The UNSECURITY Podcast – Episode 67 Show Notes – Who does what?

/in /by

Did you even notice that I skipped posting show notes for last week’s podcast? Time got away from us. Sometimes our day job gets in the way. No matter. We recorded a pretty good show for you last week anyway, and you can catch a listen here.

We’re almost back on track this week.

Here we go…

SHOW NOTES – Episode 67

Date: Monday, February 17th, 2020

Show Topics:

Our topics this week:

  • Opening
    • What’s up?
    • One thing.
  • Information Security Roles and Responsibilities (Part 1 of 2)
    • How important are information security roles and responsibilities?
    • Is it important to define them formally, or do people just know?
    • Roles and responsibilities at a macro level.
      • Government(s).
      • Business(es).
        • B2C.
        • Employer(s).
      • School(s).
      • Consumer(s)/citizen(s)
    • Ideas for making things better.
    • Part 2 – Information Security Roles and Responsibilities (micro-level).
  • News
Opening

[Evan] Howdy. Welcome to episode 67 of the UNSECURITY Podcast. Today is February 17th, 2020 and this angelic voice you’re hearing is me, Evan Francen. Joining me in studio today is my security bestie, Brad Nigh. Good morning Brad!

[Brad] Hopefully he got some sleep and he’s ready to impart some of his wisdom!

[Evan] We have a great show planned today. Before we dive in, let’s catch up. As usual, I want to know how you’re doing and what you’re up to. Give it to me.

Catching up

Some back and forth happens here.

[Evan] Let’s see if you prepped for today’s show. I want you to share one information security truth. Pick any one you want.

[Brad] Shares a truth.

[Evan] Boom! Hashtag truth. Here’s one that’s on my mind…

[Evan] This weekend I was doing some work on our book. For those of you who don’t know yet, we are writing a really cool book. There are two purposes for the book. The first is to simplify information security, and the second is to operationalize information security in underserved markets. Underserved markets are state/local government, schools (K-12 and higher ed), small businesses, and individuals. How do we embed information security in such a way that it becomes a normal part of everyday life and a competitive advantage?

This book is being written by me, Brad, and Ryan (aka “cola”).

I’m just about done with my initial outline, which are really just thoughts. Soon, we’ll get going full speed with these guys. We’ll be collaborating big time!

Anyway, here’s why this is relevant to today’s podcast. As I was writing, I had a thought. One of the foundational components of information security is understanding and implementing roles and responsibilities. This leads to an idea of doing a two-part series. In part one (today), I’d like to discuss information security roles and responsibilities at a macro level. In part two (next week), we can discuss information security roles and responsibilities at a micro level. You game?

[Brad] Brad’s almost always game. He’s one of the most collaborative and easy-going security guys I know!

Information Security Roles and Responsibilities (Part 1 of 2) – Macro Level

We’ll share opinions on these things:

  • How important are information security roles and responsibilities?
  • Is it important to define them formally, or do people just know?
  • Roles and responsibilities at a macro level.
    • Government(s).
    • Business(es).
      • B2C.
      • Employer(s).
    • School(s).
    • Consumer(s)/citizen(s)
  • Ideas for making things better.
  • Part 2 – Information Security Roles and Responsibilities (micro-level).

[Evan] Good discussion man! We take so many of these things for granted. Good things for us to keep in mind as we continue down the path of writing our book.

[Brad] Brad is Brad.

[Evan] Let’s cover some news now.

News

[Evan] I’ve got a few goodies today:

Closing

[Evan] There you have it. Episode 67. Always great chatting with you Brad! Got any parting words?

[Brad] Maybe he does, maybe he doesn’t…

[Evan] Thank you to our listeners, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet sometimes. I’m @evanfrancen and Brad’s @BradNigh. If you like company stuff, we work for SecurityStudio (@studiosecurity) and FRSecure (@FRSecure). The company people post good things from time to time too!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 65 Show Notes – Money Grab

/in /by

Another week down. Damn, a whole month is down! January is already in the books.

