UNSECURITY Podcast – Episode 97 Show Notes

Good morning! Happy Tuesday!

Thinking Brad is back again this week. I dig that because I dig Brad!

Last week, Brad was out feeling sick. This led to a solo recording of the UNSECURITY Podcast; go check out episode 96 if you want to hear me do my most awkward podcast yet.

Busy, Busy, Busy

We’ve been very busy around here, and it sounds like many of you are too. There are many good signs recently that the economy may be rebounding. The positives:

  • Elections – although the next 50ish days are going to be chaotic, there will be some settling in after the elections are complete. Regardless of which way you swing (blue or red), the completion of an election cycle brings a sense of stability.
  • COVID-19 – there’s been a lot of positive news about medical treatments and possible vaccines. The sooner we can put the pandemic behind us, the better. Once the pandemic is behind us (closer with each passing day), the economy should settle.
  • Markets – the stock and housing markets have held there own through all the chaos of 2020. This is a good sign of good things ahead in our opinion.

Busy is good, and it would take a small book to tell you all the good things going on at SecurityStudio and FRSecure! SecurityStudio is well on it’s way to being a very healthy and profitable SaaS company and FRSecure is exploring expansion (acquisition, merger, and/or geographic expansion).

I sincerely hope you and your family are well!

Why Can’t We All Just Get Along?

Today’s topic is about our divisiveness in world today and what it means to our industry. We’ll be careful to be respectful of other people’s opinions as we navigate these waters, and this may be a good segue into a future series we’ve been thinking about recently; “Politics and Information Security”.

Let’s get on it. The show notes…


SHOW NOTES – Episode 97

Date: Tuesday, September 8st, 2020

Episode 97 Topics

  • Opening
  • Catching Up
  • Why Can’t We All Just Along?
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone. Thanks for tuning in. The date is September 15th, 2020 and this is episode 97 of the UNSECURITY Podcast! I’m your host, Evan Francen, and back with me this week is my good friend, Brad Nigh! Good morning Brad.

[Brad] Good things from this dude.

[Evan] Well, you were out ill last week. How you feeling? What’s new?

Catching Up

[Evan] Regular listeners to our show know that Brad and I normally start off with catching up with each other. Let’s do it.

Topics:

[Evan] Did you get a chance to hear last week’s episode? It was definitely awkward doing the show alone for the first time!

Transition

Why Can’t We All Just Get Along?

[Evan] It’s crazy how much information security reflects life and vice versa. I’ve been thinking about what our next series should be, and I’m always interested in tackling serious topics. We’re in the middle of an election cycle right now and I can’t remember a time when our country has been more divided than it is today. Me being me, I want to talk about it with you (Brad).

What are your first thoughts about the divisiveness in our country today?

[Brad] Chimin’ in.

[Evan] Here’s what I’d like to explore with you:

  • General divisiveness (political, social, information security, etc.)
    • Intimidation/bullying for sharing your thoughts, opinions, disagreements, etc.
    • When you find someone being a jerk or speaking/writing nonsense.
  • Outside Influences to Information Security
    • Today’s political climate.
    • Where do we find facts vs. opinions?
  • Within Information Security
    • How do we think our divisiveness affects information security?
    • Putting down others (competition, other professionals, etc.).
    • The divide between us and the business.
  • A couple of podcast reviews.

 

[Evan] I’m thinking about doing a series titled “Politics and Information Security”. We could interview special guests form both sides of the isle and get their opinions on all sorts of things. What would set us apart is respectfulness. We would do this in a way that respects opinions without attacking and bullying. This could be a great opportunity to set an example for others on how to discuss hot topics without beating each other up. What do you think?

[Brad] We’ll see what he thinks…

[Evan] The timing seems right to do a series like this. Alright. More to come on that! Let’s do newsy stuff now.

News

[Evan] Here’s some news I thought was interesting:

Wrapping Up – Shout outs

[Evan] OK. That’s about it. Episode 97 is almost a wrap. Brad, any shout outs this week?

[Brad] Shout out…

[Evan] It’s nice to have you back man. We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

The UNSECURITY Podcast – Episode 93 Show Notes – DEFCON & Team Ambush

Hey reader person, hope you are well!

Today marks the seventh day since I left the 80th annual Sturgis Motorcycle Rally. My wife and I do not show any COVID symptoms, so that’s good news. Only 7 more days of self-isolation and we’ll be back to semi-normal (assuming there is such a thing anymore).

