The UNSECURITY Podcast – Episode 86 Show Notes – Women in Security Pt3

Hoping everyone reading this is healthy and doing well. Losing focus on what matters is too easy in today’s craziness. Reach out to someone if you need a listen.

Women in Security Series

Well, we’re a couple weeks into the Women in Security Series, and so far the feedback has been great! Brad and I continue to learn great things from our guests. We’re not sure yet how long the series will go yet, but we have guests booked for the next six (6) shows (after this one). So, we DO know the Women in Security Series will go through (at least) episode 92 (August 10th). The guests we have lined up are incredible:

  • Today – Victoria Fogarty (see below)
  • Episode 87 – CEO of an information security-related non-profit
  • Episode 88 – A Senior, majoring in Cybersecurity Analytics and Operations at a leading university
  • Episode 89 – A CISO from a really cool large company
  • Episodes 90 through 92 – A CISO working in healthcare, a renowned educator, and a cool lady working in information security sales.

This journey is just getting started!

Women in Security Series – Part One

We kicked off the Women in Security series on June 15th, and we couldn’t have chosen a better first guest! Renay Rutter, FRSecure’s COO, got the series started with sharing her experience, wisdom, and insight she’s gained over her 30+ year IT career. Brad and I learned a ton!

If you missed this episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Thank you Renay!

Women in Security Series – Part Two

We kept things in the FRSecure family for week two, hosting Lori Blair. Lori is a treasure chest of information security knowledge and wisdom, beginning from when she started her information security career in 1985. Think about that for a second; 1985?! For the math folks in the house, that’s 35 years!

I have a TON of respect for Lori, and her opinions carry weight for me (and many others). It’s not just her experience that makes Lori amazing, she’s a wonderful, practical, and level-headed person who loves mentoring others. This is a can’t miss episode, go give a listen here; https://podcasts.apple.com/us/podcast/unsecurity-episode-85-women-in-security-pt-2-lori-blair/id1442520920?i=1000479175255

Thank you Lori!

Women in Security Series – Part Three

Here we are, Part Three. In episode 86 (this one), we’ll introduce you to Victoria Fogarty. Victoria works at FRSecure and does some pretty cool things around here. You’ll get to meet her and hear her perspective on all sorts of things, including the information security industry (as a whole), her journey, what it’s like to do what she does, etc. Victoria is a pretty cool lady, and you’ll definitely enjoy her energy!

WELCOME VICTORIA!

Let’s get on with the show!

I’m (Evan) leading the show this week, and these are my notes…


SHOW NOTES – Episode 86

Date: Monday, June 29th, 2020

Episode 86 Topics

  • Opening
  • Introducing Our Special Guest: Victoria Fogarty
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey all! Welcome to this episode, number 86, of the UNSECURITY Podcast! For those of you who are new to the show, I’m your host, Evan Francen, and the date is June 29th, 2020. We’re a good 100(ish) days into the COVID pandemic here in the States, so it’s easy to lose track of the date. At least for me it is! Joining me this morning is my good friend and colleague, Mr. Brad Nigh. Morning Brad!

[Brad] <<<INSERT BRAD’S GREETING HERE>>>

[Evan] We’re on our 3rd week of the Women in Security series, and I’m super excited to welcome our guest, Victoria Fogarty! Victoria works here at FRSecure and is an all-around awesome person! Join me in welcoming Victoria. Welcome Victoria!

[Victoria] Every time I’ve talked with Victoria, she’s always got energy and a GREAT attitude. Let’s see if this is true at 7am on Monday morning (when we record the UNSECURITY Podcast)

[Evan] You all know what we do first before jumping into business, we check in quick. What’s up guys? How you doing, and how was your weekend?

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

[Brad] Guessing he got outside, did some family stuff, did some yard/garden work, made some sweet BBQ, and other cool things.

[Evan] Victoria, how about you?

