Posts

Episode 106 Show Notes – Infosec @ Home

/in /by

Hey there, it’s time for episode 106 of the UNSECURITY Podcast!

Short introduction today. Too much going on to get too wordy for now.

We’ll just jump right in to the show notes, if you don’t mind. This is Evan, I’m leading the discussion today, and these are my notes…

SHOW NOTES – Episode 106

Date: Tuesday November 17th, 2020

Episode 106 Topics

  • Opening
  • Catching Up
  •  Information Security @ Home
    • So, what’s the big deal?
    • Taking inventory (what do you got?)
    • What do we (Brad and I) do?
    • S2Me – Today and a sneak peek in v3
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey there! Thank you for tuning in to this episode the UNSECURITY Podcast. This is episode 106, the date is November 17th 2020, and I’m your host, Evan Francen. Joining me as usual is my good friend and co-worker, Brad Nigh. Good morning Mr. Nigh.

[Brad] Cue Brad.

[Evan] Man, I haven’t talked to you since last week on the podcast. What’s up, what’s new?

[Brad] Cue Brad.

Quick Catchup

It’s 4th quarter, so I’m guessing we’re both running pretty low on fuel. Personally, I have a cruddy attitude this morning, so this’ll be fun.

Topics:

  • Brad’s stuff. What’s he been up to, what’s he working on, and what’s a day in the life of Brad look like?
  • Great talk with Oscar Minks (last week’s guest) yesterday morning; U.S. incident response capabilities, cyberinsurance brokenness, etc.
  • Security Sh*t Show – what’s new here.
  • The book (UNSECURITY) is now in the Cybersecurity Cannon!
  • Maybe another thing or two.

Transition

Information Security @ Home

[Evan] So, this weekend, I figured I go grab another Raspberry Pi to play with. I want to build a plug and play home information security device. First thing, figure out how to compile a good inventory of everything on my home network.

This is where the story begins…

Topics:

  • So, what’s the big deal?
  • Taking inventory (what do you got?)
  • What do we (Brad and I) do?
  • Tools, devices, etc. that could help
  • S2Me – Today and a sneak peek in v3

Begin Discussion

[Evan] Great discussion. Here are some news stories.

News

[Evan] Always plenty of interesting things going on in our industry. Here’s a few stories that caught my attention recently:

Wrapping Up – Shout outs

[Evan] That’s it for episode 106. Thank you Brad! Who you got a shoutout for today?

[Brad] We’ll see…

[Evan] Thank you to all our listeners! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

UNSECURITY Podcast – Ep 105 Show Notes – Honest IR

/in /by

Alright, the U.S. election season is over. Now we can all focus again, right?

Maybe, maybe not.

Before we get too far, I want to call your attention to an article I wrote last week titled “Good People Didn’t Vote For Your Guy“. Healing and unity are long overdue in our country. I’m hoping we will find our way back to being countrymen/women working together for our common good. I’m also hoping that our elected officials don’t steal this opportunity for thier own selfish gain.

OK, now back to work…

Last week on the UNSECURITY Podcast, episode 104, we talked with a good friend Richie Breathe about the security industry’s perceived stigma against healthy stuff. It was a great episode and a real pleasure spending time with such a cool guy. If you missed the episode, go give it a listen.

Also last week, Ryan Cloutier, Chris Roberts, and myself had a GREAT time chatting on the Security Shit Show. Our topic was “Seven Ways Security Can Improve Your Sex Life“. Chris found a “Fitbit for your man bits” online, and the conversation went on from there. Lots of fun!

Plenty of businessy stuff went on last week as well, including a half dozen (or so) partnership discussions with some great organizations. Things continue to hum along, so watch for announcements from FRSecure and SecurityStudio in the coming weeks.

On to the show!

Episode 105 Topic and Special Guest

FRSecure’s Director of Technical Solutions and Services, Oscar Minks is joining us on the show again this week. For those who don’t know Oscar, he’s the awesome leader of FRSecure’s Team Ambush and an all around incredible guy. We’ll ask him to tell us who Team Ambush is on the show, but these are essentially the people who do all (or at least most) things technical at FRSecure, including penetration testing, red/blue/purple teaming, incident response, CTF competitions, exploit development and training, etc. Seriously an INCREDIBLE team!

We’ve got Oscar on this week to talk primarily about what TO DO, and what NOT TO DO during an incident response. In the last few months, we’ve seen a significant increase in the number of reported incidents, and we’ve seen too many people make mistakes. Don’t get us wrong, there are people who do things right, but sadly this is too rare.

Should a great talk!

Let’s get on to the notes…

Brad’s leading the discussion today, and these are his notes.

