Posts

UNSECURITY Episode 131 Show Notes

Apologies for not posting something about last week’s show, episode 130. We were honored and pleased to welcome John Strand from Black Hills Information Security as our guest. John, Brad and talked openly about John’s path through information security, what Black Hills is working on, the different pockets of security people, why it’s important to work together as information security vendors to improve the community, and John’s latest Pay What You Can (PWYC) Series.

It was a GREAT talk and we’re VERY grateful that John stopped by. Check out episode 130 here; https://podcasts.apple.com/us/podcast/unsecurity-episode-130-john-strand-black-hills-information/id1442520920?i=1000520139261

Episode 131

Pumped about this week’s show!

My good friend, Security Shit Show co-host, hacker extraordinaire, and all around great guy Chris Roberts is stopping in for a chat.

Special Guest – Chris Roberts

Chris and I (Evan) were introduced to each other by our mutual friend Tony Cole maybe three years ago, but we didn’t get to know each other well until the last 13, 14 months. We’re both REALLY busy guys, so our circles just didn’t cross much. In the past year, we’ve gotten to know each other quite well which is no surprise seeing that we spend more than two hours together each week on the Security Shit Show with Ryan Cloutier (another great guy).

Things about Chris:

From his LinkedIn Profile:

  • Currently the Chief Security Strategist for Cynet Security (among many other things)
  • Currently an Executive Committee Member at the CyberEdBoard Community
  • Currently an Advisor, Researcher, Hacker, Etc. at HillBilly Hit Squad
  • Currently co-host of The Security Shit Show
  • Former Chief Security Strategist at Attivo Networks, Inc.
  • Former Chief of Adversarial Research and Engineering at LARES Consulting
  • Former Chief Security Architect at Acalvio Technologies
  • Former Senior Consultant at Sentinel Global LLC
  • Founder of One World Labs
  • Former Managing Director Electronic Intelligence/Principal Investigator at Cyopsis, LLC
  • Former President/CEO at CCi5, Inc.
  • Former Director of Coalfire Labs at Coalfire Systems, Inc.
  • and on and on…

Chris has been all over the world and all over the United States doing crazy cool hacker stuff at every stop.

He is truly on of my favorite people on the planet to talk to! Always a good time.

Other Guests – Past, Present, and Future

Lots of GREAT conversations with lots of GREAT information security folks!


SHOW NOTES – Episode 131 – Tuesday May 11th, 2021

Opening

[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 131, and the date is May 11th, 2021. Joining me is my good friend, infosec buddy and partner in crime.

Also joining the UNSECURITY Podcast is our special guest, Mr. Chris Roberts! Welcome my friend. It’s an honor to have you on our show!

Introducing Chris Roberts

  • Let’s start with trying to figure out how Chris first got into the information security industry.
  • Next, we’ll see how far we can get down his career path before 1) we start chasing squirrels (we’re both ADD) or 2) we run out of time (because there’s A LOT there).
  • The Colonial Pipeline Attack and global security tensions/consequences.
  • Current projects.
  • Current events.

We’ll see if we get to his plane hacking antics too, but I’m not sure we’ll have the time.

News

We’ll probably skip news in this show. Guessing that Brad, Ron, and myself will have no problem filling the entire show with good discussion.

Wrapping Up – Shout Outs

Who’s getting shout outs this week?

Thank you to all our listeners! HUGE thank you to Chris for joining us. If you have something you’d like to tell us, feel free to email the show at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh.

Chris is easy to find, but can be reached on LinkedIn and Twitter (@Sidragon1).

Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure.

That’s it. Talk to you all again next week!

…and we’re done.

WARNING – Foul language

For those of you who are offended by foul language, please stop reading OR continue reading at your own risk.

The Security Shit Show

You knew about this, right? Well, maybe. In case you didn’t, I’ll tell you a bit about it now.

NOTE: We’ve already done ten shows, I’ll post another article highlighting the shows we’ve done so far.

The Security Shit Show is a live video/podcast that three friends put together; me, Ryan Cloutier, and Chris Roberts. We’re information security veterans (some call us “experts”) with more than 70 years of combined experience who have a lot of shit to get off our chest. The information security industry isn’t all hunky-dory; we’re doing a lot of things wrong and people are suffering because of it.

You can be the “fly on the wall” or you can interact with us live (we keep the chat going).