[Victoria] Looking forward to this. I don’t really know what Victoria does for fun, hobbies, etc. Opportunity to learn.

[Evan] Ugh. Interesting weekend (aren’t they all?) here…

Alright, now on to our series topic.

Women in Security, Part Three

[Evan] This is the 3rd week in the Women in Security Series. It’s been a blast so far! Feedback keeps rolling in, and so do the guests. I’m excited to hear about Victoria’s perspectives because honestly, I don’t know many (if any) of them. This will be a great discussion!

So, Victoria, thanks again for joining us. Let’s start out with how you got started with information security.

Open Discussion (~30 minutes)

  • How you got into the industry?
  • Your journey in the industry.
  • Advice you have for someone starting out.
  • Do you think we need more women in our industry and why?
  • Opinions about the talent shortage in our industry.
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Whatever else we’d like to share.

[Evan] Thank you Victoria! Nice work! I’m sure our listeners learned some good things.

News

[Evan] Time for newsy things again. My God, there’s never a shortage of news, is there?! We could use an entire day and not cover it all. Our day jobs won’t allow us an entire day, so I’ll just take a few that caught my eye:

Wrapping Up – Shout outs

[Evan] There you have it. Episode 86 is almost in the books. Just wrapping up and shout outs before we go. Victoria, thank you for joining us. Also, thank you for sharing you story and your thoughts.

You’re going to enjoy next week’s guest too! We’re going outside FRSecure to get perspectives from women beyond these four walls. Going to be a great show!

Either of you have any shout outs this week?

[Brad and/or Victoria] We’ll see.

[Evan] Thank you listeners! You guys are pretty cool, I think. Send us your questions, feedback and suggestions by email at unsecurity@protonmail.com. We still need to talk about the whole Mandiant, Capital One, incident response, confidential legal report thing. Ugh! Maybe next week.

Online social people can follow us on Twitter. I’m @evanfrancen and Brad is @BradNigh. Victoria, you got somewhere you want people to follow/interact with you?

[Victoria] Maybe/maybe not.

The companies we work for are pretty social too. SecurityStudio’s Twitter is @studiosecurity and FRSecure’s Twiiter is @FRSecure.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 85 Show Notes – Women in Security Pt2

It’s been a good week around here. I hope you’re well.

Women in Security Series – Part One

We kicked off the Women in Security series last week, and we couldn’t have chosen a better first guest to help us off on the right track! Renay Rutter, FRSecure’s COO, shared some of the experience, wisdom, and insight she’s gained over her 30+ year IT career. Brad and I learned a ton!

If you missed last week’s episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Women in Security Series – Part Two

Now we’re heading into Part Two of the Women in Security series on the UNSECURITY Podcast, and we’re VERY excited to announce this week’s guest, Lori Blair! Lori’s another veteran, and you’ll love her practical, level-headed approach to information security. She’s another person with a ton of experience and some great insight to share.

WELCOME LORI!

Women in Security Series – Future Guests & Episodes

There’s been great interest in this series. We love it!

Many of our listeners have reached out to us (Brad and I), recommending women that we should have on the show as guests. We could easily dedicate our entire podcast to the topic; however, we do need to limit how long the series goes (for a number of reasons). As it looks now, we will be running this series through the end of July (at least)! So far, we have an additional five women lined up to speak with us (and you). Our future guests include a lady who’s sort of new to the field, a lady who’s won multiple awards and runs her own organization, a lady who’s studying information security topics as a senior in a well-respected university, a lady who’s been CISO in multiple organizations, and a lady who helps organizations by selling information security consulting services.

We’ve got an all-star lineup of amazing women to share their stuff with us!

Let’s get on with the show!

Brad’s leading the show this week, and these are his notes…


SHOW NOTES – Episode 85

Date: Monday, June 22nd, 2020

Episode 85 Topics

  • Opening
  • Introducing Our Special Guest: Lori Blair
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 85 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is June 22nd, and joining me this morning as usual is Evan Francen.