SHOW NOTES – Episode 105

Date: Tuesday November 10th, 2020

Episode 105 Topics

  • Opening
  • Catching Up
    • What’s new?
    • How 4th quarter got you going? 😉
  •  Special Guest Oscar Minks – What TO DO, and what NOT TO DO during an incident response
    • First, tell us about “Team Ambush”
    • Recent Incidents/Stories
    • Top things to do
    • Top things NOT to do (examples)
    • What’s next for Team Ambush?
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 105 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is November 10th, and joining me this morning as usual is Evan Francen.

[Evan] Talks about mindfulness after the last three shows…

[Brad] We have Oscar Minks with us today. Good morning Oscar.

[Oscar] Says a few things in his sweet southern drawl…

[Brad] As is tradition, let’s catch up with what happened over the last week.

[Evan] The weather was really nice this weekend, so I think Evan got in a good ride (or two).

Quick Catchup

Brad, Evan, and Oscar do a little friendly catching up…

NOTE: We know this isn’t specifically security-related, but security folks gotta have a life too, right?

Transition

Special Guest Oscar Minks – What TO DO, and what NOT TO DO during an incident response

[Brad] Okay so it’s no surprise that IR work is keeping us busy, the report from DHS and Secret Service around healthcare is proof of that. I thought it would be a good discussion today to talk about what are some do’s and don’ts when working with an IR firm, which is why Oscar is joining us this morning.

Open discussion points:

  • Tell us about “Team Ambush”
  • Recent Incidents/Stories
  • Top things to do
  • Top things NOT to do (examples)
  • What’s next for Team Ambush?

Begin Discussion

[Brad] Great discussion. Here are some news stories.

News

[Brad] Always plenty of interesting things going on in our industry. Here’s a few stories that caught my attention recently:

Wrapping Up – Shout outs

[Brad] That’s it for episode 105. Thank you Evan and Oscar, do you have any shout outs this week?

[Evan] We’ll see…

[Oscar] We’ll see…

[Brad] Thank you to all our listeners! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

UNSECURITY Podcast – Episode 95 Show Notes

/in /by

I don’t have any words to describe 2020. COVID-19, social justice events (George Floyd, Black Lives Matter, protests, riots, etc., etc.), economic issues, the election cycle, and on and on. This is going to be a helluva year to recap come December, and it’s a helluva year to remember (or forget).

One thing that struck me this morning is the fact that it’s already the last day of August. With everything going on this year, I might be grateful it’s flying by.

Despite all the craziness, there’s been good things too. The family time has been great, we’ve gotten a ton of work done around the house, Chris Roberts, Ryan Cloutier and I started the Security Shit Show, business is relatively good, and the optimist in me says the future looks bright.

Well, let’s get on with the show, shall we? I’m (Evan) leading the show this week, and these are my notes.

SHOW NOTES – Episode 95

Date: Tuesday, September 1st, 2020

Episode 95 Topics

  • Opening
  • Catching Up
  • What has this crazy year done for information security?
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning listeners! My name is Evan Francen, the date is August 31st, and this is episode 95 of the UNSECURITY Podcast. I’m your host today, and joining me is my good friend Brad Nigh. Good morning Brad!

[Brad] Brad’s a nice guy. He’ll say “hi” or something.

[Evan] For our listeners who were expecting our show to come out yesterday, we’ve switched things up. We are recording the shows on Tuesday mornings now due to crazy schedules with getting kids ready/off to school and other things. For the time being, we’ll be recording on Tuesday mornings and releasing the podcast around noon.

Catching Up

[Evan] Same thing each week man. We start by catching up. New listeners might not know that we originally started the UNSECURITY Podcast so that you and I could find an hour each week to catch up with each other. So, let’s catch up! What’s new with you?

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How’s family?
  • New stuff at home or at work?
  • How’s work?
  • Anything got you excited or ticked off?

[Brad] Things and such probably…

[Evan] Things and such probably too…

[Evan] Good to catch up with you man. Let’s hope this is a great week!

Transition

What has this crazy year done for information security?

[Evan] Obviously, there’s lots going on in the world this year. It was about six months ago (March) when our reaction to the COVID-19 pandemic flipped the world on it’s head, at least that’s what it was like around here. For many, COVID-19 is old news, and people are tired of talking about it. I don’t want to talk about COVID-19 as much as I want to discuss how our reaction to it has affected information security.

COVID-19 Information Security Effects

[Evan] I remember the day like it was yesterday, March 16th. This was the day we closed our physical office at FRSecure and SecurityStudio. Let’s talk about how information security has changed since then and what we think the future of information security will look like.

