The UNSECURITY Podcast – Episode 39 Show Notes

HAPPY FRIDAY! You made it through another week. Did you survive or did you thrive? Hmm. Something to think about, I suppose.

Good week here for me, the folks at FRSecure and the folks at SecurityStudio. Most weeks are good weeks really.

I was in town all week, but not in the office too much. Came in for meetings, then excused myself for more writing. Most of my days are consumed by writing lately. Writing a few blog posts, a few articles, and working on the upcoming book.

I’ll leave it at that for now. Many exciting things to share, but we’ll be patient and let them take a little more shape before sharing.

Did you catch episode 38 of the UNSECURITY Podcast? John Harmon, the president of SecurityStudio was in studio and we had a great chat. John and I are working well and working closely together. It’s a blast!

This week’s show, episode 39, is a real treat. “Ben” comes back in studio to give us the lowdown on what he’s been up to. I’m excited for you to hear what he’s got to say. This show is released on Monday (8/5), so be sure to look for it!

On to the show notes…


SHOW NOTES – Episode 39

Date: Monday, August 5th, 2019

Today’s Topics:

Our topics for the week include:

  • Conversation with “Ben”
    • Research
    • Responsible Disclosure
    • Social Engineering (SE) Things
    • Team Ambush
    • DEF CON
  • Industry News

[Evan] – Hello listeners, and welcome to episode 39 of the UNSECURITY Podcast. My name, for those of you who don’t know, if Evan Francen. I’m your host for today’s show, again. Scheduling stuff for security people is always a pain in the ass, and this week is no different. We’re recording this show on Friday because I’m out of the office next week. This is still Brad’s vacation, so he’s out of hand for hosting. All this means that I get to host again! That’s cool, right?!

Brad will be back next week, and he’ll have a great show planned I’m sure.

Now, you don’t want to sit there and listen to this voice for an entire show, so I invited someone last minute to join me. I found “Ben”! Want to say hi to the listeners Ben?

[Ben] Ben does Ben.

[Evan] Ben, thank you for agreeing to join me, especially last minute like this.

[Ben] Ben does Ben.

[Evan] Ben’s not your real name, right? So why do we call you “Ben”?

[Ben] Ben does Ben.

[Evan] You were here back in episode 14 (February 11). It was a great talk then, and this one will certainly be as good or better. Ben, you live a damn cool life, at least as it goes for security people. You cool if we talk about some of the things going on with you?

[Ben] Ben does Ben.

Conversation with “Ben”

Topics to discuss with Ben include:

  • Research
  • Responsible Disclosure
  • Social Engineering (SE) Things
  • Team Ambush
  • DEF CON

[Evan] See, I told you. Ben does cool stuff, and a lot of it! We could have talked for hours, but we can’t do that here. Let’s close with some news.

Industry News

Plenty of news this week, but arguably the most talked about is the Capital One breach. Instead of what’s in your wallet, now the joke is “who’s” in your wallet. Seriously though, this was big news this week.

Here’s our news to discuss in this week’s show.

Closing

[Evan] – So, there you go. That’s how it is. Ben, a huge thank you for joining me this week. Best of luck to you and all of Team Ambush this week at DEF CON. You’re going to have a great time and I can’t wait to hear how things went. Also, as always, thank you to our listeners. The podcast continues to grow and we’re grateful. Keep the awesome feedback coming, send it to unsecurity@protonmail.com. If you give us something real cool, we’ll mention it. Without your approval of course. Wait. That’s not right. I mean WITH your approval.

If you’d like to be a guest on the show or if you want to nominate someone to be a guest, send us that information too.

Ben, how can people reach out to you? Or do you even want people to reach out to you?

[Ben] People can reach me through Twitter. My Twitter handle is @M1ndFl4y. I don’t post much, but you can reach me through a DM there.

[Evan] OK. Thanks again. Find us on Twitter for daily chatter. I’m @evanfrancen and Brad’s @BradNigh. Have another great week everybody!

The UNSECURITY Podcast – Episode 35 Show Notes

Happy (belated) Birthday America!

Hope you all had a great 4th of July holiday! Both Brad and I (sort of) took the week off last week. We got some much needed rest for the 2nd half 2019 push. Brad spent time with his family, catching some huge fish with his kids. I made a road trip on my bike from Minnesota to Ohio. My wife and 14-year-old daughter joined me and we spent the week celebrating our great country.

This slideshow requires JavaScript.

The first half of 2019 has been wildly successful on multiple fronts, and both Brad and I are grateful.

I left Brad alone this week. I didn’t even reach out to him for our podcast show notes, so I’m not sure if he was planning to write some. Out of respect for his time away from the office, I’m writing this week’s notes.