[Evan] I’m guessing he has stories about deck building or motorcycle riding.

[Brad] We have our 2nd guest in the Women in Security series this week. FRSecure’s own Senior Security Analyst, Lori Blair. Lori is easily one of our most experienced and talented Analysts at FRSecure. She has over 20 years experience in information security and has experience across multiple industries as both a consultant and as a manager in organizations. Thank you for joining us this morning!

[Lori] This is where we find out if Lori is a morning person or not.

[Brad] Before we get going, let’s recap our week quick.

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

[Evan] Evan struggles, as I do, to remember what happened last week.

[Brad] And what about you Lori?

[Lori] Hopefully, she does better than Evan and I did at recapping her last week.

Alright, now on to our series topic.

Women in Security, Part Two

[Brad] This is the second week of our series discussing the topic of women in the information security industry. We’ve already received a ton of positive feedback from Part One, so I’m excited to keep the momentum going with Lori here in Part Two.

Do we have a shortage of women in our industry? If so, what’s the big deal? Why is the topic important for us to talk about? Lot’s of questions and I’m sure just about everyone has an opinion. Instead of people listening to our opinions, we’re going to talk to the people this relates to the most; women! What better way to get a woman’s perspective on things than to talk to a woman? Let’s do this.

Open Discussion

  • How you got into the industry?
  • Your journey in the industry.
  • Advice you have for someone starting out.
  • Do you think we need more women in our industry and why?
  • Opinions about the talent shortage in our industry.
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Whatever else we’d like to share.

[Brad] Thank you Lori! Good information and things to think about more. Much appreciated! How about some quick news stuff?

News

[Brad] Like every week, there is no shortage of news in our industry. Here are three stories I’d like to discuss quick:

Wrapping Up – Shout outs

[Brad] That’s it for episode 85. Thank you Lori for a great second installment of the Women in Security series. We’re lining up our guest for next week and it’s going to be another great show! Either of you have any shout outs this week?

[Evan and/or Lori] We’ll see.

[Brad] Thank you to all our listeners! Keep the questions, feedback and suggestions coming. One topic suggestion we just received this morning was to discuss Mandiant, Capital One, incident response, and confidential legal reports. Interesting story that Evan might pick up next week. If you’ve got something you’d like to hear us talk about, you can email us at unsecurity@protonmail.com. You social types can follow us on Twitter if you’d like. I’m @BradNigh and Evan is @evanfrancen.

The companies we work for are pretty social too. SecurityStudio’s Twitter is @studiosecurity and FRSecure’s Twiiter is @FRSecure.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 84 Show Notes – Women in Security Pt1

Happy Monday!

Last week was another blur. The world hasn’t quite ended yet, but it seems to be getting closer.

Women in Security Series

Brad and I are starting a Women in Security Series this week. This will be (at least) a four-part series where we’ll talk about the topic of women in the information security industry. We’ll have a special female guest each week to give us their experiences, advice, opinions, etc. At FRSecure, we work with some amazing women, and we’ll start the series talking with them. After talking with some of our own, and if things seem to be going well, we’ll reach out to other women outside of FRSecure for an even broader perspective.

Our first guest in the series is Renay Rutter, FRSecure’s Chief Operations Officer. She’s pretty much all around awesome, and it will be great talking with her this week!

Let’s get on with the show!


SHOW NOTES – Episode 84

Date: Monday, June 15th, 2020

Episode 84 Topics

  • Opening
  • Introducing Our Special Guest: Renay Rutter
  • Catching Up (as per usual)
  • Recap of the 2020 FRSecure CISSP Mentor Program
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hi everyone. Episode 84 of the UNSECURITY Podcast is upon us. Wow, it’s already mid-June! June 15th, 2020 to be exact. I’m your host, Evan Francen and joining me as usual is Mr. Brad Nigh. Good morning Brad!

