Posts

The UNSECURITY Podcast – Episode 62 Show Notes – Iran and Stuff

Still in Cancun for another week (Evan). I know, poor me.

One thing is certain. It doesn’t matter what I’m doing or what you’re doing, the world doesn’t pause and wait for you. Attackers still attack and defenders still defend. Some of us are thriving and others of us are just struggling to survive.

So, the big worldwide news this past week was the U.S. spat with Iran. It was immediately politicized, as we would expect, but what does it mean to you, me, and the world of information security? Let’s talk about this.

A few of you took me up on my offer last week for a free copy of UNSECURITY. Your books are being sent soon.

If you haven’t read my first book, I invite you to. You can either purchase it, or if you’re with us on our mission to fix the brokenness in our industry, contact me (Twitter, LinkedIn, email, etc.) and tell me so. I’ll send you a free signed copy! P.S. I’m not publicizing this everywhere, so let’s see if your paying attention.

I’m supposed to be leading the show this week, but I’m still out of the office. Brad and Ryan should be in studio for this episode, and I’ll call in again.

These are my notes (Evan).


SHOW NOTES – Episode 62

Date: Monday, January 13th, 2020

Show Topics:

Our topics this week:

  • Opening – Catching up
  • U.S. and Iran
    • What does it mean for information security?
    • What does it mean for you and me?
    • Avoiding collateral damage
  •  News
    • Is Microsoft sharing Skype and Cortana audio with the Chinese?
    • Security tips for college students
    • Amazon Ring employees caught snooping
  • Contact Us – featuring people looking for jobs in information security
Opening

[Brad] Hey UNSECURITY Podcast listeners! This is episode 62 and the date is January 13th, 2020. I’m Brad Nigh, your host for today’s show. Joining me in studio is Ryan Cloutier and by phone is Evan Francen. Hi guys.

[Ryan & Evan] We’re welcoming fellas, so we’ll say “hi” or something here.

[Brad] Let’s catch up quick. How was your week and what’s going?

Catching Up Discussion

Who’s doing what?

  • Ryan’s first week at SecurityStudio.
    • What was it like?
    • Anything newsworthy or exciting?
  • Brad’s crazy week.
    • Most weeks are crazy. What was craziest?
    • What are you excited about?
  • Evan in Cancun.
    • Chillin’ or workin’?
    • How’s the book coming along?

[Brad] Cool. Good things last week and coming up this week.

Switching gears a bit. I want to discuss a topic that’s on many people’s minds; the conflict between the United States and Iran, and what effect it has on our daily information security/cybersecurity lives.

U.S., Iran, and Information Security Discussion

Very significant events have taken place over the past few weeks. Events that impact our world as we know it; politically, economically, and from an information security (or cybersecurity) perspective. Let’s stay out of the politics as much as we can and leave the economic discussion to the economics experts.

What I’d like to discuss is how these current events affect us with respect to information security. We should all be concerned about how these things affect our ability to protect ourselves, our families, our schools, our workplaces, and our local governments.

First a little background on the current events:

  • December 27th, 2019 – The K-1 Air Base in Iraq was attacked killing an American civilian contractor, injuring four U.S. service members and injuring two Iraqi security forces personnel. The U.S. blamed Iranian-backed militia for the attack.
  • December 29th, 2019 – The United States attacked five Hezbollah positions in Iraq and Syria resulting is an at least 25 killed militia members and another 55 wounded.
  • December 31st, 2019 – January 1st, 2020 – Hezbollah militiamen, their supporters and sympathizers attacked the U.S. embassy in the Green Zone of Baghdad. The United States blamed Iran and its non-state allies for orchestrating the attack. No deaths or serious injuries occurred during the attack and protesters never breached the main compound.
  • January 3rd, 2020 – A targeted U.S. drone strike killed the commander of the Islamic Revolutionary Guard Corps (IRGC) Quds Force, Qasem Soleimani. Soleimani was considered to be the second most powerful person in Iran.
  • January 8th, 2020 – The Iranian military launched numerous ballistic missiles at two airbases in Iraq. there were neither American nor Iraqi casualties. Hours after the initial Iranian missile attacks, a Boeing 737-800 (Ukrainian International Airlines Flight 752) crashed shortly after takeoff from Tehran Imam Khomeini International Airport, killing all 176 passengers on board. Iran initially claimed the cause of the crash was mechanical failure.
  • January 11th, 2020 – A video showing the moment Flight 752  was hit by an Iranian missile was published by The New York Times. The Iranian government was forced to admit that it “inadvertently” shot the plane out of the sky. A wave of anti-government protests have now emerged across Iran.

