#S2Roadshow Recap – Week Seven

Rochester (NY), Kansas City (MO), and Sacramento (CA)

A good week that started with serving a great FRSecure customer in Rochester before heading off to preach in Kansas City and Sacramento. This was the first week that we ran into a person (or group of people) who epitomized something that’s wrong with our industry. Read on.

SecurityStudio Roadshow Summary

If you’re new, or you’re confused about this #S2Roadshow thing, start here (maybe). It’s hard to believe that each week gets better, but it’s true, it does! Week #6 (this one) was the best yet.

Previous Week’s Recaps:

The purpose of the SecurityStudio Roadshow (#S2Roadhow) is to meet people and make partners. We want to meet people, understand their businesses, and help them grow using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).

Our mission is to fix the broken information security industry. Success requires collaboration, partnership, and transparency.

This is the first time we’ve done three cities in one week! It was tough, but very rewarding. The week started of in Rochester to work with a long-time FRSecure customer, then west to Kansas City (Greater Kansas City ISACA Chapter), then further west to Sacramento (Sacramento Valley ISSA Chapter).

Ryan Abraham from FRSecure joined me in Rochester. John Harmon was with me in Kansas City and Sacramento.

BBQ Reviews

In full transparency, we have a secondary mission on the #S2Roadshow. We eat as much BBQ as we can. After stuffing ourselves, I summarize our BBQ reviews at the end of each recap article (see below).

Rochester, New York

Flew to Rochester on Sunday evening. The week started off with some customer project work. I don’t get to work on many customer projects anymore, and I miss it sometimes. This project is a big one, and it requires the development of a new methodology (or two). Sort of cool. Here’s what I can tell you…

  • There are numerous projects.
  • Two of the projects include SecurityStudio products; S2Org and S2Team.
  • We’re putting together a board presentation for S2Org and their S2Score.
  • The customer wants to take the S2Org, S2Score, S2Team, and one of the new methodologies we developed to their group of other like companies. This could become a really big deal!

Honestly, these are some of my favorite people in the security business! We got a ton of work done and collaborated on some very cool things.

Ryan Abraham has worked at FRSecure for a couple of years now, and this is the first time we’ve had the opportunity to work on anything together. It was awesome! Ryan’s an incredible asset to FRSecure, our customers, and this industry. Had a great time getting a bunch of work done and preaching the good (security) news.

This slideshow requires JavaScript.

We nabbed some good BBQ at Dinosaur BBQ in Rochester (twice, review below).

This slideshow requires JavaScript.

It snowed 8(ish) inches while we were in Rochester. First snow storm of the year for me.

Got back to the Twin Cities late on Tuesday night. On to Kansas City Wednesday.

Kansas City, Missouri

The purpose of the trip to Kansas City is to meet with the local ISACA chapter and spread some love. Met John Harmon at the airport and we were off to Kansas City. On the way, we decided that we both needed a new pair of Bose noise cancelling headphones. Impulse buy, but these things are awesome!

This slideshow requires JavaScript.

John and I landed in Kansas City, grabbed our rental car, then got down to business. By business, I mean find BBQ. The rental car bus driver told us we had to try Q39, so that’s what we did (review below). After BBQ, I texted my Mexican son (long story that I’ll share in person if you find me), Officer Salinas of the Lenexa Police Department. We found him on patrol and hung out with him until he got a call he had to get to. I can’t begin to tell you how proud I am of this guy! He’s amazing.

This slideshow requires JavaScript.

Finished the day in Kansas City with some frozen yogurt (froyo) before checking in at the hotel and getting work done. You know, the real work.

Greater Kansas City ISACA Chapter

We met up with the great people who represent the Greater Kansas City ISACA Chapter on Thursday at the University of Kansas Edwards Campus. The venue was beautiful, and the people were even better. Preached the normal(ish) sermon about fixing our broken information security language problem, and encouraged everyone to get their free SecurityStudio account and complete their free  S2Org and S2Me assessments. Yes, they’re completely free!

My sermon has evolved a bit. The (newish) agenda goes from housekeeping (introduction) to the meat (our language, simplification, and fundamentals problem) to the dream (securing America) to the call to action (get our assessments, give us feedback by being part of our community, and preach). If you haven’t heard it yet, come get me. I’ll preach to you too!