[Brad] Brad does Brad.

[Evan] Brad, last week I mentioned that I wanted to do a Women in Security series on our show and you seem pretty excited about it. Well, I was talking about this for a couple weeks with a close friend of ours and an awesome business person, Renay Rutter. Renay has more than 30 years of IT and business leadership experience, and we’ve had the pleasure of working with her here at FRSecure for the past 2(ish). She’s currently FRSecure’s Chief Operating Officer, and she’s pretty much kicking butt. Welcome to the show Renay!

[Renay] Renay does Renay.

[Evan] We have a lot to cover today, and before we jump into the meat of the show, let’s check in like we always do. What’s up you two?

Catching Up

Quick discussion about last week, the weekend, family, safety etc.

[Brad] Brad shares his things.

[Renay] Renay shares her things.

[Evan] Alright, that’s that. Was it last week or the week before that we finished up the 2020 FRSecure CISSP Mentor Program? Ugh. I can’t remember.

Recap of the 2020 FRSecure CISSP Mentor Program

This was the BEST year yet, by far. Just some of the highlights:

  • We had 1,444 total registrations at the beginning of class.
  • There were three instructors this year, which made life a lot smoother (me, Brad, and Ryan Cloutier)!
  • There have been 5,398 views of Session One.
  • Already had a dozen or so people inform us they’ve already passed the exam!
  • Renay (our guest) attended too!

[Evan] It was a great season and I’m pumped about what’s to come. The CISSP Mentor Program has been such a blessing for us ever since we started it 11 years ago. Huge thank you to our instructors, Brad and Ryan. Also, a huge shout out to the people behind the scenes who make this thing happen:

  • Brandon Matis, FRSecure Content Marketing Specialist
  • Lori Blair, FRSecure Senior Security Analyst
  • Ryan Abraham, FRSecure Senior Security Analyst
  • Chad Spoden, FRSecure Senior Security Analyst

A great team effort and a great success. Here’s to next year!

Alright, now on to our series topic.

Women in Security, Part One

[Evan] This could be the start of something cool. We’re going to take a big portion of the next four shows (or so) to get real and be honest about the topic of women in the information security industry. Do we have a shortage of women in our industry? If so, what’s the big deal? Why is the topic important for us to talk about? Lot’s of questions and I’m sure just about everyone has an opinion. Instead of people listening to our opinions Brad, we’re going to talk to the people this relates to the most; women! What better way to get a woman’s perspective on things than to talk to a woman?

Who better to start the series off with than Renay. Let’s do this.

Open Discussion

  • How you got into the industry?
  • Your journey in the industry.
  • Advice you have for someone starting out.
  • Do you think we need more women in our industry and why?
  • Opinions about the talent shortage in our industry.
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Whatever else we’d like to share.

[Evan] Thank you Renay. Good information and things to think about more. Much appreciated! How about some quick news stuff?

News

[Evan] Between COVID-19, the social justice things going on around the world, and everything else. Yes, there is plenty of information security news too! Here’s just a few stories to bring your attention to quick:

Wrapping Up – Shout outs

[Evan] There you go. That’s it for episode 84. Thank you Renay for giving a great start to the Women in Security series. We’re lining up our guest for next week and it’s going to be a great show too! Either of you have any shout outs this week?

[Brad and/or Renay] We’ll see.

[Evan] Thank you to all our listeners! We dig all you folks (mostly). Let us know what you think about this show or share your ideas with us. You can email us at unsecurity@protonmail.com. You social types can follow us on Twitter if you’d like. I’m @evanfrancen, Brad is @BradNigh, and even Renay’s got some Twitter foo; she’s at @RenayRutter. The companies we work for are social too, heck everyone’s social nowadays. SecurityStudio’s Twitter is @studiosecurity and FRSecure’s Twiiter is @FRSecure.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 83 Show Notes – It’s About People

Ever have so many things going on that you can’t remember what happened last week? Yeah, that’s where I’m at right now.

