#S2Roadshow Recap – Week Seven

Rochester (NY), Kansas City (MO), and Sacramento (CA)

A good week that started with serving a great FRSecure customer in Rochester before heading off to preach in Kansas City and Sacramento. This was the first week that we ran into a person (or group of people) who epitomized something that’s wrong with our industry. Read on.

SecurityStudio Roadshow Summary

If you’re new, or you’re confused about this #S2Roadshow thing, start here (maybe). It’s hard to believe that each week gets better, but it’s true, it does! Week #6 (this one) was the best yet.

Previous Week’s Recaps:

The purpose of the SecurityStudio Roadshow (#S2Roadhow) is to meet people and make partners. We want to meet people, understand their businesses, and help them grow using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).

Our mission is to fix the broken information security industry. Success requires collaboration, partnership, and transparency.

This is the first time we’ve done three cities in one week! It was tough, but very rewarding. The week started of in Rochester to work with a long-time FRSecure customer, then west to Kansas City (Greater Kansas City ISACA Chapter), then further west to Sacramento (Sacramento Valley ISSA Chapter).

Ryan Abraham from FRSecure joined me in Rochester. John Harmon was with me in Kansas City and Sacramento.

BBQ Reviews

In full transparency, we have a secondary mission on the #S2Roadshow. We eat as much BBQ as we can. After stuffing ourselves, I summarize our BBQ reviews at the end of each recap article (see below).

Rochester, New York

Flew to Rochester on Sunday evening. The week started off with some customer project work. I don’t get to work on many customer projects anymore, and I miss it sometimes. This project is a big one, and it requires the development of a new methodology (or two). Sort of cool. Here’s what I can tell you…

  • There are numerous projects.
  • Two of the projects include SecurityStudio products; S2Org and S2Team.
  • We’re putting together a board presentation for S2Org and their S2Score.
  • The customer wants to take the S2Org, S2Score, S2Team, and one of the new methodologies we developed to their group of other like companies. This could become a really big deal!

Honestly, these are some of my favorite people in the security business! We got a ton of work done and collaborated on some very cool things.

Ryan Abraham has worked at FRSecure for a couple of years now, and this is the first time we’ve had the opportunity to work on anything together. It was awesome! Ryan’s an incredible asset to FRSecure, our customers, and this industry. Had a great time getting a bunch of work done and preaching the good (security) news.

This slideshow requires JavaScript.

We nabbed some good BBQ at Dinosaur BBQ in Rochester (twice, review below).

This slideshow requires JavaScript.

It snowed 8(ish) inches while we were in Rochester. First snow storm of the year for me.

Got back to the Twin Cities late on Tuesday night. On to Kansas City Wednesday.

Kansas City, Missouri

The purpose of the trip to Kansas City is to meet with the local ISACA chapter and spread some love. Met John Harmon at the airport and we were off to Kansas City. On the way, we decided that we both needed a new pair of Bose noise cancelling headphones. Impulse buy, but these things are awesome!

This slideshow requires JavaScript.

John and I landed in Kansas City, grabbed our rental car, then got down to business. By business, I mean find BBQ. The rental car bus driver told us we had to try Q39, so that’s what we did (review below). After BBQ, I texted my Mexican son (long story that I’ll share in person if you find me), Officer Salinas of the Lenexa Police Department. We found him on patrol and hung out with him until he got a call he had to get to. I can’t begin to tell you how proud I am of this guy! He’s amazing.

This slideshow requires JavaScript.

Finished the day in Kansas City with some frozen yogurt (froyo) before checking in at the hotel and getting work done. You know, the real work.

Greater Kansas City ISACA Chapter

We met up with the great people who represent the Greater Kansas City ISACA Chapter on Thursday at the University of Kansas Edwards Campus. The venue was beautiful, and the people were even better. Preached the normal(ish) sermon about fixing our broken information security language problem, and encouraged everyone to get their free SecurityStudio account and complete their free  S2Org and S2Me assessments. Yes, they’re completely free!

My sermon has evolved a bit. The (newish) agenda goes from housekeeping (introduction) to the meat (our language, simplification, and fundamentals problem) to the dream (securing America) to the call to action (get our assessments, give us feedback by being part of our community, and preach). If you haven’t heard it yet, come get me. I’ll preach to you too!

I made some new friends including (but not limited to) J.J., Jennifer, Brian, Joan, and Beth. Seriously awesome people! They all stand out, and J.J. Widener is a champ. His support for what we’re doing is super helpful and appreciated! This guy gets it.

Here’s some pictures that John took at the event.

This slideshow requires JavaScript.

After the ISACA talk, we headed out for more BBQ and the airport. Last stop before heading home this week was Sacramento. The weather there doesn’t suck.

Sacramento, California

This turned out to be a quick stop for us. We arrived at 1am (local time) Friday, got some rest at the hotel, gave our talk at the Sacramento Valley ISSA chapter meeting, and got back on a plane for a long flight back to the Twin Cities. No BBQ, which was sort of sad, but I don’t know what kind of BBQ they have in Sacramento anyway.

Sacramento Valley ISSA

This was a relatively small gathering, and one where we hit our first snag on the SecurityStudio Roadshow. Seven weeks in, and our first snag, not bad! Here’s the deal.

We make numerous points in our Roadshow presentation, and two key points are #1, we need to simplify information security for “normal” people and #2, we need to get much better on agreeing what the hell it is we do as a profession. We learned the first point based on what “normal” people have told us after asking ~1,000 of them in a survey and through experience. Yes, we asked people what they think instead of telling them what they think. Big difference!

We learned the second point through basic logic.

The snag came not because the points are invalid, but because we had someone in the audience who liked to think that he was the smartest person in the room.

On point #1. We asked almost 1,000 “normal” people (business people and people who don’t do information security for a living) what we (information security people) can do to make information security more useful, and what we can do to serve them better. Once we received their answers, we made a word map of the raw data (see pic below). The most common word in their answers was “simple”. We need to make information security more simple. This is a good thing because complexity is the enemy of information security (thank you Bruce Schneier).

On this point, most people in this audience agreed (based upon their head nodding and facial expressions); however, I could already sense trouble brewing from the person I alluded to above.

My talk then goes on to tackle an issue that simplification requires a common agreement among security professionals. We will never effectively translate our language to “normal” people’s language until we agree on our language first. Logical, right? Let’s start with the most basic issue at hand, what is “information security”? We should all be able to agree on this fundamental definition. Things started to get sideways here.

Information Security is… (the question posed to the audience). Most audiences give some definitions, then I offer mine. Not that mine is the end all, be all.

I go on. Information Security is managing risk. On this point, I haven’t received disagreement from anyone before, but our guy starts starts chiming in. He doesn’t chime in from an angle of disagreement, but more to add his two cents.

Next. Information Security is NOT eliminating risk, despite what some people think. General agreement on this point too, but our guy still has to add his two cents.

Next. Information Security is NOT compliance, despite the fact that most information security dollars are spent from this motivator. Now our guy feels the need to completely sidetrack the conversation and before we know it, we’re deep in a rabbit hole.

It took almost full hour to get to what I was hoping would be our common definition of information security as “managing risk to unauthorized disclosure, alteration, and/or destruction of information using administrative, physical, and technical controls“. It’s not so much that our guy disagreed with the definition or (God-forbid) gave us an alternative definition as much as his deep desire to be the smartest guy in the room. I called him out for this during the presentation (whether I should have or not is debatable) and it got tense, but whatever. You call it like you see it.

Eventually, we got through the presentation. Due to the monopolization of time, we didn’t have any left for visiting afterwards. We had to run immediately after the talk to catch our flight back to the Twin Cities.

Here’s what I learned from this talk:

  • Everyone is entitled to their opinions.
  • There is a time and a place for opinions and wasting everyone’s time is not the place for your opinions.
  • I could have done a much better job of controlling the dialog during my talk.
  • As long as we’re all fighting to be the smartest guy in the room, we’ll never solve our industry’s problems.
  • Once you choose your hill to die on, you will probably die on that hill.

Made it back safe and sound in Minneapolis. Overall, it was an incredible week!

BBQ Reviews

Three BBQ reviews this week. Three is better than two, which is all we got in the previous few weeks. Our BBQ visits this week included Dinosaur BBQ in Rochester, Q39 in Overland Park, and Iron Horse BBQ in Platte City.

Dinosaur BBQ – https://www.dinosaurbarbque.com/rochester/ – Overall: 8.25

  • Atmosphere – 8, it’s a cool place with a great vibe. The lighting is perfect for a BBQ joint, there’s a lot of wood, and the view of the river is super cool.
  • Service – 9, great service all-around. These people make you feel at home.
  • Portion/Value – 7, a little pricey for how much food you get, but what place isn’t?
  • Taste – 9, incredible, especially the ribs and wings.

In full transparency, I’ve eaten at Dinosaur BBQ in Rochester many times. It’s a great BBQ joint and I’ve enjoyed every visit I’ve made. This was Ryan Abraham’s first visit to Rochester, so we made sure to stop in. Actually, we ended up eating here twice during this trip. Poor us!

This slideshow requires JavaScript.

I’ve visited Rochester more than a dozen times and eaten BBQ at just about every place this city offers. Dinosaur is the best BBQ in Rochester. On this trip, I ate their ribs, brisket, wings, and pulled pork. The brisket and pulled pork were good, but the ribs and wings were friggin’ amazing! The ribs were arguably the best I’ve had on the SecurityStudio Roadshow so far. If you’re in Rochester, and you like BBQ (even if you don’t like BBQ), a visit to Dinosaur is a must!

