The UNSECURITY Podcast – Episode 94 Show Notes – Transition

Happy Monday! You know what it’s time for, right?

Show notes!

Last week’s episode with FRSecure’s Director of Technical Solutions and Services, Oscar Minks was GREAT! I’m still pumped about Team Ambush and how well they did in their competitions (not one, but four) at DEF CON Safe Mode. That team kicks ass and the future looks incredible for that team.

Now, we’re sort of between series here at the UNSECURITY Podcast, so we’re going to try something new. We’re going to do a Google search of an industry term, then discuss what the results are. Should be fun and educational, all at the same time.

Brad is leading the show this week, so let’s get to it!


SHOW NOTES – Episode 94

Date: Monday, August 24th, 2020

Episode 94 Topics

  • Opening
  • Catching Up
  • Google Search – “Cybersecurity”
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Good morning and welcome to episode 94 of the UNSECURITY Podcast. Today is August 24th. My name is Brad Nigh and joining me is my co-host, Evan Francen. Good morning Evan.

[Evan] This is where I usually say “good morning” back to Brad.

Catching Up

[Brad] What’s up and what’s new?

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Evan] Things and such probably…

[Brad] Things and such probably too…

Transition

Google Search – “Cybersecurity”

[Brad] Alright, well we’re between series right now. We finished up the Women in Security Series a couple weeks ago and last week we caught up with Oscar Minks. This week we’ll do something educational. Here’s the idea. We’ll do a Google search of the word “cybersecurity” and you and I will discuss the first page of results. What do you think about that?

[Evan] Sounds good to me. Let’s do it!

[Brad] Cool. So, open your favorite browser. Go to https://google.com if it’s not your default search engine and type “cybersecurity” (all one word). What do you see? Do you agree with what the links say or show? The thing about information security is we need to be a little more literal because of all the confusion. So let’s talk about it.

Open discussion about Google’s search results.

[Brad] That was sort of cool. Hopefully our listeners learned something or maybe they shot up in their chair disagreeing with you and I. We’ll see from the feedback we get!

How about some quick news stuff? We’ve got a few news stories of note…

News

[Brad] Alright, here’s some newsy things that I thought were interesting this past week:

Wrapping Up – Shout outs

[Brad] Well, that’ll do it. Episode 94 is a wrap. Good times! Evan, you have any shout outs to give?

[Evan] We’ll see.

[Brad] Got questions or suggestions for us? Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan is  @evanfrancen, and Mr. Nigh is @BradNigh.

Lastly, be sure to follow our show on Twitter (@UnsecurityP), and follow the companies we work for, SecurityStudio (@studiosecurity) and FRSecure (@FRSecure).

That’s it, talk you all again next week!

The UNSECURITY Podcast – Episode 93 Show Notes – DEFCON & Team Ambush

Hey reader person, hope you are well!

Today marks the seventh day since I left the 80th annual Sturgis Motorcycle Rally. My wife and I do not show any COVID symptoms, so that’s good news. Only 7 more days of self-isolation and we’ll be back to semi-normal (assuming there is such a thing anymore).

Women In Security Series

Last week was the ninth, and final, installment in the Women in Security Series. It was a great experience for Brad and me. I may post a full write up soon, including the things we learned and places people can go to help (or for help). For now, here was the all-star lineup:

  • Part OneEpisode 84 – Renay Rutter (an information security business/IT executive)
  • Part TwoEpisode 85 – Lori Blair (a 35-year information security veteran)
  • Part ThreeEpisode 86 – Victoria Fogarty (relatively new to the industry)
  • Part FourEpisode 87 – Kristin Judge (founder and CEO of the Cybercrime Support Network, SC Media “Women in IT Security Influencer” in 2017, former Director of Government Affairs at the National Cyber Security Alliance (NCSA), thought leader, and all-around amazing information security expert)
  • Part FiveEpisode 88 – Andrea Hatcher (Senior majoring in Cybersecurity Analytics and Operations at Pennsylvania State University)
  • Part SixEpisode 89 – Judy Hatchett (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts)
  • Part SevenEpisode 90 – Amy McLaughlin (Information security leader and expert in education, having served with the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University)
  • Part EightEpisode 91 – Theresa Semmens (Chief Information Security Officer at the Nevada System of Higher Education, former AVP/Chief Information Security Officer at the University of Miami, and former Chief Information Security Officer at North Dakota State University)
  • Part NineEpisode 92 – Lee Ann Villella (Senior Enterprise Security Sales Consultant at FRSecure, Program Director for the Minnesota Chapter of the Information Systems Security Association, and member of the Cyber Security Summit Advisory Board Committee)

A HUGE thanks to all the women who gave their time to talk to us!