COVID-19 & Information Security Discussion

[Evan] May 25th and 26th are also days I remember well. May 25th was Memorial Day and it started off like any other Memorial Day. I was camping with my family, and being a military family, we were honoring those who gave their lives while serving our country. It wasn’t until May 26th that I heard the news about George Floyd. Things haven’t been the same since. I’m not going to use our time to discuss social justice issues, but I want to discuss how the events of May 25th have affected our profession (information security).

Social Justice Issues & Information Security Discussion

NOTE: We know that social justice and racism are very sensitive topics. We will discuss these issues only in how we think they relate to information security. This DOES NOT mean anything more, and please DO NOT read anything more into it.

[Evan] This is a year like no other, that’s for sure. I’m hoping and praying that love will prevail. Great discussion Brad! Let’s move on to some news topics.

News

[Evan] Yay! Newsy things. Here’s some news I thought was interesting:

Wrapping Up – Shout outs

[Evan] Sheesh. Thinking maybe we should have done an episode on insider threats! Maybe next week, eh Brad?

[Brad] Cue the Brad.

[Evan] Well, that’s about it folks. Episode 95 is almost in the can. Brad, you have a shout out to give?

[Brad] We’ll see if he does.

[Evan] We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

The UNSECURITY Podcast – Episode 90 Show Notes – Women in Security Pt7

/in /by

So far we’ve featured six INCREDIBLE women in the Women in Security Series. Think we’re done?

Nope!

We’ve got another great guest willing to share her story, opinion, and perspective in the seventh installment! Read on…

Women in Security Series

Brad and I started this series because we wanted to learn more about challenges women face in the information security industry. Neither Brad nor I know what it’s like to walk in these shoes, so we’ve enlisted help from some of the women we know in our industry.

What better way to get a woman’s perspective on things than to ask them directly?!

So far, we’ve had six women join us as guests on the show. Each woman brought her own set of experiences, perspectives, and opinions. No two guests have been alike, and we’ve learned a TON!

Here’s our guest line up thus far:

  • Episode 84 – Renay Ruter (an information security business/IT executive)
  • Episode 85 – Lori Blair (a 35-year information security veteran)
  • Episode 86 – Victoria Fogarty (relatively new to the industry)
  • Episode 87 – Kristin Judge (founder and CEO of the Cybercrime Support Network, SC Media “Women in IT Security Influencer” in 2017, former Director of Government Affairs at the National Cyber Security Alliance (NCSA), thought leader, and all-around amazing information security expert)
  • Episode 88 – Andrea Hatcher (Senior majoring in Cybersecurity Analytics and Operations at Pennsylvania State University)
  • Episode 89 – Judy Hatchett (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts)
  • Episode 90 – Amy McLaughlin (this show) (Information security leader and expert in education, having served with the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University)
  • Episode 91 – Theresa Semmens (Chief Information Security Officer at the Nevada System of Higher Education, former AVP/Chief Information Security Officer at the University of Miami, and former Chief Information Security Officer at North Dakota State University)
    /not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)
  • Episode 92 – Lee Ann Villella (Senior Enterprise Security Sales Consultant at FRSecure, Program Director for the Minnesota Chapter of the Information Systems Security Association, and member of the Cyber Security Summit Advisory Board Committee)
  • Episode 93 – TBD/not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)

Seriously, this is an amazing lineup of information security professionals! These women represent our information security industry extremely well, and we’re honored to speak with them on our show!

Here’s what we’ve done so far…

Women in Security Series – Part One

We kicked off the Women in Security series on June 15th, and we couldn’t have chosen a better first guest! Renay Rutter, FRSecure’s COO, got the series started by sharing the experience, wisdom, and insight she’s gained over her 30+ year IT career. Renay expressed how important it has been for her to be strong throughout her career, and in her opinion, women need to be strong to survive in the information security industry. This was a great show!

If you missed this episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Thank you Renay!

Women in Security Series – Part Two

We kept things in the FRSecure family for week two, hosting Lori Blair. Lori is full of information security knowledge and wisdom! She started her career in the industry in 1985, working for the federal government. Over the next 35 years, she’s traveled the world helping organizations with their information security needs and held various leadership positions. She’s excelled everywhere she’s gone and even found time to raise children along the way! Today, Lori is a Senior Information Security Consultant at FRSecure, tackling difficult challenges and mentoring other women.

I have a TON of respect for Lori, and her opinions carry weight for me (and many others). It’s not just her experience that makes Lori amazing, she’s a wonderful, practical, and level-headed person who loves mentoring others. This is a can’t miss episode, go give a listen here; https://podcasts.apple.com/us/podcast/unsecurity-episode-85-women-in-security-pt-2-lori-blair/id1442520920?i=1000479175255

Thank you Lori!