Q39 – https://q39kc.com/ – Overall: 7.75

  • Atmosphere – 7, this is a little too upscale feeling for me. A very nice restaurant, but not down-homey enough for my taste.
  • Service – 8, great service. I was in the middle of a conference call at the beginning, so I might have missed something here. Guess, I’ll have to visit again!
  • Portion/Value – 7, a little spendy.
  • Taste – 9, super! The burnt ends and brisket were the bomb!

This was the first stop for me and John after landing in Kansas City. We received a tip to visit this place from our rental car terminal bus driver, and obviously this guy knew what he was talking about! Kansas City is known for their BBQ and we had dozens of places to choose from, but we made a good call here.

This slideshow requires JavaScript.

This was a great welcome to Kansas City and we highly recommend visiting Q39!

Iron Horse BBQ – no website – Overall: 7.0

  • Atmosphere – 5, I’m not a big fan of the strip mall BBQ joint vibe, so this was a downer.
  • Service – 9, great service! These guys gave us some free burnt ends and came out from behind the counter to visit with us. Really cool people here!
  • Portion/Value – 8, very reasonably priced for large portions of food.
  • Taste – 6, the taste was too bland and overall disappointing.

We were in a bit of a rush after the ISACA talk, but we had to fit in one more BBQ visit before we left. It’s Kansas City for crying out loud!

This slideshow requires JavaScript.

We’ll give these guys the benefit of the doubt. I think they recently moved into this new location, and I don’t think they’ve gotten completely settled yet. It’s worth trying again some time in the future, but it might be hard to get back here given all the awesome BBQ joints in Kansas City.

No promises.

BBQ Summary

Three new BBQ joints to add to our list. This was a good BBQ week. The winner this week was Dinosaur BBQ (Rochester). Pecan Lodge is still on top as the overall #S2Roadshow leader with a score of 9, and Bowlegged BBQ is still in the #2 spot. The current overall standings are listed below.

Overall Standings (at the end of #S2Roadshow Week Seven):

  • Pecan Lodge – 9
  • Bowlegged BBQ – 8.75
  • Divine Swine – 8.5
  • Dinosaur BBQ – 8.25
  • Big Ed’s BBQ – 8.25
  • Mission BBQ – 8
  • Q39 BBQ – 7.75
  • Cousin’s BBQ – 7.75
  • Blackwood BBQ – 7.5
  • Broad Street BBQ – 7.5
  • Hard Eight – 7.25
  • Spring Creek Barbeque – 7.25
  • Redd’s BBQ – 7.25
  • Iron Horse – 7
  • Lucille’s Smokehouse BBQ – 7
  • Texas Bar-B-Q Joint – 7
  • Smoque – 6.75
  • Sweet Lucy’s Smokehouse – 6.75
  • Red Coal BBQ – 6.75
  • Unkl Moe’s – 6.5
  • Hambone’s Smokehouse – 6.25
  • Shakedown BBQ – N/A (wasn’t open when it was supposed to be, wasted trip)

Next Week’s #S2Roadshow

A less busy week, but still a great one planned. The Roadshow starts on Tuesday with another visit to Kansas City, then it’s on to Webster University in Irvine, California. We’re giving the standard sermon at a joint seminar between Webster University, ISSA, ISACA, and OWASP. Pretty pumped!

Looking forward to another great week!

Stay tuned for next week’s #S2Roadshow updates. You can follow us on Twitter (@evanfrancen, @HarmonJohn, @StudioSecurity, and the #S2Roadshow hashtag) and on LinkedIn.

See you next week! If you want to collaborate with us, get in touch!

#S2Roadshow Recap – Week Six

Fargo, ND and Rochester, NY

If you’re new, or you’re confused about this #S2Roadshow thing, start here (maybe). It’s hard to believe that each week gets better, but it’s true, it does! Week #6 (this one) was the best yet.

Previous Week’s Recaps:

The purpose of the SecurityStudio Roadshow (#S2Roadhow) is to meet people and make partners. We want to meet people, understand their businesses, and help them grow using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).

Our mission is to fix the broken information security industry. Success requires collaboration, partnership, and transparency.

John and I spent half the week together and the other half in separate towns.

BBQ Reviews

In full transparency, we have a secondary mission on the #S2Roadshow. We eat as much BBQ as we can. After stuffing ourselves, I summarize our BBQ reviews at the end of each recap article (see below).

Fargo, North Dakota

If you’ve never been to Fargo in November, you’ve got to give it a try sometime. You can visit Bonanzaville USA, the Fargo Air Museum, or you could come to do what we did, attend Network Center’s nVision conference. We left on Tuesday for the 3-1/2 hour drive to Fargo, and got there just in time for the vendor social hour.

Network Center is a great company, and we’re big fans. It helps that they’re a trusted SecurityStudio partner.

On my trip up north, I was joined by three of my favorite SecurityStudio people; John Harmon, Justin Kallberg, and Steve Krause (all pictured below).

nVision 2019

We’ve been at the nVision conference for years now, and this one was the best yet. There were 500+ people packed into the Fargo Holiday Inn Conference Center, all there to learn and network together. Of course, there were plenty of vendor booths there (including ours – below) too.

This slideshow requires JavaScript.

There were so many incredible people at this event, and it was great catching up with people I hadn’t seen in a while. After spending a few hours hanging out with cool people, I gave my talk on the main stage at 1:00. I changed my talk at the last minute (as per usual) and decided to give the “How do we secure America” sermon that I developed the week prior.

This slideshow requires JavaScript.

The place was packed and the audience was amazing! We hung out at our booth afterwards and gave out a whole box of UNSECURITY books for free. I met countless awesome people, including Zoe Bundy (pictured below with her brother Grover), Frank LaLonde (from Nativity Church of Fargo – also pictured below), John Nagel (Cybernet Security), and Larry Schwab (Discovery Benefits CISO).

This slideshow requires JavaScript.

One person who stands out from the rest is Zoe. She’s incredible, and she’s the founder of Brainy Ladies. Brainy Ladies is a cool organization with an awesome purpose; “We help young girls find their inner genius by helping them remain interested in STEM.” I met Zoe for the first time at last year’s nVision conference, and it was wonderful to see her again. Read her story here, and tell me you’re not impressed! I’ll get her on the UNSECURITY Podcast one of these days, hopefully soon.

nVision was a great conference. Sadly, we didn’t have time to grab any BBQ in Fargo. Curious, is there any good BBQ in Fargo? The platter of bacon laid out at the nVision lunch buffet will have to do.

Rochester, New York

Made it back to the Twin Cities early enough to grab five hours of sleep before catching my 5:15am flight to Rochester. I have an affinity for Rochester because one of my favorite customers (@FRsecure) is Excellus BlueCross BlueShield. Funny thing is (sort of), I’ll be back in Rochester to do some work for Excellus the following week.

The purpose for this particular visit was to attend and present at the Rochester ISSA chapter meeting being held on Thursday night.

Two trips to Rochester in five days. Weird.

First thing after landing in Rochester was to find BBQ. Took out my phone, opened my Apple Map and typed “BBQ”. The closest BBQ joint that looked legit was Unkl Moe’s BBQ & Catering at 493 West Ave (review below). That’ll do.

After BBQ, it was time for an early check-in at the hotel and a short nap.

Rochester ISSA

The Rochester ISSA meeting started at 6:00pm, and I was almost late. I started doing some work in the hotel and got a little caught up in it. The meeting was held at the offices of Nixon Peabody, a nice law firm located at 1300 Clinton Square. Guess what they had catered in? BBQ! Before the meeting started, we enjoyed some Dinosaur BBQ (one of my favorites in Rochester) while we got to know each other.

The meeting was great! Attendance was good, participation was awesome, and they let me preach for a full hour and a half. I preached about mental health, getting our industry’s security #*(! together, and civic duties for security people. Great talk and discussion!

Gave away a few books, and headed back to the hotel at 10:00pm. Ray Feldman left me a nice shoutout before I got back.

Most of the day Friday was spent at Starbucks catching up on email and other things that I’d neglected over the week. Tried another BBQ joint before heading to the airport, Texas Bar-B-Q Joint in Spencerport (review below).

Overall, this was another great week. Met a ton of new and wonderful people!

BBQ Reviews

Only two BBQ reviews again. We still need to step up our game.

Unkl Moe’s BBQ & Catering – no website – Overall: 6.5

Hard to believe that I didn’t nab any BBQ this week until Thursday after getting off the plane in Rochester. It is what it is. I chose Unkl Moe’s because it was the closest BBQ joint to the Rochester airport and it got fairly good reviews.

I walked in the front door and the smokey smell hit me nicely. The inside of this place reminded me of a small town southern diner with most of the seats occupied by regulars. My hopes were high. I bellied up to the counter, grabbed a menu, and ordered the BBQ ribs and pulled pork platter (choosing french fries and cabbage as my sides).

This slideshow requires JavaScript.

Sadly, I was a little disappointed by the place, except for the conversations I had with the regulars. One conversation in particular was great! While eating, I struck up a conversation with a retired OTR trucker named Howard and we talked about all sorts of things; politics, his hometown in Georgia, etc.

The food definitely wasn’t the best thing about this place. The pulled pork had a nice texture, but the flavor was missing. The ribs were OK, but they were smothered in sauce. I’d go back to this place for the conversation, but not the food.

Texas Bar-B-Q Joint (Spencerport) – https://www.bbqrochester.com/spencerport – Overall: 7.00

I didn’t realize that this was a small chain of BBQ joints until I sat down to write this. This was my first trip to Spencerport and I was excited to try this place. The reviews were good and I felt like I could almost taste the pictures online.

This slideshow requires JavaScript.