Women In Security Series

Last week was the ninth, and final, installment in the Women in Security Series. It was a great experience for Brad and me. I may post a full write up soon, including the things we learned and places people can go to help (or for help). For now, here was the all-star lineup:

  • Part OneEpisode 84 – Renay Rutter (an information security business/IT executive)
  • Part TwoEpisode 85 – Lori Blair (a 35-year information security veteran)
  • Part ThreeEpisode 86 – Victoria Fogarty (relatively new to the industry)
  • Part FourEpisode 87 – Kristin Judge (founder and CEO of the Cybercrime Support Network, SC Media “Women in IT Security Influencer” in 2017, former Director of Government Affairs at the National Cyber Security Alliance (NCSA), thought leader, and all-around amazing information security expert)
  • Part FiveEpisode 88 – Andrea Hatcher (Senior majoring in Cybersecurity Analytics and Operations at Pennsylvania State University)
  • Part SixEpisode 89 – Judy Hatchett (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts)
  • Part SevenEpisode 90 – Amy McLaughlin (Information security leader and expert in education, having served with the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University)
  • Part EightEpisode 91 – Theresa Semmens (Chief Information Security Officer at the Nevada System of Higher Education, former AVP/Chief Information Security Officer at the University of Miami, and former Chief Information Security Officer at North Dakota State University)
  • Part NineEpisode 92 – Lee Ann Villella (Senior Enterprise Security Sales Consultant at FRSecure, Program Director for the Minnesota Chapter of the Information Systems Security Association, and member of the Cyber Security Summit Advisory Board Committee)

A HUGE thanks to all the women who gave their time to talk to us!

What’s Up Next

This week, we’re going to catch up with a good friend (fresh back from DEF CON) and then we may delve into another series.

A Good Friend

We’re going to take this week (episode 93) to catch up with FRSecure’s Director of Technical Solutions and Services, Oscar Minks. Oscar leads FRSecure’s Technical Services Team, a group of amazing information security experts who provide world-class incident response and best-in-class technical services (penetration testing, blue teaming, red teaming, purple teaming, research, etc., etc.).

The timing is perfect because Oscar’s back after DEF CON Safe Mode and the team impressed a helluva lot of folks there!

While my wife and I were in Sturgis, FRSecure’s Team Ambush was awake for many, many hours competing at DEF CON Safe Mode. The team competed in four events over the four day online conference; CMD+CTRL, OpenSOC Blue Team Village CTF, Biohacking Device Lab CTF, and Hack the Plan[e]t.

Last year, the team kicked ass in the Warl0ck Gam3s CTF, but that’s old news now. Warl0ck Gam3s CTF is gone this year, and it was time for these guys to switch things up.

CMD+CTRL

A description provided by the organizers:

Learn to see web applications from an attacker’s perspective. CMD+CTRL is an immersive hacking experience designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the leaderboard.

After attacking an application for yourself, you’ll have a better understanding of the vulnerabilities that put real applications at risk – and you’ll be better prepared to find and fix those vulnerabilities in your own code.

Remember that these websites are intentionally vulnerable, so any information sent to these sites is not secure. Never enter any sensitive information on these sites, including passwords, credit card numbers, or Social Security Numbers.

200 teams competed in this “Security Innovation cyber range” and our guys finished 2nd, only 50 points behind the winning team, n0j,

Full results are here.

OpenSOC Blue Team Village CTF

OpenSOC is a Digital Forensics, Incident Response (DFIR), and Threat Hunting challenge meant to teach and test practical incident response skills in an environment that’s as close to “the real thing” as it gets. This isn’t just another CTF. The platform was built to train real-world responders how to handle real-world situations.

There were more than 800 participants, more than 500 challenges, more than 350 teams, and more than 20 hours of  content in this CTF.

Team Ambush took home 9th place, finishing with the same number of points as the winning team. In a tie, the team that finished first wins.

Biohacking Device Lab CTF

This CTF was a little out of our team’s comfort zone, but this didn’t stop them from excelling! Some of the stats:

  • 30 volunteers building infrastructure, creating challenges, verifying flags, and solving support issues
  • 2 medical devices, connected in a volunteer’s home (not connected TO the volunteer)
  • 1 CTF vulnerability reported, fixed, and disclosed
  • 200+ players on 150+ teams from 15+ countries
  • 14,000+ flag submissions, with 5,700+ solves, on 150+ challenges
  • 150,000+ total points scored over 75 consecutive hours

Team Ambush took 7th! This is amazing considering most of our team had very little experience hacking medical devices.

Hack the Plan[e]t

Hack the Plan[e]t is a first-of-its-kind CTF: a slice of modern city life integrating both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge. Play for a few minutes or plan to stay for many hours as the challenge grows. The ICS Village will deliver a compelling experience using real IT and industrial equipment for all skill levels and practitioner types.