Pretty sure Brad’s in the same place I am. So, rather than recapping everything (or trying to), I’ll just get to the show notes.

These are Brad’s show notes this week…


SHOW NOTES – Episode 83

Date: Monday, June 8th, 2020

Episode 83 Topics

  • Opening
  • Catching Up (as per usual)
  • Information Security Isn’t About Information or Security
  • Work, Life, and Mental Health
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 83 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is June 8th, and joining me this morning as usual is Evan Francen.

[Evan] Regales us with stories from the weekend. Oh God!

[Brad] Before we get going let’s recap our week.

Catching Up

Quick discussion about last week, the weekend, family, safety etc.

[Brad] What would you say you do here Evan?

[Evan] Hmmm. Good question! This outta be interesting.

Information Security Isn’t About Information or Security

Discussion about people, information security, working remote, stress, and overall mental health.

[Brad] Your blog from last Tuesday (Information Security Isn’t About Information or Security) really inspired me for this week’s podcast.  There have been countless articles written about how to secure remote workers so we aren’t going to focus on that, though it will probably come up in the course of this discussion.

Here’s the reality, it’s no secret that InfoSec and IT staff struggle with stress and a healthy work/life balance (Mental Health and Cybersecurity).  There really is no “done for the day”, systems can be attacked or suffer an outage anytime.  Add to that the now nearly 3 months of social distancing and quarantine that add even more stress.  We’ve seen an increase in cyber attacks the last 3 months and if your staff is struggling and has lost focus or is more distracted than usual your risk increases even more. So what can we do about it?  (Disclaimer, neither Evan or I are licensed mental health professionals and this conversation should not be taken as professional advice).

From an information security perspective I think you really captured the increased risks to organizations during this unprecedented time in your blog.

As a leader in an organization the employees’ health is critical, looking at it from a business perspective if they are not able to work we cannot deliver for our customers, but to me that feels cold & cynical.  I really do care for every one of our employees, I have a personal, vested interest in their well-being and want to be aware and in-touch with their status… That has become incredibly difficult during this time when you can’t read them face-to-face.

So what I want to do is talk about how we can be more aware and help reduce these risks.  First is being aware, I found these articles that I thought were really good to help identify and be proactive.

And then some really solid advice for employees, or really anyone feeling additional stress right now.

[Brad] Good conversation. Thank you Evan.

Let’s do some news…

News

[Brad] Always plenty of things to talk about in the news, and here’s a few stories that caught my eye this week:

Wrapping Up – Shout outs

[Brad] Alright, that’s it. Episode 83 is a wrap. We got any shout outs this week?

[Evan] We’ll see.

[Brad] Next week is Evan’s show and I think he’s sort of itchin’ to tell us his idea.

[Evan] Yep. Tune in.

[Brad] Thank you to all our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh (B-R-A-D-N-I-G-H) and this other dude is @evanfrancen (just spell his name without a space). Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for goodies and things.

That’s it! Talk to you all again next week!

Information Security Isn’t About Information or Security

NOTE: Throughout this article, I’ll refer to “we” and “us”. This collective is defined as me, FRSecure employees, SecurityStudio employees, our families, our customers, our partners, and everyone else who thinks in similar ways.

We have a strong belief that:

Information security isn’t about information or security as much as it is about people.

The fact is, if people didn’t suffer when things go wrong (cybersecurity incident, data breach, etc.), then nobody would (or should) care. Obviously, people do suffer, and we DO care.

There’s a second point related to our belief, it’s the fact that people (NOT technology) pose the greatest risk (to themselves and to each other). Technology only does what we tell it to do, but it’s people who tell technology to do the things that are risky (click links, download files, misconfigure settings, etc.).

We’ve held fast to this belief for years, and it’s not just a catchy saying. This is a deep belief we apply every day, in all that we do. For example, our sales team only sells what people need*, our analysts pour their heart and soul into every project, we’re committed to being product agnostic, and we always sleep well knowing we did right by the people who count on us.