While I’ve got you here, help us out with our mission. We’re busting our tails off doing our part to fix the broken information security industry. We’re striving and doing these things:

  • Setting a common information security language that can be spoken by everyone; the S2Score.
  • Developing and delivering simple (but effective and credible) information security risk assessments for the under-served (SMBs, state and local government, K-12, etc.):
  • Developing and delivering simple (but effective and credible) tools to help the under-served do information security better.
  • Teaching and mentoring others for free. The FRSecure CISSP Mentor Program is in it’s 11th year! We started with six students in 2010, last year we had 532, and this year we had more than 540 enrollments within the first 24 hours! Check it out and enroll here.

What can you do to help? Simple. You can help in (at least) three ways:

  • Do your own S2Org and S2Me assessments.
  • Contribute your opinions and feedback (after all, we’re all in this together).
  • Spread the word. Tell others. Tell them about the S2Org and S2Me assessments and tell them about the FREE FRSecure CISSP Mentor Program!

OK, on to the show…

February is already upon us, and RSA is just around the corner. Speaking of RSA, let’s talk about our industry’s money grab in this week’s episode. Let’s also discuss tips for talking to the board of directors about information security stuff .

This will be fun!

Alright, on to the show notes. This is my (Evan) show to lead and these (below) are my notes.

SHOW NOTES – Episode 65

Date: Monday, February 2nd, 2020

Show Topics:

Our topics this week:

  • Opening
    • Normal Stuff
    • Got Mail?
  • The Money Grab
    • It’s alive and well – everybody wants your $$$.
    • The Bad Guys Of Course
    • The “Good Guys” Too?
  • Talking to the Board
    • Tips
    • Recent Experiences
  • News
Opening

[Evan] Alright, welcome! This is Evan Francen, this is episode 65 of the UNSECURITY Podcast, and the date is February 3rd, 2020. In studio with me is none other than Mr. Brad Nigh. Howdy Brad.

[Brad] We’ll see how awake he is on an early Monday morning.

[Evan] I’m curious, are you a morning person or a night person?

[Brad] I don’t know what he’ll say here…

[Evan] We’ve got a great show planned for you today. Lots to talk about, for sure! We’re going to talk about this industry’s money grab and we’ll cover some tips for speaking to the board of directors. Before we dig in, Brad, how you doing?

Quick Catch-up Talk

[Evan] Alright. Well, let’s get to it. Let’s talk about the money grab in this industry. In case you didn’t know, I’m referring to the information security industry. You have the something that everybody wants. The bad guys, the good guys, and everyone in between. They all want your money. Collectively, I call this the “money grab” and we’re going to discuss this. I want to discuss this because I don’t want you losing your hard earned money to some crook and I don’t want you to piss it away on something that doesn’t do what you thought.

Discussion about the Money Grab

The money grab is alive and well. Everybody wants your $$$. Everybody.

  • The Bad Guys Of Course
    • The 2018 cybercrime industry was worth at least $1.5 trillion
    • There is no low that’s too low.

This slideshow requires JavaScript.

  • The “Good Guys” Too?
    • Gartner estimated that 2019 industry spending was $124 billion in 2019, and by some estimated it’s expected to grow to more than $170 billion by 2022. NOTE: this is for context only and not to imply that this is wasted spending.
    • FUD (scare the sh*t out of you) and Sex Sell (buzzwords, new blinky lights, etc.)
    • Seems like everybody is fighting for your money.
      • Conferences (RSA, Black Hat, etc.)
      • Companies (borderline extortion, crappy advise, etc.)
    • We’re (FRSecure and SecurityStudio) human too. Mission over money, does it keep us honest?

[Evan] It’s a dangerous world and people (non-information security people are confused). I wonder how much of this is on purpose. The enterprise organizations can afford to make mistakes, but the smaller players are left in the cold and they’re suffering because they often miss the basics, the fundamentals. I feel bad for the under-served markets, especially SMBs. This is our primary focus. OK, on that note…

Discussion about talking boards of directors and executive management

[Evan] Brad, you and I have had the privilege on many occasions to talk to boards and executives. What tips do we have?

Some good back and forth discussion I’m sure…

After a while, let’s do some news.

News

[Evan] I’ve only got two stories to discuss today, but I think they’re interesting ones:

Closing

[Evan] OK, that’s it. Episode 65 is in the bag. Brad, you’ve got any ideas for next week’s show yet?

