The UNSECURITY Podcast – Episode 54 Show Notes

Show notes are almost on time this week! Yay us.

I started writing our show notes on Thursday night in the Salt Lake City airport, and now I’m finishing them on a plane back from LA. Ugh. The life.

This was a crazy week, but what’s new? While Brad’s been bustin’ his tail keeping up with FRSecure’s sales and operations, I’ve been traveling the country on the SecurityStudio Roadshow. My travels this week took me to Rochester (NY), Baltimore (MD – layover), Kansas City (MO), Salt Lake City (UT – layover), Sacramento (CA), and Los Angeles (CA – layover).

I’m supposed to get home late on Friday night. We’ll see. 🙂

If you’d like to follow the SecurityStudio Roadshow, I write a recap every week on my/this site. Keep up with me, and give me some BBQ tips.

I’ve met some amazing people on my travels, and one really cool cat is Kenneth Bechtel. I met Kenneth during week one of the SecurityStudio Roadshow. On week one, John Harmon and I traveled to Harrisburg, Pennsylvania for BSides. I was speaking in a mid-morning session and Kenneth was the keynote speaker.

I have a lot of respect for Kenneth because he’s been at his game for a long time. He’s been doing threat hunting before threat hunting was a thing. Big props to this guy. During our time together at BSides, Kenneth shared his recent troubles finding a job. This bugs me. So, I invited him to be a guest on the podcast.

We’re honored to have him share some of his wisdom. We’ll try to get to the bottom of his job search struggle too.

Special thanks to Brandon Matis for putting together last week’s anniversary show! That couldn’t have been easy.

Pretty sure I’m supposed to lead this episode, so here goes.

My show to lead this week and these are my notes.


SHOW NOTES – Episode 54

Date: Monday, November 18th, 2019

Show Topics:

Our topics this week:

  • What’s up man?
  • Introducing Kenneth Bechtel
    • The earlier days versus today. What’s changed and what’s the same?
    • The (alleged) infosec labor crunch. Kenneth isn’t the first person who’s had trouble finding work. What gives?
  • New show ideas
  • News
Opening

[Evan] Hey UNSECURITY Podcast listeners! This is episode 54, and the date is November 18th, 2019. I’m Evan Francen, and it’s my show this week. Brad’s here with me too. Care to chime in Brad?

[BradYou know he’s got something to say. Probably something good too!

[Evan] Alright, we’ve got another great show planned!

  • Brad and I are going to catchup with our craziness quick.
  • We’re going to get real with a true information security pioneer Kenneth Bechtel. He’s got an incredible amount of wisdom to share and we want to get to the bottom of why people like Kenneth are not getting hired when we have this alleged talent shortage.
  • We’ll talk about an upcoming show idea that we have, then we’ll wrap with some newsy things.

I’m pumped about this show! So, let’s get on with it, eh?

[Brad] Brad’ll agree probably.

[Evan] So, what’s up man?! I’ve been out for the past two weeks preaching to folks everywhere and stuff. I missed you man.

Catchin’ up with Brad (quick)

[Evan] Alright, enough of that. We are excited and honored to have Kenneth Bechtel on the phone, so let’s welcome him. Hi Kenneth.

[Kenneth] He’ll confirm (unless of course we have some tech issue or something).

[Evan] Can’t tell you how grateful and pumped we are to have you on the show! We’re going to get to know each other more, and discuss things. I’d like to start off with you telling us about you, then we can talk about how the industry has evolved, then lastly, let’s discuss this whole infosec talent shortage thing.

I found an old photo of you on your Team Anti-Virus website.

About Kenneth:

I have been actively involved in Anti-Malware defense and research since 1988 at both a corporate and international level, with close ties to the international Anti-Malware efforts and fellow researchers.

In the corporate world, I have worked as both a Virus Laboratory and Field researcher for major organizations, providing expert support for malware outbreaks.

Internationally, I was a Founding Members of AVIEN – Anti-Virus Information Exchange Network, and served as Chairman of its Disciplinary Committee and well as member of the Advisory Board to the Administrator.

I have presented at international conferences, including the Virus Bulletin Conference, at which I am a regular attendee.

My work has been published in trade magazines and specialized websites such as Security Focus.

I have written a handbook on Anti-Virus Security and was one of the co-authors of the AVIEN Malware Defense Guide. 

I am regularly asked to speak at small organization and company conferences and training seminars.