*A rumor has been circulating for years at FRSecure; if you sell something that a customer doesn’t need (i.e. money-motivated BS solutions) I’ll run you over with my truck. I want to dispel this rumor. I will NOT run you over with my F250 (officially). Unofficially, this is a good rumor. For the record, I’ve never run anyone over (yet).

Why am I bringing this up again, and why now? Simple, I think it’s relevant.

People who love other people make the best information security people.

When making information security decisions, it’s important to feel the weight of those decisions. Especially when the information you’re protecting isn’t yours, meaning you’re not the one who suffers when it’s lost or stolen.

Relevance to Current Events

We’ve lived our belief (about people) for years, and it’s as relevant today as it’s ever been. People are suffering, directly and/or indirectly from the results of information security incidents. These are people from all walks, regardless of race, religious beliefs, economic backgrounds, political affiliations, or sexual or gender preferences.

Risk doesn’t discriminate, and neither do threats (attackers).

This is true in general terms. There are always specific threats targeting specific groups; however, in general, risk by itself doesn’t discriminate. Even if you’re not specifically targeted, you’ll still encounter some degree of consequence. In today’s world, most of us are digitally connected. In fact, most of us are digitally connected through a mesh of associations; networks, applications (SaaS platforms, social media, online shopping, and other shared services), etc.

The truth is we are all at risk, and people DO suffer. When people suffer, we shouldn’t roll over an take it. We all should get a little (or a lot) pissed off! People taking advantage of others should raise an ire in all of us. Playing the victim helps no one.

Beyond the non-discriminatory nature of information security, there’s additional relevance related to focus, emotions and lack of personal accountability.

Focus

While we’re focusing on VERY legitimate racial injustices in our society, the attackers are still attacking. Attackers know that we’re not paying as much attention to them, and they’re crafting attacks that are more likely to succeed given our emotional state.

Attackers are taking down (DDoS) local and state government websites and services, using language like “Black Lives Matter”, “Peaceful Protest”, and “Support Racial Injustice” as click bait (opposed to legitimate causes), and setting up fake fundraising sites to lure people into giving money for fake causes.

Attackers always use current, well-known, and emotion-laden events to take advantage of panic, fear, and compassion. The attacks happen every time these types of events, and it’s because they work. The attacks work so well that attackers don’t even bother changing their tactics.

Do your best to maintain (at least some) focus on information security. Easier said than done for some of us, but you can do it if you try!

Emotions

When emotions run high, we are quicker to react, and more likely to find ourselves in bad situations. This is due to the way our brain works. Our left brain is more pragmatic and tells us to act logically, while our right brain tells us to follow our heart. In a “normal” state, the left brain and right brain wrestle for control of a decision and the result is a compromise between the two. In highly emotional states, the right brain tends to dominate our decisions and logic takes a back seat. We think less and react more.

People are beautiful. Human beings are delicate and intricate systems, yet we come with this magnificent resilience that seems to defy logic. Most (or maybe it’s many, I don’t know) of us posses empathy, compassion, and love that are interwoven perfectly together. While these things are true, sometimes our emotions get the best of us, and we do things we wouldn’t normally do. It almost seems like things get a little jumbled when we’re in a highly emotional state.

There are at least two important tendencies that are more common for us when we’re in a highly emotional state:

  1. We make more mistakes. In our rush to act, we’re more likely to act before thinking things through to a logical conclusion. The right brain sorta kicks our left brain’s ass.
  2. We open ourselves more to manipulation. If an attacker knows you’re in a highly emotional state, it’s easier to use these emotions against you. Let’s say that you’re torn up about racial injustice. You feel the need to do something about it, driven by your deep compassion for others. If an attacker makes up a compelling story about how you can help right some of the wrongs in our society, don’t you think you’d be more likely to act on it? In a less heightened emotional state, you might be more logical about it the decision to help, be skeptical, and even do some research first.