Women in Security Series – Part Three

We welcomed up and comer Victoria Fogarty to the show for Part Three. Victoria is an Associate Information Security Analyst at FRSecure, where she started her career in 2019. She possesses natural gifts for this industry, and her perspectives were fresh. She’s intelligent, relatable, and an excellent communicator. She did a great job explaining how she researched a career in information security while she was an Insurance Adjuster, a job she disliked. Her journey is pretty cool so far, and her future is VERY bright! She even shared a shocker (at least for Brad and me) in this episode. Definitely worth the listen!

If you missed episode 86, here it is; https://podcasts.apple.com/us/podcast/unsecurity-episode-86-women-in-security-pt-3-victoria/id1442520920?i=1000480167348

Thank you Victoria!

Women in Security Series – Part Four

Kristin was our first non-FRSecure guest in the series. This was a great interview! Kristin shared how she got her introduction to information security while she was serving as an elected official (Washtenaw County Commissioner). She has an incredible journey so far, especially considering she has only been in the industry for a little more than 10 years.

She held some very exciting roles before founding the Cybercrime Support Network in late-2017. Her passion for helping people is inspiring, and we’re looking forward to making a difference in this industry together!

Learn about Kristin Judge, her journey, her opinions, and her work founding and running the Cybercrime Support Network in episode 87. If you missed it, go give it a listen; https://podcasts.apple.com/us/podcast/unsecurity-episode-87-women-in-security-pt-4-kristin-judge/id1442520920?i=1000482892565

Truly an amazing person; we loved chatting with her!

Thank you Kristin!

Women in Security Series – Part Five

It was a pleasure having Andrea join us in this episode! She is a Senior at Pennsylvania State University (Penn State), majoring in Cybersecurity Analytics and Operations. She is an avid listener to our show who contacted us through email about a question she had. She was shocked and VERY appreciative when we asked her to join us. We were pleasantly surprised by how well-spoken and determined she was.

Andrea has an incredible future ahead of her in the information security industry! Here’s her take on things in episode 88, WARNING: You’ll be impressed!

Thank you Andrea!

This brings us to today’s episode…

Women in Security Series – Part Six

Judy Hatchett is truly a top-notch, no nonsense information security leader. She’s the first woman on the show with the title Chief Information Security Officer and we were very grateful to spend some time with her. Judy’s path through the information security industry took her through big corporate America (Best Buy, 3M, etc.) before she decided to tackle some of the difficult challenges in healthcare. We first met Judy back when she was the CISO at Fairview, and now we cheer her on in her new role at Surescripts. You’re going to love her perspectives and opinions!

You can catch Part Six with Judy here!

Thank you Judy!

Women in Security Series – Part Seven

I’m excited for this week’s guest! I was first introduced to her though my good friend (and co-worker) Ryan Cloutier. Together, they do great work at the Consortium of School Networking (CoSN), as well as deliver compelling talks at conferences and collaborate on cool projects. Ryan talked her up so much that I sort of thought he was full of it. Could this person be as good as he said she was? Really?!

Yes, yes she is! She’s the real deal and her name is Amy McLaughlin. Here’s some stuff about her:

  • The Director of Information Services at Oregon State University
  • Adjunct Faculty (Psychology) at Chemeketa Community College
  • Cyber Security & Network Consultant & Project Lead at the Consortium of School Networking (CoSN)
  • Home improvement expert (seems like it anyway)
  • A wonderful person and friend to many!

Since we first met, I’ve gotten to know Amy pretty well through our frequent visits on the Daily inSANITY Checkin and I’ve grown to really appreciate her common sense approach to life (and information security).

WELCOME AMY!

Let’s get to the show, shall we?

I’m (Evan) leading the show this week, and these are my notes…

SHOW NOTES – Episode 90

Date: Monday, July 27th, 2020

Episode 90 Topics

  • Opening
  • Introducing Our Special Guest: Amy McLaughlin 
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Welcome! Thanks for tuning in to episode 90 of the UNSECURITY Podcast. My name is Evan Francen, the date is July 27th, and I’m here with my buddy Brad Nigh. Good morning Brad!

[Brad] Cue Brad…

[Evan] This is Part Seven of the Women in Security Series, and we have a great guest joining us today! She’s the Director of Information Services at Oregon State University, Adjunct Faculty (Psychology) at Chemeketa Community College, the Cyber Security & Network Consultant & Project Lead at the Consortium of School Networking (CoSN), and home improvement extraordinaire, Amy McLaughlin. Welcome Amy!