Media requests, Opportunities and general inquiries are welcome at kbechtel@teamanti-virus.org

Discussion with Kenneth Bechtel
  • Introductions
  • The earlier days versus today. What’s changed and what’s the same?
  • The (alleged) infosec labor crunch. Kenneth isn’t the first person who’s had trouble finding work. What gives?
  • Your recent post about your cowboy hat

[Evan] Alright. Let’s see what we can do here to help each other. Kenneth, I sincerely appreciate your tireless work for this industry and for being on our show!

News

[Evan] Some interesting news stories for us to discuss this week. The first one is interesting because we’ve warned about this and sadly things are going to get much worse before they get better.

Closing

[Evan] OK, cool! Episode 54 is a wrap. Thank you again Kenneth for being on our show. I think our discussion will benefit others!

Thank you to our listeners! Keep the questions and feedback coming. We love it, well Brad does, but I don’t. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. Kenneth, do you have a way you want people to socialize with you?

Follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies!

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 53 Show Notes

We’re celebrating our one year anniversary with a special episode! Last week was the one year anniversary of the UNSECURITY Podcast, in case you missed it.

Brad and I are taking the week off from doing a live show this week while Brandon Matis (FRSecure’s Marketing All-Star) puts together the show. This week’s show will highlight some of the most memorable moments of the past year, and should be a must-listen.

Brad and I will be back next week (episode 54) with a live special guest, Kenneth Bechtel. I ran into Kenneth at the Harrisburg BSides event during week one of the SecurityStudio Roadshow (#S2Roadshow), where he was the keynote speaker. Kenneth is a pioneer in malware research and threat intelligence, but he’s having some troubles landing a job. We’ll find out what gives. This is sure to be a great show next week, so tune in!

We’re excited about the second year of the UNSECURITY Podcast! We’ve learned a lot about podcasting and we’re planning to have a ton of interesting guests in the weeks ahead.

The UNSECURITY Podcast – Episode 52 Show Notes

Yay us! This is the one year anniversary of the UNSECURITY Podcast! 

Episode 52. One year, one episode per week, fifty-two episodes. Hard to believe it’s already been a year. We didn’t miss a single week, and if you know us (well, me anyway), you know that’s almost miraculous. Some weeks were tough to get something recorded, but we did it anyway.

Last week was a good one around here. I’m not sure what Brad’s been up to because we haven’t caught up with each other yet.

For me, I gave a couple talks at a couple of conferences, made a short Dallas trip, and did some other neat stuff.

Last week was a great show with special guest, lead pen-tester, and all around awesome guy Eric Hanson. We’re pleased to have another special guest this week! David Kruse is joining us to share his perspectives on things. It’s gonna be another great show!

My show to lead this week and these are my notes.


SHOW NOTES – Episode 52

Date: Monday, November 4th, 2019

Show Topics:

Our topics this week:

  • One Year Anniversary
  • Introducing David Kruse
    • How’d you get here? 
    • Cyber Insurance
    • Speaking
  • Industry News
Opening

[Evan] Hey UNSECURITY Podcast listeners! This is episode 52, the date is November 4th, 2019, and I’m your host, Evan Francen. My guy is with me, Brad Nigh. Tell the folks something Brad.

[BradWords, words, words, etc.

[Evan] Alright, we’ve got a great show planned!

  • We’re going to talk about 0ur first year of podcasting, and some of what we’ve learned.
  • We’re going to welcome our guest David Kruse. He’s an awesome dude who’s got a cool career story. He also knows a ton about cyber insurance, so we’re going ask him all sorts of challenging cyber insurance questions.
  • After all this, we’re going to discuss some interesting news stories, including Google’s Fitbit purchase announcement.\

Ready Brad?

[Brad] Of course he is.

[Evan] OK. Joining us this morning is a pretty swell guy, David Kruse. Good morning David!

[David] Unless we have technical issues, David will probably say something.

[Evan] You guys, I can’t believe this is the one year anniversary of the UNSECURITY Podcast! We’ll do the official One Year Anniversary Show next week, but let’s talk about this.

One Year Anniversary Discussion
  • Reminiscing – some cool and some funny show moments
  • People we’ve met, and some of our favorite peeps
  • What’s next? Ideas.

[Evan] It’s been a good year. Here’s to an even better one ahead! OK, now let’s talk about you David. 

Introducing David Kruse
  • How’d you get here? – One of the most fascinating things David shared with me was his career path. It’s pretty wild. There are some interesting parallels between his path and mine. Should be a good talk!
  • Cyber Insurance – David has some awesome cyber insurance experience and advice.
  • Speaking – David does some speaking, including keynotes. Let’s get his perspective, tips, and tricks on this too.