This CTF had 275 registered users, and Team Ambush placed 16th. The full scoreboard is here; https://hacktheplanet.ctfd.io/scoreboard

Really looking forward to this episode with Oscar. Oh, by the way, Brad Nigh (my co-host) also participated!

Another Series

We’re kicking around some ideas for our next series, and so far the leading candidate is a “Security in Healthcare” series. Stay tuned!

Let’s get to it!

Brad was supposed to lead the show this week, but since he participated at DEF CON with Oscar, I’m (Evan) going to take it. These are my notes.


SHOW NOTES – Episode 93

Date: Monday, August 17th, 2020

Episode 93 Topics

  • Opening
  • Catching Up
  • Closing Out the Women in Security Series
  • DEF CON Safe Mode & Team Ambush
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning. Thanks for tuning into the UNSECURITY Podcast. I’m Evan Francen, my co-host is Mr. Brad Nigh, this is episode 93, and the date is August 17th, 2020. Brad, Good morning!

[Brad] You know and love Brad! Brad will chime in here because he’s cool and stuff.

[Evan] Also joining us is my good friend and FRSecure’s awesome Director of Technical Solutions and Services, Oscar Minks. Good morning and welcome Oscar!

[Oscar] He does what Oscar does.

[Evan] It’s been a while since we had you on the show Oscar, and I’m super excited to talk to you about your team’s performance at DEF CON Safe Mode this year! Before we dive in though, let’s do what we always do first, catch-up a little.

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Evan] Brad, what’s up? What have you been up to and how was your weekend?

[Brad] Gives us the skinny…

[Evan] Oscar, your turn brother. Tell us things.

[Oscar] He tells us things.

[Evan] Alright, I guess it’s my turn now. Here’s my update…

Transition

Closing Out the Women in Security Series

[Evan] As you know, we just wrapped up our Women in Security Series. We hope that everyone enjoyed it and we also hope we’re all better off for it. Huge thank you to Renay, Lori, Victoria, Kristin, Andrea, Judy, Amy, Theresa, and Lee Ann! We talked to some incredible people during that series!

Brad, what’s one thing that sticks out for you?

[Brad] Gives us his one thing. 🙂

[Evan] Yeah, the one thing that sticks out for me is how important it is for us all to help each other, regardless of gender, race, background or anything else. People who shut others out or make them at all feel uncomfortable are jerks.

DEF CON Safe Mode & Team Ambush

[Evan] Alright, on to you Oscar! Tell us about DEF CON Safe Mode. You too Brad, I hear you did some work with the team also.

Open discussion about DEF CON, Team Ambush, the process, the results, etc.

30 minutes(ish)

[Evan] I’m so proud of you guys and the team! You’re not only VERY skilled, but you all do things right. We need to have you back on a future show so you can share how you build teams. People could really learn from you about how to build an incredible team and how to keep them together!

How about some quick news stuff? A few stories to cover quick. Oscar, you got chops, you can stay and comment if you’d like. Just chime in.

News

[Evan] Alright, here’s some newsy things that I thought were interesting this past week:

Wrapping Up – Shout outs

[Evan] Alright, it’s that time again. We’re at the end of the show and we get time to give a shout out or two.

Do either of you have shout outs to give this week?

[Brad and/or Oscar] We’ll see.

[Evan] Oscar, thanks for joining us again! Team Ambush kicked ass this year and I’m pumped to see what the team does over the next year.

Got questions or suggestions for us? Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Mr. Nigh is @BradNigh.

Oscar, you’re a relatively quiet guy online. Is there a particular way you want people to find you?

Lastly, be sure to follow our show on Twitter (@UnsecurityP), and follow the companies we work for, SecurityStudio (@studiosecurity) and FRSecure (@FRSecure).

That’s it, talk you all again next week!

The UNSECURITY Podcast – Episode 82 Show Notes – World On Fire

So, in case you missed it, the world blew up last week. Again.

This time it’s not COVID-19 that takes the headlines, it’s rioting. Rioting that was triggered by (NOT caused by) one of the most disturbing videos I’ve ever watched, that of Minneapolis Police officer Derek Chauvin kneeling on the neck of George Floyd. As I write this, riots are taking place (or have taken place) in Atlanta, Bakersfield, Boston, Chicago, Columbus, Dallas/Fort Worth, Des Moines, Denver, Detroit, District of Columbia, Houston, Los Angeles, Louisville, Memphis, Minneapolis, New York City, Phoenix, Portland, Sacramento, and San Jose, among many others. The media is reporting riots are even taking place in other countries!