What’s Up Next

This week, we’re going to catch up with a good friend (fresh back from DEF CON) and then we may delve into another series.

A Good Friend

We’re going to take this week (episode 93) to catch up with FRSecure’s Director of Technical Solutions and Services, Oscar Minks. Oscar leads FRSecure’s Technical Services Team, a group of amazing information security experts who provide world-class incident response and best-in-class technical services (penetration testing, blue teaming, red teaming, purple teaming, research, etc., etc.).

The timing is perfect because Oscar’s back after DEF CON Safe Mode and the team impressed a helluva lot of folks there!

While my wife and I were in Sturgis, FRSecure’s Team Ambush was awake for many, many hours competing at DEF CON Safe Mode. The team competed in four events over the four day online conference; CMD+CTRL, OpenSOC Blue Team Village CTF, Biohacking Device Lab CTF, and Hack the Plan[e]t.

Last year, the team kicked ass in the Warl0ck Gam3s CTF, but that’s old news now. Warl0ck Gam3s CTF is gone this year, and it was time for these guys to switch things up.

CMD+CTRL

A description provided by the organizers:

Learn to see web applications from an attacker’s perspective. CMD+CTRL is an immersive hacking experience designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the leaderboard.

After attacking an application for yourself, you’ll have a better understanding of the vulnerabilities that put real applications at risk – and you’ll be better prepared to find and fix those vulnerabilities in your own code.

Remember that these websites are intentionally vulnerable, so any information sent to these sites is not secure. Never enter any sensitive information on these sites, including passwords, credit card numbers, or Social Security Numbers.

200 teams competed in this “Security Innovation cyber range” and our guys finished 2nd, only 50 points behind the winning team, n0j,

Full results are here.

OpenSOC Blue Team Village CTF

OpenSOC is a Digital Forensics, Incident Response (DFIR), and Threat Hunting challenge meant to teach and test practical incident response skills in an environment that’s as close to “the real thing” as it gets. This isn’t just another CTF. The platform was built to train real-world responders how to handle real-world situations.

There were more than 800 participants, more than 500 challenges, more than 350 teams, and more than 20 hours of  content in this CTF.

Team Ambush took home 9th place, finishing with the same number of points as the winning team. In a tie, the team that finished first wins.

Biohacking Device Lab CTF

This CTF was a little out of our team’s comfort zone, but this didn’t stop them from excelling! Some of the stats:

  • 30 volunteers building infrastructure, creating challenges, verifying flags, and solving support issues
  • 2 medical devices, connected in a volunteer’s home (not connected TO the volunteer)
  • 1 CTF vulnerability reported, fixed, and disclosed
  • 200+ players on 150+ teams from 15+ countries
  • 14,000+ flag submissions, with 5,700+ solves, on 150+ challenges
  • 150,000+ total points scored over 75 consecutive hours

Team Ambush took 7th! This is amazing considering most of our team had very little experience hacking medical devices.

Hack the Plan[e]t

Hack the Plan[e]t is a first-of-its-kind CTF: a slice of modern city life integrating both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge. Play for a few minutes or plan to stay for many hours as the challenge grows. The ICS Village will deliver a compelling experience using real IT and industrial equipment for all skill levels and practitioner types.

This CTF had 275 registered users, and Team Ambush placed 16th. The full scoreboard is here; https://hacktheplanet.ctfd.io/scoreboard

Really looking forward to this episode with Oscar. Oh, by the way, Brad Nigh (my co-host) also participated!

Another Series

We’re kicking around some ideas for our next series, and so far the leading candidate is a “Security in Healthcare” series. Stay tuned!

Let’s get to it!

Brad was supposed to lead the show this week, but since he participated at DEF CON with Oscar, I’m (Evan) going to take it. These are my notes.


SHOW NOTES – Episode 93

Date: Monday, August 17th, 2020

Episode 93 Topics

  • Opening
  • Catching Up
  • Closing Out the Women in Security Series
  • DEF CON Safe Mode & Team Ambush
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning. Thanks for tuning into the UNSECURITY Podcast. I’m Evan Francen, my co-host is Mr. Brad Nigh, this is episode 93, and the date is August 17th, 2020. Brad, Good morning!

[Brad] You know and love Brad! Brad will chime in here because he’s cool and stuff.

[Evan] Also joining us is my good friend and FRSecure’s awesome Director of Technical Solutions and Services, Oscar Minks. Good morning and welcome Oscar!

[Oscar] He does what Oscar does.

[Evan] It’s been a while since we had you on the show Oscar, and I’m super excited to talk to you about your team’s performance at DEF CON Safe Mode this year! Before we dive in though, let’s do what we always do first, catch-up a little.