I made some new friends including (but not limited to) J.J., Jennifer, Brian, Joan, and Beth. Seriously awesome people! They all stand out, and J.J. Widener is a champ. His support for what we’re doing is super helpful and appreciated! This guy gets it.

Here’s some pictures that John took at the event.

This slideshow requires JavaScript.

After the ISACA talk, we headed out for more BBQ and the airport. Last stop before heading home this week was Sacramento. The weather there doesn’t suck.

Sacramento, California

This turned out to be a quick stop for us. We arrived at 1am (local time) Friday, got some rest at the hotel, gave our talk at the Sacramento Valley ISSA chapter meeting, and got back on a plane for a long flight back to the Twin Cities. No BBQ, which was sort of sad, but I don’t know what kind of BBQ they have in Sacramento anyway.

Sacramento Valley ISSA

This was a relatively small gathering, and one where we hit our first snag on the SecurityStudio Roadshow. Seven weeks in, and our first snag, not bad! Here’s the deal.

We make numerous points in our Roadshow presentation, and two key points are #1, we need to simplify information security for “normal” people and #2, we need to get much better on agreeing what the hell it is we do as a profession. We learned the first point based on what “normal” people have told us after asking ~1,000 of them in a survey and through experience. Yes, we asked people what they think instead of telling them what they think. Big difference!

We learned the second point through basic logic.

The snag came not because the points are invalid, but because we had someone in the audience who liked to think that he was the smartest person in the room.

On point #1. We asked almost 1,000 “normal” people (business people and people who don’t do information security for a living) what we (information security people) can do to make information security more useful, and what we can do to serve them better. Once we received their answers, we made a word map of the raw data (see pic below). The most common word in their answers was “simple”. We need to make information security more simple. This is a good thing because complexity is the enemy of information security (thank you Bruce Schneier).

On this point, most people in this audience agreed (based upon their head nodding and facial expressions); however, I could already sense trouble brewing from the person I alluded to above.

My talk then goes on to tackle an issue that simplification requires a common agreement among security professionals. We will never effectively translate our language to “normal” people’s language until we agree on our language first. Logical, right? Let’s start with the most basic issue at hand, what is “information security”? We should all be able to agree on this fundamental definition. Things started to get sideways here.

Information Security is… (the question posed to the audience). Most audiences give some definitions, then I offer mine. Not that mine is the end all, be all.

I go on. Information Security is managing risk. On this point, I haven’t received disagreement from anyone before, but our guy starts starts chiming in. He doesn’t chime in from an angle of disagreement, but more to add his two cents.

Next. Information Security is NOT eliminating risk, despite what some people think. General agreement on this point too, but our guy still has to add his two cents.

Next. Information Security is NOT compliance, despite the fact that most information security dollars are spent from this motivator. Now our guy feels the need to completely sidetrack the conversation and before we know it, we’re deep in a rabbit hole.

It took almost full hour to get to what I was hoping would be our common definition of information security as “managing risk to unauthorized disclosure, alteration, and/or destruction of information using administrative, physical, and technical controls“. It’s not so much that our guy disagreed with the definition or (God-forbid) gave us an alternative definition as much as his deep desire to be the smartest guy in the room. I called him out for this during the presentation (whether I should have or not is debatable) and it got tense, but whatever. You call it like you see it.

Eventually, we got through the presentation. Due to the monopolization of time, we didn’t have any left for visiting afterwards. We had to run immediately after the talk to catch our flight back to the Twin Cities.

Here’s what I learned from this talk:

  • Everyone is entitled to their opinions.
  • There is a time and a place for opinions and wasting everyone’s time is not the place for your opinions.
  • I could have done a much better job of controlling the dialog during my talk.
  • As long as we’re all fighting to be the smartest guy in the room, we’ll never solve our industry’s problems.
  • Once you choose your hill to die on, you will probably die on that hill.

Made it back safe and sound in Minneapolis. Overall, it was an incredible week!

BBQ Reviews

Three BBQ reviews this week. Three is better than two, which is all we got in the previous few weeks. Our BBQ visits this week included Dinosaur BBQ in Rochester, Q39 in Overland Park, and Iron Horse BBQ in Platte City.

