Look, if you thought things were messed up in cybersecurity when I wrote UNSECURITY back in 2019, buckle up—because they’re worse. Much worse. Despite pouring billions of dollars into tools, frameworks, and “solutions,” we’re still losing. Breaches keep happening, hackers keep winning, and the industry keeps spinning its wheels, pretending everything’s fine. It’s not fine. And I’m not here to sugarcoat it.
That’s why Oscar Minks—my partner in crime, president of FRSecure, and all-around badass—and I are dropping UNSECURITY 2.0. This isn’t a sequel for the sake of nostalgia or a pat on the back. It’s a brutal, no-holds-barred look at why information security is still failing, who’s to blame, and what the hell we can actually do about it. If you’re tired of the same old industry bullshit, vendor hype, and compliance theater, this book is for you. If you’re not, well, maybe it’s time to wake up.
What’s UNSECURITY 2.0 About?
This isn’t some fluffy guide on how to tweak your firewall settings or deploy the latest AI-powered buzzword tool. That’s not the problem, and you know it. We’re digging into the real reasons security is broken: the original sin of building systems for convenience, not safety; the accountability vacuum where no one gets punished for screwing up; the incentive problem where vendors profit more from your fear than your safety; and the endless cycle of doing the same stupid things and expecting different results.
We’re calling out the language barriers that keep business leaders and security pros from even agreeing on what “security” means. We’re exposing the compliance theater that lets companies check boxes instead of managing risk. And we’re smashing the myth that people are the problem—spoiler: it’s not your employees clicking phishing links, it’s the systems and leadership failing them.
Who Should Read This?
If you’re a CISO or vCISO who feels like you’re shouting into the void, this book will give you ammo. If you’re a security practitioner sick of reacting to breaches instead of preventing them, you’ll find a roadmap. If you’re a business leader frustrated by security costs with no clear ROI, we’ve got answers. And if you’re just someone who gives a damn about fixing this mess—whether you’re a policymaker, researcher, or regular person—this book will challenge everything you think you know.
This isn’t for the faint of heart. We’re going to piss some people off. Vendors, consultants, and execs who thrive on the status quo might not like what we have to say. Good. If it makes you uncomfortable, it means we’re hitting the mark.
What You’ll Get Out of It
You’ll walk away understanding why security is still a dumpster fire—hint: it’s not just hackers. You’ll see risk, complexity, and accountability in a new light. Most importantly, you’ll get a no-BS plan for breaking the cycle and actually starting to fix things. We’re not here to make friends; we’re here to tell the truth. If that scares you, put the book down. If it excites you, let’s get to work.
Why Now?
The stakes are higher than ever. Ransomware is shutting down hospitals and pipelines. Supply chain attacks like SolarWinds and Log4j are exposing how fragile our digital world is. And yet, we’re still arguing over definitions, hiding behind audits, and hiring for certs instead of talent. Enough is enough. Oscar and I have been in the trenches since I founded FRSecure in 2008, and we’re not just pointing fingers—we’re offering solutions.
A Warning
This book is candid as hell. We’re critical of the industry, and some of you might get defensive. That’s your problem, not ours. Check your feelings at the door and focus on the logic. If you can’t handle the truth, stick to the vendor whitepapers and feel-good webinars. But if you want real change, grab a copy when it drops.
Stay tuned for the release date—we’re finalizing the manuscript now, and it’s going to hit hard. In the meantime, check out the original UNSECURITY if you haven’t already (https://www.amazon.com/Unsecurity-Information-security-failing-epidemic/dp/164343974X). Same spirit, bigger stakes.
Let’s stop losing. Let’s start fixing.
—Evan Francen
Will the new book have a suggestion that everybody should go back to on-Prem solutions as a best cybersecurity practice?
I’m waiting for that sea change right after all the power grid sucking, ground water ruining, server farms are built every direction from my house, as that seems to be the way government influenced sector decisions go.
Looking back on the past 30 years, I feel like the cloud based, SaaS movement was for all the wrong reasons, and the F500 & SLED CISO’s, DA’s, Chiefs of Police, Sheriffs, that all slammed their fists and said something along the line of “over my dead body will I allow our critical information leave these four walls…”, that I dealt with were right, as now a thousand cyber companies have launched for security in the cloud?!?!
You have a great perspective on this IMO! I won’t be holding anything back in this book, that’s for sure. 🙃