Walked in and ordered my food at the bar (sliced brisket, pulled pork, and sausage with macaroni and cheese and steamed vegetables for sides). The guy taking my order was helpful, and I took my seat at one of the open booths in the corner. This joint looked very promising and the it smelled amazing. It was lunch time and there were maybe eight people in the place.

It didn’t take long before I realized how cold it was. They must have had the thermostat set at 60! Whatever, I blew it off. I came here for some meat.

The cook called my name, and I jumped to grab my tray. I was excited and hungry. Turned out, I was also a little disappointed. Everything was OK, but nothing was exceptional. The portions were good. The pulled pork was a little watery. The brisket was OK, but it was cut too thick and it wasn’t smokey enough. The best part of the meal was sadly the macaroni and cheese.

Remember how I said the place was cold? A cold BBQ joint makes things suck more. This is because the meat on your plate starts cooling off too quickly and by the time you’re getting towards the end, the meat is cold, dry, and chewy.

The BBQ wasn’t bad. Just not sure I’ll be back. Maybe in the summer.

BBQ Summary

Again, two new BBQ joints to add to our list. This was a disappointing BBQ week. The winner was Texas Bar-B-Q Joint (Spencerport, NY). Pecan Lodge easily retains it’s top place as overall #S2Roadshow leader with a score of 9, and Bowlegged BBQ is still in the #2 spot. The current overall standings are listed below.

Overall Standings (at the end of #S2Roadshow Week Three):

  • Pecan Lodge – 9
  • Bowlegged BBQ – 8.75
  • Divine Swine – 8.5
  • Big Ed’s BBQ – 8.25
  • Mission BBQ – 8
  • Cousin’s BBQ – 7.75
  • Blackwood BBQ – 7.5
  • Broad Street BBQ – 7.5
  • Hard Eight – 7.25
  • Spring Creek Barbeque – 7.25
  • Redd’s BBQ – 7.25
  • Lucille’s Smokehouse BBQ – 7
  • Texas Bar-B-Q Joint – 7
  • Smoque – 6.75
  • Sweet Lucy’s Smokehouse – 6.75
  • Red Coal BBQ – 6.75
  • Unkl Moe’s – 6.5
  • Hambone’s Smokehouse – 6.25
  • Shakedown BBQ – N/A (wasn’t open when it was supposed to be, wasted trip)

Next Week’s #S2Roadshow

This is a crazy week. I’ll be back in Rochester, NY on Monday and Tuesday, flying back to Kansas City, MO on Wednesday, then out to Sacramento, CA. John joins me in Kansas City and Sacramento.

I’m pumped about Kansas City BBQ, but I’m there to talk with members of Greater Kansas City ISACA Chapter . This will be a good meeting for sure. Some of the members have been hyping it up online.

On Friday, I’m speaking at the Sacramento Valley ISSA meeting. I’m excited to meet a bunch of cool people, but I’m also excited about the weather!

Looking forward to another great week!

Stay tuned for next week’s #S2Roadshow updates. You can follow us on Twitter (@evanfrancen, @HarmonJohn, @StudioSecurity, and the #S2Roadshow hashtag) and on LinkedIn.

See you next week! If you want to collaborate with us, get in touch!

#S2Roadshow Recap – Week Five

St. Paul, MN and Dallas, TX

If you’re new, or you’re confused about this #S2Roadshow thing, start here (maybe).

Previous Week’s Recaps:

The purpose of the SecurityStudio Roadshow (#S2Roadhow) is to meet people and make partners. We want to meet people, understand their businesses, and help them grow using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).

Our mission is to fix the broken information security industry. Success requires collaboration, partnership, and transparency.

Together again! This week, John and I were together doing our thing. Good times!

BBQ Reviews

In full transparency, we have a secondary mission on the #S2Roadshow. We eat as much BBQ as we can. After stuffing ourselves, I summarize our BBQ reviews at the end of each recap article (see below).

Sideshow – Cyber Security Summit

This wasn’t a stop on the SecurityStudio Roadshow, but a stop for FRSecure. FRSecure rocks and I love getting to preach for us/them! The Cyber Security Summit is an annual event that brings all sorts of great security folks together in the Minneapolis Convention Center for three days of security awesomeness. I gave my talk on Monday, titled “Tackling the Talent Shortage Problem: An Honest Look at Challenges Related to Finding and Retaining Information Security Talent.”

I’m the guy with the beard (in the pic). If you’d like a copy of my deck, it’s available here. Use it. Steal it. Distribute it. Do whatever you’d like with it. 😉

Great conference. Great attendance. Great everything. It was fun.

St. Paul, Minnesota

In case you didn’t know, John and I are both from Minnesota, so this is a short road trip. We traveled all the way from Minnetonka (where our offices are) to St. Paul on Wednesday.

John and I both spoke at the Minnesota Counties Computer Cooperative (MNCCC) Halloween Cybersecurity Workshop titled “The Wicked Web”. There were a hundred (or so) people there representing local governments throughout the state. Originally, only John was scheduled to speak at this event, but a scheduled speaker backed out at the last minute. The fine folks at MNCCC asked if I would fill in.

Sure I said! What will I talk about though? I whipped up a presentation titled “How do we secure America?” Why not, it’s fitting for government people, right? It turned out to be a good talk, primarily because the audience was awesome!

If you’d like a copy of this deck, I put it here. Same as the last one, feel free to use it however you’d like.

John gave a demonstration of the S2Org tool for the audience and we invited them all to use it. It’s free for crying out loud! It was nice to see many counties/cities (~10) take us up on our offer. If you haven’t tried the free S2Org tool yourself, do it!

Dallas, Texas

John and I left for Dallas on Thursday morning. We grabbed our car from Wonder Woman, then headed to our first meeting.

We drove straight to Hard Eight BBQ where we had a meeting scheduled with some of the guys from @Risk Technologies. The BBQ was good (see below) and the meeting was great! @Risk has some really cool things going on and we’re happy to be friends!

We took a partner phone call in the car while we drove to another meeting. This meeting was with Ryan at FRG Solutions to collaborate on some cool go to market ideas. Great ideas and a great call!

Along the way, we were a little troubled with this picture.

Our next meeting was with John Ross, a super cool technology executive from Dallas. John was in the audience during my ISC2 keynote a few weeks back. In the middle of that talk, he went out to the lobby and grabbed me a cup of coffee. How cool is that! Anyway, we’re meeting again. He chose this coffee shop called Ascension, and these guys take coffee to a whole new level!

This slideshow requires JavaScript.

It was cool to catch-up with John and talk about ways to work together. We talked a lot about starting businesses, finding the right path, and our faith. I LOVE good people and I love working with them too. This was a wonderful way to end my day (John went on to have another meeting or two after this one).

ICI Events

On Friday, we attended a really cool event put on by ICI Events at the Four Seasons Resort and Club. The event featured a unique format for bringing vendors, partners, and business consumers together, starting with a speed dating round where a few business consumers would sit at your table for six minutes while you told them about your solution. After the six minutes was up, people would switch places, and you’d do it again. This would continue until all business consumers had seen all vendors. After the speed dating round, consumers would vote on which vendors they’d like to know more about. It was pretty cool and we made a lot of friends!

This slideshow requires JavaScript.

JP Hill (pictured above) was a key player in putting this all together and he made us feel very welcomed. JP was the key person who put together the ISC2 Cyber Aware Dallas event too, and he’s Dallas ISC2 Chapter President. In his free time (joking), he’s the CISO at Secutor Consulting.

Like I said, we made a lot of friends here.

Trip Home

Normally, my trip home is spent working on the plane, but this trip home was a little different. I met a guy named Chad on the plane. Chad is a social worker from MN, and we somehow got to talking about Jesus. We talked about everything from marriage and family to work and hobbies, and everything in between.

Well, that was that. Great trip(s) this week!

BBQ Reviews

Only two BBQ reviews again. We need to step up our game.

Hard Eight – https://hardeightbbq.com/ – Overall: 7.25

We met the guys from @Risk here and they paid for it, so the value was great! I don’t even know how much our food cost. The experience was unique. You walk up to a big pit full of meat and grab what you want. There’s everything in this pit; turkey, pulled pork, brisket, ribs, sausage, etc. There were even some kind of weird shrimp kabob things. Once you grab your meat, you go inside to pick your side dishes and beverages. At the end of the line is the cashier, and after paying, you go find a seat somewhere.

This slideshow requires JavaScript.

The meat was OK. It tasted sort of rushed and bulk-prepared where I like meat that feels like it was cooked in the back yard. I could hardly notice the smoke in the meat and the pulled pork was watery. The best meat I had was the turkey, which was really good. Overall, this place was OK. I’m not sure if it’s a place that I’d make a special trip to go back and visit.

Cousin’s BBQ – https://www.cousinsbbq.com/ – Overall: 7.75

I arrived at the DFW airport for the trip home and realized that I’d only done one BBQ joint so far on this trip! I sort of panicked a bit before finding this little gem in the DFW airport. Thank God! A man can’t take a trip with only one portion of BBQ.

This slideshow requires JavaScript.

My expectations for this place were low to begin with. After all, what kind of BBQ can you expect to get in an airport? Needless to say, I was very pleasantly surprised! I ordered pulled pork and brisket, with broccoli salad and cole slaw on the side. The meat was surprisingly moist a very flavorful. The smoke ring was good too. In a pinch, this place will definitely do!

BBQ Summary

Again, two new BBQ joints to add to our list. The winner this week was Cousin’s BBQ. Pecan Lodge is still the the overall #S2Roadshow leader with a score of 9, and Bowlegged BBQ is still in the #2 spot. The current overall standings are listed below.

