Posts

The UNSECURITY Podcast – Episode 90 Show Notes – Women in Security Pt7

So far we’ve featured six INCREDIBLE women in the Women in Security Series. Think we’re done?

Nope!

We’ve got another great guest willing to share her story, opinion, and perspective in the seventh installment! Read on…

Women in Security Series

Brad and I started this series because we wanted to learn more about challenges women face in the information security industry. Neither Brad nor I know what it’s like to walk in these shoes, so we’ve enlisted help from some of the women we know in our industry.

What better way to get a woman’s perspective on things than to ask them directly?!

So far, we’ve had six women join us as guests on the show. Each woman brought her own set of experiences, perspectives, and opinions. No two guests have been alike, and we’ve learned a TON!

Here’s our guest line up thus far:

  • Episode 84 – Renay Ruter (an information security business/IT executive)
  • Episode 85 – Lori Blair (a 35-year information security veteran)
  • Episode 86 – Victoria Fogarty (relatively new to the industry)
  • Episode 87 – Kristin Judge (founder and CEO of the Cybercrime Support Network, SC Media “Women in IT Security Influencer” in 2017, former Director of Government Affairs at the National Cyber Security Alliance (NCSA), thought leader, and all-around amazing information security expert)
  • Episode 88 – Andrea Hatcher (Senior majoring in Cybersecurity Analytics and Operations at Pennsylvania State University)
  • Episode 89 – Judy Hatchett (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts)
  • Episode 90 – Amy McLaughlin (this show) (Information security leader and expert in education, having served with the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University)
  • Episode 91 – Theresa Semmens (Chief Information Security Officer at the Nevada System of Higher Education, former AVP/Chief Information Security Officer at the University of Miami, and former Chief Information Security Officer at North Dakota State University)
    /not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)
  • Episode 92 – Lee Ann Villella (Senior Enterprise Security Sales Consultant at FRSecure, Program Director for the Minnesota Chapter of the Information Systems Security Association, and member of the Cyber Security Summit Advisory Board Committee)
  • Episode 93 – TBD/not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)

Seriously, this is an amazing lineup of information security professionals! These women represent our information security industry extremely well, and we’re honored to speak with them on our show!

Here’s what we’ve done so far…

Women in Security Series – Part One

We kicked off the Women in Security series on June 15th, and we couldn’t have chosen a better first guest! Renay Rutter, FRSecure’s COO, got the series started by sharing the experience, wisdom, and insight she’s gained over her 30+ year IT career. Renay expressed how important it has been for her to be strong throughout her career, and in her opinion, women need to be strong to survive in the information security industry. This was a great show!

If you missed this episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Thank you Renay!

Women in Security Series – Part Two

We kept things in the FRSecure family for week two, hosting Lori Blair. Lori is full of information security knowledge and wisdom! She started her career in the industry in 1985, working for the federal government. Over the next 35 years, she’s traveled the world helping organizations with their information security needs and held various leadership positions. She’s excelled everywhere she’s gone and even found time to raise children along the way! Today, Lori is a Senior Information Security Consultant at FRSecure, tackling difficult challenges and mentoring other women.

I have a TON of respect for Lori, and her opinions carry weight for me (and many others). It’s not just her experience that makes Lori amazing, she’s a wonderful, practical, and level-headed person who loves mentoring others. This is a can’t miss episode, go give a listen here; https://podcasts.apple.com/us/podcast/unsecurity-episode-85-women-in-security-pt-2-lori-blair/id1442520920?i=1000479175255

Thank you Lori!

Women in Security Series – Part Three

We welcomed up and comer Victoria Fogarty to the show for Part Three. Victoria is an Associate Information Security Analyst at FRSecure, where she started her career in 2019. She possesses natural gifts for this industry, and her perspectives were fresh. She’s intelligent, relatable, and an excellent communicator. She did a great job explaining how she researched a career in information security while she was an Insurance Adjuster, a job she disliked. Her journey is pretty cool so far, and her future is VERY bright! She even shared a shocker (at least for Brad and me) in this episode. Definitely worth the listen!