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Evan] Brad, what’s up? What have you been up to and how was your weekend?

[Brad] Gives us the skinny…

[Evan] Oscar, your turn brother. Tell us things.

[Oscar] He tells us things.

[Evan] Alright, I guess it’s my turn now. Here’s my update…

Transition

Closing Out the Women in Security Series

[Evan] As you know, we just wrapped up our Women in Security Series. We hope that everyone enjoyed it and we also hope we’re all better off for it. Huge thank you to Renay, Lori, Victoria, Kristin, Andrea, Judy, Amy, Theresa, and Lee Ann! We talked to some incredible people during that series!

Brad, what’s one thing that sticks out for you?

[Brad] Gives us his one thing. 🙂

[Evan] Yeah, the one thing that sticks out for me is how important it is for us all to help each other, regardless of gender, race, background or anything else. People who shut others out or make them at all feel uncomfortable are jerks.

DEF CON Safe Mode & Team Ambush

[Evan] Alright, on to you Oscar! Tell us about DEF CON Safe Mode. You too Brad, I hear you did some work with the team also.

Open discussion about DEF CON, Team Ambush, the process, the results, etc.

30 minutes(ish)

[Evan] I’m so proud of you guys and the team! You’re not only VERY skilled, but you all do things right. We need to have you back on a future show so you can share how you build teams. People could really learn from you about how to build an incredible team and how to keep them together!

How about some quick news stuff? A few stories to cover quick. Oscar, you got chops, you can stay and comment if you’d like. Just chime in.

News

[Evan] Alright, here’s some newsy things that I thought were interesting this past week:

Wrapping Up – Shout outs

[Evan] Alright, it’s that time again. We’re at the end of the show and we get time to give a shout out or two.

Do either of you have shout outs to give this week?

[Brad and/or Oscar] We’ll see.

[Evan] Oscar, thanks for joining us again! Team Ambush kicked ass this year and I’m pumped to see what the team does over the next year.

Got questions or suggestions for us? Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Mr. Nigh is @BradNigh.

Oscar, you’re a relatively quiet guy online. Is there a particular way you want people to find you?

Lastly, be sure to follow our show on Twitter (@UnsecurityP), and follow the companies we work for, SecurityStudio (@studiosecurity) and FRSecure (@FRSecure).

That’s it, talk you all again next week!

The UNSECURITY Podcast – Episode 92 Show Notes – Women in Security Pt9

Good morning from Sturgis, SD! My wife and I made the trip this past week, and it’s truly been one of the best things we could have done for our mental health.

Mental health is just as important (if not more important) than physical health.

We came here (as did the other 250K other people), knowing and accepting the risk of contracting COVID. We’ve been preaching self-isolation after leaving here (for at least 14 days), and I know the people in my party will be doing so; however, we can’t speak for the others. It’s one thing to accept risk for yourself, it’s an entirely different thing to put others at risk who didn’t.

Anyway, I’ll write more about that later. On to episode 92 of the podcast! We have another INCREDIBLE guest with us this week as we begin to wrap up our Women in Security Series. Both Brad and I hope we’ve helped make our industry a little better in doing this.

Women in Security Series Quick Recap

Brad and I started the Women in Security Series in mid-June, and to be honest, we didn’t know what to expect. The purpose was to help people (including ourselves) learn more about the topic of women in the information security industry. Two guys like us are NOT experts on the topic, nor will we ever be able to articulate experiences as well as the women who live it. Why not learn by listening to women tell us about their experience and opinions?

No expectations and no plan.

Neither of us have ever done a series like this before, but we’ve both become pretty good an “winging it”. We didn’t know who would be interested in talking with us, but soon after we got started, we had many women volunteer their time to share with us. We were blown away by the graciousness of so many.

We started safe, with women we work with at FRSecure. We kicked things off in mid-June (episode 84) with FRSecure’s Chief Operating Officer, Renay Rutter, and let things sort of develop from there.

Seven weeks later (so far), and we’ve been privileged to have discussions with seven INCREDIBLE ladies with diverse backgrounds. We’ve had a Chief Operating Officer, a 35+ year information security veteran, a career-changer with a couple years’ experience, a non-profit CEO, a college-student studying cybersecurity, a veteran corporate Chief Information Security Officer (CISO), an expert practitioner who bridges the gap between K-12 and post-secondary cybersecurity, and a super cool HigherEd CISO on the show so far!

What started with no expectations and no plan turned into something really special. We’re grateful for the time we’ve spent with these women and we’re both MUCH better off for it.