Overall Standings (at the end of #S2Roadshow Week Three):

  • Pecan Lodge – 9
  • Bowlegged BBQ – 8.75
  • Divine Swine – 8.5
  • Big Ed’s BBQ – 8.25
  • Mission BBQ – 8
  • Cousin’s BBQ – 7.75
  • Blackwood BBQ – 7.5
  • Broad Street BBQ – 7.5
  • Hard Eight – 7.25
  • Spring Creek Barbeque – 7.25
  • Redd’s BBQ – 7.25
  • Lucille’s Smokehouse BBQ – 7
  • Smoque – 6.75
  • Sweet Lucy’s Smokehouse – 6.75
  • Red Coal BBQ – 6.75
  • Hambone’s Smokehouse – 6.25
  • Shakedown BBQ – N/A (wasn’t open when it was supposed to be, wasted trip)

Next Week’s #S2Roadshow

John and I are together again for the first half of the roadshow, then I’m going solo for the second half. We’re excited to go up to Fargo, ND this week to hang out with Network Center, our partners to the north. They put on this amazing event every year called nVision, and both John and I are speaking on the main stage there. John comes back home and I head out to Rochester, NY to make some new friends. I’ll be speaking at the ISSA chapter there.

Looking forward to another great week!

Stay tuned for next week’s #S2Roadshow updates. You can follow us on Twitter (@evanfrancen, @HarmonJohn, @StudioSecurity, and the #S2Roadshow hashtag) and on LinkedIn.

See you next week! If you want to collaborate with us, get in touch!

#S2Roadshow Recap – Week Four

San Diego, CA and Wise, VA

If you’re new, or you’re confused about this #S2Roadshow thing, start here (maybe).

Previous Week’s Recaps:

The purpose of the SecurityStudio Roadshow (#S2Roadhow) is to meet people and make partners. We want to meet people, understand their businesses, and help them grow using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).

Our mission is to fix the broken information security industry. Success requires collaboration, partnership, and transparency.

This week, John and I split up again, like we did in Week #2. I’ve got to be honest with you, traveling with John is more fun than not.

BBQ Reviews

In full transparency, we have a secondary mission on the #S2Roadshow. We eat as much BBQ as we can. After stuffing ourselves, I summarize our BBQ reviews at the end of each recap article (see below).

San Diego, California

My visit to San Diego was a short one, only one night. Flight to San Diego on Wednesday morning, and a flight back to Minnesota Thursday night. The primary purpose of my trip was to speak at the San Diego ISSA chapter meeting on Thursday.

I caught a 6:05am flight out of Minneapolis (too early) and got to San Diego around noon. I didn’t have any meetings yet, and it was too early to check into my hotel, so I hung out a Starbucks to catch up on some work.

The weather in San Diego was incredible! Mid-80s and sunny. Beats Minnesota where it was in the low-40s and rainy. Life is good.

This slideshow requires JavaScript.

Eventually got caught up (almost), checked in, and grabbed some much desired BBQ (see below).

San Diego ISSA Chapter Meeting

Arrived a bit early to the meeting (not too early) and was surprised to see two of my favorite security people right when I walked in; Robert and Tina (pic in gallery below)! Got settled in and delivered my standard message. The meeting was well-attended, and I met some incredible people! I know that I use the word “incredible” a lot, but seriously, these were some of the best people I’ve met so far on our Roadshow. Met new friends Will, Alex, Jen, Salvador, Quinton, Tim, and Greg to name a few. I’m very excited to get to know them more and collaborate on cool things!

A copy of my standard presentation deck that I spoke from is here.

This slideshow requires JavaScript.

Loved every minute of this. After the chapter meeting, I stopped by a friend’s work to say “hi” before heading to the airport. Shared a cup of coffee and a quick chat with Brian Gibbs.

This trip was a huge success, certain to produce some great relationships and some new SecurityStudio partnerships too!

Wise, Virginia

John was in Wise, Virginia at the same time I was in San Diego. John says he got the fuzzy end of the lollipop on this deal, but whatever. He was in Wise to speak at BSides Southwest Virginia, and I haven’t had much of a chance to catch up with him yet. I assume the event went well because he’s still alive and stuff. I saw him on Friday in the office, but we just didn’t get a chance to talk about his trip. So many meetings!

BBQ Reviews

Only two BBQ reviews this week, one from San Diego and one from Kingsport, Tennessee.

San Diego

Only had time to visit one BBQ joint, so I figured I better make it a good one. I searched online and found this place called Bowlegged BBQ located at 4255 Market Street in San Diego. 149 Yelp reviews and a rating of five stars! Impressive. I asked a few locals if they’d heard of the place. None of the people I asked had heard of it. Well, let’s do it…

Bowlegged BBQ – no website – Overall: 8.75

OK, this was some good BBQ! I feel bad for all the people who live here, but never experienced the joy. The place is family-owned and the atmosphere was perfect for a BBQ joint. A little cluttered, a little dirty, a little nostalgic, and a whole bunch of character. Ordered my meat from Jordan behind the counter, and I told him all I wanted was meat, no sides. Ordered rib tips, ribs, and brisket. The price? 20 bucks.

1o minutes later, I get this Styrofoam container filled with deliciousness. Like really filled and like really delicious! As you can see in the picture, the meat is drowning in sauce, and that’s generally a big no-no for me. For some reason it worked. The sauce was some sort of rural Georgia-tasting stuff with a hint of cinnamon. Weird, but delicious! I texted John and told him it was like a love fest between my mouth, my brain, and my belly. Definitely recommended!

This slideshow requires JavaScript.

Kingsport, Tennessee

Broad Street BBQ – https://www.broadstreetbbq.com/ – Overall: 7.5

John’s words, “BBQ Review: Broad Street BBQ, Kingsport, TN. Brisket was decent, the rest was just ok. Will do in a pinch, but probably one and done on this one. Super nice people though!

That’s what he said.

OK, just two BBQ reviews. Sort of sad really. 🙁

BBQ Summary

Those were two new BBQ joints to add to our list. The winner this week was Bowlegged BBQ. Pecan Lodge is still the the overall #S2Roadshow leader with a score of 9, but Bowlegged BBQ jumps in at the #2 spot! The current overall standings are listed below.

Overall Standings (at the end of #S2Roadshow Week Three):

  • Pecan Lodge – 9
  • Bowlegged BBQ – 8.75
  • Divine Swine – 8.5
  • Big Ed’s BBQ – 8.25
  • Mission BBQ – 8
  • Blackwood BBQ – 7.5
  • Broad Street BBQ – 7.5
  • Spring Creek Barbeque – 7.25
  • Redd’s BBQ – 7.25
  • Lucille’s Smokehouse BBQ – 7
  • Smoque – 6.75
  • Sweet Lucy’s Smokehouse – 6.75
  • Red Coal BBQ – 6.75
  • Hambone’s Smokehouse – 6.25
  • Shakedown BBQ – N/A (wasn’t open when it was supposed to be, wasted trip)
  • Hard Eight BBQ – INC (we were too full, need to go back)

Next Week’s #S2Roadshow

John and I are together again, and we’re back in Dallas! It’s going to be hard to pass up Pecan Lodge and we definitely need to visit Hard Eight again (this time we’ll eat it).

We’re heading to Dallas this week to participate in an ICI Cybersecurity Forum. Should be fun.

Stay tuned for next week’s #S2Roadshow updates! You can follow us on Twitter (@evanfrancen, @HarmonJohn, @StudioSecurity, and the #S2Roadshow hashtag) and on LinkedIn.

See you next week! If you want to collaborate with us, get in touch!

#S2Roadshow Recap – Week Three

Chicago, IL and Dallas, TX

If you’re new, or you’re confused about this #S2Roadshow thing, start here (maybe).

Previous Week’s Recaps:

The purpose of the SecurityStudio Roadshow (#S2Roadhow) is to meet people and make partners. We want to meet people, understand their businesses, and help them grow using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).

Our mission is to fix the broken information security industry. Success requires collaboration, partnership, and transparency.

BBQ Reviews

In full transparency, we have a secondary mission on the #S2Roadshow. We eat as much BBQ as we can. After stuffing ourselves, I summarize our BBQ reviews at the end of each recap article (see below).

Chicago, Illinois

John and I started the roadshow this week on Monday night with our flight to Chicago.

HSBC Talk

We were invited to Chicago by HSBC to talk with employees about information security. This was part of the company’s annual awareness campaign coinciding with National Cybersecurity Awareness Month. Their theme for this week was “Cyber Week #3: Cybersecurity in Our Personal Lives/Cybersecurity on the Move”, and it was an honor to be a part of it. Our talk was delivered in their Arlington Heights headquarters and it was telecast live all over the world. Super cool experience!

John took this pic and posted it to his LinkedIn feed:

In the talk, I discussed how people are creatures of habit. The same good (or poor) security habits they exhibit at home are the same ones they are bringing into the workplace. I also discussed:

  • Limitations in traditional training and awareness programs.
  • Motivating people by making information security personal.
  • If security doesn’t motivate, maybe privacy will. If privacy won’t motivate, maybe safety will.
  • The free S2Me personal security assessment and results from our audience (this was eye-opening for many).

Feedback was awesome, and we hope we made a difference. After the talk, there were a dozen(ish) people who came up to us with questions and requests for more information. If you’d like a copy of my presentation deck, I made it available here on SlideShare.

Partners

Our HSBC meeting was arranged by one of our amazing partners, Ryan Heining from FRG Solutions. Ryan met us at HSBC before the talk, and after the talk we collaborated over lunch. You get one guess about what we had for lunch (read the review below).