[Brad] Maybe he does, maybe he doesn’t…

[Evan] Thank you to our listeners, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet sometimes. I’m @evanfrancen and Brad’s @BradNigh. If you like company stuff, we work for SecurityStudio (@studiosecurity) and FRSecure (@FRSecure). The company people post good things from time to time too!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 64 Show Notes – 3rd Party Risk

/in /by

Here we are, already into the 4th week of January and this is the last show for the month.

Quick recap of last week because it was awesome!

On Saturday (1/18), we held our holiday party at Punch Bowl Social. FRSecure and SecurityStudio employees flocked in from all over the country (Nevada, Kentucky, Missouri, Florida, etc.) to celebrate together. We sort of took over the joint with 120+ people eating, drinking, singing karaoke, bowling, playing pool, and hanging out.

One of our core values is “work hard/play hard”, and Lord knows we are experts at both these things! The teams did incredible things in 2019 and every single person played a critical part in our success. It was so awesome to spend time with each other, celebrating (a great 2019) and looking forward to an even better year ahead (2020)! It was a great night!

We gathered everyone together on Monday (1/20) morning for our quarter end/year end meeting. There are no words to describe what these people did in 2019. There isn’t an adequate adjective. By every account, 2019 was a huge success. Not only in terms of dollars and cents, but more importantly in the impact we made on our industry and in people’s lives.

This slideshow requires JavaScript.

Just a few highlights:

  • FRSecure has helped more than 1,000 organizations build and maintain better information security programs.
  • The CISSP Mentor Program helped 532 people learn better information security, secure better career options, and/or successfully pass their CISSP exam. UPDATE: We exceeded the entire 2019 enrollment within 24 hours of opening this year’s registration!
  • We gave more than 100 talks at conferences all over the United States.
  • SecurityStudio made great strides in helping organizations and people speak the same (information security language), including the release of the S2Me.
  • The companies grew at more than 40% again (top line), for the 10th consecutive year.

I could write an entire book about what was accomplished in 2019, and I’m speechless when I think about what we’ll do together this year (2020)!

The Minnetonka HQ office was full and buzzing on Monday! The rest of the week was filled with meetings, conversations, and security stuff. All icing on the cake.

Alright, on to the show notes. This is Brad’s show to lead and these (below) are his notes.

SHOW NOTES – Episode 64

Date: Monday, January 27th, 2020

Show Topics:

Our topics this week:

  • Opening
    • Catching Up
    • FRSecure Year End
    • SecurityStudio Year End
  • 3rd-Party/Vendor Risk Management
    • Let’s get literal.
    • A deep dive.
    • Seven “must haves”.
    • A warning (or two)
  • Next Week
    • Tips for talking to boards
    • I’m going to RSA this year and I already regret it
  • News
Opening

[Brad] Welcome back! This is episode 64 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is  January 27th, and joining me is my co-host, Evan Francen. Good morning Evan.

[Evan] Something energetic and uplifting I’m sure.

[Brad] We’ve got another great show planned for you this week, and we’ve already got some good topics to talk about next week. This week we’re going to cover a deep dive into 3rd-party (or vendor) risk management. Next week we’re going to cover tips for talking to boards and have a conversation about the RSA money grab. Don’t miss it! I’m guessing it could get controversial.

Before we get started, let’s recap last week quick.

  • Brad’s update(s)
  • Evan’s update(s)

[Brad] I wanted to take some time today talking about Vendor Risk Management and the difference between an audit based certification (SOC2, ISO, HITRUST) vs a risk assessment (S2Org or similar).

[Evan] Yeah man! Let’s do it!

3rd-Party/Vendor Risk Management

[Brad] You added stuff to my show notes! What gives man?

[Evan] Yeah, I couldn’t help myself. Hope you’re OK with it.

[Brad] What’s with “let’s get literal”?

Discussion…

[Brad] Let’s talk about the differences between audit based certification (SOC2, ISO, HITRUST, etc.) versus a risk assessment (S2Org or similar).