Here’s our guest line up thus far:

  • Episode 84 – Renay Rutter (an information security business/IT executive)
  • Episode 85 – Lori Blair (a 35-year information security veteran)
  • Episode 86 – Victoria Fogarty (relatively new to the industry)
  • Episode 87 – Kristin Judge (founder and CEO of the Cybercrime Support Network, SC Media “Women in IT Security Influencer” in 2017, former Director of Government Affairs at the National Cyber Security Alliance (NCSA), thought leader, and all-around amazing information security expert)
  • Episode 88 – Andrea Hatcher (Senior majoring in Cybersecurity Analytics and Operations at Pennsylvania State University)
  • Episode 89 – Judy Hatchett (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts)
  • Episode 90 – Amy McLaughlin (Information security leader and expert in education, having served with the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University)
  • Episode 91 – Theresa Semmens (Chief Information Security Officer at the Nevada System of Higher Education, former AVP/Chief Information Security Officer at the University of Miami, and former Chief Information Security Officer at North Dakota State University)
    /not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)
  • Episode 92 – Lee Ann Villella (this show) (Senior Enterprise Security Sales Consultant at FRSecure, Program Director for the Minnesota Chapter of the Information Systems Security Association, and member of the Cyber Security Summit Advisory Board Committee)
  • Episode 93 – TBD/not-yet-confirmed (not sure who to expect; expectations aren’t really our “thing”)

Seriously, this is an amazing lineup of information security professionals! These women represent our information security industry extremely well, and we’re honored to speak with them on our show!

Here’s what we’ve done so far…

Women in Security Series – Part One

We kicked off the Women in Security series on June 15th, and we couldn’t have chosen a better first guest! Renay Rutter, FRSecure’s COO, got the series started by sharing the experience, wisdom, and insight she’s gained over her 30+ year IT career. Renay expressed how important it has been for her to be strong throughout her career, and in her opinion, women need to be strong to survive in the information security industry. This was a great show!

If you missed this episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Thank you Renay!

Women in Security Series – Part Two

We kept things in the FRSecure family for week two, hosting Lori Blair. Lori is full of information security knowledge and wisdom! She started her career in the industry in 1985, working for the federal government. Over the next 35 years, she’s traveled the world helping organizations with their information security needs and held various leadership positions. She’s excelled everywhere she’s gone and even found time to raise children along the way! Today, Lori is a Senior Information Security Consultant at FRSecure, tackling difficult challenges and mentoring other women.

I have a TON of respect for Lori, and her opinions carry weight for me (and many others). It’s not just her experience that makes Lori amazing, she’s a wonderful, practical, and level-headed person who loves mentoring others. This is a can’t miss episode, go give a listen here; https://podcasts.apple.com/us/podcast/unsecurity-episode-85-women-in-security-pt-2-lori-blair/id1442520920?i=1000479175255

Thank you Lori!

Women in Security Series – Part Three

We welcomed up and comer Victoria Fogarty to the show for Part Three. Victoria is an Associate Information Security Analyst at FRSecure, where she started her career in 2019. She possesses natural gifts for this industry, and her perspectives were fresh. She’s intelligent, relatable, and an excellent communicator. She did a great job explaining how she researched a career in information security while she was an Insurance Adjuster, a job she disliked. Her journey is pretty cool so far, and her future is VERY bright! She even shared a shocker (at least for Brad and me) in this episode. Definitely worth the listen!

If you missed episode 86, here it is; https://podcasts.apple.com/us/podcast/unsecurity-episode-86-women-in-security-pt-3-victoria/id1442520920?i=1000480167348

Thank you Victoria!

Women in Security Series – Part Four

Kristin was our first non-FRSecure guest in the series. This was a great interview! Kristin shared how she got her introduction to information security while she was serving as an elected official (Washtenaw County Commissioner). She has an incredible journey so far, especially considering she has only been in the industry for a little more than 10 years.

She held some very exciting roles before founding the Cybercrime Support Network in late-2017. Her passion for helping people is inspiring, and we’re looking forward to making a difference in this industry together!

Learn about Kristin Judge, her journey, her opinions, and her work founding and running the Cybercrime Support Network in episode 87. If you missed it, go give it a listen; https://podcasts.apple.com/us/podcast/unsecurity-episode-87-women-in-security-pt-4-kristin-judge/id1442520920?i=1000482892565

Truly an amazing person; we loved chatting with her!

Thank you Kristin!

Women in Security Series – Part Five

It was a pleasure having Andrea join us in this episode! She is a Senior at Pennsylvania State University (Penn State), majoring in Cybersecurity Analytics and Operations. She is an avid listener to our show who contacted us through email about a question she had. She was shocked and VERY appreciative when we asked her to join us. We were pleasantly surprised by how well-spoken and determined she was.

