UNSECURITY Episode 129 Show Notes

We have another great guest for episode 129, and we’re excited to get his take on things!

Special Guest – Ron Woerner

In this episode of the UNSECURITY Podcast, we’re joined by another good friend of ours, Ron Woerner.

Ron and I (Evan) first met at the RSA Conference last year (2020) after being introduced to each other by Ryan Cloutier, another good friend. Ron is a no nonsense, plain English-speaking information security expert with a heart for helping people from all walks protect themselves better. I love this guy and I’m excited to chat with him on the show!

Things about Ron:

We’re in for a treat in this episode!

Other Guests – Past, Present, and Future
  • Episode 128 Special Guest – Roger Grimes (0n 4/20)
  • Episode 129 Special Guest – Ron Woerner (this week)
  • Episode 130 Special Guest – John Strand (on 5/4)
    • Believe it or not, I have never met John in person. Despite running in some of the same circles for many years, this will be the first time I meet him.
    • John also has a laundry list of accomplishments. He’s the Founder and Owner of Black Hills Information Security, Senior Instructor with the SANS Institute, teaches SEC504: Hacker Techniques, Exploits, and Incident Handling; SEC560: Network Penetration Testing and Ethical Hacking; SEC580: Metasploit Kung Fu for Enterprise Pen Testing; and SEC464: Hacker Detection for System Administrators. John is the course author for SEC464: Hacker Detection for System Administrators and the co-author for SEC580: Metasploit Kung Fu for Enterprise Pen Testing. He’s also presented at the FBI, NASA, NSA, DefCon, and lots of other places.
  • Episode 131 Special Guest – Chris Roberts (on 5/11)
  • Episode 132 Special Guest – Gabriel Friedlander (on 5/18)

Lots of GREAT conversations with lots of GREAT information security folks!


SHOW NOTES – Episode 129 – Tuesday April 27th, 2021

Recorded Monday April 26th, 2021

Opening

[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 129, and the date is April 27th, 2021. Joining me is my good friend, solid partner, and and top infosec expert Brad Nigh. Welcome Brad!

Also joining the UNSECURITY Podcast is our special guest, Mr. Ron Woerner! Welcome Ron. It’s an honor to have you on our show!

Introducing Ron Woerner

It’s great to have Ron on our show! He gets information security and he always has an interesting perspective on things.

  • Open Discussion.
  • Top of mind things.
  • Current projects.
  • Current events.

Pretty sure we’ll get to talk about Ron’s talks at RSA, his work/lectures at Bellevue University, social engineering things, information security as a life skill, and other goodies!

News

We’ll probably skip news in this show. Guessing that Brad, Ron, and myself will have no problem filling the entire show with good discussion.

Wrapping Up – Shout Outs

Who’s getting shout outs this week?

Thank you to all our listeners! HUGE thank you to Ron for joining us. If you have something you’d like to tell us, feel free to email the show at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh.

Ron can be reached on LinkedIn, Twitter (@RonW123), and other places he’ll probably share during the show.

Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure.

That’s it. Talk to you all again next week!

…and we’re done.

UNSECURITY Episode 128 Show Notes

Oh boy. Chalk last week up as “the lost week”.

I live in a suburb of Minneapolis, Minnesota (MN). The same Minneapolis, MN where George Floyd died last May, sparking civil unrest around the world. The same Minneapolis, MN where the eyes of the world are anxiously awaiting the verdict in the trial of former police officer Derek Chauvin, charged with second-degree murder in George Floyd’s death. The same Minneapolis, MN where Daunte Wright lost his life on April 11th, at the hands of 26-year veteran police officer Kimberly Ann Potter.

Minneapolis seems like ground zero for crazy.

Me being me, I don’t like when things don’t make sense. Despite knowing it’s best to let some things go, I decided to embark on a journey of self reflection and sense-making.

The result?

I learned how I process things. I learned I love people. I learned I’m not crazy. I learned we have significant problems facing our society, and not enough people willing to solve them. Even worse, the leaders we elect to solve problems, selfishly use problems to score popularity points and ignorant votes. If our leaders wanted to solve problems, they would. Simple as that.

More to come, but we have a podcast to do!

Special Guest – Roger Grimes

In this episode of the UNSECURITY Podcast, we’re joined by a good friend, a bona fide information security authority, renowned author (of 12 books), and all around awesome human being, Roger Grimes. This is a man I respect deeply and hold in very high esteem. We are information security kindred spirits in a way, and we’re honored to welcome him on our show!

Things about Roger:

  • LinkedIn Profile – https://www.linkedin.com/in/rogeragrimes/
  • Information technology and/or information security expert since the mid-late 1980s
  • Written more than 1,200 national magazine articles on information security and was the weekly computer security columnist for InfoWorld/CSO magazines from 2005 to 2019
  • His “goal in life is to get more people and companies to use data and the scientific method to improve their computer security.” He goes on to state, “If I leave this world without having made the Internet a safer place for all people to compute, I have failed.See, my kind of guy!
  • Spent more than 11 years as Microsoft’s Principal Security Architect.
  • Written 12 books (and working on two now), including:
    • Hacking Multifactor Authentication
    • Cryptography Apocalypse
    • A Data-Driven Computer Defense
    • Hacking the Hacker
    • Malicious Mobile Code
    • And more…

Seriously dig this guy, and pumped that he’s joining us this week!