We also met a new prospective partner while we were in Chicago; Spector Security. It’s funny how you can tell right off the bat if there’s a fit between two organizations. Spector is in business for the right reasons, to help organizations be more secure by focusing on fundamentals first. They’re not in business to sell snake oil or take your money regardless of need. The company is run by two upstanding guys; Kevin and Zach. They’re the real deal. The conversation was awesome, and I’m excited to stay in touch while they grow their company. Check them out on their website or follow them on Twitter.

We love finding and helping companies who are serving their clients’ best interests. Companies like Spector Security are friends in this mission to fix the broken industry.

Overall, Chicago was nice. We ate some good BBQ, gave a good talk, and made a bunch of friends. By Wednesday afternoon we were on our way to Dallas, Texas.

Dallas, Texas

John and I were both excited for our visit to Dallas, for a number of reasons:

  • We had some meetings scheduled with security folks in the area.
  • John is originally from Dallas.
  • My wife and daughter were flying down from Minnesota to meet me.
  • We were participating in the ISC2 Cyber Aware Dallas Conference, where I was also giving the keynote.
  • There are rumors that the BBQ in Dallas is the bomb.

We landed on Wednesday night, got cars, met people, and got settled for what turned out to be a great couple of days!

ISC2 Cyber Aware Dallas Conference

The conference was held at the Davidson-Gundy Alumni Center on the campus of the University of Texas at Dallas on Friday (10/18). It was a beautiful venue!

This slideshow requires JavaScript.

I kicked things off with my keynote. My talk was one that I had given a few times before, and if you’ve followed me at all, you’ve probably seen it a few times already. Nothing earth shattering, just basic and fundamental information security truth. I even kept the title the same; “WANTED – People Committed to Solving our Information Security Language Problem”. I’ll keep preaching this until it feels like people really get it (and apply it). If you’d like a copy of this slide deck, here it is. Feel free to share it, use it, steal from it, or whatever else you’d like, as long as you’re helping fix this industry with it.

After my talk, I met a bunch of really good people. It’s hard to remember all of their names and all of the places they work, and I need to get much better at this. Three people in particular stuck out to me:

  • A man who runs IT (and infosec) for a group of colleges in Texas. He stuck out to me because he asked a great question during my talk, he followed up with me afterwards, and we ran into each other five or six times later throughout the day. He’s been in information security for a long time, and he really get’s it (the importance of fundamentals, how S2Org/S2Score are great tools, and how we need to solve our problems together). He became an advocate for us at the conference and brought many people to our booth. I can’t remember, but I think I gave him a signed copy of my book. Anyway, meeting him and talking with him was a wonderful experience for me.
  • There was a guy here who participated in FRSecure’s CISSP Mentor Program! We talked briefly before my keynote, but he didn’t know who I was. He didn’t know that I was Evan Francen or that I was the same guy who runs the CISSP Mentor Program with Brad Nigh (FRSecure). After my talk he ran me down to express how excited he was to meet me in person and to thank me. These encounters are always a little awkward for me, but I told him that he made my day by sharing.
  • Someone who works at a Fortune 500 company and feels unfulfilled in his work. He wants to start his own information security consulting company because he wants to help SMBs be better protected. He was looking for some advice in starting his own business and wanted to know how SecurityStudio’s tools could help him. This conversation brought back memories. I’m looking forward to seeing him get up and running!
  • JP Hill III is the President of the (ISC)² Dallas/Fort Worth Chapter and he was instrumental in putting this conference together. He’s a great guy with a lot of energy! I loved meeting and collaborating with him. We’ll be visiting with the (ISC)² Dallas/Fort Worth Chapter many more times in the future as we work together to serve this community.
  • One last person who really stood out was a guy who made it a point to track me down and tell me how much my talk meant to him. He stuck out because of his enthusiasm and authenticity. I pray he never loses either. 🙂

There were many others, but these are the conversations that stick out right now. It was a very good conference and all of my conversations were great! Huge success.

Partners

We met a handful of partners in Dallas, and I’m pretty sure we’ll formalize at least three of our relationships here. There’s a great deal of potential in the Dallas/Fort Worth area, so I’m sure we’ll make more friends here.

We will be back in Dallas in a few weeks, so we didn’t overdo this trip.

P.S. While we were in Dallas, we took calls from a potential partner in North Carolina and started conversations with a company in the UK. Things are heating up! Good things.

BBQ Reviews

Holy buckets, we had some great BBQ this week! There’s no shortage of BBQ joints to try out in Chicago or Dallas, so we had plenty of choices. John and I also receive suggestions everywhere we go now.

Chicago

We visited three BBQ joints while we were in Chicago. Here’s what we thought…

Blackwood BBQ – https://www.blackwoodbbq.com/ – Overall: 7.5

There are five locations for Blackwood BBQ, and we visited the Schaumburg location for lunch. John and I both ordered combos. He got sliced brisket, pulled pork, and burnt ends. I got sliced brisket, burnt ends and ribs. It was a really nice BBQ joint with a rustic, busy, but open atmosphere. The BBQ is self-service, meaning you order at the counter and grab your food when it’s ready. The portions were generous and the taste was pretty darn good. I’d say overall, it was definitely above average is all aspects.

This slideshow requires JavaScript.

If you’re in the Chicago area, it’s definitely worth the trip.

Big Ed’s BBQ – http://bigedsllc.com/ – Overall: 8.25

We made the drive up to Waukegan to give Big Ed’s BBQ a try, and we’re definitely glad we did! This is a BBQ joint that is run by Ed (a few of his business partners) and his lovely family. You can read about the Big Ed story on their website. The atmosphere is great, with Ed’s son preparing the meat while Ed’s wife rings you up at the register. By the time we got there, they had already sold out of the brisket and burnt ends, so we settled for ribs and rib tips. We thought we were settling, but we were wrong! The ribs and tips were awesome!

This slideshow requires JavaScript.

The service was top notch, the portions were huge, and the meat was great! You have to visit this place. Highly recommended!

Smoque – https://smoquebbq.com/ – Overall: 6.75

Smoque was recommended to us by a friend. He claimed that they had the best BBQ in Chicago.

This slideshow requires JavaScript.

It was OK. They have two locations, and we visited the one in the Old Irving Park Neighborhood. The placed was cramped, the service was good, the portions were sort of small, and the taste was above average. Overall, it was good and worth the trip, but it wasn’t the best in Chicago as we were promised by our friend.

Dallas

We visited three BBQ joints while we were in Dallas, but we only ate at two. This is because we were both too full to eat at one of them, read on…

Pecan Lodge – http://pecanlodge.com/ – Overall: 9

We heard from multiple people that we had to go to Pecan Lodge located in Deep Elum, so we did. Are we ever glad we did! This was the best BBQ we’ve had yet on our three week-old #S2Roadshow, and I even made a friend.

This slideshow requires JavaScript.

I had the sliced brisket, pulled pork, and sausage. John had sliced brisket, pulled pork, and ribs. You should have seen the look on John’s face when he tasted the brisket for the first time! The atmosphere was awesome, with plenty of indoor and outdoor seating. The service was great. I even got the cook to show me his smokers (see pic). The portions were very generous too, but it was the taste that was amazing! I’ve never had better brisket and I may have never had better pulled pork in my life. I’ve had BBQ at 100+  of the best places all over the country, and I’ve never had brisket with the perfect mix of smoke flavor, fat cap, and rub.

Pecan Lodge is an absolute must visit for any BBQ lover. It’s almost worth a special visit to Dallas just to go to this place. The best I’ve had in a very long time, if ever.

P.S. My new friend’s name is Winston, and he’s from Michigan. He and his son travel the country riding roller coasters and trying new BBQ. BTW, he agreed that Pecan Lodge was awesome.

Hard Eight BBQ – https://hardeightbbq.com/ – Overall: INC

We had a happy hour visit with one of our potential partners here. They heard that we loved BBQ, so they arranged for the meeting here.

This was the first time that John or I have ever gone to a BBQ joint and left without eating BBQ. We’d been at Pecan Lodge earlier in the day. Bummer! We’ll be back…

Spring Creek Barbeque – https://springcreekbarbeque.com/ – Overall: 7.25

My tweet sums this one up. Just about everything about this place was OK, but nothing special. What the it special was sharing it with my girl. 🙂

This slideshow requires JavaScript.

BBQ Summary

That was five new BBQ joints to add to our list. The winner this week, hands down, was Pecan Lodge. Pecan Lodge is also the overall #S2Roadshow leader with a score of 9! The current overall standings are listed below.

Overall Standings (at the end of #S2Roadshow Week Three):

  • Pecan Lodge – 9
  • Divine Swine – 8.5
  • Big Ed’s BBQ – 8.25
  • Mission BBQ – 8
  • Blackwood BBQ – 7.5
  • Spring Creek Barbeque – 7.25
  • Redd’s BBQ – 7.25
  • Lucille’s Smokehouse BBQ – 7
  • Smoque – 6.75
  • Sweet Lucy’s Smokehouse – 6.75
  • Red Coal BBQ – 6.75
  • Hambone’s Smokehouse – 6.25
  • Shakedown BBQ – N/A (wasn’t open when it was supposed to be, wasted trip)
  • Hard Eight BBQ – INC (we were too full, need to go back)

Pecan Lodge takes the top stop from Divine Swine and Big Ed’s takes up third.

Next Week’s #S2Roadshow

I’m heading west again, and John’s heading east. I’ll be speaking at the San Diego ISSA chapter event and John will be speaking at BSides – SW Virginia. We’ll be taking meetings before and after our speaking engagements with partners and potential partners too!