[Evan] It’s great talking to you and it’s great knowing you David! Thanks for sharing brother. Let’s wrap the show up with some news stories. 

News

[Evan] We’ve got two (maybe three) news stories to discuss this week, but one news story in particular that caught my eye was Google’s intended purchase of FitBit. Ugh.

Closing

[Evan] Episode 52 is a wrap. Well, almost. Thank you for joining us David! Hopefully we can do this again in the future.

Thank you to our listeners! Keep the questions and feedback coming. We love it,. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. David, do you have a way you want people to social ice with you? 

Follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies!

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 51 Show Notes

Things have gotten wild at work lately. The #S2Roadshow is in full swing, Brad’s been VERY busy, and business is good. John Harmon and I are four weeks into the SecurityStudio Roadshow (#S2Roadshow). Last week he was at BSides in Virginia and I was at the San Diego ISSA chapter. I’ll write the week four recap on my blog (here) soon.

Brad’s on the East coast this weekend and won’t make it back until Tuesday morning.

All of this means that we’re going to be a day late recording this episode of the UNSECURITY Podcast. We’ve got a great show planned though! Special guest, Eric Hanson (FRSecure’s Penetration Testing Lead) will join us from Reno, NV.

Brad’s show this week, and these are his notes.


SHOW NOTES – Episode 51

Date: Tuesday, October 29th, 2019

Show Topics:

Our topics this week:

  • Quick Catch-up/Roadshow Week #4
  • Penetration Testing Discussion
    • Introduction to Pentesting
    • Common Questions
    • FRSecure’s Penetration Testing Team
    • Other Stuff
  • Industry News
Opening

[Brad] – Hi everybody, and welcome to another episode of the UNSECURITY Podcast! This is episode 51, and I’m  Brad Nigh, your host.  Joining me today is my good friend, Evan Francen. Good Morning Evan.

[Evan] Evan has been traveling a lot, I’m hoping he’s functional.

[Brad] Joining us as a special guest this week is FRSecure’s Lead Pentester, Eric Hanson. Welcome Eric!

[Eric] Says “hi”. Eric is one of the nicest guys you’ll meet.

[Brad] We’re very excited to talk to Eric, but before we dive head first into pentesting stuff, let’s catch up real quick. We’ve all been very busy. Evan, you just wrapped up week four of the SecurityStudio Roadshow, how’d it go?

[Evan] Some things. Evan’s been meeting some awesome people all over the country. Let’s get some #truth.

[Brad] Good stuff. We’ve been doing a lot of preaching lately! I just got back from speaking myself… (tell about it). OK, back to Eric now. Eric, do you do any speaking?

[Eric] Tells it like it is.

[Brad] One member of your team, “Ben” has been doing some awesome research and will be speaking again soon. I think he’s speaking at a big ISACA conference in Chicago. Let’s talk about that and let’s talk about this whole pentesting “thing”.

I’d like to spend most of the show talking about this.

Penetration Testing Discussion
  • Introduction to Pentesting
  • Common Questions
  • FRSecure’s Penetration Testing Team
  • Other Stuff

[Brad] Great discussion. Hopefully we covered some of the common questions and misconceptions people have about penetration testing. Penetration testing is serious business, and we’re VERY grateful to have such a highly-skilled team like we do here at FRSecure.

Let’s dig into some news stories before we close this episode out.

News

[Brad] We’ve got four news stories to discuss this week:

Closing

[Brad] There you go, episode 51 is a wrap! Like many of you listening, we’ve got another busy week ahead.

Special thanks to Eric for joining us this week.

Thank you to our loyal listeners! Thank you for your tips and feedback. Send us your wisdom, questions, advice, whatever, by email to unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan’s @evanfrancen. Also, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies!

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 49 Show Notes

OK, late again. Show notes before the show recording though, so it’s not terrible.

Lately, Brad and I haven’t seen each other much (or at all). I’ve been on the SecurityStudio Roadshow (#S2Roadshow) and Brad’s been swamped running his part of the FRSecure business (solutions development, sales support, innovation, IR support, and Analyst team support, etc.). Brad’s got a lot of stuff!

FRSecure won another award last week, which is super cool! The company was ranked #22 of the 50 fastest growing companies in the Twin Cities! In addition to being the 22nd fastest growing company, FRSecure was also the highest ranked information security consulting company on the list. This is the 3rd consecutive year that FRSecure has made the Fast 50 list, and I AM SUPER PROUD of this team! HUGE CONGRATULATIONS on a great accomplishment! They are all amazing, top to bottom!