  • The fundamental differences
  • The positives and negatives to both approaches
  • At the end of the day, what should an organization be trying to accomplish with their Vendor Risk Management program
  • What should the vendor share/not share, how do they handle requests for more than they are comfortable sharing

Be sure to mention the new article (not yet posted), “Seven must-haves for effective third-party information security risk management”. You can get the free preview download by emailing us.

[Brad] Hopefully that was helpful to people working on both sides of Vendor Risk Management. Let’s do some news.

News

[Brad]

Always plenty of things to talk about in the news, and here’s a few stories that caught my eye this week:

Closing

[Brad] That’s it. Episode 64 is a wrap. Thank you to our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan is @evanfrancen. Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 63 Show Notes – Mission

/in /by

I’m grateful to be back home. Two weeks in Cancun, Mexico where the sun was shining and the temperature was in the 80s. Now, I’m back in Minnesota where there’s a foot of snow on the ground and the temperature is in the single digits. I’m grateful to be back home because I’m with my family again. My FRSecure and SecurityStudio family!

THANK YOU to Brad and Ryan for doing holding down the fort!

OK, I was in Cancun to begin writing our next book. It’s “our” next book because Brad’s going to write his part and Ryan’s going to add a little flair too. The book is unofficially titled “Securing America” and will start to come together over the next couple of months. The (rough) outline looks like this so far:

  • Introduction
  • Information Security Operating System (ISOS)
    • Components
    • The Cycle
  • Securing America
    • Small Business
    • Local Government
    • Education
    • Home
  • The People Component
  • The Asset Component
  • The Control Component
  • The Process Component
  • The Measurement Component
  • The Journey – All Working Together
  • Starting NOW

If this book is anything like the first one (UNSECURITY), there’s likely to be some changes to the outline, but this is what we’ve got so far.

Alright. On to the show. This is episode 63 of the UNSECURITY Podcast. I’ll be hosting and these are my notes. Joining me in studio will be my co-host Brad Nigh and SecurityStudio’s very own Ryan Cloutier.

Let’s do this!

-Evan

SHOW NOTES – Episode 63

Date: Monday, January 20th, 2020

Show Topics:

Our topics this week:

  • Opening
    • Back Home
    • Book (Securing America) Status
    • What did I miss?
  • U.S. and Iran
    • Finishing the discussion from last week.
    • We’re not out of the woods.
  •  The “Mission” and CISSP Mentor Program
    • What is it?
    • Why do we care?
    • How can you join us?
  • News
Opening

[Evan] Hey UNSECURITY Podcast listeners! This is episode 62 and the date is January 20th, 2020. I’m Evan Francen, and it’s good to be back! I’m hosting today’s show, and joining me in studio is my friendly co-host Brad Nigh and my left-hand man Ryan Cloutier. Hey guys.

[Brad & Ryan] They’ll say “hi” or something.

[Evan] Did you guys catch that? I called Ryan my “left-hand man”. Of course you did, you guys read the show notes! You know why I called Ryan my “left-hand man”?

[Brad & Ryan] Stumped. Maybe.

[Evan] Well, I’ll tell you…

[Evan] Alright, I’m back home. It feels good to be back, and it couldn’t have been any better to come back to a bunch of smiling faces at our holiday party on Saturday! What did you guys think?

[Brad & Ryan] Sharing thoughts and such.

[Evan] We have a ton to cover today! Let’s catch-up quick. You guys cool with that?

Catching Up Discussion
  • Back home
    • Holiday Party
    • Q1/2020, Expectations
  • Book (Securing America) things
  • Did I miss anything?

[Evan] Like always, many good things to look forward too. Love you guys and love being back. Last week I had to run halfway through the show. We were talking about tensions between the United States and Iran and how it affects us all. There’s this talk of a cyberwar between us, and I just want to close the loop a little on the topic.

U.S. and Iran Discussion

[Evan] OK, the world’s not likely to end today, but we need to stay vigilant. Complacency and ignorance come with consequences. Switching gears now…

We talk about this mission at FRSecure and SecurityStudio. Brad, you have your take. Ryan, you have yours. I’ve certainly got mine too, but what is this “mission” and why is it important for our listeners to know about it?

Discussion about The “Mission” and CISSP Mentor Program

An open and honest discussion about our mission.