Seems like the world is on fire. While this isn’t the place for us to dig into the debate about racial injustice and inequality, we’ve all got opinions (and I’ll share mine later, in another place/time). The UNSECURITY Podcast is dedicated to information security, so we’ll stay on topic. Today’s current events are hard to process, but a relevant question is, what do current events mean to/for information security? This will be our topic.

I’m not going to recap last week/weekend personal events here either. We might discuss these things a little during the time that Brad and I catch up with each other, but otherwise, we have plenty to discuss in this episode. Let’s get to it!

These are my (Evan) show notes…


SHOW NOTES – Episode 82

Date: Monday, June 1st, 2020

Episode 82 Topics

  • Opening
  • Catching Up (as per usual)
  • World On Fire
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey there! Welcome to episode 82 of the UNSECURITY Podcast. Today’s date is June 1st, 2020. Due to a lack of personal hygiene, well mostly a hair cut, I’m your information security chia pet, Evan Francen. Joining me is my good friend and co-host Brad Nigh. Good morning Brad!

[Brad] He wishes all the listeners nothing but the best of mornings!

[Evan] Some serious stuff to talk about in today’s show, but one of the most serious things, for me at least, is checking in with you. How you doing Mr. Nigh?

Catching Up

Quick discussion about last week, the weekend, family, safety etc.

[Brad] Gives us the low down on his haps.

[Evan] I give the low down on my haps. Also, I hit a deer on my motorcycle on Saturday (again). What the?!?! Who does this?

World On Fire

[Evan] It was easy to pick a topic for this week’s show. Just when you think the world couldn’t get any crazier, we encounter the events of last week. There are so many thoughts and emotions running through our heads. Everything from sorrow to anger to frustration and everything in between. We don’t ever want to shy away from tough issues, but we also need to keep things on topic (information security) for the show. What I’d like to do is discuss today’s current events and apply them to what we do. Ultimately, what do all these things mean to information security?

Whatya say Brad, you game?

[Brad] He’s a smart and competitive son of a gun. You know he’s game!

Things to discuss:

  • FRSecure’s Information Security Principle #1; a business is in business to make money.
  • Physical security implications, lessons, ideas, etc.
  • What does this mean for cyber/technical security?
  • Some organizations are targets.
  • Personnel information security implications.
  • If COVID-19 wasn’t enough to motivate better response planning, does this?
  • Whatever other pertinent thoughts come to mind.

[Evan] Great discussion and lots of good advice I think! Let’s do some newsy stuff.

News

[Evan] Even though information security may not be dominating the news, there are still plenty of information security news stories to choose from. Here are three news stories that caught my eye.

Wrapping Up – Shout outs

[Evan] Alright listeners! That’s episode 82. Brad, who you got a shout out for?

[Brad] Somebody special for sure!

[Evan] Here’s mine…

[Evan] Thank you to all our listeners! You guys are a big deal to us. PLEASE be safe out there; physically, mentally, and electronically. Let us know what you think of this episode or whatever else is on your mind. Send us things (preferably not malware, but whatever) by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and you can find this Brad guy @BradNigh. If you wanna follow our company’s stuff, you can follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for whatever cool things they’re up to.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 73 Show Notes – COVID-19 IR

Hope you and your loved ones are well! We can’t understate the importance of physical, mental, and spiritual health, especially in times like these.

If you missed last week’s show notes or episode 72 of the UNSECURITY Podcast, there’s some pretty good stuff there.

Episode 73 Topics

Topics for episode 73 of the UNSECURITY Podcast include:

  • Opening
  • Catching Up 
    • The first full week with a closed office.
    • Staying sane and healthy at home.
  • COVID-19 Affects on Information Security (some of them)
    • Introducing our special guest, FRSecure’s Director of Technical Solutions and Services
    • Incident Response During COVID-19
      • Current Events/Incidents
      • FRSecure’s IR Risk Registration (what is it and why would I consider it?)
    • COVID-19 Scams and Attacks
      • What have we seen?
      • What are we planning for?
    • Physical Security Considerations
  • The Daily inSANITY Check-in
  • FRSecure CISSP Mentor Program Update
  • Wrapping Up – Shout outs

You can find the full show notes near the bottom of this post. Before getting there, I need to get some thoughts out.

Thoughts

It’s been 13 days since FRSecure and SecurityStudio closed their offices. All of us are still around and working, but it’s crazy how much life has changed. Personally, I’m still struggling to make sense of things and I’m mulling over COVID-19 data almost obsessively. The COVID-19 scoreboards plastered everywhere don’t help. On one hand, I like being informed. On the other, I’m tired of tracking the number of infections and deaths.