Dinosaur BBQ – https://www.dinosaurbarbque.com/rochester/ – Overall: 8.25

  • Atmosphere – 8, it’s a cool place with a great vibe. The lighting is perfect for a BBQ joint, there’s a lot of wood, and the view of the river is super cool.
  • Service – 9, great service all-around. These people make you feel at home.
  • Portion/Value – 7, a little pricey for how much food you get, but what place isn’t?
  • Taste – 9, incredible, especially the ribs and wings.

In full transparency, I’ve eaten at Dinosaur BBQ in Rochester many times. It’s a great BBQ joint and I’ve enjoyed every visit I’ve made. This was Ryan Abraham’s first visit to Rochester, so we made sure to stop in. Actually, we ended up eating here twice during this trip. Poor us!

This slideshow requires JavaScript.

I’ve visited Rochester more than a dozen times and eaten BBQ at just about every place this city offers. Dinosaur is the best BBQ in Rochester. On this trip, I ate their ribs, brisket, wings, and pulled pork. The brisket and pulled pork were good, but the ribs and wings were friggin’ amazing! The ribs were arguably the best I’ve had on the SecurityStudio Roadshow so far. If you’re in Rochester, and you like BBQ (even if you don’t like BBQ), a visit to Dinosaur is a must!

Q39 – https://q39kc.com/ – Overall: 7.75

  • Atmosphere – 7, this is a little too upscale feeling for me. A very nice restaurant, but not down-homey enough for my taste.
  • Service – 8, great service. I was in the middle of a conference call at the beginning, so I might have missed something here. Guess, I’ll have to visit again!
  • Portion/Value – 7, a little spendy.
  • Taste – 9, super! The burnt ends and brisket were the bomb!

This was the first stop for me and John after landing in Kansas City. We received a tip to visit this place from our rental car terminal bus driver, and obviously this guy knew what he was talking about! Kansas City is known for their BBQ and we had dozens of places to choose from, but we made a good call here.

This slideshow requires JavaScript.

This was a great welcome to Kansas City and we highly recommend visiting Q39!

Iron Horse BBQ – no website – Overall: 7.0

  • Atmosphere – 5, I’m not a big fan of the strip mall BBQ joint vibe, so this was a downer.
  • Service – 9, great service! These guys gave us some free burnt ends and came out from behind the counter to visit with us. Really cool people here!
  • Portion/Value – 8, very reasonably priced for large portions of food.
  • Taste – 6, the taste was too bland and overall disappointing.

We were in a bit of a rush after the ISACA talk, but we had to fit in one more BBQ visit before we left. It’s Kansas City for crying out loud!

This slideshow requires JavaScript.

We’ll give these guys the benefit of the doubt. I think they recently moved into this new location, and I don’t think they’ve gotten completely settled yet. It’s worth trying again some time in the future, but it might be hard to get back here given all the awesome BBQ joints in Kansas City.

No promises.

BBQ Summary

Three new BBQ joints to add to our list. This was a good BBQ week. The winner this week was Dinosaur BBQ (Rochester). Pecan Lodge is still on top as the overall #S2Roadshow leader with a score of 9, and Bowlegged BBQ is still in the #2 spot. The current overall standings are listed below.

Overall Standings (at the end of #S2Roadshow Week Seven):

  • Pecan Lodge – 9
  • Bowlegged BBQ – 8.75
  • Divine Swine – 8.5
  • Dinosaur BBQ – 8.25
  • Big Ed’s BBQ – 8.25
  • Mission BBQ – 8
  • Q39 BBQ – 7.75
  • Cousin’s BBQ – 7.75
  • Blackwood BBQ – 7.5
  • Broad Street BBQ – 7.5
  • Hard Eight – 7.25
  • Spring Creek Barbeque – 7.25
  • Redd’s BBQ – 7.25
  • Iron Horse – 7
  • Lucille’s Smokehouse BBQ – 7
  • Texas Bar-B-Q Joint – 7
  • Smoque – 6.75
  • Sweet Lucy’s Smokehouse – 6.75
  • Red Coal BBQ – 6.75
  • Unkl Moe’s – 6.5
  • Hambone’s Smokehouse – 6.25
  • Shakedown BBQ – N/A (wasn’t open when it was supposed to be, wasted trip)

Next Week’s #S2Roadshow

A less busy week, but still a great one planned. The Roadshow starts on Tuesday with another visit to Kansas City, then it’s on to Webster University in Irvine, California. We’re giving the standard sermon at a joint seminar between Webster University, ISSA, ISACA, and OWASP. Pretty pumped!