If you missed episode 86, here it is; https://podcasts.apple.com/us/podcast/unsecurity-episode-86-women-in-security-pt-3-victoria/id1442520920?i=1000480167348

Thank you Victoria!

Women in Security Series – Part Four

Kristin was our first non-FRSecure guest in the series. This was a great interview! Kristin shared how she got her introduction to information security while she was serving as an elected official (Washtenaw County Commissioner). She has an incredible journey so far, especially considering she has only been in the industry for a little more than 10 years.

She held some very exciting roles before founding the Cybercrime Support Network in late-2017. Her passion for helping people is inspiring, and we’re looking forward to making a difference in this industry together!

Learn about Kristin Judge, her journey, her opinions, and her work founding and running the Cybercrime Support Network in episode 87. If you missed it, go give it a listen; https://podcasts.apple.com/us/podcast/unsecurity-episode-87-women-in-security-pt-4-kristin-judge/id1442520920?i=1000482892565

Truly an amazing person; we loved chatting with her!

Thank you Kristin!

Women in Security Series – Part Five

It was a pleasure having Andrea join us in this episode! She is a Senior at Pennsylvania State University (Penn State), majoring in Cybersecurity Analytics and Operations. She is an avid listener to our show who contacted us through email about a question she had. She was shocked and VERY appreciative when we asked her to join us. We were pleasantly surprised by how well-spoken and determined she was.

Andrea has an incredible future ahead of her in the information security industry! Here’s her take on things in episode 88, WARNING: You’ll be impressed!

Thank you Andrea!

This brings us to today’s episode…

Women in Security Series – Part Six

Judy Hatchett is truly a top-notch, no nonsense information security leader. She’s the first woman on the show with the title Chief Information Security Officer and we were very grateful to spend some time with her. Judy’s path through the information security industry took her through big corporate America (Best Buy, 3M, etc.) before she decided to tackle some of the difficult challenges in healthcare. We first met Judy back when she was the CISO at Fairview, and now we cheer her on in her new role at Surescripts. You’re going to love her perspectives and opinions!

You can catch Part Six with Judy here!

Thank you Judy!

Women in Security Series – Part Seven

I’m excited for this week’s guest! I was first introduced to her though my good friend (and co-worker) Ryan Cloutier. Together, they do great work at the Consortium of School Networking (CoSN), as well as deliver compelling talks at conferences and collaborate on cool projects. Ryan talked her up so much that I sort of thought he was full of it. Could this person be as good as he said she was? Really?!

Yes, yes she is! She’s the real deal and her name is Amy McLaughlin. Here’s some stuff about her:

  • The Director of Information Services at Oregon State University
  • Adjunct Faculty (Psychology) at Chemeketa Community College
  • Cyber Security & Network Consultant & Project Lead at the Consortium of School Networking (CoSN)
  • Home improvement expert (seems like it anyway)
  • A wonderful person and friend to many!

Since we first met, I’ve gotten to know Amy pretty well through our frequent visits on the Daily inSANITY Checkin and I’ve grown to really appreciate her common sense approach to life (and information security).

WELCOME AMY!

Let’s get to the show, shall we?

I’m (Evan) leading the show this week, and these are my notes…


SHOW NOTES – Episode 90

Date: Monday, July 27th, 2020

Episode 90 Topics

  • Opening
  • Introducing Our Special Guest: Amy McLaughlin 
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Welcome! Thanks for tuning in to episode 90 of the UNSECURITY Podcast. My name is Evan Francen, the date is July 27th, and I’m here with my buddy Brad Nigh. Good morning Brad!

[Brad] Cue Brad…

[Evan] This is Part Seven of the Women in Security Series, and we have a great guest joining us today! She’s the Director of Information Services at Oregon State University, Adjunct Faculty (Psychology) at Chemeketa Community College, the Cyber Security & Network Consultant & Project Lead at the Consortium of School Networking (CoSN), and home improvement extraordinaire, Amy McLaughlin. Welcome Amy!