Haven’t run this past Brad yet, but I think we’ve got the next three shows planned. We’ll see if he’s game. Here’s my plan:

  1. This week (episode 35) – Transfer of Wealth
  2. Episode 36 – The Money Grab
  3. Episode 37 – Project Bacon

Are you intrigued? Yeah, maybe.

OK, let’s get to it…


SHOW NOTES – Episode 35

Date: Monday, July 8th, 2019

Today’s Topics:

  • Civic Duty? – An update
  • Transfer of Wealth
  • News

[Evan] Hi everyone, this is Evan Francen, your host for episode 35 of the UNSECURITY Podcast. Welcome back from last week’s 4th of July holiday. My security bestie, Brad Nigh is joining me. He’s my co-host and stuff.

Welcome Brad.

[Brad] Brad probably greets me/us here. Assuming that he’s polite and engaged.

[Evan] How was your week off?

[Brad] Brad shares stuff about his time off.

[Evan] I’ll share some brief things about last week.

The meat of the show starts here.

[Evan] Over the past couple of weeks, we’ve been talking about ransomware. We haven’t been talking about the technical details related to how ransomware works because the attack vector essentially hasn’t changed drastically over the past, I don’t know, 20 years!

What we’ve been focused on is the destruction that ransomware is causing organizations, specifically local government organizations. We talked about cities that are suffering millions in losses and those that have chosen to pay ransoms to attackers. These things really strike a nerve in us, and we’ve encouraged people to do something about it.

For reference, see other related posts in chronological order:

Let’s catch up quick on this Brad.

Open Discussion – Civic Duty? – An update

[Evan] So, before we get too heated and deep into the ransomware discussion again, let’s talk a little about the money. The money in terms of how much attackers steal from us and in terms of how much money we steal from each other. We call the latter the “money grab”.

[Brad] Let’s do it! (and other stuff probably.)

[Evan] I was revisiting some of the research about our industry this week, and I wanted to talk about two things.

  1. The transfer of wealth – the money the attackers steal from us.
  2. The money grab – the money we steal from each other, or maybe “spend” is more politically correct.

We won’t have enough time to discuss these two topics with any depth in one show, so we we’ll need to split this up across multiple shows. Whatever, let’s discuss what we can now.

[Brad] Sounds good (hopefully).

[Evan] According to a study/predictions conducted/made by Cybersecurity Ventures, “Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades.” You’ve seen this study, right?

[Brad] Oh yes, of course!

[Evan] We know the source of the study, so we need to take it with a grain of salt, but listen to some of the claims:

  • Cybercrime is the greatest threat to every company in the world, and one of the biggest problems with mankind. The impact on society is reflected in the numbers.
  • In August of 2016, Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.
  • Cyberattacks are the fastest growing crime in the U.S., and they are increasing in size, sophistication and cost.

Let that sink in a little. Are these numbers and claims accurate in your opinion. Do these numbers and claims just feed our scare tactics? Let’s discuss.

Open Discussion – Money – Transfer of Wealth

[Evan] Good talk Brad! We certainly have our share of opinions on this. Let’s hold off on the “money grab” discussion until next week, then we’ll contrast these issues. Sound good?

[Brad] He’ll agree because he’s a very agreeable man.

[Evan] Just two newsy things this week. We’ll cover them quick.

News

Just two quick stories today.

Closing

[Evan] That’s how it is. Thanks again to our listeners and thank you Brad! Have a great week friends. Don’t forget, you can follow me or Brad on Twitter; @evanfrancen is me, and Brad’s at @BradNigh. Email us on the show at unsecurity@protonmail.com if you want to be one of the cool kids.

The UNSECURITY Podcast – Episode 34 Show Notes

Happy Friday!

2019 is almost half-gone. The midpoint is coming next Monday/Tuesday, and that’s crazy to me. Hard to believe that half the year is already gone, but holy cow it’s been a good first half!

Hope yours was too!

Lots of things happening as usual, but I’ll spare you the details and get right into this week’s show. My (Evan) show this week, so my notes. 😊


SHOW NOTES – Episode 34

Date: Monday, July 1st, 2019

Today’s Topics:

  • “Let’s get real”
  • News

[Evan] Hi everyone, this is Evan Francen, your host for episode 34 of the UNSECURITY Podcast. Joining me is my right-hand man, Brad Nigh. Good afternoon Brad!

[Brad] Spews wisdom, the kind you can’t find anywhere else…

[Evan] If you were paying attention to the opening, you might have heard me say “afternoon”. That’s because we’re recording on Friday afternoon for Monday’s release. Both Brad and I will be out of the office next week doing some vactiony things. Right Brad?