  • What is it?
  • Why do we care so much about it?
  • Are there ways for people to join us? If so, how?

The CISSP Mentor Program Registration is Open!

[Evan] Yes, it’s all about the mission! The theory is if you focus on the mission you’ll make money, but if you focus on the money, you’re certain to miss the mission. Love it! Alright, good talk. Let’s cover a few news stories, and wrap this thing up.

News

There’s always plenty of news in the information security industry. Here are a few stories that caught my eye recently:

Closing

[Evan] Wow. Lot’s going on and plenty of news to stay up on. I guess this is why they pay us the big buck, right?

This is the end of our show, and we close these things out pretty much the same way every week. Keep sending us your feedback, tips, of whatever else you’d like us to know at unsecurity@protonmail.com. If you have a suggested guest for us to reach out to, let us know that too.

If you’re the social type, socialize with us on Twitter, I’m Evan and you can find me @evanfrancen. Brad’s a cool cat, and you can find him @BradNigh. Ryan’s not to shabby himself, follow him at @CLOUTIERSEC.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 62 Show Notes – Iran and Stuff

/in /by

Still in Cancun for another week (Evan). I know, poor me.

One thing is certain. It doesn’t matter what I’m doing or what you’re doing, the world doesn’t pause and wait for you. Attackers still attack and defenders still defend. Some of us are thriving and others of us are just struggling to survive.

So, the big worldwide news this past week was the U.S. spat with Iran. It was immediately politicized, as we would expect, but what does it mean to you, me, and the world of information security? Let’s talk about this.

A few of you took me up on my offer last week for a free copy of UNSECURITY. Your books are being sent soon.

If you haven’t read my first book, I invite you to. You can either purchase it, or if you’re with us on our mission to fix the brokenness in our industry, contact me (Twitter, LinkedIn, email, etc.) and tell me so. I’ll send you a free signed copy! P.S. I’m not publicizing this everywhere, so let’s see if your paying attention.

I’m supposed to be leading the show this week, but I’m still out of the office. Brad and Ryan should be in studio for this episode, and I’ll call in again.

These are my notes (Evan).

SHOW NOTES – Episode 62

Date: Monday, January 13th, 2020

Show Topics:

Our topics this week:

  • Opening – Catching up
  • U.S. and Iran
    • What does it mean for information security?
    • What does it mean for you and me?
    • Avoiding collateral damage
  •  News
    • Is Microsoft sharing Skype and Cortana audio with the Chinese?
    • Security tips for college students
    • Amazon Ring employees caught snooping
  • Contact Us – featuring people looking for jobs in information security
Opening

[Brad] Hey UNSECURITY Podcast listeners! This is episode 62 and the date is January 13th, 2020. I’m Brad Nigh, your host for today’s show. Joining me in studio is Ryan Cloutier and by phone is Evan Francen. Hi guys.

[Ryan & Evan] We’re welcoming fellas, so we’ll say “hi” or something here.

[Brad] Let’s catch up quick. How was your week and what’s going?

Catching Up Discussion

Who’s doing what?

  • Ryan’s first week at SecurityStudio.
    • What was it like?
    • Anything newsworthy or exciting?
  • Brad’s crazy week.
    • Most weeks are crazy. What was craziest?
    • What are you excited about?
  • Evan in Cancun.
    • Chillin’ or workin’?
    • How’s the book coming along?

[Brad] Cool. Good things last week and coming up this week.

Switching gears a bit. I want to discuss a topic that’s on many people’s minds; the conflict between the United States and Iran, and what effect it has on our daily information security/cybersecurity lives.

U.S., Iran, and Information Security Discussion

Very significant events have taken place over the past few weeks. Events that impact our world as we know it; politically, economically, and from an information security (or cybersecurity) perspective. Let’s stay out of the politics as much as we can and leave the economic discussion to the economics experts.

What I’d like to discuss is how these current events affect us with respect to information security. We should all be concerned about how these things affect our ability to protect ourselves, our families, our schools, our workplaces, and our local governments.