Stay tuned for next week’s #S2Roadshow updates! You can follow us on Twitter (@evanfrancen, @HarmonJohn, @StudioSecurity, and the #S2Roadshow hashtag) and on LinkedIn.

See you next week! If you want to collaborate with us, get in touch!

#S2Roadshow Recap – Week Two

Orange County, CA and Madison, WI

Mission & Purpose Revisited.

The purpose of the SecurityStudio Roadshow (#S2Roadhow) is to meet people and make partners. We want to meet people*, understand their businesses, and help them grow using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).

John and I

John Harmon and Evan Francen, two guys known for our beards, our love of people, knowledge of security stuff, and our BBQ prowess. We both work for SecurityStudio, and we’re working hard on the mission. Follow us and you’ll get to know us pretty well!

Roadshow Summary

A quick summary of where the #S2Roadshow has taken us so far, and where we’re going next:

  • Week One in Central Pennsylvania exceeded our expectations
  • This last week (Week Two) we visited Orange County, California and Madison, Wisconsin
  • Next week (Week Three), we visit Chicago, Illinois and Dallas, Texas

This post is about Week Two.

Partners – Orange County

My two(ish) days in Southern California were full of really good meetings. Just like last week in PA, I met amazing people with really cool stories. For the sake of brevity, I’ll give you some highlights here.

Startup Consulting Company – Framework Security

My first meeting after landing in Santa Ana was coffee with Jerry Sanchez. Jerry is the Managing Partner and one of the founders of Framework Security, an expert-level information security consulting company. The company was established earlier this year (2019), and growing any company is hard.

Jerry has a strong background in this industry and his company is doing a great job serving customers (you know I would tell you if it weren’t so). His challenges include standing out from the noise, acquiring new customers, providing cost effective solutions (ones that SMB clients can afford), and engaging with customers relationally versus transactionally. I can sympathize with the struggle, especially given experiences in growing FRSecure over the years.

He shared a vision to grow his company, possibly employing as many as 50 people in the next few years. What impressed me the most was his ethics and credibility. He doesn’t just want to grow Framework Security, he wants to do it right.

SecurityStudio can help Jerry grow his business, and we’re excited to work together. Jerry can use our solutions to offer his customers and potential customers a wide variety of options, from free self-assessments to integrated full assessments (with higher margins) leading to long-term vCISO (or fractional CISO) relationships. Partnering with SecurityStudio will benefit him, his company, his customers, and our industry.

Jerry is a good guy, establishing a good company, and he will certainly make a difference!

Contact Information

Franchiser – TeamLogic IT

I had an initial collaboration meeting with the President of TeamLogic IT, Dan Shapero. Honestly, I had no idea who TeamLogic IT was until I started preparing for this meeting. Turns out, TeamLogic, Inc. is a leading managed IT services franchiser and has independently owned and operated TeamLogic IT offices located throughout the United States.

There are ~180 franchises in 38 states, and I had no idea! I feel so sheltered and ignorant of things outside of my little kingdom (Minnesota) sometimes. The #S2Roadshow is a real eye-opener to all sorts of new things!

I know I sound like a broken record, but this was another awesome meeting! Dan has been in the IT industry for many years and he’s willing to share his hard-earned wisdom with others (including me). Our discussion focused on understanding the TeamLogic IT business model and exploring how SecurityStudio could help all his franchisees serve their customers better. Our discussion also focused on other longer term collaboration opportunities between our organizations.

Dan and I came to a quick agreements on how SecurityStudio can help his business, his franchise owners, and their customers. We’ll be doing some cool and exciting things together in the future! It’s sort of funny that I didn’t consider how a franchise network could benefit from SecurityStudio’s platform. After this meeting, it’s an obvious business model. This relationship will be very valuable to all parties (our mission and theirs).

Contact Information

Established Consulting Company #1 – CISOSHARE

Seriously, another great meeting?! Yes, it’s true. Every meeting I’ve had has been great!

This meeting with CISOSHARE’s CEO Mike Gentile was like having a meeting in the mirror. We both see security the same way, he have similar experiences, and we’ve both earned our stripes building security programs for 100s of clients, big and small. When he said something, I could have finished his thought for him, and vice versa. Collaboration is a helluva lot easier between two people who understand information security deeply when they are driven to do things right and can put their egos in check.

We met over lunch at a local BBQ joint. The BBQ wasn’t great, but the conversation was! Thank God.

The discussion was fluid and included topics such as our careers, our past experiences, our businesses, and our philosophies about security, among other things. The parallels between Mike and I were sort of scary. He’s even an author like me. Our lunch ran long, but we got down to business too.

CISOSHARE is Mike’s third company and he’s building a great one. According to their website “CISOSHARE is the leading provider of cyber security services for rapidly growing organizations. Located in Southern California and recently ranked in 2019 as the 3rd fastest-growing private organization in Orange County, our team establishes a culture of continuous learning and teaching in security program development for ourselves, our clients, and our community.

Prior to the roadshow, I hadn’t really heard of CISOSHARE. Another example of being a bit sheltered in Minnesota I guess.

CISOSHARE is company that does things right, at least from what I can tell! They are a great partner candicate. We walked away from our meeting knowing that there are at least two or three ways in which our organizations (CISOSHARE and SecurityStudio) can (and probably will) work together. A CISOSHARE/SecurityStudio partnership will definitely help our mission!

Contact Information

Established Consulting Company #2 – Tevora

One major differentiator between CISOSHARE and Tevora is who they target as customers. CISOSHARE scales down to small companies and up to the Fortune 500. Tevora focuses solely on the Fortune 500. There are many other differences in between these two companies, but their target market is one that sticks out immediately. SecurityStudio can work with both of them, regardless! Everyone benefits from simple, fundamental, and compliant solutions.

I met with Tevora’s CEO, Ray Zadjmool for lunch. He’s built a cool company and he’s done it through innovative approaches to delivering services to clients and employee retention. Ray’s a go-getter who 1) knows what he wants and 2) knows how he wants to get it. His company focuses on helping large companies achieve compliance more than information security or risk management for the sake of information security or risk management.

The way Tevora approaches information security (or “cybersecurity”) isn’t the same way I would philosophically speaking, but it works for them and their clients (obviously). Fortune 500 clients are much different than SMBs, and Tevora is filling a nice niche.

He’s running a very successful company. I respect him and what he’s doing and I think the respect is mutual. We have next steps and we have opportunities to work together. I’m pretty sure we can help each other, and I’m excited to find out!

Tevora is a cool company, run by a cool CEO, located in cool places with cool offices. They’re not just cool, but they’re also very good at what they do. Ray is nice contact and I’m looking forward to building our relationship.

Contact Information

Madison

John Harmon was in Madison, Wisconsin with Steve Krause (SecurityStudio’s Partner Manager). John was speaking at an event hosted by Applied Tech, a great SecurityStudio partner.

This slideshow requires JavaScript.

It was an honor to speak to their customers about information security. I’m not sure how many additional meetings John and Steve may have had while they were in Wisconsin; John and I haven’t been able to catchup yet.

ISACA – Orange County

While john spoke in Madison, and I spoke at the ISACA Orange County Chapter event on Tuesday night. They gave me two hours(ish) to speak and the interaction was amazing! There were a ton of good questions and there were many interactive discussions. This was the first group of ISACA members that I’d spoken to on the roadshow, and they were all awesome!

If you’re interested, you can download my slides here.

Special thanks to Pauline Ang for coordinating everything, and also shoutouts to these folks for making me feel welcomed; Nemi George, Sanjeev Tak (pictured), Bin Du, Yu Chen, and Bill Olah, and Jan Olson. It’s not that the the rest of the group didn’t make me feel welcomed , it’s just that these folks went out of their way during my visit.

It feels good to know that the Orange County security community is in good hands!

BBQ Reviews

A roadshow isn’t a roadshow without a healthy dose of BBQ, or lots of doses of BBQ. John and I promise to eat at all the best BBQ places we can find during our travels and provide you with the lowdown. It’s the toughest part of our job, but you can count on us. We’re in it to win it!

We rate each BBQ joint we try on four characteristics on a scale of 1 (sucks) – 10 (best); Atmosphere, Service, Portions/Value, and Taste. The overall rating is the average of the four.

Last week’s winner was Divine Swine in Manheim, PA. Read on for this week’s winner.

Lucille’s Smokehouse BBQ – Overall: 7
  • Atmosphere – 7
  • Service – 8
  • Portion/Value – 6
  • Taste – 7

Lucille’s is well-known in the Orange County area, and sort of all over the southwest. They have have a bunch of locations throughout California, Nevada, and Arizona. I’d never had Lucille’s before, and I stopped here because it was the closest BBQ joint to the airport (after landing).

I had the house salad.

If you believe that, we should talk. I had the three meat combo; brisket burnt ends, sliced brisket, and baby back ribs. The sliced brisket and baby back ribs were OK, but the brisket burnt ends were amazing! I should have ordered three pounds of those (only). The atmosphere is nothing special, the service was good, and the portion was OK. If you go, get all the brisket burnt ends you can get your hands on.

This slideshow requires JavaScript.

Hambone’s Smokehouse – Overall: 6.25
  • Atmosphere – 5
  • Service – 7
  • Portion/Value – 8
  • Taste – 5

Hambone’s is another BBQ chain. Had lunch at the Huntington Beach location, and nothing was impressive. They drown their meat in sauce, so I ordered mine with the sauce on the side. I get why they drown their meat in sauce.

Service was good and there was plenty to eat. Unfortunately, the meat was bland (even with the sauce added). I didn’t even finish it.

This slideshow requires JavaScript.