As I write this, there are 140,164 infections in the United States and 2,476 deaths. What does this mean in the context of everything else? How do I make sense of these numbers? Here’s one attempt:

What does a “normal” 30 days look like in the U.S. for deaths/mortality? According to the CDC, there were nearly 3,000,000 deaths in the U.S. in 2018 (the latest data available). Using this data, here are the number of people who died within an average 30 day window:

  • 53,867 from heart disease (the top killer in the U.S. with 655,381 deaths)
  • 49,255 from cancer (#2 – 599,274 deaths)
  • 13,736 from accidents/unintentional injuries (#3 – 167,127 deaths)
  • 10,029 from Alzheimer’s Disease (#6 – 122,019 deaths)
  • 3,973 from suicide (#10 – 48,344 deaths)

Compare these numbers to where we’re at now with COVID-19. I’m NOT at all minimizing the impact of COVID-19. I’m trying to make sense. I know the number of infected people and deaths will rise significantly over the coming weeks/months, and sadly, we’re in for more terrible news. I’m trying to understand what the numbers mean in the context of other things that aren’t as foreign to me.

A single sick person and/or a single death is sad enough, let alone thousands.

OK. Got that off my chest. Lots and lots of great things going on at FRSecure and SecurityStudio. The best place to keep up with them right now is probably on social media:

Let’s get to the show notes now!


SHOW NOTES – Episode 73

Date: Monday, March 30th, 2020

Show Topics:

  • Opening
  • Catching Up 
    • The first full week with a closed office.
    • Staying sane and healthy at home.
  • COVID-19 Affects on Information Security (some of them)
    • Introducing our special guest, FRSecure’s Director of Technical Solutions and Services
    • Incident Response During COVID-19
      • Current Events/Incidents
      • FRSecure’s IR Risk Registration (what is it and why would I consider it?)
    • COVID-19 Scams and Attacks
      • What have we seen?
      • What are we planning for?
    • Physical Security Considerations
  • The Daily inSANITY Check-in
  • FRSecure CISSP Mentor Program Update
  • Wrapping Up – Shout outs
Opening

NOTE: The show notes were written by me (Evan), but Brad’s leading this episode.

[Brad] Hello listeners, this is another episode of the UNSECURITY Podcast. My name is Brad Nigh, this is episode 73, and the date is March 30th, 2020. Joining me is my co-host Evan Francen. Good morning Evan.

[Evan] Good morning Brad!

[Brad] Also joining us for the show is our special guest and FRSecure’s Director of Technical Solutions and Services, Oscar Minks. Good morning Oscar!

[Oscar] Says good morning or something with his cool southern accent.

[Brad] We’ve got lots to talk about! As is our custom, let’s get started by catching up quick.

Catching Up

Topics here include how we’re coping with COVID-19, the first full week with a closed office, and staying sane (and healthy) at home. Brad found a really good video online; Covid-19 Protecting Your Family, Dr. Dave Price

[Brad] Here’s a can of worms (maybe). Let’s talk about some of the effects that COVID-19 has on what we do. Some of the effects on information security, starting with incident response and physical security. We already mentioned that we’ve got our special guest Oscar Minks here. He’s got some good insights to share, and this should be a good discussion.

Discussion – COVID-19 Affects on Information Security (some of them)
  • Introducing our special guest (again), FRSecure’s Director of Technical Solutions and Services
  • Incident Response During COVID-19
    • Current Events/Incidents
    • FRSecure’s IR Risk Registration (what is it and why would I consider it?)
  • COVID-19 Scams and Attacks
    • What have we seen?
    • What are we planning for?
  • Physical Security Considerations

[Brad] Sadly, the frequency of scams and attacks only increases during times of distress. It’s important that we keep our eye on the ball and not compound our problems with an information security lapse.

OK, switching gears now. Some people are struggling right now. Struggling with making sense of things, struggling with employment, struggling with anxiety, or struggling with any number of things. We started this thing called the Daily inSANITY Check-in last week. Evan, tell the listeners about this thing.

Daily inSANITY Check-in Discussion

The purpose of the Daily inSANITY Check-in is to provide a safe place for people to discuss current events, information security things, challenges we’re facing, or whatever else comes to mind. The check-ins are short (30- to- 60-minute) daily meetings with discussion. People are always free to come and go as they please.

[Brad] The Daily inSANITY Check-in is just one place to get support out of many within our community. The point is to find help when you need it and to help people where you can. It’s cool to see so many people rally and help.