Andrea has an incredible future ahead of her in the information security industry! Here’s her take on things in episode 88, WARNING: You’ll be impressed!

Thank you Andrea!

Women in Security Series – Part Six

Judy Hatchett is truly a top-notch, no nonsense information security leader. She’s the first woman on the show with the title Chief Information Security Officer and we were very grateful to spend some time with her. Judy’s path through the information security industry took her through big corporate America (Best Buy, 3M, etc.) before she decided to tackle some of the difficult challenges in healthcare. We first met Judy back when she was the CISO at Fairview, and now we cheer her on in her new role at Surescripts. You’re going to love her perspectives and opinions!

You can catch Part Six with Judy here!

Thank you Judy!

Women in Security Series – Part Seven

I was first introduced to her though my good friend (and co-worker) Ryan Cloutier. Together, they do great work at the Consortium of School Networking (CoSN), as well as deliver compelling talks at conferences and collaborate on cool projects. Ryan talked her up so much that I sort of thought he was full of it. Could this person be as good as he said she was? Really?!

Yes, yes she is! She’s the real deal and her name is Amy McLaughlin. Here’s some stuff about her:

  • The Director of Information Services at Oregon State University
  • Adjunct Faculty (Psychology) at Chemeketa Community College
  • Cyber Security & Network Consultant & Project Lead at the Consortium of School Networking (CoSN)
  • Home improvement expert (seems like it anyway)
  • A wonderful person and friend to many!

Since we first met, I’ve gotten to know Amy pretty well through our frequent visits on the Daily inSANITY Checkin and I’ve grown to really appreciate her common sense approach to life (and information security).

Thank you Amy!

Women in Security Series – Part Eight

I’m a big fan of Theresa Semmens! She’s done great work everywhere she’s been and she’s a serious asset to our industry. She established the very respectable information security program at North Dakota State University (NDSU), played a pivotal role in starting the highly-successful North Dakota Cybersecurity Conference, did great things as CISO at the University of Miami, and now does wonderful things at the Nevada System of Higher Education.

Our conversation with Theresa Semmens was awesome! If you missed it, you should go give it a listen here; https://podcasts.apple.com/us/podcast/unsecurity-information-security-podcast/id1442520920?i=1000486972404. Great episode with some serious wisdom.

Thank you Theresa!

Women in Security Series – Part Nine

This brings us to today, and we welcome another favorite of mine, Lee Ann Villella! Lee Ann is FRSecure’s Senior Enterprise Security Sales Consultant, the Program Director for the Minnesota Chapter of the Information Systems Security Association (ISSA), and an active member of the Cyber Security Summit Advisory Board Committee.

Lee Ann brings so much more to our industry than people realize! She lives out FRSecure’s mission to “fix our broken industry” every day and sets the example for so many others.

You and I have all been hounded by sales people in our industry and sold stuff we don’t necessarily need. Not with Lee Ann! She is the epitome of what a sales person should be. She constantly has her finger on the pulse of information security, takes the time to deeply understand her customers, volunteers her time to help others, and is just all-around amazing!

We’re VERY excited to have Lee Ann on our show!

Let’s get to it!

I’m (Evan) leading the show this week, and these are my notes…


SHOW NOTES – Episode 92

Date: Monday, August 10th, 2020

Episode 91 Topics

  • Opening
  • Introducing Our Special Guest: Lee Ann Villella 
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hi there! Thanks for tuning into the UNSECURITY Podcast. I’m Evan Francen, my co-host is Mr. Brad Nigh, this is episode 92, and the date is August 10th, 2020. Brad, you here? Good morning!

[Brad] You know and love Brad! Brad will chime in here because he’s cool and stuff.

[Evan] So, you mighta heard, we’ve been doing this Women in Security Series. I don’t know about you Brad, but I wanted to do this series for two reasons; 1) I wanted to learn more about women’s perspectives and 2) I wanted to give women a voice, even if it’s a small one.

[Brad] Cue Brad.

[Evan] There are entire podcasts devoted to women in our industry, but I wanted to get it first hand. I have been blown away by the incredible women we’ve talked to! I’ve learned more than I could have asked for. We’re not done yet!

Today, we welcome another amazing lady. A HUGE welcome and a ton of gratitude to Lee Ann Villella for joining us today.

[Lee Ann] Cue Lee Ann.

[Evan] Lee Ann, did you know that you’re one of my favorites? So happy you’re here!

[Lee Ann] Cue Lee Ann again (maybe)

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Evan] As is custom around here, before we jump in on our topic, we catchup. So, Brad, how was last week and this past weekend?