When you get out of the way, incredible people to do amazing things. This is how FRSecure works.

Let’s get to some show notes, shall we?


SHOW NOTES – Episode 49

Date: Monday, October 14th, 2019

Show Topics:

Our topics this week:

  • Quick Catch-up/Roadshow Week #2
  • IT Security, Information Security, Cyber Security, and Physical Security
  • Cybersecurity Maturity Model Certification (or “CMMC”)
  • What it takes to do this job
Opening

[Brad] – Hi UNSECURITY Podcast listeners! It’s me, Brad Nigh. This is episode 49 and the date is October 14th. Evan’s here too. Say “hi” Evan.

[Evan] I oblige. I’m nice.

[Brad] It’s been a couple weeks since you and I have been in studio together. Last week, you and John Harmon hosted episode 48 while I was traveling. This week I’m back!

[Evan] It’s good to have you back man! I’m excited to catch-up and record this episode with you!

[Brad] Holy cow, we’ve got a jam-packed show today. Is this what I get for letting you write the show notes?

[Evan] 😉

[Brad] OK, let’s catch-up quick. Let’s chat about the stuff I’ve been up to, and some of the stuff you’ve been up to.

Quick Catch-up/Roadshow Week #2 Discussion

[Brad] Good things. We receive good questions from our listeners each week, and this past week is no exception. There was one question in particular that I wanted to cover with you. It was nice to here that the listener  has adopted our definition of information security in his policies, but he struggling with the term “IT Security”. He’s not alone I guess, because he also provided a link to a CompTIA article titled “What Is the Difference Between IT Security and Cybersecurity?“.

[Evan] Yeah, this can be confusing for some people. Words really do matter, especially when we struggle with using them correctly.

[Brad] The CompTIA article is sort of confusing, as the author covers different approaches to the definitions of IT Security, Information Security, Cyber Security, and Physical Security.

In one diagram, he arranges information security, cyber security, and physical security inside of IT security. In another diagram he drops IT security altogether and puts cyber security and physical security inside of information security. 

He then poses the question “So, which is best? Who is right?”. His answer leaves us hanging and then he a attempts to address whether terminology even matters. Let’s discuss this and address our listener’s question.

IT Security, Information Security, Cyber Security, and Physical Security Discussion

[Brad] Glad we settled it. Maybe we should make a diagram too. Later.

[Evan] Pretty sure we’ve got one or two of these somewhere.

[Brad] Alright. Another listener emailed us this week and asked us about the new(ish) Cybersecurity Maturity Model Certification (“CMMC”). Should we talk about this quick?

[Evan] I’ll agree because I agree.

Quick Cybersecurity Maturity Model Certification Discussion
  • All companies conducting business with the DoD must be certified, regardless of the use/presence of Controlled Unclassified Information (CUI)
  • Initial implementation of the CMMC will only be within the DoD
  • The intent of the CMMC is to combine various cybersecurity control standards such as NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others into one unified standard for cybersecurity.
  • CMMC is intended to serve as a verification mechanism.
  • CMMC will implement multiple levels of cybersecurity. In addition to assessing the maturity of a company’s implementation of cybersecurity controls, the CMMC will also assess the company’s maturity/institutionalization of cybersecurity practices and processes.
  • accredited and independent third party commercial certification organization to request and schedule your CMMC assessment
  • Some of the higher level assessments may be performed by organic DoD assessors within the Services, the Defense Contract Management Agency (DCMA) or the Defense Counterintelligence and Security Agency (DCSA).
  • Your certification level will be made public
  • The government will determine the appropriate tier, contained in sections L & M of future Request for Proposals
  • On October 3rd, the DoD posted the RFI for the CMMC Accreditation Body.
  • The draft CMMC v0.4 is posted.
  • The draft CMMC v0.6 is expected for public review in November, 2019.
  • Finalization of CMMC v1.0 is expected by January, 2020.

[Brad] Lots to say about that. Last week, you mentioned me in a Twitter conversation you were engaged in. The tweet that started the conversation was “Lol lots of people whining about empathy in infosec this morning… what, are you all on the same sensitive mailing list or something?”

[Evan] Yeah. The author had a point and I thought it could be a good conversation about what it takes to be good at what we do from a slightly different perspective.