FRSecure CISSP Mentor Program Update

[Brad] Real quick, we made an announcement last week about the FRSecure CISSP Mentor Program. We’re happy to say that we are still going through with this year’s class! The only change is that we have cancelled the in-person portion of the program. As of last Monday, the 23rd, we have 1,007 registered students! That’s crazy! Oh, and I should mention, if you haven’t registered yet, registration is still open.

Wrapping Up

[Brad] No news this week because we had so many other things to talk about. Two last things to mention:

  • Our pal Ryan Cloutier, aka “Cola” just wrapped up the second episode of his K12 Cybersecurity Podcast. It’s a great podcast and you should give it a listen!
  • A shout out to one of our regular listeners, Olga Hoogendoorn – Startseva. Evan promised to give her a shout out because she’s pretty awesome!

Well, that’s it for this week. Plenty going on and lots to do.

Thank you for listening. We’re a couple of guys who really care about you. We’re hoping you all stay healthy and sane! We love hearing from you, so if you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet like that. I’m @BradNigh, and this other guy is @evanfrancen. Also, don’t forget to check out @studiosecurity and @FRSecure. They post some good things! Let us know how we can help you!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 46 Show Notes

Here we go, we’re on week 46 (already)!

Hard to believe how far we’ve come over the past 45 weeks. Our first podcast was recorded over a Zoom Web conference on a Sunday afternoon. Brad was at home and so was I. We kept up the Sunday routine for a while, at least until our wives requested their Sunday afternoons back. Thank God, because the quality of those early podcasts sucked, and we needed to up our game.

Anyway, there’s a story here. Maybe a story for another day.

This has been another incredible week.

The week started with a Sunday evening trip to Washington D.C. for a Monday afternoon meeting.

The highlight on Tuesday was participation in the 2019 Minnesota IT Symposium at the Mall of America. I had the privilege to participate on a panel with two really awesome information security leaders; Judy Hatchett (VP, Information Security & CISO at Fairview Health Services) and David Young (CISO at Medica). The panel was moderated by my good friend (and SecurityStudio board member) Nick Hernandez. It was an amazing discussion, and it was an honor to share the stage with these guys.

Wednesday was an office day, trying to catch up. It doesn’t seem healthy to process so many emails in such a short period of time.

Thursday was arguably the highlight of the week. FRSecure held their 4th Hacks & Hops event. More than 200 friends and partners gathered at U.S. Bank Stadium to talk about security incident response. After the keynote, I was joined by some incredible information security peers; Jadee Hanson (CISO and VP of Information Systems at Code 42), Bill Boeck (Senior VP, Insurance and Claims Counsel at Lockton Companies), and our very own Oscar Minks (FRSecure’s Director of Technical Solutions and Services).

We discussed the importance of incident response planning, cyber insurance, shared some personal stories, and fielded some great questions from the audience.

One or our attendees summed it up well in his LinkedIn post after the event.

There is an incredible amount of work that goes into arranging an event like this. FRSecure’s Jess Kooiman led the charge, with a significant amount of help from Brandon Matis, Andy Forsberg, Christy Kleve, Renay Rutter, and McKenzie Adams.

Friday wrapped with some good SecurityStudio meetings, including one with Tyler Olson (Founder and CEO of SHYLD Academy). He’s got a good thing going there!

Great week and tons going on. I hope you had a great week too. If you’d like to share your week, get in touch with me or Brad. You can find us at unsecurity@protonmail.com. We’d love to hear your successes and/or help if we can.

If you missed episode 44 of the UNSECURITY Podcast, here it is.

OK. Show notes…


Just a quick note. Brad’s super busy, so these are his show notes written by me (Evan).

SHOW NOTES – Episode 46

Date: Monday, September 23rd, 2019

Show Topics:

Our topics this week:

  • Hacks & Hops Recap
  • Upcoming Speaking Engagements
    • Our upcoming talks
    • The SecurityStudio Roadshow
  • Mental Health
  • Industry News

[Brad] – Hi there, welcome to episode 46 of UNSECURITY Podcast. I’m Brad Nigh and joining me in studio is Evan. This is two weeks in a row where we’ve been together in studio. Want to say “hi” Evan?

[Evan] We record the show at 6:45am on Mondays. Who knows what sort of mood I’ll be in.

[Brad] Sheesh, we have another jam-packed show this week. I need to stop Evan from writing the show notes!

[Evan] Yeah, probably.

[Brad] Another crazy, but great week around here. One of the highlights from this past week was our Hacks and Hops event. Let’s talk about it and share some thoughts, especially for the listeners who couldn’t make their way to U.S. Bank Stadium on Thursday.

Hacks & Hops Recap and Discussion

[Brad] It was a great event! I didn’t mind helping you out with the joke you couldn’t remember either. Your welcome.

