The UNSECURITY Podcast – Episode 46 Show Notes

Here we go, we’re on week 46 (already)!

Hard to believe how far we’ve come over the past 45 weeks. Our first podcast was recorded over a Zoom Web conference on a Sunday afternoon. Brad was at home and so was I. We kept up the Sunday routine for a while, at least until our wives requested their Sunday afternoons back. Thank God, because the quality of those early podcasts sucked, and we needed to up our game.

Anyway, there’s a story here. Maybe a story for another day.

This has been another incredible week.

The week started with a Sunday evening trip to Washington D.C. for a Monday afternoon meeting.

The highlight on Tuesday was participation in the 2019 Minnesota IT Symposium at the Mall of America. I had the privilege to participate on a panel with two really awesome information security leaders; Judy Hatchett (VP, Information Security & CISO at Fairview Health Services) and David Young (CISO at Medica). The panel was moderated by my good friend (and SecurityStudio board member) Nick Hernandez. It was an amazing discussion, and it was an honor to share the stage with these guys.

Wednesday was an office day, trying to catch up. It doesn’t seem healthy to process so many emails in such a short period of time.

Thursday was arguably the highlight of the week. FRSecure held their 4th Hacks & Hops event. More than 200 friends and partners gathered at U.S. Bank Stadium to talk about security incident response. After the keynote, I was joined by some incredible information security peers; Jadee Hanson (CISO and VP of Information Systems at Code 42), Bill Boeck (Senior VP, Insurance and Claims Counsel at Lockton Companies), and our very own Oscar Minks (FRSecure’s Director of Technical Solutions and Services).

We discussed the importance of incident response planning, cyber insurance, shared some personal stories, and fielded some great questions from the audience.

One or our attendees summed it up well in his LinkedIn post after the event.

There is an incredible amount of work that goes into arranging an event like this. FRSecure’s Jess Kooiman led the charge, with a significant amount of help from Brandon Matis, Andy Forsberg, Christy Kleve, Renay Rutter, and McKenzie Adams.

Friday wrapped with some good SecurityStudio meetings, including one with Tyler Olson (Founder and CEO of SHYLD Academy). He’s got a good thing going there!

Great week and tons going on. I hope you had a great week too. If you’d like to share your week, get in touch with me or Brad. You can find us at unsecurity@protonmail.com. We’d love to hear your successes and/or help if we can.

If you missed episode 44 of the UNSECURITY Podcast, here it is.

OK. Show notes…


Just a quick note. Brad’s super busy, so these are his show notes written by me (Evan).

SHOW NOTES – Episode 46

Date: Monday, September 23rd, 2019

Show Topics:

Our topics this week:

  • Hacks & Hops Recap
  • Upcoming Speaking Engagements
    • Our upcoming talks
    • The SecurityStudio Roadshow
  • Mental Health
  • Industry News

[Brad] – Hi there, welcome to episode 46 of UNSECURITY Podcast. I’m Brad Nigh and joining me in studio is Evan. This is two weeks in a row where we’ve been together in studio. Want to say “hi” Evan?

[Evan] We record the show at 6:45am on Mondays. Who knows what sort of mood I’ll be in.

[Brad] Sheesh, we have another jam-packed show this week. I need to stop Evan from writing the show notes!

[Evan] Yeah, probably.

[Brad] Another crazy, but great week around here. One of the highlights from this past week was our Hacks and Hops event. Let’s talk about it and share some thoughts, especially for the listeners who couldn’t make their way to U.S. Bank Stadium on Thursday.

Hacks & Hops Recap and Discussion

[Brad] It was a great event! I didn’t mind helping you out with the joke you couldn’t remember either. Your welcome.

[Evan] I was stuck. Why are jokes so hard for me to remember?

[Brad] You and I have a bunch of talks coming up, and you’ve got the Project Bacon roadshow too. We’re going to be all over the place.

[Evan] We do. It’s exciting to spread the word, and we hope that we’re helping people along the way.

Upcoming Speaking Engagements Discussion

[Brad] This will be good. One of the things that you mentioned at the beginning of your Hacks & Hops keynote was the mental health. This is a topic that isn’t discussed as much as it should be.

[Evan] Yeah, we need to shine a brighter light on this.