[Brad] Gives us the skinny…

[Evan] And Lee Ann? What have you been up to lately?

[Lee Ann] She tells it like it is…

[Evan] My turn, I guess. Highlight was/is the time @Sturgis. I’ll tell it like I lived it.

Transition

Women in Security, Part Nine

[Evan] We’re coming to an end of our Women in Security Series and it’s been an amazing experience. Eight weeks so far, and eight great discussions with wonderful ladies in our industry. If you’ve missed any of the episodes (84 through 91), I highly suggest you go back and listen to them. Lots of really good perspective.

All this brings us to now, episode 92 and part nine of our series. Again, we welcome one of our very own, Lee Ann Villella!

Some starter questions or things for us to think about…

Do we have a shortage of women in our industry? If so, what’s the big deal?

Open Discussion (~30 minutes)

  • How did you get started in this field (information security)?
  • Tell us how you got to where you’re at today.
  • So, you’re a female selling information security services.
    • Is this a male dominated area of our industry?
    • Would you say you’re primarily interfacing with men or women?
    • Would you say it’s an advantage or disadvantage to be a woman in your position?
  • Have you experienced the “bro culture”? If so, can you share the experience with us?
  • We hear a lot about various women’s issues in our industry, and one of those is we don’t have enough women working in our industry. What’s your take, do we have a shortage of women?
  • How important is mentoring? Do you have a mentor?
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Do any other women’s issues come to mind?
  • What can people do to help? How about Brad and I?

[Evan] Thank you Lee Ann. Your pragmatic approach and great communication skills make things easy to understand. Always good stuff to think more about.

How about some quick news stuff? Lee Ann, please stick around and feel free to share your thoughts when you feel like it.

News

[Evan] Alright, here’s some newsy things that I thought were interesting this past week:

Wrapping Up – Shout outs

[Evan] There you go. That’s about it for episode 92, part nine of the Women in Security Series. One more episode left in the series, then we’ll move on. HUGE thank you again Lee Ann.

Do either of you have shout outs to give this week?

[Brad and/or Lee Ann] We’ll see.

[Evan] Thank you to all our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Mr. Nigh is @BradNigh.

Lee Ann, is there a particular way you’d prefer people to find you?

Lastly, be sure to follow our show on Twitter (@UnsecurityP), and follow the companies we work for, SecurityStudio (@studiosecurity) and FRSecure (@FRSecure).

That’s it, talk you all again next week!

The UNSECURITY Podcast – Episode 91 Show Notes – Women in Security Pt8

Hope you’re well. We’ll jump right in! Episode 91, and Part 8 of the Women in Security Series!

Women in Security Series Quick Recap

Brad and I started the Women in Security Series in mid-June, and to be honest, we didn’t know what to expect. The purpose was to help people (including ourselves) learn more about the topic of women in the information security industry. Two guys like us are NOT experts on the topic, nor will we ever be able to articulate experiences as well as the women who live it. Why not learn by listening to women tell us about their experience and opinions?

No expectations and no plan.

Neither of us have ever done a series like this before, but we’ve both become pretty good an “winging it”. We didn’t know who would be interested in talking with us, but soon after we got started, we had many women volunteer their time to share with us. We were blown away by the graciousness of so many.

We started safe, with women we work with at FRSecure. We kicked things off in mid-June (episode 84) with FRSecure’s Chief Operating Officer, Renay Rutter, and let things sort of develop from there.

Seven weeks later (so far), and we’ve been privileged to have discussions with seven INCREDIBLE ladies with diverse backgrounds. We’ve had a Chief Operating Officer, a 35+ year veteran, a career-changer with a couple years’ experience, a non-profit CEO, a college-student studying cybersecurity, a veteran corporate Chief Information Security Officer (CISO), and an expert practitioner who bridges the gap between K-12 and post-secondary cybersecurity on the show so far!

What started with no expectations and no plan turned into something really special. We’re grateful for the time we’ve spent with these women and we’re both MUCH better off for it.