If you can learn to recognize where your decisions are coming from, you’ll be better prepared to make good decisions. This takes self-discipline and honest introspection. For the time being, it might make sense to put off important decisions until after you’ve had time to process your emotions. Maybe take some time off.

Personal Accountability

During tense and emotional times, there is a much stronger desire to hold people accountable (for something or anything). We’re quicker to assign blame, point fingers, and lash out at anyone we perceive to be going against our personal version of right. This is true in societal issues like racial inequality and to some extent it’s also true with information security. In our rush to hold someone externally accountable, we lessen (even more) our own personal accountability.

Sadly, a great number of people think that their information security is somebody else’s responsibility. The truth is, you’re the one who’s primarily responsible for your own information security, privacy, and safety. Nobody cares about (or should care about) your information security more than you. If information security doesn’t motivate you, maybe your privacy will. If that still doesn’t work, maybe your own safety, and the safety of your loved ones will motivate you to act. In today’s world, safety, privacy, and information security can’t be separated.

Sure, there are others who play a role too, but you are responsible for all parts of information security for which you can control. You can control what your children are accessing online. You can control patching of your home network equipment. You can control which passwords you choose, what applications you run, and which websites you visit for entertainment.

What to Do

So, I covered a lot of stuff. Mostly educational stuff. Now, the practical stuff (hopefully).

The best thing you and I can work on is our habits. If we take the time to learn and form good information security habits, we’ll be in a much better spot to protect ourselves from attackers, especially in light of world-shaking events. Habits form a mindset of default actions, and default actions form a baseline that’s less likely to change, even in response to high stress situations.

In Organizations

Develop an information security program that fits with your culture and master the fundamentals. A good security program is built around risk management and risk management starts with:

  1. An intimate understanding of what “risk” is.
  2. Management commitment, not just endorsement.
  3. An objective and measurable risk assessment.
  4. A roadmap built from the unacceptable risks discovered in the risk assessment.
  5. Execution of the roadmap using creative solutions and processes that fit your culture.
  6. Re-assessment and repetition. This builds the habits.

If your information security program is counter-culture it won’t result in good habit forming. If you can’t secure management commitment, you’re just going through the motions.

At Home

You are the CEO at home, you make the calls, and you are ultimately responsible. The same process outlined above for businesses applies at home. You will need management commitment (you), an objective and measurable risk assessment (see below), a roadmap for improvements, action to implement the improvements, and repetition.

At SecurityStudio we’ve built all of these steps into a simple and FREE tool called S2Me. The only thing we couldn’t build into the tool is your commitment. That’s on you.

Quick Conclusion

There’s too much hate in the world, and we don’t want to make problems worse. I can only think of one thing I hate, and it’s people taking advantage of other people. For me, it’s the lowest of the low. Today, we’re witnessing riots all across the country (and world). They’re not about information security, but they’re about people taking advantage of other people. It’s all bullshit, and it needs to stop! Learn and play your role in information security, and don’t let yourself be a helpless victim.

You Don’t Know Me

Let’s cut through the bullshit. You don’t know me, and I don’t know you.

Here’s why this is important; despite us not knowing each other, I will judge you and you will judge me. This is human nature. We make our judgements based on information we have available and our own historical perspective (or world view). Judgement might not be overt, but you and I are always engaging in making judgements. You might think this is a bad thing, but it’s not. Judgement, by itself, is nothing more than:

  • the process of forming an opinion or evaluation by discerning and comparing
  • an opinion or estimate so formed
  • the capacity for judging: discernment
  • a proposition stating something believed or asserted

Judgement is good. When you judge me or I you, this could be a good thing; however, it’s only good without bias (unlikely).

Bias is a one-sided, closed-minded, and destructive mindset. Bias doesn’t discriminate, but it leads to discrimination. Look at the definitions of “bias”, “racism”, and “discrimination” for a second.