[Brad] Spews more wisdom. He’s a wisdom spewer.

[Evan] Should we share our vacation plans or should we keep ‘em confidential? We tell others to keep vacation stuff non-public for privacy and safety reasons, so maybe we should follow suit. Whatya think?

[Brad] Brad confirms because of he’s like a wisdom volcano. Hot wisdom.

[Evan] So the last few weeks, we’ve talked about ransomware attacks.

A couple of weeks ago we talked about ASCO, the Belgian aircraft parts maker that was hit with ransomware and lost production for some undisclosed amount of time (globally, so likely lacking proper network segmentation/isolation as well as proper response processes). That news has sort of died out.

Last week we discussed the City of Riviera Beach and how their city council voted unanimously to pay the $600,000+ ransom. This one ticked me off. So, I wrote a blog post about it; DON’T SUCK – STOP PAYING RANSOMS.

We also talked about the fact that we’re not powerless to stop these things, so that prompted another blog post; ASK QUESTIONS – GET ANSWERS (HOPEFULLY). We discussed in reaching out to our local government officials in episode 33, so I gave instructions on how to do so (including an email template). Some people reached out to their local governments and shared their responses! To those who did this, kudos and thank you for making a difference.

Next, we read about another Florida city (Lake City) that voted to pay the ransom. Sunnuva!

So, what did I do? I wrote yet another blog post; CALL TO ACTION – DO SOMETHING ABOUT CIVIC RANSOMWARE. I also reached out to one of our local news stations. The declined the story. No skin off my back, but when are we going to get serious?!

My reply:

“OK. I’d expect the next one to hit within a week. Cities are under siege right now. Have a great weekend and 4th of July!”

All of this leads us to now. The good: there are good people who want to help. The bad: most don’t seem to give a rat.

My question for our discussion is:

Do people even want to be secure?

Open discussion.

[Evan] Good talk. Jason Dance, one of our loyal listeners had some good advice to share:

  1. The same things apply at schools. Reach out to schools and ask questions too.
  2. If you don’t get answers:
    • Ask during a town/city meeting.
    • File a FOIL for the specific information.
    • Ask by Facebook/Twitter/Other social media.

Awesome advice! Thank you, Jason.

We must get our sh_t together, or the pain will only get worse. Now for some news.

News

Just two quick stories today.

Closing

[Evan] That’s how it is! Thanks again to our listeners and thank you Brad (the wise)! Hope you have a wonderful week and a safe 4th of July. God bless America for crying out loud! Don’t forget, you can follow me or Brad on Twitter; @evanfrancen is me, and Brad’s at @BradNigh. Email us on the show at unsecurity@protonmail.com if you want to be one of the cool kids.

The UNSECURITY Podcast – Episode 33 Show Notes

Brad is leading this week’s show, but it’s NOT his fault that I didn’t get the show notes posted until now (Sunday).

As always, I hope everyone/anyone reading this had a great week last week. I believe that every week holds something special if you look for it with the right frame of mind.

I got back to writing the 2nd book last week, finally. I’m behind on getting this thing done. In case you didn’t know, I’m in the middle of writing a 2nd book right now. This book is “information security for normal people” for lack of a better title. I’m excited and happy to be back working on it again.

Lots of other cool things last week too. I’ll just pick two for now:

  1. Managers were in town last week for their quarterly strategy meetings. I don’t really participate in the meetings, but I do get to see the people who come in from out of town! Seeing Oscar Minks (Director of Technical Services from Kentucky) and Tyler Briggs (Project Management Team Lead from Florida) is always awesome!
  2. We secured two panelists for the upcoming Hacks & Hops event on September 19th. The event is titled “BREACHED! What to Do When Your Defenses Fail“. Seriously, check this out! Mark Lanterman (Chief Technology Officer of Computer Forensic Services) and Chris Roberts (Chief Security Strategist for Attivo, Advisor for Cympire, OverWatchID, HHS and others…) will both be on the panel! So friggin’ pumped about this. These guys are the real deal and it’s an honor to be on the same stage with them.

If you don’t have tickets already for Hacks & Hops, you better get them soon. This thing is definitely going to sell out! Watch for more announcements soon.

OK, that’s enough. I need to get to it. Here are Brad’s show notes!


SHOW NOTES – Episode 33

Date: Monday, June 24th, 2019

Today’s Topics:

  • More Ransomware – City Riviera Beach
  • News

[Brad] Good morning! This is Brad Nigh, and this is episode 33 of the UNSECURITY Podcast. I actually did my part and got show notes prepped and ready this week.  With me as usual is Evan Francen, good morning Evan.