[Brad] You wore a Mental Health Hackers t-shirt and gave some statistics. Let’s talk about Mental Health Hackers, the statistics you shared, and how this hits home for us here at FRSecure.

Mental Health Discussion

We could spend an entire series talking about the importance of mental health in our information security industry, but for now we’ll keep it fairly short.

[Brad] Talking about mental health openly is important. We are all in this together, and we all need to take a more active role in supporting each other.

[Brad] OK, as is the custom, we close this thing out with some news. Here’s the industry newsy things to discuss briefly this week.

News

Here’s our news for this week:

Closing

[Brad] There you have it. We talked about a lot!

Always grateful for our our loyal listeners. We love your feedback and appreciate the fact that you join us each week. Send your feedback to us at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan’s @evanfrancen.

Talk to you all again next week!

The UNSECURITY Podcast – Episode 43 Show Notes

Crap. I had a good streak going for a bit. I was getting show notes published on Friday, but now I’m back to being consistently late with this. Oh well, it is what it is.

Did you catch last week’s show? It was a really good one, where Christophe Foulon joined the show again. He gave us an update on what he’s been up to and reinforced his mission of helping people get into the information security field. Great guy, great mission, and a great talk. Listen to it here.

This week was tough, filled with tough decisions, but the outcome was incredible. I won’t go too much into the details, but I’ll give you a quick recap.

  • My good friend Ryan Cloutier published his first article as a guest on my blog. Ryan’s a great advocate for helping “normal” people learn information security basics, and it’s a honor to have him write something for me/us to share.
  • I was off to New Jersey this week, spending time with a global company’s information security team, building some great information security processes. The two days was filled with some amazing working sessions. We left things much better off than where we found them.
  • Friday was filled with meetings, back to back to back to back. Each meeting was unique, and they all produced positive results. It’s sometimes crazy coming back to the office after a few days away. I love my team and I love being with them, even if it is in a meeting. 😉

OK, show notes. Here they are…


SHOW NOTES – Episode 43

Date: Monday, September 2nd, 2019

NOTE: We recorded this podcast on Friday, August 30th ahead of the Labor Day holiday.

Show Topics:

Our topics this week:

  • Incident Response (why not?)
  • What’s a vCISO?
  • Gaps between us and them
  • Industry News

[Evan] – Some sort of non-standard opening… The standard one is:
“Welcome to the UNSECURITY Podcast, this is episode 43 and the date is sometime in late August. I’m Evan Francen and joining me is my partner in crime, Brad Nigh. Hello Brad.”

[Brad] Brad does Brad.

[Evan] We have a packed show in store again today. We’re recording this episode on Friday because Monday is Labor Day. Summer is over. What the ?!?! Got plans?

[Brad] Brad still does Brad because Brad is Brad.

[Evan] Hopefully our listeners all had an enjoyable Labor Day and an enjoyable summer. Back to school and back to the grind. Speaking of “back to the grind”, let’s talk about a topic that we always seem to be talking about, Incident Response. I’ll be damned if we don’t have more lessons to share with our listeners. Let’s keep it short though, if we can.

Incident response discussion

  • Keep it sort of short.
  • Mention some recent lessons.
  • Mention the upcoming Hacks & Hops

[Evan] A topic came up this week when I was talking with an investor. He asked, “what is a vCISO?” The conversation got me thinking, do we just assume that people know what a vCISO is?

[Brad] Still doing the Brad thing.

[Evan] Let’s discuss this and be clear in our definition of a vCISO and what they do. I’d also like to discuss what makes a good vCISO and what makes a bad vCISO.

[Brad] Yep, still doing Brad. Life is good. 😊

vCISO discussion

  • Define vCISO
  • Why do we need vCISOs?
  • What makes a good vCISO?
  • If you’re looking for a vCISO, what should you demand from them?
  • Whatever else seems pertinent to the conversation.

[Evan] Alright, last topic for the show is something that came up in a recent vCISO engagement with a customer. It demonstrates the gaps between what good guys can do when they test something and what the bad guys can do. There’s always a gap. There’s a line that we can’t or won’t cross. Here’s a recent example:

From: Marty Wikle <mwikle@sygnosinc.com>

Sent: Sunday, August 25, 2019 9:46:59 PM

To: REDACTEDNAME <redacted@redacted.com> Subject: Respond ASAP

Someone ask me to kill you. For your information I am not sending this message with my email address and internet service provider just in case you want to proof smart and stubborn..any ways I like someone like that!because I will be so happy to put a bullet on your skull..My boys have been watching your steps for few days.