We can conclude that judgement is good, bias (and racism and discrimination) is bad.

The point

You don’t know me; therefore, if you were to judge me, what would your judgment be based on? If you don’t get to know me, you’d have to judge based on superficial things like how I look, the vehicle(s) I drive, how I dress, etc.

What if I told you these things about me?

  • I’m white/Caucasian.
  • I’m a man.
  • I have a long beard.
  • I drive an F250 pickup truck.
  • I drive a Harley Davidson motorcycle.
  • I live in a small town.
  • I have a good job.
  • I am licensed to carry a firearm.
  • I go to church every Sunday.

Would you think that I’m some sort of right-wing nut job? Would you treat me like one?

How about you? Let’s say:

  • You’re black/African American.
  • You’re a man.
  • You look “normal”, but you’re not clean shaven.
  • You’re middle-aged.
  • You’ve never been married.
  • You have plenty of money.
  • You wear nice clothes.
  • You drive nice sports cars.
  • You didn’t graduate high school.
  • You grew up in New Orleans

Would I think you’re a drug dealer, a thug, or involved in some sort of criminal activity? Would I treat you like you were?

God, I hope not!

In both cases, these judgements are 100% wrong! Like not even close. The judgements are wrong because they are biased.

Me, I am not some right-wing whacko. I despise most of what they stand for and I would never consider doing some of the things they do. Despite this, I can see how someone would mistake me for one. I look the way I look and like the things I like because I do. That’s it, nothing more and nothing less. I hate hatred in all its forms and have a genuinely deep love for people. I don’t just love people like me either, I love people from all walks, all backgrounds, and all beliefs. People who aren’t like me fascinate me.

About the only time I don’t love people is when I must share the road with them, but I’m told that’s sort of normal(ish).

The second person I referenced is Tyler Perry. He is an amazing man with an incredibly inspiring story. Rising from where he did to where he is now is a miraculous journey. He’s impacted thousands (maybe millions) of people across the globe with his works and his story. If you don’t know his story, I’d suggest you read up on him. He grew from a very troubled youth (shitty father figure, attempted suicide, child molestation, etc.) to become a tremendously successful actor, writer, producer, comedian, and director. In my opinion, he’s one of the most inspiring men alive today.

So, again, bias is bad. Put your bias to death as much as you are able.

What to work on

Here are some of the things I will work on to kill my own bias. I can’t change the world, but I can work on me. Here’s my pledge (to myself as much as anyone else):

  1. I will give people the benefit of the doubt. If I don’t know something to be true, instead or going the shitty route, I’ll take the good path in my thoughts and feelings toward others.
  2. I will seek other people’s perspectives. I don’t know what it’s like to be someone else. A person’s perspective is their reality. Understanding their reality and validating it where possible will go a long way towards killing my own biases.
  3. I will listen to people more. We’re all quick to offer advice and stories about the things we’re passionate about. I’ll do better at hearing these things from other people. Who knows, maybe I’ll learn a bunch.
  4. I will embrace the uniqueness in people. We all belong to people groups, either by birth or by choice. Despite whatever people group we belong to, there are beautifully unique things about each one of us. I want to discover the unique gifts in people and embrace them.
  5. I seek to change people and/or their minds less. You have your beliefs and I have mine. We can each be us.
  6. I’ll be a friend to anyone. This doesn’t mean there aren’t boundaries. All relationships have them, even friendships.
  7. I’ll work to find common ground. You’re not me and I’m not you. You believe certain things and so do I. We’re both human beings and if we can’t find anything more common than that, so be it. We’ll start there.

These are seven things that I’ll work on. I said it earlier, I don’t know you, so I can’t suggest the things you should work on. Only you can determine these things, and (probably) only after deep, honest introspection.

I truly love people, and it saddens me to see us hurt each other like we do.