Here’s our guest line up thus far:

  • Episode 84 – Renay Rutter (an information security business/IT executive)
  • Episode 85 – Lori Blair (a 35-year information security veteran)
  • Episode 86 – Victoria Fogarty (relatively new to the industry)
  • Episode 87 – Kristin Judge (founder and CEO of the Cybercrime Support Network, SC Media “Women in IT Security Influencer” in 2017, former Director of Government Affairs at the National Cyber Security Alliance (NCSA), thought leader, and all-around amazing information security expert)
  • Episode 88 – Andrea Hatcher (Senior majoring in Cybersecurity Analytics and Operations at Pennsylvania State University)
  • Episode 89 – Judy Hatchett (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts)
  • Episode 90 – Amy McLaughlin (Information security leader and expert in education, having served with the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University)
  • Episode 91 – Theresa Semmens (today’s show) (Chief Information Security Officer at the Nevada System of Higher Education, former AVP/Chief Information Security Officer at the University of Miami, and former Chief Information Security Officer at North Dakota State University)
    /not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)
  • Episode 92 – Lee Ann Villella (Senior Enterprise Security Sales Consultant at FRSecure, Program Director for the Minnesota Chapter of the Information Systems Security Association, and member of the Cyber Security Summit Advisory Board Committee)
  • Episode 93 – TBD/not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)

Seriously, this is an amazing lineup of information security professionals! These women represent our information security industry extremely well, and we’re honored to speak with them on our show!

Here’s what we’ve done so far…

Women in Security Series – Part One

We kicked off the Women in Security series on June 15th, and we couldn’t have chosen a better first guest! Renay Rutter, FRSecure’s COO, got the series started by sharing the experience, wisdom, and insight she’s gained over her 30+ year IT career. Renay expressed how important it has been for her to be strong throughout her career, and in her opinion, women need to be strong to survive in the information security industry. This was a great show!

If you missed this episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Thank you Renay!

Women in Security Series – Part Two

We kept things in the FRSecure family for week two, hosting Lori Blair. Lori is full of information security knowledge and wisdom! She started her career in the industry in 1985, working for the federal government. Over the next 35 years, she’s traveled the world helping organizations with their information security needs and held various leadership positions. She’s excelled everywhere she’s gone and even found time to raise children along the way! Today, Lori is a Senior Information Security Consultant at FRSecure, tackling difficult challenges and mentoring other women.

I have a TON of respect for Lori, and her opinions carry weight for me (and many others). It’s not just her experience that makes Lori amazing, she’s a wonderful, practical, and level-headed person who loves mentoring others. This is a can’t miss episode, go give a listen here; https://podcasts.apple.com/us/podcast/unsecurity-episode-85-women-in-security-pt-2-lori-blair/id1442520920?i=1000479175255

Thank you Lori!

Women in Security Series – Part Three

We welcomed up and comer Victoria Fogarty to the show for Part Three. Victoria is an Associate Information Security Analyst at FRSecure, where she started her career in 2019. She possesses natural gifts for this industry, and her perspectives were fresh. She’s intelligent, relatable, and an excellent communicator. She did a great job explaining how she researched a career in information security while she was an Insurance Adjuster, a job she disliked. Her journey is pretty cool so far, and her future is VERY bright! She even shared a shocker (at least for Brad and me) in this episode. Definitely worth the listen!

If you missed episode 86, here it is; https://podcasts.apple.com/us/podcast/unsecurity-episode-86-women-in-security-pt-3-victoria/id1442520920?i=1000480167348

Thank you Victoria!

Women in Security Series – Part Four

Kristin was our first non-FRSecure guest in the series. This was a great interview! Kristin shared how she got her introduction to information security while she was serving as an elected official (Washtenaw County Commissioner). She has an incredible journey so far, especially considering she has only been in the industry for a little more than 10 years.

She held some very exciting roles before founding the Cybercrime Support Network in late-2017. Her passion for helping people is inspiring, and we’re looking forward to making a difference in this industry together!

Learn about Kristin Judge, her journey, her opinions, and her work founding and running the Cybercrime Support Network in episode 87. If you missed it, go give it a listen; https://podcasts.apple.com/us/podcast/unsecurity-episode-87-women-in-security-pt-4-kristin-judge/id1442520920?i=1000482892565

Truly an amazing person; we loved chatting with her!

Thank you Kristin!

Women in Security Series – Part Five

It was a pleasure having Andrea join us in this episode! She is a Senior at Pennsylvania State University (Penn State), majoring in Cybersecurity Analytics and Operations. She is an avid listener to our show who contacted us through email about a question she had. She was shocked and VERY appreciative when we asked her to join us. We were pleasantly surprised by how well-spoken and determined she was.

Andrea has an incredible future ahead of her in the information security industry! Here’s her take on things in episode 88, WARNING: You’ll be impressed!

Thank you Andrea!

This brings us to today’s episode…

Women in Security Series – Part Six

Judy Hatchett is truly a top-notch, no nonsense information security leader. She’s the first woman on the show with the title Chief Information Security Officer and we were very grateful to spend some time with her. Judy’s path through the information security industry took her through big corporate America (Best Buy, 3M, etc.) before she decided to tackle some of the difficult challenges in healthcare. We first met Judy back when she was the CISO at Fairview, and now we cheer her on in her new role at Surescripts. You’re going to love her perspectives and opinions!