Other Guests Coming

Roger is our first special guest in a series of special guests. We might keep hosting special guests indefinitely. Here’s what’s coming soon:

  • Episode 129 Special Guest – Ron Woerner
    • I met Ron through my good friend Ryan Cloutier, and I’m very grateful for it.
    • Ron has a laundry list of accolades. He’s the CEO and President of Cyber-AAA, Professor of CyberSecurity Studies at Bellevue University, featured speaker at the RSA conference for more than 12 years, and much more.
  • Episode 130 Special Guest – John Strand
    • Believe it or not, I have never met John in person. Despite running in some of the same circles for many years, this will be the first time I meet him.
    • John also has a laundry list of accomplishments. He’s the Founder and Owner of Black Hills Information Security, Senior Instructor with the SANS Institute, teaches SEC504: Hacker Techniques, Exploits, and Incident Handling; SEC560: Network Penetration Testing and Ethical Hacking; SEC580: Metasploit Kung Fu for Enterprise Pen Testing; and SEC464: Hacker Detection for System Administrators. John is the course author for SEC464: Hacker Detection for System Administrators and the co-author for SEC580: Metasploit Kung Fu for Enterprise Pen Testing. He’s also presented at the FBI, NASA, NSA, DefCon, and lots of other places.

We’re finalizing details with guests for episode 131 and 132 too. Lots of GREAT conversations to come!

Let’s get right to it, show notes for episode 128 of the UNSECURITY Podcast…


SHOW NOTES – Episode 128 – Tuesday April 20th, 2021

Recorded Friday April 16th, 2021

Opening

[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 128, and the date is April 20th, 2021. Joining me is my good friend, great guy, and infosec expert Brad Nigh. Welcome Brad!

Also joining the UNSECURITY Podcast is our special guest, Mr. Roger Grimes! Welcome Roger. It’s an honor to have you on our show!

Introducing Roger Grimes

Some of our listeners may not know Roger. That’s about to change! He has a fascinating information security mind, and we’re all sure to learn some things.

  • Open Discussion.
  • Top of mind things.
  • Current projects.
  • Current events.

Roger and I first met through a friend, Steve Marsden, a few years ago. Almost immediately it became clear that we see information security the same way. Soon after our first conversation, I flew out to see Roger give his talk at the RSA conference and have lunch with him and his wife. It confirmed that he is the “real deal” and I flew on to my next destination immediately after lunch. Since then, we’ve kept in touch, and he even served on SecurityStudio’s board of directors for a time.

This will be a fun conversation, guaranteed!

News

We’ll probably skip news in this show. Guessing that Brad, Roger, and myself will have no problem filling the entire show with good discussion.

Wrapping Up – Shout Outs

Who’s getting shout outs this week?

Closing – Thank you to all our listeners! HUGE thank you to Roger for joining us. If you have something you’d like to tell us, feel free to email the show at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. Roger, where would you like people to connect with you? (his Twitter handle is @rogeragrimes). Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure. That’s it. Talk to you all again next week!

…and we’re done.

UNSECURITY Episode 126 Show Notes

Here we are, time for another episode of the UNSECURITY Podcast.

I came across another interesting article this week, “15 Cybersecurity Pitfalls and Fixes for SMBs“. I have a heart for underserved markets, and small to mid-sized businesses (SMBs) are certainly an underserved (or poorly served) market.

NOTE: The other underserved markets I’m especially interested in are state/local government, education (higher education & K12), and individual consumers.

This is a perfect time to talk about SMB information security. As we come out of COVID (Lord, I hope we are!), more and more SMBs are getting back on their feet. As they start on this next (or first) chapter of their SMB journey, it’s imperative they take information security seriously and do things right. The last thing anyone (except for attackers) wants is to start building/rebuilding a business with limited resources only to lose everything from an attack.

Looking forward to dissecting this with Brad on this episode!

Let’s get right to it, show notes for episode 126 of the UNSECURITY Podcast…


SHOW NOTES – Episode 126 – Wednesday April 7th, 2021

Opening

[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 126, and the date is April 7th, 2021. Joining me is my good friend, great guy, and infosec expert Brad Nigh. Welcome Brad!

Another good show today. We’re gonna talk about this article I came across the other day. The title of the article is “15 Cybersecurity Pitfalls and Fixes for SMBs”.

15 Cybersecurity Pitfalls and Fixes for SMBs

This article features a roundtable discussion between Timur Kovalev, CTO of Untangle, Erich Kron from KnowBe4 and Greg Murphy, CEO of Order. They give their take on what SMBs think about information security, the common mistakes they make, and how to do thinks better.

As you know, we have no shortage of information security “experts” in our industry. Let’s see if we agree, disagree, and/or have something to add to this discussion.

  1. Think they’re too small to be a target.
  2. Haven’t made a thorough asset inventory assessment.
  3. No network segmentation.
  4. Ignore fundamentals.
  5. Haven’t done a business risk evaluation.
  6. Insecure digital assets.
  7. Don’t know what “normal” activity looks like.
  8. No 2FA.
  9. Misconfigured cloud servers/confusion about move to the cloud.
  10. User security training.
  11. Haven’t evaluated their threat to the supply chain.
  12. Lack of business continuity plan.
  13. Aren’t thinking strategically about asset allocation and budgeting.
  14. Failing to backup.
  15. Lax patching.

NOTE: This is not our list, this is the list from the article.

If you had to pick your 15 most common information security mistakes made by SMBs, what would you pick? This will be a good discussion!

News

As of 9:15AM on 4/5/2021, the number of registered students in the FRSecure CISSP Mentor Program is 5,618!

Three interesting news articles this week:

Wrapping Up – Shout Outs

Good talk. Thank you Brad, and thank you listeners!

Who’s getting shout outs this week?

Closing – Thank you to all our listeners! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure. That’s it. Talk to you all again next week!

…and we’re done.