[Evan] I was stuck. Why are jokes so hard for me to remember?

[Brad] You and I have a bunch of talks coming up, and you’ve got the Project Bacon roadshow too. We’re going to be all over the place.

[Evan] We do. It’s exciting to spread the word, and we hope that we’re helping people along the way.

Upcoming Speaking Engagements Discussion

[Brad] This will be good. One of the things that you mentioned at the beginning of your Hacks & Hops keynote was the mental health. This is a topic that isn’t discussed as much as it should be.

[Evan] Yeah, we need to shine a brighter light on this.

[Brad] You wore a Mental Health Hackers t-shirt and gave some statistics. Let’s talk about Mental Health Hackers, the statistics you shared, and how this hits home for us here at FRSecure.

Mental Health Discussion

We could spend an entire series talking about the importance of mental health in our information security industry, but for now we’ll keep it fairly short.

[Brad] Talking about mental health openly is important. We are all in this together, and we all need to take a more active role in supporting each other.

[Brad] OK, as is the custom, we close this thing out with some news. Here’s the industry newsy things to discuss briefly this week.

News

Here’s our news for this week:

Closing

[Brad] There you have it. We talked about a lot!

Always grateful for our our loyal listeners. We love your feedback and appreciate the fact that you join us each week. Send your feedback to us at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan’s @evanfrancen.

Talk to you all again next week!

The UNSECURITY Podcast – Episode 43 Show Notes

Crap. I had a good streak going for a bit. I was getting show notes published on Friday, but now I’m back to being consistently late with this. Oh well, it is what it is.

Did you catch last week’s show? It was a really good one, where Christophe Foulon joined the show again. He gave us an update on what he’s been up to and reinforced his mission of helping people get into the information security field. Great guy, great mission, and a great talk. Listen to it here.

This week was tough, filled with tough decisions, but the outcome was incredible. I won’t go too much into the details, but I’ll give you a quick recap.

  • My good friend Ryan Cloutier published his first article as a guest on my blog. Ryan’s a great advocate for helping “normal” people learn information security basics, and it’s a honor to have him write something for me/us to share.
  • I was off to New Jersey this week, spending time with a global company’s information security team, building some great information security processes. The two days was filled with some amazing working sessions. We left things much better off than where we found them.
  • Friday was filled with meetings, back to back to back to back. Each meeting was unique, and they all produced positive results. It’s sometimes crazy coming back to the office after a few days away. I love my team and I love being with them, even if it is in a meeting. 😉

OK, show notes. Here they are…


SHOW NOTES – Episode 43

Date: Monday, September 2nd, 2019

NOTE: We recorded this podcast on Friday, August 30th ahead of the Labor Day holiday.

Show Topics:

Our topics this week:

  • Incident Response (why not?)
  • What’s a vCISO?
  • Gaps between us and them
  • Industry News

[Evan] – Some sort of non-standard opening… The standard one is:
“Welcome to the UNSECURITY Podcast, this is episode 43 and the date is sometime in late August. I’m Evan Francen and joining me is my partner in crime, Brad Nigh. Hello Brad.”

[Brad] Brad does Brad.

[Evan] We have a packed show in store again today. We’re recording this episode on Friday because Monday is Labor Day. Summer is over. What the ?!?! Got plans?

[Brad] Brad still does Brad because Brad is Brad.

[Evan] Hopefully our listeners all had an enjoyable Labor Day and an enjoyable summer. Back to school and back to the grind. Speaking of “back to the grind”, let’s talk about a topic that we always seem to be talking about, Incident Response. I’ll be damned if we don’t have more lessons to share with our listeners. Let’s keep it short though, if we can.

Incident response discussion

  • Keep it sort of short.
  • Mention some recent lessons.
  • Mention the upcoming Hacks & Hops

[Evan] A topic came up this week when I was talking with an investor. He asked, “what is a vCISO?” The conversation got me thinking, do we just assume that people know what a vCISO is?

[Brad] Still doing the Brad thing.

[Evan] Let’s discuss this and be clear in our definition of a vCISO and what they do. I’d also like to discuss what makes a good vCISO and what makes a bad vCISO.

[Brad] Yep, still doing Brad. Life is good. 😊

vCISO discussion

  • Define vCISO
  • Why do we need vCISOs?
  • What makes a good vCISO?
  • If you’re looking for a vCISO, what should you demand from them?
  • Whatever else seems pertinent to the conversation.