First a little background on the current events:

  • December 27th, 2019 – The K-1 Air Base in Iraq was attacked killing an American civilian contractor, injuring four U.S. service members and injuring two Iraqi security forces personnel. The U.S. blamed Iranian-backed militia for the attack.
  • December 29th, 2019 – The United States attacked five Hezbollah positions in Iraq and Syria resulting is an at least 25 killed militia members and another 55 wounded.
  • December 31st, 2019 – January 1st, 2020 – Hezbollah militiamen, their supporters and sympathizers attacked the U.S. embassy in the Green Zone of Baghdad. The United States blamed Iran and its non-state allies for orchestrating the attack. No deaths or serious injuries occurred during the attack and protesters never breached the main compound.
  • January 3rd, 2020 – A targeted U.S. drone strike killed the commander of the Islamic Revolutionary Guard Corps (IRGC) Quds Force, Qasem Soleimani. Soleimani was considered to be the second most powerful person in Iran.
  • January 8th, 2020 – The Iranian military launched numerous ballistic missiles at two airbases in Iraq. there were neither American nor Iraqi casualties. Hours after the initial Iranian missile attacks, a Boeing 737-800 (Ukrainian International Airlines Flight 752) crashed shortly after takeoff from Tehran Imam Khomeini International Airport, killing all 176 passengers on board. Iran initially claimed the cause of the crash was mechanical failure.
  • January 11th, 2020 – A video showing the moment Flight 752  was hit by an Iranian missile was published by The New York Times. The Iranian government was forced to admit that it “inadvertently” shot the plane out of the sky. A wave of anti-government protests have now emerged across Iran.

Phew! These are only the latest events in decades of conflict between the two nations.

So, back to the point of our discussion. I’d like us to share our opinions, and hear the opinions of our listeners this week. You know what they say about opinions, right?

  • What does it mean for information security?
  • What does it mean for you and me?
  • How can we avoid collateral damage?

Some sources of information to guide our discussion:

[Brad] Great discussion and plenty of healthy opinion. I think the same things hold true for us that have always held true:

  1. Focus on what you can do to protect your area of influence (your habits, at home, at work, etc.)
  2. Master the fundamentals. We can’t control what Iran or the United States does, but we can make it a little less likely that we’ll be a victim in all this.
News

Now for some (other) news. Here are three newsy things that caught our attention last week.

Closing

[Brad] OK, that’ll just about do it. Be careful out there.

One last thing before we close this show out. Are you or someone you know looking for a job in information security? If so, we’d love to hear from you and help out where we can. Email us at unsecurity@protonmail.com and we’ll chat.

If you’re the social type, socialize with us on Twitter, I’m @BradNigh, Ryan can be found at @CLOUTIERSEC, and Evan’s in his usual spot, @evanfrancen.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 61 Show Notes – 2020 Look Ahead

/in /by

Hello 2020! What do you have in store for us?

In last week’s episode, Brad and I discussed some of the crappy things from 2019. It’s no doubt, we’ve got a lot of work to do in this industry. Now, in this episode, we’re going to discuss some of the great things we did this year as an industry, and we’re going to look at what 2020 should have in store for us!

Exciting Announcements

We’re starting 2020 off right, and we have some cool announcements:

  1. Our good friend Ryan Cloutier has joined SecurityStudio!
  2. We’re writing a new book!
  3. I’m in Cancun (I guess this is sorta cool for me)!
Ryan Cloutier

If you’ve been listening to our podcast for a while, you might remember Ryan. He joined us on the show in episode 27, and again in episode 44. Ryan brings a wealth of knowledge, a refreshing perspective, and an unbridled passion for information security , and we’re jacked he’s on board! Ryan will be helping me and the rest of the SecurityStudio team reach K-12, local governments, and whoever else wants to get on board with establishing rock solid information security fundamentals.

New Book

I took off for my annual trip to Cancun yesterday (1/4) to begin writing our next book. This one will be co-written with Brad and probably Ryan too. The book is unofficially titled “Securing America” and it will provide an easy-to-use manual for building fundamental information security programs and habits in the most under-served areas; SMBs, local governments, education (K-12 and post-secondary), and home.

If you haven’t read my first book, I invite you to! You can either purchase it, or if you’re with us on our mission to fix the brokenness in our industry, contact me and tell me so. I’ll send you a free signed copy! P.S. I’m not publicizing this everywhere, so let’s see if your paying attention.