I am giving you a chance to live simply because my oracle show me that you dont have a hand in what you were accused of

You are to pay me $10,000 and I shall terminate the operation,after that I will give you the info of the person that wants you dead

You can call the authority and have them do patrol in your area 24/7 that didn’t stop me from hunting you and your love ones down.We are invisible!!

Reply to this email addresse:

trinitybharath048@gmail.com

[Evan] This email demonstrates a gap between what we can test as the good guys and what the bad guys do. This gap will always exist because we play by rules and the bad guys don’t care.

[Brad] Still doing Brad…

Short discussion

[Evan] Alright, let’s wrap this thing up with some news.

News

Here’s our news for this week:

Closing

More great episodes to come.

If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Talk to you all again next week!

The UNSECURITY Podcast – Episode 42 Show Notes

Son of a …! Back to being a day late with the show notes. Day jobs get in the way sometimes.

Did you catch last week’s show? Listen to it here.

I won’t bore you (much) with the details, most of my week was spent on SecurityStudio:

  • Our first Board of Director’s meeting was last Friday (8/16), lots to do and talk about, but worthy of it’s own post/article. We’ve put together a great board.
  • Financial projections, modeling, etc. Not my strongest suit, for sure. I’m a security guy who became a business guy, not the other way around.
  • Drafting documentation for SecurityStudio’s platform and products. I guess you can never have too much documentation.
  • Investor meetings and pitches. Raising capital is a crazy experience for someone like me. Learning a whole new side of business.
  • Collaboration with some really cool people.

The entire SecurityStudio experience has been a crazy one. Crazy good some days and crazy challenging other days.

FRSecure is rocking along. Only a few meetings for me here and some very high level support for another incident response.

Overall, good things! Let’s get to the show notes, shall we? Brad’s leading and we have another returning special guest.


SHOW NOTES – Episode 42

Date: Monday, August 26th, 2019

Show Topics:

Our topics this week:

  • More Incident Response(s)
  • Seriously what is going on with all these Incident Responses?
  • Hey, Christophe is back!
  • Industry News

[Brad] – Hi everybody, and welcome to another episode of the UNSECURITY Podcast! This is episode 42, and I’m Brad Nigh, your host. Joining me today is my good friend, Evan Francen. Good Morning Evan.

[Evan] Evan responds with Evanisms

[Brad] We have a jam-packed show this week! If you’ve seen the show notes on Evan’s blog, you know how much we’re planning to get through! Let’s start by talking about what we’ve been busy with, then I’ll share my crazy week. Evan, what’s your week been like?

[Evan] Hopefully has good things to recap from the last week.

[Brad] (literally copied this from last week because, well it’s true) More incidents this week. If this keeps up, we might have to dedicate an entire podcast to incident response! Sheesh.

Incident response discussion

[Evan] We like responding to incidents because we love helping people. We hate responding to incidents because it means someone is (maybe) in trouble. We’ll see if we make it a week without another one.

Active IR discussion and transition into discussion with Christophe Foulon.

[Brad] Christophe, welcome back to the show. How’s things on the East Coast this morning?

[Christophe] Says what Christophe says…

[Brad] So, it’s been a few months since you were on with us. What’s new with you? What are you working on?

Discussion with Christophe

About his current projects and what he’s been up to. Will certainly be a good discussion! We’ll see where it goes.

We have Christophe for 1/2 hour before he needs to get back to work, so he may/may not stick around for news.

[Brad] Alright, we’d better get to some news. We might not get through all of it, but we’ll get through some of it.

News

Here’s our news for this week:

Closing

[Brad] – Dang, that was a helluva lot of stuff to fit into one show! That’s how it is. Big thanks for Christophe for joining us. He’s a great ally in the industry. Thanks Evan, and a special thank you to our listeners. The show grows each and every week, and we love your feedback. You can reach the us on the show by email at  unsecurity@protonmail.com.

Evan’s already got a great show planned for next week, so keep up with us. If you’re the social type, socialize with us on Twitter, Evan’s @evanfrancen  and I’m @BradNigh.

Talk to you all again next week!