Here’s the lowdown for our show…

Name

The Security Shit Show

You can take this name two ways; either we’re calling security a shit show, or we’re discussing security shit on the show. The answer is “yes”.

Purpose

Provide people with the real shit going down in our industry, and always discuss ideas about what people can do to make things better.

This is not a commercial podcast, meaning we won’t be hocking product or taking sponsors. We suppose this could change sometime in the future, but probably not.

Format

Three experienced and (a little) crazy information security veterans talking real shit, unfiltered, and raw.

  • This is no holds barred. The show starts fast with a topic, and the three experts get into the shit right away.
  • Nothing but truth and honest opinion, coming from the combined ~70 years of experience.
  • For each show, one of the three of us brings a topic.
    • This rotates each show. For example, Chris brings a topic one show, Evan brings a topic the next show, Ryan brings a topic the show after that, then back to Chris again.
    • First half of the show is raw, honest, hard, discussion about the topic.
    • Second half of the show is cool down time which is probably good for Evan’s blood pressure. 😉 This is where we discuss ideas, solutions and advice for our listeners. If we don’t have any good advice, we’ll say it and ask listeners to give us some to share.
    • Guests maybe occasionally welcomed.
  • This is an adult show. Swearing is permitted, but not required. We’re just going to be who we really are. If we let an occasional “fuck”, “shit”, “asshole”, or “wanker” out, so be it. There are certain swear words that will never be used, but the three of us don’t use those anyway.
  • This show isn’t politically correct, but it’s also not intended to offend anyone (except maybe those who need to be offended).
  • There’s no racism, no religious BS, maybe a teeny-weeny bit of politics, but certainly no discrimination of any kind.
  • The focus is helping people with our raw take on things and a sense of humor.
  • Our information security industry is screwed up and helping to fix it is the ultimate focus.
Length

We plan for a minimum of an hour, but we don’t really care. We’ll keep talking as long as there’s something relevant and (somewhat) valuable to say. When we’re done talking, we’ll be done talking.

Schedule

Weekly. We do the shows live each Thursday night @ 10pm CDT.

If you can’t make the live show, the recording is available immediately afterwards here; https://www.youtube.com/channel/UCIt8MkGaS-y-BKGJ9wrirFA?.

The podcast is usually published on Monday mornings, and you can find these here; https://podcasts.apple.com/us/podcast/the-security-shit-show/id1513813641

Topics

Usually, we publish the topic ahead of time on our blog (https://securityshitshow.com) and in our Twitter feed (https://twitter.com/security_shit).

Tech

We’ll be talking to each other from the road or our homes. Chris’ home base is Colorado, and if you know him, he travels often (but not as much now with COVID-19). Ryan does an adequate amount of travel too. Evan, he’s random, so we won’t know where he’s at on any given day.

So, the tech consists of what we can bring around with us.

Other Stuff

We anticipate a lot of activity related to our show, so I’ll try to post these things as they become available.

Follow us on Twitter

Not sure if Twitter is good for our health, but we do some tweeting everyone once in a while anyway.

Our first episode (“Security Shit Show – Episode #1“) was recorded on May 14th, 2020, and we’ve done another nine episodes since. Go check it out!

One more thing, even though Evan and Chris have badass beards, you don’t need to have a bad ass beard to be one of us. For one, look at Ryan. For two, there are many amazing information security ladies out there too!

The UNSECURITY Podcast – Episode 80 Show Notes – Zero Trust

We write our show notes either at the end of the week (Friday) or at the very beginning of the next (Sunday). It’s easier to remember the things that happened during the week on Friday than Sunday, that’s for sure! Only one day away (Saturday), and it’s easy to forget all that we did.

Most weeks are crazy, for us at FRSecure and SecurityStudio, and for people in general.

Normal(ish)

Are you feeling like things are slowly returning to normal? I am, and it’s great news! Personally, I don’t like the term “new normal”. I think I don’t like it because I feel like people have twisted it to serve their own desires and/or opinions without any factual basis. Normal is normal, and the greatest abnormality (in my opinion) has been our lack of in-person contact. We’ve been built, or wired, for analog personal interaction. Digital, online interaction will never substitute for it, and the longer we go without it, the more mentally unhealthy we become.