[Evan] Alright, last topic for the show is something that came up in a recent vCISO engagement with a customer. It demonstrates the gaps between what good guys can do when they test something and what the bad guys can do. There’s always a gap. There’s a line that we can’t or won’t cross. Here’s a recent example:

From: Marty Wikle <mwikle@sygnosinc.com>

Sent: Sunday, August 25, 2019 9:46:59 PM

To: REDACTEDNAME <redacted@redacted.com> Subject: Respond ASAP

Someone ask me to kill you. For your information I am not sending this message with my email address and internet service provider just in case you want to proof smart and stubborn..any ways I like someone like that!because I will be so happy to put a bullet on your skull..My boys have been watching your steps for few days.

I am giving you a chance to live simply because my oracle show me that you dont have a hand in what you were accused of

You are to pay me $10,000 and I shall terminate the operation,after that I will give you the info of the person that wants you dead

You can call the authority and have them do patrol in your area 24/7 that didn’t stop me from hunting you and your love ones down.We are invisible!!

Reply to this email addresse:

trinitybharath048@gmail.com

[Evan] This email demonstrates a gap between what we can test as the good guys and what the bad guys do. This gap will always exist because we play by rules and the bad guys don’t care.

[Brad] Still doing Brad…

Short discussion

[Evan] Alright, let’s wrap this thing up with some news.

News

Here’s our news for this week:

Closing

More great episodes to come.

If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Talk to you all again next week!

The UNSECURITY Podcast – Episode 42 Show Notes

Son of a …! Back to being a day late with the show notes. Day jobs get in the way sometimes.

Did you catch last week’s show? Listen to it here.

I won’t bore you (much) with the details, most of my week was spent on SecurityStudio:

  • Our first Board of Director’s meeting was last Friday (8/16), lots to do and talk about, but worthy of it’s own post/article. We’ve put together a great board.
  • Financial projections, modeling, etc. Not my strongest suit, for sure. I’m a security guy who became a business guy, not the other way around.
  • Drafting documentation for SecurityStudio’s platform and products. I guess you can never have too much documentation.
  • Investor meetings and pitches. Raising capital is a crazy experience for someone like me. Learning a whole new side of business.
  • Collaboration with some really cool people.

The entire SecurityStudio experience has been a crazy one. Crazy good some days and crazy challenging other days.

FRSecure is rocking along. Only a few meetings for me here and some very high level support for another incident response.

Overall, good things! Let’s get to the show notes, shall we? Brad’s leading and we have another returning special guest.


SHOW NOTES – Episode 42

Date: Monday, August 26th, 2019

Show Topics:

Our topics this week:

  • More Incident Response(s)
  • Seriously what is going on with all these Incident Responses?
  • Hey, Christophe is back!
  • Industry News

[Brad] – Hi everybody, and welcome to another episode of the UNSECURITY Podcast! This is episode 42, and I’m Brad Nigh, your host. Joining me today is my good friend, Evan Francen. Good Morning Evan.

[Evan] Evan responds with Evanisms

[Brad] We have a jam-packed show this week! If you’ve seen the show notes on Evan’s blog, you know how much we’re planning to get through! Let’s start by talking about what we’ve been busy with, then I’ll share my crazy week. Evan, what’s your week been like?

[Evan] Hopefully has good things to recap from the last week.

[Brad] (literally copied this from last week because, well it’s true) More incidents this week. If this keeps up, we might have to dedicate an entire podcast to incident response! Sheesh.

Incident response discussion

[Evan] We like responding to incidents because we love helping people. We hate responding to incidents because it means someone is (maybe) in trouble. We’ll see if we make it a week without another one.

Active IR discussion and transition into discussion with Christophe Foulon.

[Brad] Christophe, welcome back to the show. How’s things on the East Coast this morning?

[Christophe] Says what Christophe says…

[Brad] So, it’s been a few months since you were on with us. What’s new with you? What are you working on?

Discussion with Christophe

About his current projects and what he’s been up to. Will certainly be a good discussion! We’ll see where it goes.

We have Christophe for 1/2 hour before he needs to get back to work, so he may/may not stick around for news.

[Brad] Alright, we’d better get to some news. We might not get through all of it, but we’ll get through some of it.

News

Here’s our news for this week:

Closing

[Brad] – Dang, that was a helluva lot of stuff to fit into one show! That’s how it is. Big thanks for Christophe for joining us. He’s a great ally in the industry. Thanks Evan, and a special thank you to our listeners. The show grows each and every week, and we love your feedback. You can reach the us on the show by email at  unsecurity@protonmail.com.

Evan’s already got a great show planned for next week, so keep up with us. If you’re the social type, socialize with us on Twitter, Evan’s @evanfrancen  and I’m @BradNigh.

Talk to you all again next week!