[Evan] Says Evan things

[Brad] I had our offsite VTO last week which is also so amazing.  It is recharging despite being a lot of work, if that makes sense.  I’m also wrapping up the IR I had, but we had yet another one come in last week, this one was a web app that a client found a vulnerability in (the exposed the DB to the internet, not just the app, among other things).  So with that lead in,  How was your week last week Evan?

[Evan] Starts getting riled up

[Brad] This week we are jumping right in to the discussion because this is a topic we are both very passionate about and want to spend some time discussing.  We are going to talk about the Riviera Beach City Ransomware incident today.

Open discussion about the Riviera Beach City Ransomware

Reference Riviera Beach City ransomware articles:

[Brad] I didn’t do a lot of extra news stories this week but I wanted to include these two because of their relevance to our topic today.

News

Closing

[Brad] That’s a wrap! Thanks again to our listeners, and thank you Evan! Let’s go have a great week! Don’t forget, you can follow me or Evan on Twitter; @BradNigh is me, and Evan’s at @evanfrancen. Email us on the show at unsecurity@protonmail.com.

The UNSECURITY Podcast – Episode 32 Show Notes

Heyo! It’s Friday again. Actually, it’s Sunday because I’m late. Oh well.

I/we (speaking for Brad too) hope you had a great week!

It was another crazy, but awesome week around here (@FRSecure and @SecurityStudio). Let’s see if I can give you a quick recap without boring you to death. I kid, you won’t actually die.

Monday – Meeting day. Monday’s are always meeting days at the office. The good; we all get to see each other and catchup with life. The bad; meetings. Who likes meetings? In our case, the good FAR outweighs the bad, and I’ll take it!

Tuesday – The highlight of Tuesday was attending the Star Tribune Minnesota 150 Top Workplaces luncheon. CONGRATS FRSecure! Several of us were able to attend the event. Check out the pictures!

This slideshow requires JavaScript.

I LOVE working with the people at FRSecure and SecurityStudio. It’s a great honor and privilege. Brad wasn’t there, even though he’s a tremendous part of our success. He was back at the office working on another IR.

Wednesday – A focus day. A focus day consists of focus time. Everyone needs focus time on a periodic/regular basis. It’s healthy. In the evening, we celebrated the end of the 2019 CISSP Mentor Program by hosting a free BBQ dinner for all local students. The 2019 CISSP Mentor Program was an amazing success; this new crop of information security pros is going to be great!

One of the students already passed his CISSP exam!

Thursday – Led a client’s first incident response tabletop exercise (ever) with FRSecure’s very own vCISO Team Lead, Megan Larkins. Occasionally I get the opportunity to work on something with one of FRSecure’s analysts, and it’s always a great experience for me. The client seemed to like it too!

Here’s a quote from the client’s email to us late Thursday/early Friday:

Hello Evan and Megan,

Thank you, the time you spent with us yesterday was exceptional. I felt a lot was accomplished and everyone was appreciative of your ability to teach without judgment. %COMPANY%  has a way to go but with great vendors like FRSecure, the path forward isn’t as difficult.”

Megan and I had a great time! Quick side note, for lunch we went to the place called D-Spot. It’s a place that’s known for their wings, and there are 50 or so different flavors to choose from. Here’s some of their flavors:

  • Ben Grimm
  • Kamikaze
  • War Machine
  • Widow Maker
  • Iron Maiden
  • Goat’s Blood
  • Tarantula
  • Incredible Hulk
  • El Loco
  • Rougarou

I went with something named “Brimstone”. I like hot stuff. I really like really hot stuff.

Took a bite. It started out sweet, then wait for it…

HOLY HELL WHAT IS HAPPENING TO MY TONGUE?!

WHY ARE MY EYES SWEATING?!

IS THAT A CRAMP IN MY ESOPHAGUS?! WHAT THE HELL IS A CRAMP IN MY ESOPHAGUS?!

JESUS, IS THAT YOU? ARE YOU MAD AT ME? I’M SORRY.

Poor Megan watched me progress from happy to concerned to sadness to panic to blackout and back. She looked genuinely concerned for my well being, but I came back to reality after a bit.

Only three more wings to go…

 

Needless to say, I finished all four of these death morsels from the center of the earth. Paid up front and paid again at about 8pm that night (no details available). My wife tells me, “you’re such a smart guy, so why do you do such obviously dumb things?”

She’s got a point.

Friday – Got the email above on Friday. Friday was another good day. Started with a ride, then a strategy meeting, the weekly FRSecure BBQ, and FRSecure Hawaiian shirt day.

