’ll do that in another post or on the show.

Let’s do some show notes now.


SHOW NOTES – Episode 45

Date: Monday, September 16th, 2019

Show Topics:

Our topics this week:

  • Catching Up
    • More Mentor Program success
    • Civic duty example
  • vCISO Revisited
  • Book Announcement

[Evan] – Hi folks, welcome to the UNSECURITY Podcast. This is episode 45 and I’m your host, Evan Francen. Brad’s joining me as usual. Hi Brad!

[Brad] Brad politely says hello to me and by proxy all of our listeners. Good Brad.

[Evan] Man, this is two shows in a row where I’m out of studio. Today I’m stuck in Washington, D.C. for a meeting. Only one day, so that’s good. What’s up with you?

[Brad] Stuff and things.

[Evan] We haven’t recorded together in person the last couple of weeks, and I haven’t even been able to catch up with you. You cool if we catchup quick?

[Brad] Brad will probably say “yes”.

[Evan] Alright, let’s start with your week. Tell us what you’ve been up to.

Catching up

  • What Brad’s up to.
  • What I’m up to.
  • We have more Mentor Program success to talk about
  • One of our listeners is setting a great example for all of us in holding his local government accountable for security.

[Evan] Alright, lots of good things. We’re all in this together and there’s a job and place for everyone.

[Brad] Brad’s words of wisdom.

[Evan] We’re always grateful for feedback that we get from listeners. If you’d got some, email us at unsecurity@protonmail.com. One of the more popular topics in the past few months has been that of the virtual Chief Information Security Officer (or vCISO). We’ve received some great questions about how to become a vCISO. A couple of episode ago, we talked about what a good vCISO is, but we didn’t really talk about how to become one. Let’s do that.

How to become a vCISO discussion

  • If you’re new (less experience).
  • If you’re experienced (even existing CISOs)
  • What are the benefits to being a vCISO versus being a FTE CISO?

[Evan] Alright. Good perspective and good discussion. Thank you Brad.

[Brad] Brad’s gotta say something or we’ll have an uncomfortable silence here.

[Evan] OK, last topic before we get into some news. I want to announce something that I’m VERY excited about. You and I are going to write a book, right?

[Brad] Brad confirms. See if you can notice any change in the tone of his voice when he responds.

New book announcement and discussion

There’s a tie in here with vCISO too.

[Evan] I’m pumped about writing with you Brad. What better time than 4th quarter to get started?

[Brad] He’s lived through multiple 4th quarters, so he’ll laugh/cry.

[Evan] Let’s close this thing out with some news, eh?

News

Here’s our news for this week:

Closing

[Evan] There you have it. Thank you for another great show Brad!

A special thank you to our loyal listeners. We love your feedback and sincerely appreciate the fact that you join us each week. Send your feedback to us at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh.

Talk to you all again next week!

The UNSECURITY Podcast – Episode 44 Show Notes

Welcome back for another quick recap of the week and another dose of UNSECURITY Podcast show notes!

Last week, Brad and I were back in studio together to record episode 43. It was a good show, where we covered some relevant topics such as (more fricken) incident response, vCISO questions, and how we (the good guys) can’t possibly do all the things that they (the bad guys) do.

Quick words about vCISO

  • It’s the future of information security leadership.
  • There are good vCISOs and less good (maybe bad) vCISOs, you need to learn the differences.
  • We got some great feedback this week from people who aspire to be a vCISO, which was really cool!

Quick words about good guys and bad guys

  • There’s a gap between what we can do and what they can do.
  • We have rules, they don’t.
  • We have ideas about how to close some of the obvious gaps (didn’t cover in the episode 43, but we’ll cover this somewhere in the future).

If you missed episode 43, you can always go back and nab it here.

Hoping you all had a great week. It was a short week, but if you’re like me, it only meant that we crammed more stuff into less time.

Most of my time this week was spent working with SecurityStudio partners find success in serving their clients. This is a blast because we create situations where everyone wins, and we do it together.

This week I started exploring the possibility of helping an incredible organization combat sex trafficking in the United States. The organization is SHAREtogether, and they’re doing amazing work. The organization is run by Jaco Booyens, the director of the movie 8 Days. If you get a chance, check them out and watch the movie (it’s been watched more than 2,000,000 times). If you feel more inclined, do more to help. Right now, my involvement is more exploratory, but I’m sure there will be more to this story before it’s all said and done.

Anyway, on the the show! Brad is leading the show this week, and he’ll have another returning


SHOW NOTES – Episode 44

Date: Monday, September 9th, 2019

Show Topics:

Our topics this week:

  • The security expert’s take on liability.
  • Speaking information security for “humans”.
    • What’s the problem?
    • Ideas for solving the problem(s).
    • Consequences of the failure to solve the problem.
  • Industry News

[Brad] – Brad can choose any opening he’d like. This is his show to lead. The standard one sort of goes like this…

Welcome to the UNSECURITY Podcast, episode 44. Joining me is my co-host, Evan Francen. Say hi Evan.

[Evan] I’ll say something here. Probably. Maybe I’ll stay silent to through Brad off, but now that it’s in the show notes, I think I let the cat out of the bag. Whatever.

[Brad] Also joining us today is a repeat guest. Ryan Cloutier is here in person. Ryan is an amazing information security expert with a noble mission. He was also on with us back in episode 27, back in May. Welcome Ryan.

[Ryan] Ryan’s a guy with something to say, so he’ll say something here.

[Brad] This week, Evan’s in Bulgaria. What’s going on over there, Evan?

[Evan] Stuff.

[Brad] It’s sort of funny. We’re beginning to think you don’t like Ryan all that much because last time he was on, you were in California. You got something against Ryan or what?

[Evan] Maybe.

[Brad] We brought Ryan on the show again because we love his perspectives on helping “normal” people, or as he likes to call them, “humans”, secure themselves better. Great mission, but before we cover that, let’s talk about some common questions we get about liability. Now, we’re not lawyers, so don’t think this is official legal advice, but we do work with lawyers pretty often when we investigate breaches.

Discussion about liability, from a security person’s perspective

[Brad] So, the key is to do the things that a “reasonable” person would do in your same circumstance. This leads to a whole bunch of questions that you should be asking yourself.

Now let’s switch gears a little bit. Ryan, you’ve got this deep desire to help “humans” secure themselves better, and this passion is shared with us here at FRSecure. You recently posted an open letter to the security community on Evan’s blog and you regularly speak to crowds all over the United States. Let’s talk about all this for a bit.

Discussion about Ryan’s mission and speaking “human”

  • What are some of the problems we’re facing when speaking “human”?
  • What ideas do we have for solving the problem(s)?
  • What are some of consequences of the failure to solve the problem?

[Brad] There’s so much we can do together, as a community, to do this better. Great discussion. What’s our one call to action?

[Brad] OK, on to this week’s security news.

News

Here’s our news for this week:

Closing

[Brad] Alright. Another great show. Thank you for joining me Ryan.

Evan, have a good time in Bulgaria. Bring me home a gift or something.

A special thank you to our loyal listeners. We love your feedback and sincerely appreciate the fact that you join us each week. Send your feedback to us at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan’s @evanfrancen.

Talk to you all again next week!