Looking forward to another great week!

Stay tuned for next week’s #S2Roadshow updates. You can follow us on Twitter (@evanfrancen, @HarmonJohn, @StudioSecurity, and the #S2Roadshow hashtag) and on LinkedIn.

See you next week! If you want to collaborate with us, get in touch!

The UNSECURITY Podcast – Episode 54 Show Notes

Show notes are almost on time this week! Yay us.

I started writing our show notes on Thursday night in the Salt Lake City airport, and now I’m finishing them on a plane back from LA. Ugh. The life.

This was a crazy week, but what’s new? While Brad’s been bustin’ his tail keeping up with FRSecure’s sales and operations, I’ve been traveling the country on the SecurityStudio Roadshow. My travels this week took me to Rochester (NY), Baltimore (MD – layover), Kansas City (MO), Salt Lake City (UT – layover), Sacramento (CA), and Los Angeles (CA – layover).

I’m supposed to get home late on Friday night. We’ll see. 🙂

If you’d like to follow the SecurityStudio Roadshow, I write a recap every week on my/this site. Keep up with me, and give me some BBQ tips.

I’ve met some amazing people on my travels, and one really cool cat is Kenneth Bechtel. I met Kenneth during week one of the SecurityStudio Roadshow. On week one, John Harmon and I traveled to Harrisburg, Pennsylvania for BSides. I was speaking in a mid-morning session and Kenneth was the keynote speaker.

I have a lot of respect for Kenneth because he’s been at his game for a long time. He’s been doing threat hunting before threat hunting was a thing. Big props to this guy. During our time together at BSides, Kenneth shared his recent troubles finding a job. This bugs me. So, I invited him to be a guest on the podcast.

We’re honored to have him share some of his wisdom. We’ll try to get to the bottom of his job search struggle too.

Special thanks to Brandon Matis for putting together last week’s anniversary show! That couldn’t have been easy.

Pretty sure I’m supposed to lead this episode, so here goes.

My show to lead this week and these are my notes.


SHOW NOTES – Episode 54

Date: Monday, November 18th, 2019

Show Topics:

Our topics this week:

  • What’s up man?
  • Introducing Kenneth Bechtel
    • The earlier days versus today. What’s changed and what’s the same?
    • The (alleged) infosec labor crunch. Kenneth isn’t the first person who’s had trouble finding work. What gives?
  • New show ideas
  • News
Opening

[Evan] Hey UNSECURITY Podcast listeners! This is episode 54, and the date is November 18th, 2019. I’m Evan Francen, and it’s my show this week. Brad’s here with me too. Care to chime in Brad?

[BradYou know he’s got something to say. Probably something good too!

[Evan] Alright, we’ve got another great show planned!

  • Brad and I are going to catchup with our craziness quick.
  • We’re going to get real with a true information security pioneer Kenneth Bechtel. He’s got an incredible amount of wisdom to share and we want to get to the bottom of why people like Kenneth are not getting hired when we have this alleged talent shortage.
  • We’ll talk about an upcoming show idea that we have, then we’ll wrap with some newsy things.

I’m pumped about this show! So, let’s get on with it, eh?

[Brad] Brad’ll agree probably.

[Evan] So, what’s up man?! I’ve been out for the past two weeks preaching to folks everywhere and stuff. I missed you man.

Catchin’ up with Brad (quick)

[Evan] Alright, enough of that. We are excited and honored to have Kenneth Bechtel on the phone, so let’s welcome him. Hi Kenneth.

[Kenneth] He’ll confirm (unless of course we have some tech issue or something).

[Evan] Can’t tell you how grateful and pumped we are to have you on the show! We’re going to get to know each other more, and discuss things. I’d like to start off with you telling us about you, then we can talk about how the industry has evolved, then lastly, let’s discuss this whole infosec talent shortage thing.

I found an old photo of you on your Team Anti-Virus website.

About Kenneth:

I have been actively involved in Anti-Malware defense and research since 1988 at both a corporate and international level, with close ties to the international Anti-Malware efforts and fellow researchers.