The ride

Hawaiian shirt day

This slideshow requires JavaScript.

Seriously, what’s not to love about all this. We do security, sure, but what good is security without life? Do life first!

Crap, almost forgot about the show notes…


SHOW NOTES – Episode 32

Date: Monday, June 17th, 2019

Brad’s busy. Like, really busy. He’s been tied up all week working on an incident response (IR), so my notes (Evan).

Today’s Topics:

  • Security standards
  • ASCO Ransomware
  • News

[Evan] Happy Monday! This is Evan Francen, and this is episode 32 of the UNSECURITY Podcast. Brad was supposed to lead today’s show, but he’s been tied up with incident response work. Ain’t that right Brad?

[Brad] Queue Brad.

[Evan] We’ve got a good show planned for you today, so let’s get to it.

[Brad] Queue Brad (again).

[Evan] I had some good thinking time this weekend. One of the things that I was thinking about was the use of standards in our industry. There’s a boatload of them. ISO, COBIT, NIST SPs, etc. What do we use standards for?

[Brad] Queue Brad (again).

Open discussion about information security standards.

[Evan] We got an email from one of our listeners this past week that I’d like to talk about.

Hey Evan and Brad,

I have been a listener from the beginning of your podcast and just came across this news item from my home country:

https://www.helpnetsecurity.com/2019/06/13/asco-ransomware-attack/

To me this is weird, the HR manager being the PR person after a big cyber incident? I did a quick look on linkedin but could not find anyone in the company with “security” in their title.

Next thing: I look into the profile of the IT director, since security is sometimes put under IT. But on his profile I can not see any “indicators” that this guy might have any security qualifications or experience in the field.

So this company has have to give all 1500 employees “technical unemployment” and keep extending the end date of this unemployment.

They don’t really communicate on what actually happened, they don’t talk about ransomware either.

At this moment I am pretty confident that my incident response plan is way better than theirs, and we are a small non-profit media company with about 100 employees.

Open discussion about the what we know about the ASCO ransomware attack.

[Evan] BIG thank you to our listeners, and this one in particular. Good talk. Let’s get to some news.

News

Closing

[Evan] That’s a wrap! Thanks again to our listeners, and thank you Brad! Let’s go have a great week! Don’t forget, you can follow me or Brad on Twitter; @evanfrancen and @BradNigh. Email us on the show at unsecurity@protonmail.com.

The UNSECURITY Podcast – Episode 31 Show Notes

Another week is in the books. Is it really true that the older you get, the faster time goes? God, it seems like it.

It was another great week, and there are so many things to be grateful for. FRSecure is cranking away at the mission (to fix the broken industry), and SecurityStudio is kicking tail too! I can only begin to tell you how awesome it is to work with the best information security people in the industry. When I say “best”, I mean the best in terms of quality of character. I LOVE these guys! They won’t brag about themselves, but I’ll brag all day about them. Crazy cool.

Some things going on at FRSecure:

  • Just finished the 10th annual CISSP Mentor Program. We had 500+ registered students at the beginning, and ended with a lot less than that. Some of it is attributed to normal attrition, and some of it is attributed to the quality of the instructors. 😉 The last event is Wednesday; Brad and I are BBQing for the students who can make it to our office in person. Come out and grab some good BBQ on Wednesday at 6pm!
  • We’re putting together our next Hacks & Hops event, actually our superstar marketing folks are. The next event is titled “BREACHED! WHAT TO DO WHEN YOUR DEFENSES FAIL” and it’s slated for September 19th at US Bank Stadium; not the whole stadium, a big meeting room inside the stadium (that would be nuts). We’re working on putting together an all-star panel for you, and there will be beer (lots for those who like lots). Mark you calendars now, and watch for the sign-up. It will sell out fast.
  • We’re hiring again! We’re sort of always hiring, I think. Anyway, the bar is high in terms of integrity, but we’ll learn all sorts of cool things together. Check out our positions, and apply. We like people and stuff! We have six (6) open positions at present, so if you know someone, send them our way!
  • Personally, I had some great meetings this week! The people in this industry are fascinating. Some highlights include the following… Had coffee with Matt Stellmacher on Monday. If you’re in this market, in Minnesota, you gotta know who Matt is! He’s a partner at White Oak Security, and an all around great guy. Had a great meeting with Jim O’Conner on Wednesday. Jim is Cargill’s CISO, and he’s a great guy with a TON of security wisdom. I spent most of the time listening intently to what he had to share. Had lunch with Red Team Security‘s CEO Ryan Manship on Thursday. Our hearts are aligned on some things in this industry.
  • Gave a talk at an event put on by Top Dog PC Services at Summit Brewery. Had a blast making a few new friends and giving away some more books. They recorded some of my talk and posted in online here. The audio and video quality are a little (or a lot) off, but somehow they made me seem like I made sense.
  • The icing on the cake came on Friday (today). Went to BrrCon. This was the best conference that I’d been to in a very long time. Ran into 10(ish) friends, talked to Dave Kennedy and spent a little time with Chris Roberts. These are two of my favorite influential people in our industry. It was a GREAT day!