Four Things

Last week was a great week! Four cool things stand out in particular:

  1. Last week’s podcast was awesome! I love every opportunity to chat with Brad, and it’s a blessing to hang out every Monday morning. Recording episode 79 was a great way to kick things off last week. If you missed it, we talked about information security in K12, and you should go catch it.
  2. We made great progress in helping state governments last week! Had a great conversation with Minnesota’s CISO, Rohit Tandon, on Wednesday as we discussed third-party information security risk management. This was followed by the scheduling of a similar meeting with the State of New Mexico and joining the National Association of State CIOs (NASCIO) Cybersecurity Committee on Thursday.
  3. Chris Roberts, Ryan Cloutier, and I did Episode #1 of The Security Shit Show on Thursday night. It was a ton of fun hanging out with these guys! We’re planning to do our episodes/shows live every Thursday night at 10pm CDT, record them for future playback, and use he audio for our podcast. It’s definitely entertaining for our viewers/listeners and therapeutic for us. Be sure to tune in if you can!
  4. The Daily inSANITY Check-ins are still going strong, and this past week was great! People supporting each other and helping where we can is what it’s all about. Come join us when you can.

There were many great things about last week, but these were the four that came to mind when I sat down to write these show notes.

Speaking of show notes, let’s get to it! Today we’re going to talk about Zero Trust; what it is, why it’s a hot topic today, and what you should be doing about it.


SHOW NOTES – Episode 80

Date: Monday, May 18th, 2020

Episode 80 Topics

  • Opening
  • Catching Up (as per usual)
  • Zero Trust
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey everyone! Welcome to the UNSECURITY Podcast. This is episode 80, the date is May 18th, 2020, and I’m Evan Francen. With me today is my co-host, Brad Nigh. Good morning Brad!

[Brad] We’ll see what sort of mood Brad is in this morning…

[Evan] We’ve got a good show planned today! There’s this thing called “zero trust” that people are talking about, and I thought it’d be good for you and I to discuss it. Personally, I’ve received a lot of questions about it, and I’m sure you have too Brad. Like always, before we dig in, let’s catch up. What were some highlights for you from last week and how was your weekend?

Catching Up

Quick discussion about last week, last weekend, COVID-19, life, and other stuff.

Zero Trust

[Evan] A simple Google search of Zero Trust turns up “About 691,000,000 results”. A Google search of “Zero Trust” (with quotes) turns up “About 1,940,000 results“. So, clearly there are a lot of people who know what it means, right? Here’s some returns from the first page of search results:

The fact that there are so many “what is zero trust?” search returns might be a hint that people are confused. Let’s tackle this!

Zero Trust Discussion

Let’s try to clear some of the confusion:

  • What is Zero Trust?
  • Is it really new?
  • Is Zero Trust possible?
  • If I want Zero Trust, what do I need to do?
  • What common mistakes should I look out for?

[Evan] Alright. Good talk Brad. Thanks for sharing your insight! I think our listeners have a clearer picture of Zero Trust and what it means to them. If they have additional questions or comments, they can always contact us for more!

News

[Evan] News stuff! What the heck happened in the world last week? Let’s see…

I found four articles that caught my attention. Let’s talk about them!

Wrapping Up – Shout outs

[Evan] Never a shortage of things to talk about in this industry is there? Well, episode 80 of the UNSECURITY Podcast is just about a wrap. Brad, you have any shoutouts?

[Brad] Maybe he does, maybe he doesn’t…

[Evan] Here’s mine…

[Evan] Can’t say enough thanks to our listeners! Crazy how we run into you in all sorts of places. Stay safe and let us know how we can help you. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh. Thinking about coming to hang out at the Daily inSANITY Check-in? You can follow this on Twitter too at @InSanityIn.

There you go, have a great week!

The UNSECURITY Podcast – Episode 76 Show Notes – Tough Times

Keeping the show notes short this week. We have a special guest, a great friend of mine, Serge Suponitskiy!

There are many, many things going on around here (@FRSecure and @SecurityStudio). I can’t recap everything for you, to do so would be very time consuming. There was one highlight from last week that stood out from the rest though…

2020 FRSecure CISSP Mentor Program

The 2020 FRSecure CISSP Mentor Program kicked off last week with Class #1 on Monday (4/13) and Class #2 on Wednesday (4/15)! It’s crazy, this is the 11th consecutive year of our free training program. With 1,444 students registered in 2020, we have now helped more than 2,825 students over the years!