Phew! These are only the latest events in decades of conflict between the two nations.

So, back to the point of our discussion. I’d like us to share our opinions, and hear the opinions of our listeners this week. You know what they say about opinions, right?

  • What does it mean for information security?
  • What does it mean for you and me?
  • How can we avoid collateral damage?

Some sources of information to guide our discussion:

[Brad] Great discussion and plenty of healthy opinion. I think the same things hold true for us that have always held true:

  1. Focus on what you can do to protect your area of influence (your habits, at home, at work, etc.)
  2. Master the fundamentals. We can’t control what Iran or the United States does, but we can make it a little less likely that we’ll be a victim in all this.
News

Now for some (other) news. Here are three newsy things that caught our attention last week.

Closing

[Brad] OK, that’ll just about do it. Be careful out there.

One last thing before we close this show out. Are you or someone you know looking for a job in information security? If so, we’d love to hear from you and help out where we can. Email us at unsecurity@protonmail.com and we’ll chat.

If you’re the social type, socialize with us on Twitter, I’m @BradNigh, Ryan can be found at @CLOUTIERSEC, and Evan’s in his usual spot, @evanfrancen.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 58 Show Notes

We welcome Mike Dronen to be our guest in episode 58 of the UNSECURITY Podcast! Mike is the Executive Director of Technology for Minnetonka Public Schools (District 276), and he’s joining us to talk about information security challenges facing K-12.

In case you missed the past couple of weeks, we talked a ton about legal and privacy stuff with our favorite data privacy and “cybersecurity” attorney, Justin Webb. Justin works for Godfrey & Kahn, S.C. in Milwaukee, and here’s what we covered:

Lots of good content and advice in these past couple of episodes. This week with Mike Dronnen is sure to be great too!

I’m leading the show this week, and here are my notes.


SHOW NOTES – Episode 58

Date: Monday, December 16th, 2019

Show Topics:

Our topics this week:

  • Information Security Challenges in K-12
    • Article: The Cybersecurity Threats That Keep K–12 CIOs Up at Night
    • How does information security work in K-12?
    • What makes K-12 different than everywhere else?
    • What are there differences between large school districts and smaller ones?
    • What tips do we have for administrators?
    • What tips do we have for educators?
    • What tips do we have for parents?
  • News
Opening

[Evan] Welcome back! This is episode 58 of the UNSECURITY Podcast, and I’m your host this week, Evan Francen. Today is December 16th, and joining me is my co-host, Brad Nigh. Good morning Brad.

[Brad] We’ll see how awake he is this fine Monday morning.

[Evan] We’ve had a couple of great shows the past couple of weeks. We learned a lot from our guest, Justin Webb. We talked a ton about privacy things and legal things. This week we’re going to shift gears a bit, and talk about information security in K-12. To help us navigate these waters, I’ve invited the Executive Director of Technology from Minnetonka Public Schools to our show. Minnetonka is my alma mater, and Mike Dronnen is a good friend. Welcome Mike!

[Mike] Mike’s a good guy. He’ll surely say “hi” or something.

[Evan] Mike, we’re excited to have you on the show for a number of reasons. You’re a good guy, I’m a Skipper, and Brad’s got some kids in your district too. Thank you for joining, especially on short notice.

Before we dive in, I like to check-in. Mike, how you doing? How was your week and what do you expect this week?

[Mike] Mike shares what he’d like to share.

[Evan] And Brad. How are you and what’s up?

[Brad] Sharing is caring.

[Evan] We’re all busy. Hopefully, health busy. My quick recap…

Alright, let’s talk about information security in K-12, shall we?

