Posts

UNSECURITY Episode 132 Show Notes

/in /by

Hey Listeners!

Spring is in full bloom (finally) in Minnesota, and life is good. The weather is great, and last week, our Governor (Tim Walz) lifted the mask mandate for people who are vaccinated and maintain some semblance of social distancing. It’s good to see people’s faces again, especially when they’re smiling. 🙂

We’re grateful for the guests who have joined our show the past four weeks! We’ve learned a ton from these conversations.

If you missed any of these shows, you can find them here:

NOTE: We’re looking for people from other walks of life to share their perspectives too, especially men and women of color. Let us know at unsecurity@protonmail.com if you have suggestions.

This week, we’re not planning to have a guest, so you’ll have to put up with Brad and I.

Next week (episode 133) we’re hoping to have Gabriel Friedlander from Wizer on the show!

Let’s get to the episode 132 show notes, shall we?

SHOW NOTES – Episode 132 – Tuesday May 18th, 2021

Opening

[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 132, and the date is May 18th, 2021. Joining me is my good friend, highly-skilled information security expert, and all around great guy, Brad Nigh.

Good morning Brad!

There are so many things happening in our world, it’s hard to keep track. One interesting event from the last week (other than the Colonial Pipeline attack) was the announcement of President Biden’s Executive Order (EO) 14028 titled “Improving the Nation’s Cybersecurity”. In today’s episode, Brad and I are going to break this down.

Improving the Nation’s Cybersecurity

  • The EO was announced by the Administration on 5/12/21.
  • There’s a lot of information to unpack here, including:
  • Section 1. Policy, containing:
    • Policy statement.
    • Scope.
  • Section 2. Removing Barriers to Sharing Threat Information, containing:
    • Review existing reporting requirements and procedures.
    • Recommend updates to the Federal Acquisition Regulation (FAR).
    • Update the FAR.
    • Enforce IT/OT provider compliance.
    • Centralize reporting.
    • Provide budget for this section.
  • Section 3. Modernizing Federal Government Cybersecurity
    • Adopt security best practices.
    • Advance toward Zero Trust Architecture.
    • Accelerate movement to secure cloud services.
    • Adopt multi-factor authentication.
    • Encrypt data at rest and in transit.
    • Centralize and streamline access to cybersecurity data.
    • Invest in both technology and personnel to match the modernization goals.
  • Section 4. Enhancing Software Supply Chain Security
    • Develop standards, tools, and best practices for secure software development.
    • Enforce secure software development practices.
    • Define and enforce a “Software Bill of Materials (SBOM)”.
    • Define “critical software” and its protection requirements.
    • Consumer labeling programs for IoT and software.
  • Section 5. Establishing a Cyber Safety Review Board
    • Requirements for a new “Cyber Safety Review Board”.
    • All requirements are for the Secretary of Homeland Security and the (yet to be established) Cyber Safety Review Board (“board”).
  • Section 6. Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents; the playbook:
    • Will Incorporate all appropriate NIST standards.
    • Be used by all Federal Civilian Executive Branch (FCEB) Agencies.
    • Will articulate progress and completion through all phases of an incident response.
    • Will allow flexibility so it may be used in support of various response activities.
    • Establishes a requirement that the Director of CISA reviews and validates FCEB Agencies’ incident response and remediation results upon an agency’s completion of its incident response.
    • Defines key terms and use such terms consistently with any statutory definitions.
  • Section 7. Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks
    • The adoption of a Federal Government-wide Endpoint Detection and Response (EDR) initiative.
    • CISA threat hunting on FCEB networks and systems without agency authorization.
    • Information sharing between the Department of Defense and the Department of Homeland Security
  • Section 8. Improving the Federal Government’s Investigative and Remediation Capabilities
    • Types of logs to be maintained.
    • Time periods to retain the logs and other relevant data.
    • Time periods for agencies to enable recommended logging and security requirements.
    • How to protect logs (logs shall be protected by cryptographic methods to ensure integrity once collected and periodically verified against the hashes throughout their retention)
    • Data shall be retained in a manner consistent with all applicable privacy laws and regulations.
    • Ensure that, upon request, agencies provide logs to the Secretary of Homeland Security through the Director of CISA and to the FBI, consistent with applicable law.
    • Permit agencies to share log information, as needed and appropriate, with other Federal agencies for cyber risks or incidents.
  • Section 9. National Security Systems
  • Section 10. Definitions
  • Section 11. General Provisions