You can catch Part Six with Judy here!

Thank you Judy!

Women in Security Series – Part Seven

I was first introduced to her though my good friend (and co-worker) Ryan Cloutier. Together, they do great work at the Consortium of School Networking (CoSN), as well as deliver compelling talks at conferences and collaborate on cool projects. Ryan talked her up so much that I sort of thought he was full of it. Could this person be as good as he said she was? Really?!

Yes, yes she is! She’s the real deal and her name is Amy McLaughlin. Here’s some stuff about her:

  • The Director of Information Services at Oregon State University
  • Adjunct Faculty (Psychology) at Chemeketa Community College
  • Cyber Security & Network Consultant & Project Lead at the Consortium of School Networking (CoSN)
  • Home improvement expert (seems like it anyway)
  • A wonderful person and friend to many!

Since we first met, I’ve gotten to know Amy pretty well through our frequent visits on the Daily inSANITY Checkin and I’ve grown to really appreciate her common sense approach to life (and information security).

Thank you Amy!

Women in Security Series – Part Eight

Today we introduce you to someone very special to me personally and someone special to all she touches in our industry, Theresa Semmens! I first met Theresa when she was working at North Dakota State University (NDSU), where she spent 14 years as their Chief IT Security Officer, Chief Information Security Officer and Director of Records Management. That’s three titles in 14 years and mostly at the same time!

From NDSU, she took the Chief Information Security Officer job at the University of Miami and now she’s the Chief Information Security Officer at the Nevada System of Higher Education (NSHE). She’s an incredible asset to our industry and a really good person to be acquainted with!

She even wrote a nice review for the cover of my book. That’s like extra, extra credit! 😉

WELCOME THERESA!

Let’s get to the show, shall we?

Brad’s leading the show this week, and these are his notes…


SHOW NOTES – Episode 91

Date: Monday, August 3rd, 2020

Episode 91 Topics

  • Opening
  • Introducing Our Special Guest: Theresa Semmens (Chief Information Security Officer at the Nevada System of Higher Education) 
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 91 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is Monday, August 3rd, and joining me as usual is Evan Francen.

[Evan] Some sort of motorcycle adventure story…

[Brad] We have our 8th guest for the Women in Security Series this week. Theresa Semmens. Welcome Theresa!

[Theresa] She’ll say something informative or nice, I’m sure. (I don’t know Theresa, but Evan does, so I’m pretty confident in this.

Some idle chit-chat here maybe.

[Brad] Before we get started, let’s recap our week.

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Brad] As is custom around here, we spend a few minutes catching up before we dive head first into things. Evan, what you been up to?

[Evan] Cue Evan

[Brad] And Theresa, how about you? What have you been up to?

[Theresa] Cue Amy again…

[Brad] I’ll say some stuff about the weekend or something too. 

Transition

Women in Security, Part Eight

[Brad] This is the eighth week of our series discussing the topic of women in the information security industry. We’re definitely starting to see some patterns, but we’re still getting new and interesting insight every week. I’m going to speak for Evan here and say that I’m really looking forward to today’s discussion.

Really, this is an open discussion between myself, Evan, and our guest. Once again Theresa, thank you for agreeing to be here with us this morning.

Some starter questions or things for us to think about…

Do we have a shortage of women in our industry? If so, what’s the big deal?

Open Discussion (~30 minutes)

  • How did you get started in this field (information security)?
  • Tell us how you got to where you’re at today.
  • What’s it like being a woman in our industry? Have you experienced the “bro culture”? If so, can you share the experience with us?
  • We hear a lot about various women’s issues in our industry, and one of those is we don’t have enough women working in our industry. What’s your take, do we have a shortage of women?
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Do any other women’s issues come to mind?
  • What can people do to help? How about Brad and I?

[Brad] Thank you Theresa. Good information and things to think about. Much appreciated! How about some quick news stuff?

News

[Brad] Alright, here’s some newsy things that I thought were interesting this past week:

Wrapping Up – Shout outs

[Brad] That’s it for episode 91. Thank you again Theresa for joining us and making the eighth installment of the Women in Security Series a really special one.

Do either of you have shout outs to give this week?

[Evan and/or Theresa] We’ll see.

[Brad] Thank you to all our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh, and Evan is @evanfrancen. Theresa, is there a particular way you’d prefer people to find you?

Lastly, be sure to follow our show on Twitter (@UnsecurityP), and follow the companies we work for, SecurityStudio (@studiosecurity) and FRSecure (@FRSecure).

That’s it, talk you all again next week!