Discussion about information security challenges in K-12
  • Article: The Cybersecurity Threats That Keep K–12 CIOs Up at Night
  • How does information security work in K-12?
  • What makes K-12 different than everywhere else?
  • What are there differences between large school districts and smaller ones?
  • What tips do we have for administrators?
  • What tips do we have for educators?
  • What tips do we have for parents?

[Evan] Another great discussion. There are some real challenges for K-12, and I think we’ve all got some skin in this game to do the best we can. Thanks Mike!

Let’s do some news…

News

[Evan] Always plenty of things to talk about in the news, and here’s a few stories that caught my eye this week:

Closing

[Evan] That’s it. Episode 58 is a wrap. Thank you to Mike for joining us and for sharing your perspectives on K-12 information security!

Thank you to our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. Mike, is there a way you prefer for people to interact with you?

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 57 Show Notes

This week we continue the conversation with our special guest, Justin Webb. Justin is a Data Privacy & Cybersecurity Attorney, and the Chief Information Security Officer at Godfrey & Kahn, S.C. in Milwaukee.

If you missed last week’s show (episode 56), we talked about Target’s lawsuit against Chubb and China’s Cryptography Law. China’s Cryptography Law goes into effect on January 1st, and there are multiple perspectives about what it will mean for commerce, including this recent take from International Financial Law Review (IFLR).

Justin’s insights were so good, we invited him back! This week, we’re going to talk about the California Consumer Privacy Act (CCPA).

Brad’s leading the show this week, and here are my notes.


SHOW NOTES – Episode 57

Date: Monday, December 9th, 2019

Show Topics:

Our topics this week:

  • The California Consumer Privacy Act (CCPA)
    • What is CCPA?
    • How is CCPA similar to GDPR, and how is it different?
    • Who does CCPA apply to?
    • What are the consequences of non-compliance?
    • What advice do we have for organizations?
    • What do we think is in the future with CCPA?
    • What do we expect other states to do?
  • New Show Format (reminder)
  • News
Opening

[Brad] Welcome back! This is episode 57 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is December 9th, and joining me is my co-host, Evan Francen. Good morning Evan.

[EvanIs it? We’ll find out.

[Brad] We have a great show planned today. This is the 2nd part of our first two-part show, and we welcome back our favorite data privacy attorney, Justin Webb. Hi Justin.

[Justin] Justin will likely say “hi” and some other things.

[Brad] In last week’s show, episode 56, we discussed a lot. We talked at length about the Target lawsuit against Chubb and we talked about China’s Cryptography Law. We intended to talk about the California Consumer Privacy Act (or “CCPA”), but we decided to move it to today’s show in order to give it more of the attention it deserves.

Before we dive in to CCPA, let’s check in quick. Guys, how was your week last week? We’ll start with you Justin.

[Justin] Justin shares what he’d like to share.

[Brad] My week was…  How about you, Evan?

[Evan] Sharing is caring.

[Brad] Alright, let’s get into this whole CCPA thing.

California Consumer Privacy Act (CCPA) discussion

Most of this show is dedicated to this discussion.

A few California Consumer Privacy Act (CCPA), references:

[Brad] Awesome discussion! I think our listeners will get some real value out of this. One quick housekeeping thing before we get into the news.

New Show Format (reminder)

[Brad] Just a quick reminder about the upcoming new addition to the show, starting after the first of the year. We’re devoting ten minutes of each show to anyone who’s looking for a job in the information security industry. Email us at unsecurity@protonmail.com if you want your slot! We’ll respond to you on a first come, first serve basis.

We’ve already received some emails, which is super cool!

If you’re chosen, and the time works out, we’ll invite you on to our show to learn about you. Think of this as a quick 10 minute interview. We’ll work out the kinks between now and the time we kick this off, but we’ll have a standard format defined by then.

If you’re looking for a job, use us to help you get the word out! Stay tuned, we’ll mention this a few more times before we make this change official.

OK, now some news…

News

[Brad] OK, lots of things this week, but we’ll focus on a few news stories.

Closing

[Brad] That’s it. Episode 57 is a wrap. Thank you to Justin for joining us and for sharing your perspective again! We’ve got another great show planned for next week, but we’re not letting the cat out of the bag just yet.