This will be a great conversation as Brad and I share our summary, thoughts and opinions on all this!

News

Just time for one news story this week. This one is from Brian Krebs, “Try This One Weird Trick Russian Hackers Hate“.

Wrapping Up – Shout Outs

Who’s getting shout outs this week?

Thank you to all our listeners! Thank you Brad for a great conversation! If you have something you’d like to tell us, feel free to email the show at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh.

Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure.

That’s it. Talk to you all again next week!

…and we’re done.

UNSECURITY Podcast – Ep 101 Show Notes – Election Security

/in /by

Well, it’s already mid-October and the election is 21 days (three weeks) away. Things have never seemed crazier or more divided, at least not in my lifetime. Good fodder for discussion in episode 101 of the UNSECURITY Podcast!

Work-wise things are also crazy, but good. Fourth quarter is always nuts for an information security company, and doesn’t matter is it’s consulting (FRSecure) or SaaS (SecurityStudio). Everyone is running at full capacity and finding life margin is a challenge!

Hope you’re happy and healthy! On the the show; I’m (Evan) leading this show and these are my notes.

SHOW NOTES – Episode 101

Date: Wednesday October 14th, 2020

Episode 101 Topics

  • Opening
  • Catching Up (as per usual)
  • Election Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey there, thank you for tuning into this episode of the UNSECURITY Podcast. The date is October 14th, 2020 and this is episode 101. I’m Evan Francen, your host for this show. Joining me is my good friend and co-host Brad Nigh. Good morning Brad.

[Brad] Brad does Brad.

[Evan] I know we’re a day late getting the podcast out again this week, but holy cow we’ve been busy! We’ll try to get back on track next week.

Brad, I want to reiterate how I enjoyed our discussion the past couple of weeks about the social dilemma, a Netflix documentary about social media and its effects on society. Lots to think about. In fact, I’m planning to watch it again this week.

[Brad] He might comment here.

Catching Up

[Evan] So, what’s new? Tell us what a day in the life of Brad looks like.

[Brad] Cue Brad.

[Evan] I’ll share some stuff too (probably).

Transition

Election Security

[Evan] As you know, we’re only 20 days from the election. If you haven’t registered to vote yet, you should. Go to vote.gov and check it out. Brad have you registered to vote?

[Brad] Cue Brad.

[Evan] I’m registered and ready to cast my ballot! The date is November 3rd.

There’s been much said about election security. A simple Google search of “election security” produces over 2.2 million results! Election security isn’t a new thing, even though it’s been front and center the past few election cycles.

There’s more to election security than protecting voting machines, so let’s talk about this.

Resources

[Evan] There’s a lot more to election security than infrastructure. What about voter intimidation, disinformation, and security after election night? We’re talking about disinformation on Thursday night’s Security Sh*t Show because this is a significant issue in today’s society.

Election Security Discussion

Open discussion

[Evan] Good discussion! Securing an election has never been more difficult. Let’s catchup on some news quick.

News

[Evan] Here are some recent and interesting news stories to talk about.

Wrapping Up – Shout outs

[Evan] Great! Episode 101 is just about complete. Thanks Brad, do you have any shout outs this week?

[Brad] We’ll see.

[Evan] Always grateful for our listeners! We’re behind on email, but we’ll promise to respond soon. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

UNSECURITY Podcast – Episode 97 Show Notes

/in /by

Good morning! Happy Tuesday!