Discussion about what it takes to do this job

The Twitter thread:

Continues…

Good stuff to discuss, and shoutout to @c0Bchik for engaging in a discussion.

[Brad] Alright, let’s wrap this up with a few news stories.

News

[Brad] I’ve got three news stories to discuss this week:

Closing

[Brad] There you go, episode 49 is a wrap! Like many of you listening, we’ve got another busy week ahead.

Thank you to our loyal listeners! Thank you for your tips and feedback. Send us your wisdom, questions, advice, whatever, by email to unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan’s @evanfrancen. Also, follow SecurityStudio (@studiosecurity) and the #S2Roadshow hashtag.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 48 Show Notes

OK. Late again. I’ve been busy, and so has Brad.

Most of my highlights from last week are written/posted in #S2Roashow Recap – Week One. If you haven’t read it yet, you should. 😉 There’s a recap of the BSides Harrisburg Conference (their first one ever), a recap of the Cybersecurity Awareness Summit, and our reviews of some of the best BBQ in Central PA. You need to check out who the winner was!

As far as Brad is concerned, I haven’t seen him much lately. I’ve been on the road, and I think he’s been on the road too. Actually, he’s on the road during this week’s show! It’s a very busy time of year for all of us at SecurityStudio (me) and FRSecure (Brad).

Let’s get to it, eh?


SHOW NOTES – Episode 48

Date: Monday, October 7th, 2019

Show Topics:

Our topics this week:

  • Roadshow Recap – Week One
  • More vCISO Talk
  • This Week & The News

[Evan] – Hey oh. It’s me, Evan Francen. This is episode 48 of the UNSECURITY Podcast and the date is Monday, October 7th, 2019. Brad’s on a plane somewhere maybe, or maybe he’s in a hotel somewhere. I don’t know. All, I know if that he couldn’t make it because he’s really, really busy. In Brad’s place this morning is my good friend, John Harmon. Care to say “hi” John?

[John] John is a leader and has the liberty to say what he wants. 😉

[Evan] So, this was sort of last minute. I texted Brad on Friday night to ask if he wanted me to write the show notes. He responded that he’s going to be in San Diego, doing a board of directors presentation for a customer. Planning isn’t my strong suit, so I went to my bullpen. There I find my ace reliever, John Harmon. Glad you’re here John!

[John] John’s probably glad to be here, but it’s early. He might not be awake yet.

[Evan] Last week was week one of the SecurityStudio Roadshow (#S2Roadshow). You and I were in Pennsylvania, spreading some security love/truth. I wrote about the week on my blog, but who reads anymore? Let’s talk about it here. Cool?

[John] You’ll love John. He’s agreeable and great at rolling with it.

Roadshow Recap – Week One Discussion

Refer to https://evanfrancen.com/the-securitystudio-roadshow-week1/ for more information.

[Evan] It was a fun week, a productive week, and a very successful week. One of the most popular topics on the show is the topic of vCISO, or virtual Chief Information Security Officer. We receive emails every week from listeners asking good questions. This past week was no exception.

The questions were:

  1. Can you help me with some vCISO materials? 
  2. Like a framework of where to start?

This is a good opportunity to discuss this because we have a guest too. John has hired numerous vCISOs over the years, so his perspective will be great!

Maybe we’ll mention the book that Brad and I are starting…

More vCISO Talk

[Evan] Let’s talk briefly about where the SecurityStudio Roadshow takes us this week, then get to some news.

This Week & The News

[Evan] Where are you going to be this week John?

[John] John will tell us about his week (and hopefully where he might grab some BBQ). He might ask me about mine. We’ll see.

News

Only three news articles to talk about this week, even though there are 1000s to choose from:

Closing

[Evan] There you have it. We’ve got another busy week ahead! Fixing a broken industry is a helluva lot of work. I’ll see if Brad is up for talking about the Cybersecurity Maturity Model Certification (CMMC) next week. Interesting stuff happening there.

Thank you to our loyal listeners! Thank you for your tips and feedback. Send us your wisdom, questions, advice, whatever, by email  at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and John’s @HarmonJohn. Also, follow SecurityStudio (@studiosecurity) and the #S2Roadshow hashtag.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 47 Show Notes

Here we go. The show notes for episode 47 of the UNSECURITY Podcast.