In the corporate world, I have worked as both a Virus Laboratory and Field researcher for major organizations, providing expert support for malware outbreaks.

Internationally, I was a Founding Members of AVIEN – Anti-Virus Information Exchange Network, and served as Chairman of its Disciplinary Committee and well as member of the Advisory Board to the Administrator.

I have presented at international conferences, including the Virus Bulletin Conference, at which I am a regular attendee.

My work has been published in trade magazines and specialized websites such as Security Focus.

I have written a handbook on Anti-Virus Security and was one of the co-authors of the AVIEN Malware Defense Guide. 

I am regularly asked to speak at small organization and company conferences and training seminars.

Media requests, Opportunities and general inquiries are welcome at kbechtel@teamanti-virus.org

Discussion with Kenneth Bechtel
  • Introductions
  • The earlier days versus today. What’s changed and what’s the same?
  • The (alleged) infosec labor crunch. Kenneth isn’t the first person who’s had trouble finding work. What gives?
  • Your recent post about your cowboy hat

[Evan] Alright. Let’s see what we can do here to help each other. Kenneth, I sincerely appreciate your tireless work for this industry and for being on our show!

News

[Evan] Some interesting news stories for us to discuss this week. The first one is interesting because we’ve warned about this and sadly things are going to get much worse before they get better.

Closing

[Evan] OK, cool! Episode 54 is a wrap. Thank you again Kenneth for being on our show. I think our discussion will benefit others!

Thank you to our listeners! Keep the questions and feedback coming. We love it, well Brad does, but I don’t. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. Kenneth, do you have a way you want people to socialize with you?

Follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies!

That’s it! Talk to you all again next week!

#S2Roadshow Recap – Week Two

Orange County, CA and Madison, WI

Mission & Purpose Revisited.

The purpose of the SecurityStudio Roadshow (#S2Roadhow) is to meet people and make partners. We want to meet people*, understand their businesses, and help them grow using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).

John and I

John Harmon and Evan Francen, two guys known for our beards, our love of people, knowledge of security stuff, and our BBQ prowess. We both work for SecurityStudio, and we’re working hard on the mission. Follow us and you’ll get to know us pretty well!

Roadshow Summary

A quick summary of where the #S2Roadshow has taken us so far, and where we’re going next:

  • Week One in Central Pennsylvania exceeded our expectations
  • This last week (Week Two) we visited Orange County, California and Madison, Wisconsin
  • Next week (Week Three), we visit Chicago, Illinois and Dallas, Texas

This post is about Week Two.

Partners – Orange County

My two(ish) days in Southern California were full of really good meetings. Just like last week in PA, I met amazing people with really cool stories. For the sake of brevity, I’ll give you some highlights here.

Startup Consulting Company – Framework Security

My first meeting after landing in Santa Ana was coffee with Jerry Sanchez. Jerry is the Managing Partner and one of the founders of Framework Security, an expert-level information security consulting company. The company was established earlier this year (2019), and growing any company is hard.

Jerry has a strong background in this industry and his company is doing a great job serving customers (you know I would tell you if it weren’t so). His challenges include standing out from the noise, acquiring new customers, providing cost effective solutions (ones that SMB clients can afford), and engaging with customers relationally versus transactionally. I can sympathize with the struggle, especially given experiences in growing FRSecure over the years.

He shared a vision to grow his company, possibly employing as many as 50 people in the next few years. What impressed me the most was his ethics and credibility. He doesn’t just want to grow Framework Security, he wants to do it right.

SecurityStudio can help Jerry grow his business, and we’re excited to work together. Jerry can use our solutions to offer his customers and potential customers a wide variety of options, from free self-assessments to integrated full assessments (with higher margins) leading to long-term vCISO (or fractional CISO) relationships. Partnering with SecurityStudio will benefit him, his company, his customers, and our industry.

Jerry is a good guy, establishing a good company, and he will certainly make a difference!

Contact Information

Franchiser – TeamLogic IT

I had an initial collaboration meeting with the President of TeamLogic IT, Dan Shapero. Honestly, I had no idea who TeamLogic IT was until I started preparing for this meeting. Turns out, TeamLogic, Inc. is a leading managed IT services franchiser and has independently owned and operated TeamLogic IT offices located throughout the United States.