Thinking Brad is back again this week. I dig that because I dig Brad!

Last week, Brad was out feeling sick. This led to a solo recording of the UNSECURITY Podcast; go check out episode 96 if you want to hear me do my most awkward podcast yet.

Busy, Busy, Busy

We’ve been very busy around here, and it sounds like many of you are too. There are many good signs recently that the economy may be rebounding. The positives:

  • Elections – although the next 50ish days are going to be chaotic, there will be some settling in after the elections are complete. Regardless of which way you swing (blue or red), the completion of an election cycle brings a sense of stability.
  • COVID-19 – there’s been a lot of positive news about medical treatments and possible vaccines. The sooner we can put the pandemic behind us, the better. Once the pandemic is behind us (closer with each passing day), the economy should settle.
  • Markets – the stock and housing markets have held there own through all the chaos of 2020. This is a good sign of good things ahead in our opinion.

Busy is good, and it would take a small book to tell you all the good things going on at SecurityStudio and FRSecure! SecurityStudio is well on it’s way to being a very healthy and profitable SaaS company and FRSecure is exploring expansion (acquisition, merger, and/or geographic expansion).

I sincerely hope you and your family are well!

Why Can’t We All Just Get Along?

Today’s topic is about our divisiveness in world today and what it means to our industry. We’ll be careful to be respectful of other people’s opinions as we navigate these waters, and this may be a good segue into a future series we’ve been thinking about recently; “Politics and Information Security”.

Let’s get on it. The show notes…

SHOW NOTES – Episode 97

Date: Tuesday, September 8st, 2020

Episode 97 Topics

  • Opening
  • Catching Up
  • Why Can’t We All Just Along?
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone. Thanks for tuning in. The date is September 15th, 2020 and this is episode 97 of the UNSECURITY Podcast! I’m your host, Evan Francen, and back with me this week is my good friend, Brad Nigh! Good morning Brad.

[Brad] Good things from this dude.

[Evan] Well, you were out ill last week. How you feeling? What’s new?

Catching Up

[Evan] Regular listeners to our show know that Brad and I normally start off with catching up with each other. Let’s do it.

Topics:

[Evan] Did you get a chance to hear last week’s episode? It was definitely awkward doing the show alone for the first time!

Transition

Why Can’t We All Just Get Along?

[Evan] It’s crazy how much information security reflects life and vice versa. I’ve been thinking about what our next series should be, and I’m always interested in tackling serious topics. We’re in the middle of an election cycle right now and I can’t remember a time when our country has been more divided than it is today. Me being me, I want to talk about it with you (Brad).

What are your first thoughts about the divisiveness in our country today?

[Brad] Chimin’ in.

[Evan] Here’s what I’d like to explore with you:

  • General divisiveness (political, social, information security, etc.)
    • Intimidation/bullying for sharing your thoughts, opinions, disagreements, etc.
    • When you find someone being a jerk or speaking/writing nonsense.
  • Outside Influences to Information Security
    • Today’s political climate.
    • Where do we find facts vs. opinions?
  • Within Information Security
    • How do we think our divisiveness affects information security?
    • Putting down others (competition, other professionals, etc.).
    • The divide between us and the business.
  • A couple of podcast reviews.

 

[Evan] I’m thinking about doing a series titled “Politics and Information Security”. We could interview special guests form both sides of the isle and get their opinions on all sorts of things. What would set us apart is respectfulness. We would do this in a way that respects opinions without attacking and bullying. This could be a great opportunity to set an example for others on how to discuss hot topics without beating each other up. What do you think?

[Brad] We’ll see what he thinks…

[Evan] The timing seems right to do a series like this. Alright. More to come on that! Let’s do newsy stuff now.

News

[Evan] Here’s some news I thought was interesting:

Wrapping Up – Shout outs

[Evan] OK. That’s about it. Episode 97 is almost a wrap. Brad, any shout outs this week?

[Brad] Shout out…

[Evan] It’s nice to have you back man. We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!