I’m writing these during the Vikings/Bears game on Sunday. Skol Vikings! Yeah, whatever, I’m late, but I’ve got excuses. I’m late because things are sort of crazy at home right now. I’ll try to explain:

  • I was in Bulgaria for a week (several weeks ago). My sleep was thrown off a little because Bulgaria is 8 hours ahead of us.
  • My wife was in China for 10 days. This means that I was left to my own devices (not usually a good idea), and I had no backup for my 14 year-old daughter’s manipulation. Seemed like there were more kids at my house than normal. I don’t know. The house is still standing, so that’s a win.
  • In the middle of this, I decided to quit smoking on Wednesday. After 30 years of 1-1/2 packs a day, I’m done. This is day four, and the withdrawals are a challenge (my PC word for it).
  • My wife got back last night, and now her sleep is all wonky. She was 13 hours ahead.

So, let’s give this thing a go, shall we?

Last week was a blur, but I think we did some really good things! Brad spent the latter part of the week offsite with FRSecure’s Senior Management Team (SMT), doing some strategic planning. I spent most of my time working on some timely SecurityStudio stuff:

  • Next week’s launch of S2Org.
  • SecurityStudio Partner Jumpstart
  • Roadshow preparation, hard to believe that we (me and John Harmon) hit the road next week already.

Do you know what we’re doing on the #S2Roadshow? Did you know that we’re using the “#S2Roadshow” hashtag? Do you know what S2Org is? Don’t worry if you don’t, we know we’ve got a lot of preaching to do!

Friday was highlighted by a great meeting with Minnetonka School District representatives (Mike Dronen, Executive Director of Technology and Dave Eisenmann, Director of Instructional Technology), Ryan Cloutier (repeat podcast guest and Chairperson of the Consortium of School Networking Cyber Security Advisory Panel), and Ivan Peev (SecurityStudio’s VP of Product Development). We discussed how we can work together to create a free S2Teen product for students and parents. There will be some great things coming out of this (eventually).

If you missed episode 46 of the UNSECURITY Podcast, here it is.

OK. Show notes…


SHOW NOTES – Episode 47

Date: Monday, September 30th, 2019

Show Topics:

Our topics this week:

  • Fundamentals
  • Roadshow
  • Parents and Kids

[Evan] – Let’s do this. I’m Evan Francen, it’s Monday, September 30th, and this is episode 47 of the UNSECURITY Podcast. My guy Brad Nigh is here with me. Hey Brad!

[Brad] You know Brad. He’ll say something because he’s nice like that.

[Evan] I know you were offsite with the FRSecure Senior Management Team (or SMT) the last half of the week. I love how you guys set an example by working hard and playing hard. How was it?

[Brad] Cool things.

[Evan] So, late last week, I had this meeting. It was the first time I’d met this guy who runs the information security program for a VERY important organization. I can’t share the name because I don’t like to out people like that. Anyway, he has many years of information security experience and seemed like he had all the right things to say. As the discussion progressed, I could sort of sense that he and I didn’t see security the same way exactly.

He knew all the acronyms and threw them around like candy at a parade. He’s also very well connected and dropped a lot of names. We knew some of the same people, but this was the first time he and I had met each other. He went on to say how they’ve built a good foundation for their security program, and now they want to take things to the next level.

One thing that became obvious is we don’t think about the foundation or fundamentals the same way. Let’s talk about this.

[Brad] He’ll agree because he likes to talk about these things.

Fundamentals Discussion

Things to discuss:

  1. What is information security?
  2. What is risk?
  3. If I hire you to “do” information security for me, what is the first thing you would do?
  4. What percentage of SMBs…?
  5. Discuss last week’s discussion

[Evan] The basics man. How many breaches do we see where it’s just the missing basics? 

[Brad] Something…

[Evan] Complexity is the enemy. We’ve all heard it before. Really, this is what the SecurityStudio Roadshow is about.

Roadshow Discussion

  • Was called “Project Bacon”.
  • Mike Dronen brought me some bacon!
  • This week is Harrisburg, PA BSides
  • Hashtag #S2Roadshow

[Evan] Quickly, let’s talk parents, kids, security, privacy, and safety. Maybe we can devote a whole show to this in the future. Maybe we can get a guest to join us.

Parents and Kids Discussion

[Evan] Alright. That’s a lot to take in. Good discussion Brad. We could take any one of these topics and make it an entire show.

News

Here’s our news for this week:

Closing

[Evan] There you have it. I’ll be checking in regularly from the road. We have a mission dammit! Stay tuned. Hope you’ll follow along.

Thank you to our loyal listeners! Shout out to Kevin! Thank you for your tips and feedback. We’re working on it. For the rest of you, send us your feedback by email  at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Talk to you all again next week!