Red Coal BBQ – Overall: 6.75
  • Atmosphere – 7
  • Service – 7
  • Portion/Value – 8
  • Taste – 5

John and Steve visited Red Coal BBQ in Eau Claire, Wisconsin during their road trip. The ratings are mine, based on what John told me, and they are subject to change. His exact words were:

Pork Belly pretty decent.  Not much flavor to the meats over all and only one, super sugary sauce available. Coleslaw was the highlight. Thinking this whole WI BBQ venture needs a redo.

We’ll see if John asks me to change these ratings later.

This slideshow requires JavaScript.

BBQ Winner

The winner for this week’s BBQ showdown for the #S2Roadshow was Lucille’s Smokehouse BBQ with a score of 7. We only reviewed three BBQ joints this week, and we need to step up our game next week. Next week we’re on the road for five days in two good food cities; Chicago and Dallas. We’ll step up our game!

Next Week’s #S2Roadshow

John and I are together again all week. First, we take the #S2Roadshow to Chicago for an event with HSBC. We’ll be in Chicago until Wednesday before heading down to Dallas for more meetings and an appearance at the ISC2 Dallas Cyber Aware event at the University of Texas at Dallas. If you’re in Dallas next week, come see us, catch my keynote, and/or grab some BBQ with us!

Stay tuned for next week’s #S2Roadshow updates! You can follow us on Twitter (@evanfrancen, @HarmonJohn, @StudioSecurity, and the #S2Roadshow hashtag) and on LinkedIn.

See you next week! If you want to collaborate with us, get in touch!

#S2Roadshow Recap – Week One

Central Pennsylvania

We’re happy to report that the information security community in Central Pennsylvania is alive and well!

Partners

One goal of the SecurityStudio Roadshow is to get out and meet new partners. We want to meet them, understand their businesses, and help them grow their information security consulting practices using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).

We met some amazing people and companies this week. We’re expecting as many as four new partners from Central Pennsylvania coming from this leg of the roadshow! Stay tuned for the announcements coming soon!

Keep up with our progress on Twitter, using the #S2Roadshow hashtag. We’re entertaining dammit!

BSides Harrisburg

In addition to meeting new potential SecurityStudio partners, John (Harmon) and I attended the inaugural BSides Harrisburg Conference on Wednesday (10/2). The event was held at the Harrisburg University of Science and Technology downtown, and the organizers did a great job!

SPECIAL SHOUTOUT to Julie Goolsby. Julie is the Director of Professional Development Programs at Harrisburg University of Science and Technology, and she was instrumental in coordinating everything for the event. She is patient, responsive, and incredibly effective.

I’m sure there were others who helped Julie, but we coordinated with her the most.

There were ~300 – 400 people at the conference (my guess), and maybe a dozen vendors. I didn’t speak until 10am, so John and I took in the Opening Remarks and the Keynote. The Keynote was presented by Ken Bechtel, a very well-respected Malware/Threat Researcher with more than 30 years under his belt. I shuddered when he mentioned boot sector viruses of the 90s. I started my (paid) career cleaning boot sector viruses from Windows 3.1 machines.

Ken has been around for a long time and he’s got a boatload of wisdom to share. Crazy how much he’s seen and how many malware packages he’s reversed. Most people haven’t heard of Ken because he’s one of those behind the scenes kind of guys. Sort of like me. He and I are both most comfortable in a dark room behind a keyboard somewhere. After his talk, we spent 30 minutes or so sharing stories and laughs.

NOTE: Ken informed me that he’s in the market for more/new work. Get in touch with him if you’d like to inquire. Here’s his LinkedIn Profile.

My Talk

This was one of those talks where I didn’t choose the title, but one of our marketing folks did. The title was “WANTED – People Committed to Solving our Information Security Language Problem”. Alright, let’s do it!

Finished my slides in a small coffee shop in Columbia, PA. SHOUTOUT to Café 301 in Columbia, a great little coffee shop in downtown. Good coffee and a great place to finish presentation slides.

My talk was in the event auditorium. There’s this slight fear of giving a talk in a large room (or in this case auditorium) and having a small audience. Thankfully, attendance was good, and it looked like the place was almost full. Phew! The talk was also livestreamed I hear.

This slideshow requires JavaScript.

SIDE NOTE: The very first talk I gave after starting FRSecure in 2008(ish) was at a conference in Bloomington, MN. This was my first ever talk, so I prepped thoroughly. I was early to the venue. I got to my room early. I got setup early. I was raring to go! One problem. Nobody came. Zero attendance. A good dose of humble pie, but ever since that day, I’ve said to myself, “as long as there’s more than zero, it’s a good day for a talk”.

I think the talk went well. There were awesome questions, and there was a dozen or so people who came up to talk with me afterwards. If you’re interested, a copy of my presentation can be downloaded here. If you want to watch the video, BSides live-streamed it, and you can also see it here.

Back to the Conference

We spent the remainder of the conference roaming the floor, striking up conversations, and attending other people’s talks. The two talks that I particularly enjoyed, so more SHOUTOUTS:

  • Rae Baker’s Open Source Intelligence 101: Finding Information on Anyone was a great introduction to OSINT. Really enjoyable presentation, and she nailed it!
  • Brandon Keath’s Hacking Yourself First, Penetration Testing for the Blue Teams: Part 2 was great. I had to miss Part 1 because I was in Rae’s talk. Brandon knows what he’s talking about and I really liked his dry humor. Good stuff.

We wrapped up the day with a few more introductions to potential partners, then headed off for BBQ (reviews below) and hotel work.

BSides Harrisburg was a GREAT CONFERENCE.

Cybersecurity Awareness Summit

Thursday’s agenda included attendance at the Cybersecurity Awareness Summit. This summit was also held at Harrisburg University of Science and Technology. The theme for this conference was “Caring and Sharing to Safeguard Our Citizens. Cross-collaboration Among Government & Education Makes Pennsylvania Safer & More Secure.

I sat through the following:

  • Welcome– Eric Darr, PhD, President Harrisburg University
  • Opening Remarks– John MacMillan, Deputy Secretary for Information Technology and Chief Information Officer, Commonwealth of PA
  • Security Challenges Confronting Government and Schools and Benefits to Collaboration & NASCIO’s Cybersecurity State of the States Report– Erik Avakian, CISSP, CRISC, CISA, CISM, CGCIO, ITILv3, Chief Information Security Officer Commonwealth of Pennsylvania and Srini Subramanian, Risk and Financial Advisory Lead, Deloitte
  • CISA: Cybersecurity Resources for State and Local Governments– Benjamin Gilbert, Cybersecurity Advisor, Cybersecurity and Infrastructure Security Agency

I will be PC in my feedback, although I don’t really want to. Mr. MacMillan is a very sharp dresser. Mr. Avakian has a nearly impossible job and needs more help. If Mr. Subramanian would have said “cyber” one more time, my head would have exploded. Mr. Gilbert was a good guy who used a helluva lot of acronyms.

I have a ton of respect for state CISOs. They do very hard work in a (sometimes) very hostile environment with less support.

RANT: Somehow, we’ve gone from using the words information security to cybersecurity to just “cyber”. Information security is NOT “cyber”. I get it, “cyber” sounds a lot cooler. Maybe using “cyber” helps you sell more $*!%. Certainly, the hipsters are impressed by the word. The truth is, using “cyber” as a reference to information security is NOT helping. Words matter. Use a dictionary.

I’m a stickler for this because I’ve been part of this army, and we’ve fought very hard to make information security a business issue, NOT just an IT issue.

OK, off the soap box now.

Benjamin Gilbert did a great job showing us all that CISA has to offer. They are trying to do everything for everyone though. This will get very expensive (to taxpayers) and will be less than optimal (wait lists, skill shortages, etc.). CISA provides a lot of value, but it would be nicer to see them do one or two things really well versus doing a whole bunch of things sort of half-assed.

This conference was very well attended and overall it was great. Seriously, it was.

BBQ Reviews

A roadshow isn’t a roadshow without a heathy dose of BBQ, or lots of doses of BBQ. John and I promise to eat at all the best BBQ places we can find during our travels and provide you with the lowdown. It’s the toughest part of our job, but you can count on us. We’re in it to win it!

We rate each BBQ joint we try on four characteristics on a scale of 1 (sucks) – 10 (best); Atmosphere, Service, Portions/Value, and Taste. The overall rating is the average of the four.

Sweet Lucy’s Smokehouse – Overall: 6.75

  • Atmosphere – 9
  • Service – 6
  • Portion/Value – 6
  • Taste – 6

Our first stop after landing in Philadelphia was Sweet Lucy’s Smokehouse. The BBQ was good, but not great. The best thing about the place was the really cool atmosphere.

Mission BBQ – Overall: 8

  • Atmosphere – 7
  • Service – 10
  • Portion/Value – 7
  • Taste – 8

We ate at Mission BBQ in Harrisburg in the evening of the first day. I wasn’t that excited for it because I knew it was part of a chain, but it was the closest BBQ joint to where we were staying. The staff was AMAZING. I can’t remember ever getting better service that we did at this place.

The cashier asked us if this was our first time at Mission BBQ. We said it was, then she proceeded to tell us all about the menu and how they make their BBQ.

Once our order was ready, the lady behind the counter asked us if it was our first time at Mission BBQ. We said it was, then she proceeded to tell us all about the sauces and how to help ourselves.

After we sat down to eat, another lady came by our table three or four times to make sure we had everything we needed. She cleared our table for us too (even though this was a self-service joint).

The service was exceptional, so I rate it a 10. The food was good too, the best being the jalapeno cheddar sausage.

This slideshow requires JavaScript.