Some of the things going on at SecurityStudio:

  • We’re finalizing our Board of Directors! In full transparency, this is the first board that I’ve ever put together, and I have (almost) no idea what I’m doing. Thank God for SecurityStudio’s president (James Williams) who’s put together awesome boards before. Also, thank God for the directors who have agreed to participate! Finishing touches are being worked on now, and an announcement is coming soon!
  • At SecurityStudio, we’re all about inclusion and integration. We met with the fine folks from Quill Security Technology this week, and they’ve got some VERY cool stuff! I’ve never seen a better physical security risk assessment methodology or tool than the one these guys have built. You know what they (or I) say, “nobody cares about your firewall when someone steals your server.” How about, “nobody cares about your firewall when someone is assaulted”? Good people over there and I’m sure we’ll figure out a way to integrate what each of us does well!
  • Lot’s a very cool development stuff and marketing stuff being done. You’ll hear more about this soon too!

Oh yeah, I met Betty this week. We met on Tuesday and she’s mine now.

Well, it was one helluva week!

Alright, now onto the show notes…


SHOW NOTES – Episode 31

Date: Monday, June 10th, 2019

This is Evan’s turn to lead the show, and these are my notes.

Today’s Topics:

  • Solutions, not sales.
  • Important lessons this week.
  • News

[Evan] Hey, good morning. Today is Monday, June 10th, and this is episode 31 of the Unsecurity Podcast. This voice you hear is Evan Francen and joining me as usual is my co-worker and more importantly good friend Brad Nigh. Good morning Brad.

[Brad] Queue Brad.

[Evan] Brad, it’s good to hang out with you man. 

[Brad] Queue Brad (again).

[Evan] Can you believe that this is episode 31 already? Seems like episode one was only a few weeks ago, and here we are. We’ve learned a lot since the first show, eh?

[Brad] Queue Brad (again).

[Evan] How was your week last week? Tell us about some of the highlights?

[Brad] Queue Brad (again).

[Evan] Mine was awesome and nuts at the same time (read above).

[Brad] Queue Brad (again).

[Evan] I had one experience last week that I wanted to talk with you about. I was with a couple of sales guys from a VAR…

Open discussion about “solutions not sales”

This topic is sure to raise the blood pressure of both Brad and I. It will be a great discussion!

[Evan] You and I have been in this industry a long time. Between the two of us, we have 40 something years under our belt, but one thing I know, and I think you’ll agree with me, is that we NEVER stop learning. So, last week was full of good stuff. Give us one thing that you learned last week Brad, then I’ll go.

[Brad] Queue Brad (again).

Open discussion about “important lessons from last week”

[Evan] Alright man, good things! Let’s wrap up with some newsy stuff. Just four stories to share quick.

News

Closing

[Evan] Nice talk Brad! Let’s see if we have another week like the last. Hope everyone listening has a great week. Stay safe and stay healthy. Thank you Brad. Don’t forget, you can follow me or Brad on Twitter; @evanfrancen and @BradNigh. Email us on the show at unsecurity@protonmail.com. That’s a wrap!

Denver ISSA Incident Management Workshop Recap

Finally. I’m finally getting around to posting about this event. The fine folks of the Denver ISSA chapter invited me to speak at their chapter event on May 23rd. The event was a three-hour incident management workshop (titled Incident Management – Panic or Plan).

‘Wait! What?! Three hours?!

Yes. These poor folks endured three hours of my preaching. Read on…

About Denver ISSA

The Denver ISSA Chapter is the largest chapter in the world with more than 800 members. I’ve attended numerous ISSA chapter events over the years, and the Denver ISSA Chapter is one of the best! Read about the Denver ISSA Chapter here.

I spent some time with James Johnson, the Chapter President, and Shannon Welton, the Chapter Training Coordinator while I was there, and they are both top notch! Seriously. They’re good, and it was great conversation (for me anyway).

Can’t say enough good things about Denver ISSA. Loved every minute I spent there.

About the Workshop

Shannon Welton was my primary contact for the workshop. She’s a pleasure to work with. I was given liberty to create and present whatever content I wanted to, and she made sure I had everything I needed at every step of the way.