The UNSECURITY Podcast – Episode 46 Show Notes

Here we go, we’re on week 46 (already)!

Hard to believe how far we’ve come over the past 45 weeks. Our first podcast was recorded over a Zoom Web conference on a Sunday afternoon. Brad was at home and so was I. We kept up the Sunday routine for a while, at least until our wives requested their Sunday afternoons back. Thank God, because the quality of those early podcasts sucked, and we needed to up our game.

Anyway, there’s a story here. Maybe a story for another day.

This has been another incredible week.

The week started with a Sunday evening trip to Washington D.C. for a Monday afternoon meeting.

The highlight on Tuesday was participation in the 2019 Minnesota IT Symposium at the Mall of America. I had the privilege to participate on a panel with two really awesome information security leaders; Judy Hatchett (VP, Information Security & CISO at Fairview Health Services) and David Young (CISO at Medica). The panel was moderated by my good friend (and SecurityStudio board member) Nick Hernandez. It was an amazing discussion, and it was an honor to share the stage with these guys.

Wednesday was an office day, trying to catch up. It doesn’t seem healthy to process so many emails in such a short period of time.

Thursday was arguably the highlight of the week. FRSecure held their 4th Hacks & Hops event. More than 200 friends and partners gathered at U.S. Bank Stadium to talk about security incident response. After the keynote, I was joined by some incredible information security peers; Jadee Hanson (CISO and VP of Information Systems at Code 42), Bill Boeck (Senior VP, Insurance and Claims Counsel at Lockton Companies), and our very own Oscar Minks (FRSecure’s Director of Technical Solutions and Services).

We discussed the importance of incident response planning, cyber insurance, shared some personal stories, and fielded some great questions from the audience.

One or our attendees summed it up well in his LinkedIn post after the event.

There is an incredible amount of work that goes into arranging an event like this. FRSecure’s Jess Kooiman led the charge, with a significant amount of help from Brandon Matis, Andy Forsberg, Christy Kleve, Renay Rutter, and McKenzie Adams.

Friday wrapped with some good SecurityStudio meetings, including one with Tyler Olson (Founder and CEO of SHYLD Academy). He’s got a good thing going there!

Great week and tons going on. I hope you had a great week too. If you’d like to share your week, get in touch with me or Brad. You can find us at unsecurity@protonmail.com. We’d love to hear your successes and/or help if we can.

If you missed episode 44 of the UNSECURITY Podcast, here it is.

OK. Show notes…


Just a quick note. Brad’s super busy, so these are his show notes written by me (Evan).

SHOW NOTES – Episode 46

Date: Monday, September 23rd, 2019

Show Topics:

Our topics this week:

  • Hacks & Hops Recap
  • Upcoming Speaking Engagements
    • Our upcoming talks
    • The SecurityStudio Roadshow
  • Mental Health
  • Industry News

[Brad] – Hi there, welcome to episode 46 of UNSECURITY Podcast. I’m Brad Nigh and joining me in studio is Evan. This is two weeks in a row where we’ve been together in studio. Want to say “hi” Evan?

[Evan] We record the show at 6:45am on Mondays. Who knows what sort of mood I’ll be in.

[Brad] Sheesh, we have another jam-packed show this week. I need to stop Evan from writing the show notes!

[Evan] Yeah, probably.

[Brad] Another crazy, but great week around here. One of the highlights from this past week was our Hacks and Hops event. Let’s talk about it and share some thoughts, especially for the listeners who couldn’t make their way to U.S. Bank Stadium on Thursday.

Hacks & Hops Recap and Discussion

[Brad] It was a great event! I didn’t mind helping you out with the joke you couldn’t remember either. Your welcome.

[Evan] I was stuck. Why are jokes so hard for me to remember?

[Brad] You and I have a bunch of talks coming up, and you’ve got the Project Bacon roadshow too. We’re going to be all over the place.

[Evan] We do. It’s exciting to spread the word, and we hope that we’re helping people along the way.

Upcoming Speaking Engagements Discussion

[Brad] This will be good. One of the things that you mentioned at the beginning of your Hacks & Hops keynote was the mental health. This is a topic that isn’t discussed as much as it should be.

[Evan] Yeah, we need to shine a brighter light on this.

[Brad] You wore a Mental Health Hackers t-shirt and gave some statistics. Let’s talk about Mental Health Hackers, the statistics you shared, and how this hits home for us here at FRSecure.