We’ve had many people try to convince us to charge for this, even if only a small sum, but the answer is always “NO”. This is one of the ways we try to give back to our community, and we’ll continue to do this well into the future. We have done this since 2010, well before COVID-19 showed up at our front door.

Since COVID-19, we moved class to 100% online, with live streaming to YouTube. We archive the videos so anyone can watch any time (even those who never registered). The archives are here:

We’ve also setup an online study group. The study group, as of this morning, has 470 active members.

Here’s to a great 2020 program, and here’s to much success for the students!

On to the episode 76 show notes now.


SHOW NOTES – Episode 76

Date: Monday, April 20th, 2020

Episode 76 Topics

Opening

[Evan] Good morning everyone! This is the 76th episode of the UNSECURITY Podcast. The date is April 20th, 2020 and I’m Evan Francen. Joining me is my co-host Brad Nigh.

Good morning Brad.

[Brad] Brad says “hi”.

[Evan] We have a special guest! Let me give you a little background about this guy.

He’s a global business and technology leader with more than 20 years experience building enterprise innovative solutions. He’s guided many organizations through successful transformations, but arguably none more difficult than the one he’s currently facing with COVID-19. He’s currently working at Fight Centre, a global travel company, and as you know, the travel industry has been decimated by the pandemic.

His name is Serge Suponitskiy, and he’s the CTO, CISO, and now interim CIO at Flight Centre, Americas Region.

Welcome Serge!

[Serge] Serge does Serge.

Catching Up

[Evan] As is customary for us, before we jump in to the meat of the show, let’s catch up. If you’re a new listener, you might not know the first motivator for starting the UNSECURITY Podcast. It was to spend an hour shootin’ the breeze with Brad. So what’s up guys? How’s things?

Catching up. Recent events. Coping with *&#!

Introducing our Special Guest

[Evan] I invited Serge to our show for a couple of reasons, the first is, I really like the guy. He’s somebody I respect. The second reason I invited him was to get his perspective on dealing with COVID-19. Serge works in the travel industry, and everything in the travel industry has been turned upside down. He works for Flight Centre, a really great company, and it’s crazy what’s happening…

Topics for discussion:

  • Welcome Serge!
  • Our history and past together.
  • What’s happened to the travel industry since COVID-19?
  • What’s changed for you and your company?
  • What’s the focus for the next 3-6 months?
  • What do you think Flight Centre looks like on the other side?

[Evan] Thank you Serge. You’re a helluva guy and I’m sure everything will work out OK, even if it doesn’t seem like it sometimes.

Middle School Fight

[Evan] Interesting happenings last week between to industry middleweights; Rapid7 and Qualys. I’d like to get your take guys. On Thursday, I get this email…

It goes on…

[Evan] This sort of thing gets under my skin. In our industry, which is about serving and protecting people, we’re supposed to be better than this. So I wrote a short post on LinkedIn and reached out to my friend Chris Roberts for a sanity check.

Here this skinny:

[Evan] What do you guys (Brad and Serge) think about this?

Discussing the middle school playground fight between Rapid7 and Qualys.

News

[Evan] Just one news story this week; IT Services Giant Cognizant Hit by Maze Ransomware Cyber Attack.

Wrapping Up – Shout outs

[Evan] Alright, good show. Thank you for joining us Serge.

[Serge] May or may not say something.

[Evan] Lots going on this week. We continue our Daily inSANITY Checkins, everyone is welcome to join us. Just register online and you’ll get the invites. We also continue the CISSP Mentor Program with classes on Monday and Wednesday. Brad’s teaching tonight and Ryan (“cola”) Cloutier is teaching on Wednesday. I get the week off!

OK, shout out time. Brad, who you want to give a shout out to?

[Brad] We’ll see if he’s got someone.

[Evan] Serge, how about you? You have someone you want to give a shout out to?

[Serge] Maybe he does, maybe he doesn’t.

[Evan] I’d like to give a shout out to __________!

Well, that’s a wrap.

Huge thank you to our listeners. Episode 76 is about to go in the can. We love hearing from you, so if you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, feel free to follow us on Twitter. You can find me @evanfrancen, you can find Brad @BradNigh, and you can find Serge too @SergeSup.

That’s it. Talk to you all again next week!