Flight in the morning from Minneapolis to Denver. Grabbed a Lyft. Made the trip from the airport to Maggiano’s Little Italy (16th St Mall). Lunch started at noon, and I got there at 12:05. Not bad. 😉

From the moment I arrived, I felt welcomed. There seemed to be ~100 people there, and they were all engaging. They showed genuine interested in each other and it felt good to be there. Lunch ran from noon til 12:45, at which time Shannon kicked off the workshop with an introduction. When she introduced me, she asked if anyone had heard of me. Funny! Only one person raised their hand.

After three hours together, they’ll all have heard of me now!

I’m the sort of guy that could talk for three days about information security (and incident management), so three hours wasn’t going to be a problem for me. The challenge is/was keeping people engaged for three hours.

Here’s the learning objectives.

Here’s the agenda.

I used two things to keep people awake; a 15-minute break at 2:15 and Dad jokes. We made it through to 4:00pm, and the group was very engaged. More than I expected. There were great questions, good eye contact, and I felt as though we all got something from the experience together.

Workshop Content

Get it here.

  • ISSA-Denver_PanicOrPlan-052319.pdf, the slide deck.
  • CSIR-Maturity-assessment-tool_Info1.pdf, the CREST Cyber Security Incident Response Maturity Assessment Tool introduction document.
  • Maturity-Assessment-Tool.xlsm, CREST Cyber Security Incident Response Maturity Assessment Tool (Summary).
  • Maturity-Assessment-Tool_Detailed.xlsm, CREST Cyber Security Incident Response Maturity Assessment Tool (Detailed)
  • ISSA-SAMPLE_Incident_Log&Categorization_Tool.xlsx, the FRSecure basic information security incident logging and categorization workbook.
  • ISSA-SAMPLE_Security_Incident_Response_Plan-052319.docx, the FRSecure basic incident management/response plan template.

Summary

The Denver ISSA is awesome! If I lived in Denver, I’d be at every event. If you live in Denver, you should go to every event. Seriously, get there.

A dozen of so people came up to speak with me after the workshop. More great questions and some great connections. I felt bad that I had to run shortly after the workshop in order to catch my plane back to Minneapolis. Next time (if/when there is one), I will stay longer.

Presenting this workshop was a real privilege, and I’d go back anytime.

P.S. Another example of their awesomeness; I received a beautiful “thank you” gift basket at my office from these guys. Too cool!

2019 New Directions in IT Education Conference

This was a wonderful opportunity to talk to some fascinating people; people tasked with helping us create the future talent of our industry.

It was also the fourth talk at the fourth conference of the week, so things were getting a little weird. Regardless, I always enjoy this and I’m having fun!

About the 2019 New Directions in IT Education Conference

This is an annual conference attended by “educators and industry experts”, sponsored by the Minnesota State IT Center of Excellence.

According to the conference website:

Minnesota State IT Center of Excellence, invites industry professionals, employers, and Minnesota State faculty members to convene at our annual free IT conference that takes place in May.  Explore emerging employer needs, identify specific implications for student learning outcomes, and map out actions that individual faculty and departments can implement, and identify comprehensive innovations to be developed collaboratively.

A really cool opportunity to speak and collaborate! I was here for two reasons:

  1. Deliver a keynote talk
  2. Participate on a panel of experts

I was with some experts, but I’ll apply that word loosely to myself. The full conference schedule is here.

Keynote Plan A

If you know me, you know that I wing it a lot. This makes me very hard to manage, and it can get frustrating for people who work with me. It’s just how I roll.

I prepared my talk for this conference four (maybe five) days ahead of time. That’s crazy good for me! My talk was/is titled “Seven Facts About Unicorns”. I put a lot of work into the presentation and I was excited to give the talk (at the time I wrote it).

Keynote Plan B

There wouldn’t be a need for Plan B if I had just stuck with Plan A, but what fun would that be? Driving on the way to the venue, I changed my mind. I didn’t want to talk about unicorns anymore. I even said to myself in the truck, “Seriously Evan?! Don’t do it.” Thankfully, I was 45 minutes ahead of schedule, so I pulled off at a local coffee shop to create a new presentation.

Some people (I/me) never learn.

I grabbed a cup of coffee, tore my laptop out of my bag, and begin pounding away on the keyboard. What would I talk about though? Hmm. Got it! I will cover the first 38 of 100 truths about information security. I started the #100DaysofTruth series 38 days ago, at the time of the talk (at the time of this writing, I’m on day 50). I felt like hitting some hard truth with the educators in the audience. So, that’s what I did. The title of Plan B was “38 of the 100 Truths About Information Security”.