Thank you to our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan’s @evanfrancen. If you’d like to get in touch with Justin, you can find him on LinkedIn.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 56 Show Notes

Brad and I hope you had a wonderful Thanksgiving holiday! We have so many things to be thankful for, including our faith, our families, our work families (FRSecure and SecurityStudio), our friends, our partners, our clients, and last, but not least, our UNSECURITY Podcast listeners!

Our listeners make our podcast worthwhile.

If you missed last week, we introduced you to one of the most amazing 15 year-old kids you’ll ever meet, Zoe Bundy. She’s an all around awesome gal, and the founder of Brainy Ladies. Give it a listen. You won’t be disappointed!

This week we welcome another special guest, Justin Webb. Justin is a “Data Privacy & Cybersecurity Attorney / Chief Information Security Officer at Godfrey & Kahn, S.C.”. We’re going to talk to Justin about all sorts of legal information security and privacy stuff. It’ll be like 30-40 minutes of free legal advice (sort of)!

I’m (Evan) leading the show this week, and here are my notes.


SHOW NOTES – Episode 56

Date: Monday, December 2nd, 2019

Show Topics:

Our topics this week:

  • Introducing Justin Webb
    • Who is Justin Webb?
    • Target vs. Chubb
    • The California Consumer Privacy Act (CCPA)
    • China’s Cryptography Law
  • New Show Format (reminder)
  • News
Opening

[Evan] Welcome back! Unless you’re lost, you know this is the UNSECURITY Podcast. This is episode 56, and I’m Evan Francen, your host. The date is December 2nd, and joining me is my buddy Brad Nigh. Sup Brad?

[BradShares some of the simple things in life.

[Evan] How was your Thanksgiving holiday?

[Brad] Great, duh!

[Evan] We have another awesome show planned today! A couple of weeks ago, I read a news story about Target suing Chubb, their insurance provider, about claims related to the infamous Target breach of 2013. Here we are, six years later, and the fallout continues.

People who know my past, know that I spent twenty-one months consulting the Special Litigation Committee (SLC) of Target Corporation’s Board of Directors who addressed the derivative claims
arising out of the December 2013 data breach. I mention this only because I’m still obligated to maintain confidentiality from this work, and for perspective. I was privileged to see almost everything about this breach, or at least it seemed that way.

So, I read the news about this lawsuit, and I figured I’d reach out to my favorite cyber-insurance guy, David Kruse and get his take. David introduced me to this cool cat, Justin Webb, an information security stud and data privacy attorney with Godfrey & Kahn, a leading law firm out of Milwaukee, Wisconsin.

Welcome Justin!

[Justin] Justin does Justin.

[Evan] I’m sort of looking at this like we get 30 minutes or so of free legal advice. Right?

[Justin] Probably not right, but whatever.

[Evan] We’re very excited to have you join us Justin!

Discussion with Justin

Conversation items:

[Evan] Good stuff! Legalling is exhausting. Thank you Justin for providing your insight and advice!

New Show Format Discussion (reminder)

[Evan] Just a quick reminder about the upcoming new addition to the show, starting after the first of the year. We’re devoting ten minutes of each show to anyone who’s looking for a job in the information security industry. Email us at unsecurity@protonmail.com if you want your slot! We’ll respond to you on a first come, first serve basis.

We’ve already received some emails, which is super cool!

If you’re chosen, and the time works out, we’ll invite you on to our show to learn about you. Think of this as a quick 10 minute interview. We’ll work out the kinks between now and the time we kick this off, but we’ll have a standard format defined by then.

If you’re looking for a job, use us to help you get the word out! Stay tuned, we’ll mention this a few more times before we make this change official.

OK, now some news…

News

[Evan] Alright, what the heck happened this last week? Let’s see…

Closing

[Evan] That’s it. Episode 56 is a wrap. Thank you to Justin Webb for joining us and for sharing your perspective.

Thank you to our listeners! Keep the questions and feedback coming. We’re still a little behind on responding right now, so please be patient with us. We love your feedback. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh. Justin, how do you want people to socialize with you?

Follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies there too!

That’s it! Talk to you all again next week!