There are ~180 franchises in 38 states, and I had no idea! I feel so sheltered and ignorant of things outside of my little kingdom (Minnesota) sometimes. The #S2Roadshow is a real eye-opener to all sorts of new things!

I know I sound like a broken record, but this was another awesome meeting! Dan has been in the IT industry for many years and he’s willing to share his hard-earned wisdom with others (including me). Our discussion focused on understanding the TeamLogic IT business model and exploring how SecurityStudio could help all his franchisees serve their customers better. Our discussion also focused on other longer term collaboration opportunities between our organizations.

Dan and I came to a quick agreements on how SecurityStudio can help his business, his franchise owners, and their customers. We’ll be doing some cool and exciting things together in the future! It’s sort of funny that I didn’t consider how a franchise network could benefit from SecurityStudio’s platform. After this meeting, it’s an obvious business model. This relationship will be very valuable to all parties (our mission and theirs).

Contact Information

Established Consulting Company #1 – CISOSHARE

Seriously, another great meeting?! Yes, it’s true. Every meeting I’ve had has been great!

This meeting with CISOSHARE’s CEO Mike Gentile was like having a meeting in the mirror. We both see security the same way, he have similar experiences, and we’ve both earned our stripes building security programs for 100s of clients, big and small. When he said something, I could have finished his thought for him, and vice versa. Collaboration is a helluva lot easier between two people who understand information security deeply when they are driven to do things right and can put their egos in check.

We met over lunch at a local BBQ joint. The BBQ wasn’t great, but the conversation was! Thank God.

The discussion was fluid and included topics such as our careers, our past experiences, our businesses, and our philosophies about security, among other things. The parallels between Mike and I were sort of scary. He’s even an author like me. Our lunch ran long, but we got down to business too.

CISOSHARE is Mike’s third company and he’s building a great one. According to their website “CISOSHARE is the leading provider of cyber security services for rapidly growing organizations. Located in Southern California and recently ranked in 2019 as the 3rd fastest-growing private organization in Orange County, our team establishes a culture of continuous learning and teaching in security program development for ourselves, our clients, and our community.

Prior to the roadshow, I hadn’t really heard of CISOSHARE. Another example of being a bit sheltered in Minnesota I guess.

CISOSHARE is company that does things right, at least from what I can tell! They are a great partner candicate. We walked away from our meeting knowing that there are at least two or three ways in which our organizations (CISOSHARE and SecurityStudio) can (and probably will) work together. A CISOSHARE/SecurityStudio partnership will definitely help our mission!

Contact Information

Established Consulting Company #2 – Tevora

One major differentiator between CISOSHARE and Tevora is who they target as customers. CISOSHARE scales down to small companies and up to the Fortune 500. Tevora focuses solely on the Fortune 500. There are many other differences in between these two companies, but their target market is one that sticks out immediately. SecurityStudio can work with both of them, regardless! Everyone benefits from simple, fundamental, and compliant solutions.

I met with Tevora’s CEO, Ray Zadjmool for lunch. He’s built a cool company and he’s done it through innovative approaches to delivering services to clients and employee retention. Ray’s a go-getter who 1) knows what he wants and 2) knows how he wants to get it. His company focuses on helping large companies achieve compliance more than information security or risk management for the sake of information security or risk management.

The way Tevora approaches information security (or “cybersecurity”) isn’t the same way I would philosophically speaking, but it works for them and their clients (obviously). Fortune 500 clients are much different than SMBs, and Tevora is filling a nice niche.

He’s running a very successful company. I respect him and what he’s doing and I think the respect is mutual. We have next steps and we have opportunities to work together. I’m pretty sure we can help each other, and I’m excited to find out!

Tevora is a cool company, run by a cool CEO, located in cool places with cool offices. They’re not just cool, but they’re also very good at what they do. Ray is nice contact and I’m looking forward to building our relationship.

Contact Information

Madison

John Harmon was in Madison, Wisconsin with Steve Krause (SecurityStudio’s Partner Manager). John was speaking at an event hosted by Applied Tech, a great SecurityStudio partner.

This slideshow requires JavaScript.

It was an honor to speak to their customers about information security. I’m not sure how many additional meetings John and Steve may have had while they were in Wisconsin; John and I haven’t been able to catchup yet.