Whipped the slides together, and away we went!

The talk went extremely well. The audience was engaged, and there were some great questions afterwards. We’ll save the unicorn talk for another day. 😉

Here’s a copy of the presentation if you want to look at it or use it.

Want to see the Seven Facts About Unicorns talk? What’s it worth to you? Just kidding, here it is. I still might deliver this talk someday.

Panel of Experts

This was cool! I just got to sit there and answer questions. Not all the questions, but only the ones where the other two panelists didn’t answer. I suppose I also added a few things here and there to their answers, but the other panelists were dead on I think. You know how you have to add something once in a while to make people think 1) you’re still paying attention and 2) you’re smart and stuff? I did some of that.

It was an honor to sit on the panel with Ryan Manship from RedTeam Security and Sahar Ismail from Legacy Armour

Overall, it was an awesome conference and a great way to end a crazy week.

2019 Secure360

Almost caught up with my conference and talk summaries from a couple weeks ago!

Secure360 is arguably “the” security conference in the Twin Cities each year. 2019 was the 14thyear for the event and it was very well-attended.

About Secure360

In the words of the Upper Midwest Security Alliance (“UMSA”):

This marked the first year that the event was held at the Mystic Lake Center in Prior Lake, and it was a perfect venue. Secure360 is a two-day conference, and I showed up in the afternoon of day two for my talk. I wish I had been able to be there for more, but business kept me away until then.

My impressions were very positive. The event was well organized, and there were people everywhere. I ran into a bunch of people that I know, which made the event comfortable too. I didn’t spend any time in the vendor area because I hate being sold stuff. Walking through the vendor areas at conferences sometimes feels like trying to survive a lions den with a T-bone hanging from my neck.

Judging from the published program, the quality of speakers and the content of talks was very good.

2020’s Secure360 conference will be held at the same place on May 5thand 6th. It will mark the 15thyear, one heck of an accomplishment!

What was I doing there?

Just two things this time.

First, just like the Loffler event, this was a great opportunity to say “hi” to a bunch of people that I don’t get to see very often. I ran into some people that I haven’t seen in a very long time! Fun to catch-up.

Second, I gave another talk.

The Talk

The title was Speaking Information Security. A copy of this talk can be downloaded here (link) and it’s also available on Secure360s site.

Like the other talk earlier in the day, this one was also well-attended. This room was mostly full, which sort of surprised me. I was surprised because my session was in the last group of sessions on the 2ndday (last day) of the conference. I didn’t think people would still want to hang out. They did. Here’s what I said to them (in jest, of course).

“Ever throw a party? You know when the party is winding down, and there are those folks that just won’t leave? They keep milling around, you’re tired, and you’re trying to shoo them out the door… That’s you. You’re though folks.”

The Secure360 party was coming to an end, but these infosec party animals wanted to keep going. They were committed!

This was essentially the same talk I gave earlier in the day at Tech Fest, but I was bolder with this crowd. I might have been a little ornery because I was getting tired (3rdtalk of the week), or maybe it was because I was talking to members of my own tribe (information security people). The point of the talk was to drive home the fact that we don’t speak the same language in our industry, and to make matters worse, we don’t have any good translations either. Take slide 7 for instance (pictured below).

Information security is… What? Just about everyone in my talk was a security person, but nobody wanted to give me an answer. Why? As I continued, through the presentation, there was head nodding everywhere. Slide 20 made sense to everyone it seemed. People were taking notes anyway, and nobody spoke up in disagreement.

By the time we got to slide 31, you could see skepticism growing on some people’s faces. FISASCORE® for free?! FRSecure has sold millions of dollars worth of FISASCORE® assessments over the years. Why would we make it free?! The simple answer comes from our mission; to fix our broken industry. Our mission is this, not to make millions of dollars on something that everyone should have. Let’s spend more time and money on fixing things.

I asked the audience, “How many of you are skeptical?” Only a few raised their hands. To the rest, I said (in jest again), “I thought you were all security people. I’m disappointed that more of you aren’t skeptical!”Laughs (maybe just obligatory ones). To the skeptics:

Help us. Join us to make a singular information security language that ALL can speak, and ALL can speak freely.

To the obstructionists; buzz off and get out of the way.

The talk was well received. People genuinely seemed interested, and a dozen or so stayed to talk with me afterwards. Met some new people and I’m looking forward to working with some of them toward some common goals. Oh yeah, I gave away some more books too. I like giving stuff away.

Overall, Secure360 is a great conference. I highly recommend it for the quality of the content and the wonderful people everywhere, which makes for great networking opportunities. Way to go UMSA!