Redd’s BBQ – Overall: 7.25

  • Atmosphere – 8
  • Service – 5
  • Portion/Value – 9
  • Taste – 7

After almost 24 hours without BBQ, we made the drive from Harrisburg to Carlisle on Wednesday night. We enjoyed some good (again, not great) BBQ at Redd’s BBQ. The atmosphere was pretty good and the portions were large. Service was so-so; the waitresses spent more time chatting with each other than they did helping their customers. Overall, this was good BBQ and it was worth the drive.

This slideshow requires JavaScript.

Shakedown BBQ – Overall: N/A

  • Atmosphere – N/A
  • Service – N/A
  • Portion/Value – N/A
  • Taste – N/A

The disappointment of our BBQ adventure came when we made the drive out to Grantville only to find the Shakedown BBQ was closed. This was one place that came most recommended from the people we talked to at BSides. Before making the drive, we confirmed that the place would be open, both online and through a friend of the owner. They were supposed to open at 11am on Thursday, and we got there at 11:15. A paper plate was hung on the front door saying they were closed. Ugh.

Divine Swine – Overall: 8.5 – #S2Roadshow Week 1 Champ

  • Atmosphere – 7
  • Service – 8
  • Portion/Value – 10
  • Taste – 9

After the Shakedown BBQ disappointment, we swung over to Manheim, where we found Divine Swine. This place takes the crown as the #S2Roadshow Week 1 BBQ Champ. The best tasting BBQ we had on the trip and huge portions. If you’re in the area, you have to visit this place!

This slideshow requires JavaScript.

Maybe we’re BBQ snobs, maybe not. One thing is certain, we enjoyed all of the BBQ we ate, and we’re pumped for next week’s adventures.

Next Week’s #S2Roadshow

I’ll be heading to Orange County, California. I’m speaking to the fine folks at the Orange County Chapter of ISACA on Tuesday. I’ve got a bunch of great meetings on Wednesday and Thursday with some potential partners and other security folks. If you’re in the area, let’s hook up. We can talk security and grab some BBQ. If you’ve got some BBQ recommendations, let me have ‘em!

John will be in Madison, Wisconsin speaking at an event hosted by Applied Tech. He’s going to be joined by Steve Krause, SecurityStudio’s Partner Manager. If you’re in that area, go hang out with John. I think he’s funner than I am.

Stay tuned for next week’s #S2Roadshow update! You can follow us on Twitter (@evanfrancen, @HarmonJohn, @StudioSecurity, and the #S2Roadshow hashtag) and on LinkedIn.

The SecurityStudio Roadshow

Introduction

OK, we’re doing this roadshow. Publicly, we call it the SecurityStudio Roadshow. Internally, we call it “Project Bacon”. Who doesn’t like bacon?

This is a short article to tell you about the SecurityStudio Roadshow and what we’re trying to accomplish with it. The first phase of the #S2Roadshow kicks off at the BSides Harrisburg (PA) Conference on October 2nd and ends with the RSA Conference in February, 2020.

Purpose

We’re on a mission. Our mission is to fix the broken information security industry. Say what?! Yeah, we know. It’s a big mission. Two things come to mind right away:

  1. Where do we start?
  2. How do we start?

We need to start where we’ll have the greatest positive impact on our industry and we need to start with people who are closest to the problem.

Where do we start

We start with information security fundamentals. If you hired me as your CISO, the very first thing I would do is an information security risk assessment. Considering that maybe ~90% of organizations in the United States fail to do this fundamental exercise reinforces the notion that this is where we’ll start.

SecurityStudio developed the S2Org information security risk assessment, and it’s already been used by more than 1,500 companies. We’ll start with the S2Org assessment and we’ll offer it for free.

The S2Org is SIMPLE, FUNDAMENTLAL, and COMPLIANT. More about this later.

How do we start

We start by making friends. We’ll get on the road and we’ll meet them where they are. The #S2Roadshow! We’ll travel the country recruiting people for our cause. We’re recruiting partners and end users. Partners use our tools to attract new customers and help their existing ones. End users can use our tools for free to address their fundamental information security needs.

Keep Up

We invite you to join us on the road, either in person or online. If you’ll be at one of the various events we’ll be at, come say “hi”! Tell us how we can help you and/or join us. For those of you who can’t be where we are, follow us on my personal blog, on Twitter, and/or LinkedIn.

It’s going to be one helluva ride, and we’re excited to share it with you! We’ll meet a bunch of cool people, establish some great new relationships, and make a lot of progress on the mission!

I’ll post daily updates here. This will sort of be my #S2Roadshow journal.

Want to know more about SecurityStudio, check us out online; https://securitystudio.com. Get your S2Score, become a partner, or help us with our mission!

Oh yeah, one more thing.  We’ll be hunting down the best BBQ joints while we’re on the road. We’ll eat and we’ll review. It’s hard to be a security guy on the road.

The UNSECURITY Podcast – Episode 47 Show Notes

Here we go. The show notes for episode 47 of the UNSECURITY Podcast.

I’m writing these during the Vikings/Bears game on Sunday. Skol Vikings! Yeah, whatever, I’m late, but I’ve got excuses. I’m late because things are sort of crazy at home right now. I’ll try to explain:

  • I was in Bulgaria for a week (several weeks ago). My sleep was thrown off a little because Bulgaria is 8 hours ahead of us.
  • My wife was in China for 10 days. This means that I was left to my own devices (not usually a good idea), and I had no backup for my 14 year-old daughter’s manipulation. Seemed like there were more kids at my house than normal. I don’t know. The house is still standing, so that’s a win.
  • In the middle of this, I decided to quit smoking on Wednesday. After 30 years of 1-1/2 packs a day, I’m done. This is day four, and the withdrawals are a challenge (my PC word for it).
  • My wife got back last night, and now her sleep is all wonky. She was 13 hours ahead.

So, let’s give this thing a go, shall we?

Last week was a blur, but I think we did some really good things! Brad spent the latter part of the week offsite with FRSecure’s Senior Management Team (SMT), doing some strategic planning. I spent most of my time working on some timely SecurityStudio stuff:

  • Next week’s launch of S2Org.
  • SecurityStudio Partner Jumpstart
  • Roadshow preparation, hard to believe that we (me and John Harmon) hit the road next week already.

Do you know what we’re doing on the #S2Roadshow? Did you know that we’re using the “#S2Roadshow” hashtag? Do you know what S2Org is? Don’t worry if you don’t, we know we’ve got a lot of preaching to do!

Friday was highlighted by a great meeting with Minnetonka School District representatives (Mike Dronen, Executive Director of Technology and Dave Eisenmann, Director of Instructional Technology), Ryan Cloutier (repeat podcast guest and Chairperson of the Consortium of School Networking Cyber Security Advisory Panel), and Ivan Peev (SecurityStudio’s VP of Product Development). We discussed how we can work together to create a free S2Teen product for students and parents. There will be some great things coming out of this (eventually).

If you missed episode 46 of the UNSECURITY Podcast, here it is.

OK. Show notes…


SHOW NOTES – Episode 47

Date: Monday, September 30th, 2019

Show Topics:

Our topics this week:

  • Fundamentals
  • Roadshow
  • Parents and Kids

[Evan] – Let’s do this. I’m Evan Francen, it’s Monday, September 30th, and this is episode 47 of the UNSECURITY Podcast. My guy Brad Nigh is here with me. Hey Brad!

[Brad] You know Brad. He’ll say something because he’s nice like that.

[Evan] I know you were offsite with the FRSecure Senior Management Team (or SMT) the last half of the week. I love how you guys set an example by working hard and playing hard. How was it?

[Brad] Cool things.

[Evan] So, late last week, I had this meeting. It was the first time I’d met this guy who runs the information security program for a VERY important organization. I can’t share the name because I don’t like to out people like that. Anyway, he has many years of information security experience and seemed like he had all the right things to say. As the discussion progressed, I could sort of sense that he and I didn’t see security the same way exactly.

He knew all the acronyms and threw them around like candy at a parade. He’s also very well connected and dropped a lot of names. We knew some of the same people, but this was the first time he and I had met each other. He went on to say how they’ve built a good foundation for their security program, and now they want to take things to the next level.

One thing that became obvious is we don’t think about the foundation or fundamentals the same way. Let’s talk about this.

[Brad] He’ll agree because he likes to talk about these things.

Fundamentals Discussion

Things to discuss:

  1. What is information security?
  2. What is risk?
  3. If I hire you to “do” information security for me, what is the first thing you would do?
  4. What percentage of SMBs…?
  5. Discuss last week’s discussion

[Evan] The basics man. How many breaches do we see where it’s just the missing basics? 

[Brad] Something…

[Evan] Complexity is the enemy. We’ve all heard it before. Really, this is what the SecurityStudio Roadshow is about.

Roadshow Discussion

  • Was called “Project Bacon”.
  • Mike Dronen brought me some bacon!
  • This week is Harrisburg, PA BSides
  • Hashtag #S2Roadshow

[Evan] Quickly, let’s talk parents, kids, security, privacy, and safety. Maybe we can devote a whole show to this in the future. Maybe we can get a guest to join us.

Parents and Kids Discussion

[Evan] Alright. That’s a lot to take in. Good discussion Brad. We could take any one of these topics and make it an entire show.

News

Here’s our news for this week:

Closing

[Evan] There you have it. I’ll be checking in regularly from the road. We have a mission dammit! Stay tuned. Hope you’ll follow along.

Thank you to our loyal listeners! Shout out to Kevin! Thank you for your tips and feedback. We’re working on it. For the rest of you, send us your feedback by email  at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Talk to you all again next week!