Mental Health Discussion

We could spend an entire series talking about the importance of mental health in our information security industry, but for now we’ll keep it fairly short.

[Brad] Talking about mental health openly is important. We are all in this together, and we all need to take a more active role in supporting each other.

[Brad] OK, as is the custom, we close this thing out with some news. Here’s the industry newsy things to discuss briefly this week.

News

Here’s our news for this week:

Closing

[Brad] There you have it. We talked about a lot!

Always grateful for our our loyal listeners. We love your feedback and appreciate the fact that you join us each week. Send your feedback to us at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan’s @evanfrancen.

Talk to you all again next week!

The UNSECURITY Podcast – Episode 45 Show Notes

Welcome back for another quick recap of the week and another dose of UNSECURITY Podcast show notes. Hope you all had a great week!

For last week’s show, Brad was in studio while I was calling in from Sofia, Bulgaria. Brad was joined by Ryan Cloutier, an awesome return guest. As far as I could tell, it was another great show. I had some connectivity issues, but who doesn’t have connectivity issues in Bulgaria? Brad did a great job holding things together while we chatted about issues such as liability and speaking information security with “humans”.

Catch episode 44 here.

I was in Bulgaria to visit members of our SecurityStudio development team, check out the new office, and spend some time planning future releases of the software. Bulgaria is eight hours ahead, so timing with U.S. resources was interesting.

This slideshow requires JavaScript.

The trip was very successful and we made significant progress on a number of fronts. While I was halfway around the world, Brad held down the fort. He’s a really good leader and I’m sure he has a bunch of things going on. I didn’t get to check in with him last week, so we’ll ask how he’s doing on the podcast.

Lots of other really cool stuff to share, but I’ll do that in another post or on the show.

Let’s do some show notes now.


SHOW NOTES – Episode 45

Date: Monday, September 16th, 2019

Show Topics:

Our topics this week:

  • Catching Up
    • More Mentor Program success
    • Civic duty example
  • vCISO Revisited
  • Book Announcement

[Evan] – Hi folks, welcome to the UNSECURITY Podcast. This is episode 45 and I’m your host, Evan Francen. Brad’s joining me as usual. Hi Brad!

[Brad] Brad politely says hello to me and by proxy all of our listeners. Good Brad.

[Evan] Man, this is two shows in a row where I’m out of studio. Today I’m stuck in Washington, D.C. for a meeting. Only one day, so that’s good. What’s up with you?

[Brad] Stuff and things.

[Evan] We haven’t recorded together in person the last couple of weeks, and I haven’t even been able to catch up with you. You cool if we catchup quick?

[Brad] Brad will probably say “yes”.

[Evan] Alright, let’s start with your week. Tell us what you’ve been up to.

Catching up

  • What Brad’s up to.
  • What I’m up to.
  • We have more Mentor Program success to talk about
  • One of our listeners is setting a great example for all of us in holding his local government accountable for security.

[Evan] Alright, lots of good things. We’re all in this together and there’s a job and place for everyone.

[Brad] Brad’s words of wisdom.

[Evan] We’re always grateful for feedback that we get from listeners. If you’d got some, email us at unsecurity@protonmail.com. One of the more popular topics in the past few months has been that of the virtual Chief Information Security Officer (or vCISO). We’ve received some great questions about how to become a vCISO. A couple of episode ago, we talked about what a good vCISO is, but we didn’t really talk about how to become one. Let’s do that.

How to become a vCISO discussion

  • If you’re new (less experience).
  • If you’re experienced (even existing CISOs)
  • What are the benefits to being a vCISO versus being a FTE CISO?

[Evan] Alright. Good perspective and good discussion. Thank you Brad.

[Brad] Brad’s gotta say something or we’ll have an uncomfortable silence here.

[Evan] OK, last topic before we get into some news. I want to announce something that I’m VERY excited about. You and I are going to write a book, right?

[Brad] Brad confirms. See if you can notice any change in the tone of his voice when he responds.

New book announcement and discussion

There’s a tie in here with vCISO too.

[Evan] I’m pumped about writing with you Brad. What better time than 4th quarter to get started?

[Brad] He’s lived through multiple 4th quarters, so he’ll laugh/cry.

[Evan] Let’s close this thing out with some news, eh?

News

Here’s our news for this week:

Closing

[Evan] There you have it. Thank you for another great show Brad!

A special thank you to our loyal listeners. We love your feedback and sincerely appreciate the fact that you join us each week. Send your feedback to us at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh.

Talk to you all again next week!