ISACA – Orange County

While john spoke in Madison, and I spoke at the ISACA Orange County Chapter event on Tuesday night. They gave me two hours(ish) to speak and the interaction was amazing! There were a ton of good questions and there were many interactive discussions. This was the first group of ISACA members that I’d spoken to on the roadshow, and they were all awesome!

If you’re interested, you can download my slides here.

Special thanks to Pauline Ang for coordinating everything, and also shoutouts to these folks for making me feel welcomed; Nemi George, Sanjeev Tak (pictured), Bin Du, Yu Chen, and Bill Olah, and Jan Olson. It’s not that the the rest of the group didn’t make me feel welcomed , it’s just that these folks went out of their way during my visit.

It feels good to know that the Orange County security community is in good hands!

BBQ Reviews

A roadshow isn’t a roadshow without a healthy dose of BBQ, or lots of doses of BBQ. John and I promise to eat at all the best BBQ places we can find during our travels and provide you with the lowdown. It’s the toughest part of our job, but you can count on us. We’re in it to win it!

We rate each BBQ joint we try on four characteristics on a scale of 1 (sucks) – 10 (best); Atmosphere, Service, Portions/Value, and Taste. The overall rating is the average of the four.

Last week’s winner was Divine Swine in Manheim, PA. Read on for this week’s winner.

Lucille’s Smokehouse BBQ – Overall: 7
  • Atmosphere – 7
  • Service – 8
  • Portion/Value – 6
  • Taste – 7

Lucille’s is well-known in the Orange County area, and sort of all over the southwest. They have have a bunch of locations throughout California, Nevada, and Arizona. I’d never had Lucille’s before, and I stopped here because it was the closest BBQ joint to the airport (after landing).

I had the house salad.

If you believe that, we should talk. I had the three meat combo; brisket burnt ends, sliced brisket, and baby back ribs. The sliced brisket and baby back ribs were OK, but the brisket burnt ends were amazing! I should have ordered three pounds of those (only). The atmosphere is nothing special, the service was good, and the portion was OK. If you go, get all the brisket burnt ends you can get your hands on.

This slideshow requires JavaScript.

Hambone’s Smokehouse – Overall: 6.25
  • Atmosphere – 5
  • Service – 7
  • Portion/Value – 8
  • Taste – 5

Hambone’s is another BBQ chain. Had lunch at the Huntington Beach location, and nothing was impressive. They drown their meat in sauce, so I ordered mine with the sauce on the side. I get why they drown their meat in sauce.

Service was good and there was plenty to eat. Unfortunately, the meat was bland (even with the sauce added). I didn’t even finish it.

This slideshow requires JavaScript.

Red Coal BBQ – Overall: 6.75
  • Atmosphere – 7
  • Service – 7
  • Portion/Value – 8
  • Taste – 5

John and Steve visited Red Coal BBQ in Eau Claire, Wisconsin during their road trip. The ratings are mine, based on what John told me, and they are subject to change. His exact words were:

Pork Belly pretty decent.  Not much flavor to the meats over all and only one, super sugary sauce available. Coleslaw was the highlight. Thinking this whole WI BBQ venture needs a redo.

We’ll see if John asks me to change these ratings later.

This slideshow requires JavaScript.

BBQ Winner

The winner for this week’s BBQ showdown for the #S2Roadshow was Lucille’s Smokehouse BBQ with a score of 7. We only reviewed three BBQ joints this week, and we need to step up our game next week. Next week we’re on the road for five days in two good food cities; Chicago and Dallas. We’ll step up our game!

Next Week’s #S2Roadshow

John and I are together again all week. First, we take the #S2Roadshow to Chicago for an event with HSBC. We’ll be in Chicago until Wednesday before heading down to Dallas for more meetings and an appearance at the ISC2 Dallas Cyber Aware event at the University of Texas at Dallas. If you’re in Dallas next week, come see us, catch my keynote, and/or grab some BBQ with us!

Stay tuned for next week’s #S2Roadshow updates! You can follow us on Twitter (@evanfrancen, @HarmonJohn, @StudioSecurity, and the #S2Roadshow hashtag) and on LinkedIn.

See you next week! If you want to collaborate with us, get in touch!