Cancun

Yeah, this is year three for this trip. Year one was spent writing UNSECURITY. Year two was spent starting a book that I shelved (for now) about information security for normal people. This year, I’m starting this book (referenced above) and we’ll publish it sometime in Q3/Q4 of 2020.

We’ll cover these things (above) and some of the good things from 2019 in this episode of the UNSECURITY Podcast.

Brad’s leading the show this week, joined in studio by Ryan Cloutier. I’m calling in from Mexico, and these are my notes.

SHOW NOTES – Episode 61

Date: Monday, January 6th, 2020

Show Topics:

Our topics this week:

  • Opening
    • Exciting News.
    • 2019 in review, some of the good things.
    • What we expect 2020 to bring us.
  • Closing
Opening

[Brad] Welcome to the first UNSECURITY Podcast episode of 2020! We’ve got a jam-packed show for you today. It’s Monday, January 6th, 2020, and I’m Brad Nigh. Joining me in studio is the newest member of our team, Ryan Cloutier. Welcome Ryan!

[Ryan] Ryan does Ryan. Would you expect anything different?

[Brad] Joining us by phone from Cancun, Mexico is my usual co-host, Evan Francen. Hi Evan.

[Evan] I do me.

[Brad] Probably says something about Cancun and how he should be here too, or instead or me. Maybe he’ll ask about the weather, maybe not.

[Brad] Well, let’s get started. We have a ton of stuff to talk about today. Let’s start off by talking about you Ryan. Today is day #1 at SecurityStudio, right?

[Ryan] Says stuff.

Exciting News – Welcoming Ryan

Quick discussion and welcome.

  • Questions that may come up:
    • What will you be doing at SecurityStudio?
    • What made you want to come to SecurityStudio?
    • What are some of the challenges that lie ahead?
  • We’re pumped that Ryan’s onboard, and we’re looking forward to great things!

[Brad] Alright, Evan’s down in Cancun starting another book. He’s getting it started, and rumor has it that I and you (Ryan) will be co-writing this sucker!

Exciting News – Another Book

Quick discussion about this upcoming book.

  • Questions that may come up:
    • What’s the point for this book?
    • Who’s the audience?
    • What’s it like to write a book?
    • When can I get a copy?
  • We’re jazzed about this book because it’s a way to get the word out and make an impact on people’s lives. The fact that it’s going to be a collaboration between the three of us makes it extra exciting!

[Brad] Alright, some cool things to look forward to in 2020 and beyond! Let’s take a quick look back at 2019 and find some positive news. As infosec people, we sometimes get caught up in the bad news, but there are many good things happening.

2019 in Review – Good Things

[Brad] I think I speak for both Ryan and Evan when I say that we love this industry. There’s plenty of brokenness, but the people in this industry are amazing! Evan has a say that he uses a lot; “information security isn’t about information or security as much as it’s about people.” Using this as a segue, what good things happened in 2019 that we can be proud of?

Some things to discuss (in a positive light):

  • Is the information security industry more diverse now than it was at the beginning of 2019?
  • How are the job prospects for information security practitioners?
  • Are people more aware of information security?
  • Are CISOs emerging as real business leaders in greater numbers?
  • Is there improved collaboration among information security professionals?
  • More people are beginning to focus on fundamentals.

[Brad] Let’s focus on progress in 2020 and we should each be asking ourselves:

  1. Am I making a positive difference?
  2. Are my motives focused on greater good or selfish greed?
Closing

[Brad] OK, no news for today’s show. We’ve discussed plenty and we’re looking forward to another great year! We’re also wishing the best for all our listeners. Let’s kick some ass together in 2020!

That’s a wrap for today’s show. Thank you and welcome to the family Ryan. Evan, stay out of trouble.

Next week, we’ll start to devote 10 minutes out of every show to help someone who’s looking for a job or career change. If you’re one of these people, get in touch with us and we’ll feature you as a guest on future episode.

Get in contact with us through email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh, Ryan can be found at @CLOUTIERSEC, and Evan’s in his usual spot, @evanfrancen.

That’s it! Talk to you all again next week!