[Amy] Cue Amy…

[Evan] Amy, I’ve been looking forward to this show for a few weeks, or ever since you agreed to join us. We’ve really gotten to know each other during the Daily inSANITY Checkins. Thanks for being here and thanks for being cool!

[Amy] Cue Amy again…

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Evan] OK, as is custom around here, let’s catch up quick. Brad, tell me about your weekend and how you’re doing!

[Brad] Cue Brad again…

[Evan] And Amy, how about you? What have you been up to?

[Amy] Cue Amy again…

[Evan] I’ll say some stuff about the weekend or something too.

Women in Security, Part Seven

[Evan] Alright, let’s get to it! We’ve been doing this series called the Women in Security Series, and it’s been an amazing experience!

  • In Part One (episode 84) we kicked this thing off with Renay Rutter, the COO of FRSecure. She’s a 30+ year IT veteran leader and she told us how important it is for a woman to be strong and confident.
  • For Part Two (episode 85) we welcomed Lori Blair to the show. She’s one of the coolest and humblest information security experts I know. She’s been in this industry since 1985 and gave us a lot on insight into how she got started back then and how she loves mentoring other women.
  • Part Three (episode 86) was Victoria Fogarty, someone who’s new(ish) to the industry after switching careers. She’s a great addition to FRSecure and our industry. She displayed her excellent communication skills and cheerful demeanor on the show. On the flip side, she shared a darker story too. When she was exploring the potential opportunities in our industry, one person she met commented on how her good looks would help her. Sad that people can be that shallow.
  • We went outside our own company for the first time in Part Four (episode 87) when we met Kristin Judge. Kristin is an amazing professional who sort of stumbled into our industry when she was a County Commissioner. Once she got her start, she was off to the races, and now leads the non-profit Cybercrime Support Network. An incredible journey!
  • We were joined by Andrea Hatcher, a Senior at Penn State majoring in Cybersecurity Analytics and Operations for Part Five (episode 88) of the series. It was great getting a perspective from someone who’s just beginning her career in our industry. It was a fresh look at things and we came away feeling like our future is in good hands!
  • Last week we met Judy Hatchett in Part Six (episode 89), a wonderful information security leader with tons of corporate experience. She’s a woman who’s risen through the ranks to be one of the most respected females in our industry and she’s working hard for future generations. Truly one of the best!

This brings us to this week, Part Seven (episode 90)! We’re talking with Amy McLaughlin. We’re BIG fans of hers!

Amy, once again welcome and thank you for taking the time to visit with us!

[Amy] Cue Amy again…

[Evan] Brad and I started the Women in Security Series because we wanted to get female perspectives about some of the issues in our industry. First we’ll take a few minutes getting to know you, then we’ll expand into your thoughts on various women’s topics.

Open Discussion (~30 minutes)

  • How did you get started in this field (information security)?
  • Tell us how you got to where you’re at today.
  • One thing that I find fascinating about you is your interest in/experience in psychology. What can you tell us about this?
  • What’s it like being a woman in our industry? Have you experienced the “bro culture”? If so, can you share the experience with us?
  • We hear a lot about various women’s issues in our industry, and one of those is we don’t have enough women working in our industry. What’s your take, do we have a shortage of women?
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Do any other women’s issues come to mind?
  • What can people do to help? How about Brad and I?

[Evan] Seriously, thank you Amy! Am I going to see you in the Daily inSANITY Checkin later?

[Amy] We’ll see…

[Evan] I appreciate you and your take Amy. Let’s do like we always do and touch on a few news stories from this past week. Amy, please stick around and chime in whenever you feel like it. You got chops!

News

[Evan] Alright, here’s some newsy things that I thought were interesting this past week:

[Evan] Alright, there you have the news.

Wrapping Up – Shout outs

[Evan] Sweet, that just about does it for episode 90, Part Seven of the Women in Security Series! We’re coming to the end of the series with only a few ladies left. Next week we welcome a CISO from a university system in Nevada and a good friend. I’m excited!

Thank you once more Amy for being a great guest and asset to our industry.

Before we go, do either of you have any shout outs?

[Brad and/or Judy] We’ll see.

[Evan] Huge thank you to our loyal listeners! If you’re not loyal or a listener, you can ignore that. Just kidding. We love hearing from you, so reach out to us on LinkedIn, Twitter, or email. Whatever’s most convenient. Twittering us is easy, I’m @evanfrancen, Brad’s @BradNigh, and our show is at @UnsecurityP. You can email us at unsecurity@protonmail.com. Amy, you got a way you want people to find you?

[Amy] Cue Amy again…

[Evan] Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!