[Amy] Cue Amy…

[Evan] Amy, I’ve been looking forward to this show for a few weeks, or ever since you agreed to join us. We’ve really gotten to know each other during the Daily inSANITY Checkins. Thanks for being here and thanks for being cool!

[Amy] Cue Amy again…

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Evan] OK, as is custom around here, let’s catch up quick. Brad, tell me about your weekend and how you’re doing!

[Brad] Cue Brad again…

[Evan] And Amy, how about you? What have you been up to?

[Amy] Cue Amy again…

[Evan] I’ll say some stuff about the weekend or something too.

Women in Security, Part Seven

[Evan] Alright, let’s get to it! We’ve been doing this series called the Women in Security Series, and it’s been an amazing experience!

  • In Part One (episode 84) we kicked this thing off with Renay Rutter, the COO of FRSecure. She’s a 30+ year IT veteran leader and she told us how important it is for a woman to be strong and confident.
  • For Part Two (episode 85) we welcomed Lori Blair to the show. She’s one of the coolest and humblest information security experts I know. She’s been in this industry since 1985 and gave us a lot on insight into how she got started back then and how she loves mentoring other women.
  • Part Three (episode 86) was Victoria Fogarty, someone who’s new(ish) to the industry after switching careers. She’s a great addition to FRSecure and our industry. She displayed her excellent communication skills and cheerful demeanor on the show. On the flip side, she shared a darker story too. When she was exploring the potential opportunities in our industry, one person she met commented on how her good looks would help her. Sad that people can be that shallow.
  • We went outside our own company for the first time in Part Four (episode 87) when we met Kristin Judge. Kristin is an amazing professional who sort of stumbled into our industry when she was a County Commissioner. Once she got her start, she was off to the races, and now leads the non-profit Cybercrime Support Network. An incredible journey!
  • We were joined by Andrea Hatcher, a Senior at Penn State majoring in Cybersecurity Analytics and Operations for Part Five (episode 88) of the series. It was great getting a perspective from someone who’s just beginning her career in our industry. It was a fresh look at things and we came away feeling like our future is in good hands!
  • Last week we met Judy Hatchett in Part Six (episode 89), a wonderful information security leader with tons of corporate experience. She’s a woman who’s risen through the ranks to be one of the most respected females in our industry and she’s working hard for future generations. Truly one of the best!

This brings us to this week, Part Seven (episode 90)! We’re talking with Amy McLaughlin. We’re BIG fans of hers!

Amy, once again welcome and thank you for taking the time to visit with us!

[Amy] Cue Amy again…

[Evan] Brad and I started the Women in Security Series because we wanted to get female perspectives about some of the issues in our industry. First we’ll take a few minutes getting to know you, then we’ll expand into your thoughts on various women’s topics.

Open Discussion (~30 minutes)

  • How did you get started in this field (information security)?
  • Tell us how you got to where you’re at today.
  • One thing that I find fascinating about you is your interest in/experience in psychology. What can you tell us about this?
  • What’s it like being a woman in our industry? Have you experienced the “bro culture”? If so, can you share the experience with us?
  • We hear a lot about various women’s issues in our industry, and one of those is we don’t have enough women working in our industry. What’s your take, do we have a shortage of women?
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Do any other women’s issues come to mind?
  • What can people do to help? How about Brad and I?

[Evan] Seriously, thank you Amy! Am I going to see you in the Daily inSANITY Checkin later?

[Amy] We’ll see…

[Evan] I appreciate you and your take Amy. Let’s do like we always do and touch on a few news stories from this past week. Amy, please stick around and chime in whenever you feel like it. You got chops!

News

[Evan] Alright, here’s some newsy things that I thought were interesting this past week:

[Evan] Alright, there you have the news.

Wrapping Up – Shout outs

[Evan] Sweet, that just about does it for episode 90, Part Seven of the Women in Security Series! We’re coming to the end of the series with only a few ladies left. Next week we welcome a CISO from a university system in Nevada and a good friend. I’m excited!

Thank you once more Amy for being a great guest and asset to our industry.

Before we go, do either of you have any shout outs?

[Brad and/or Judy] We’ll see.

[Evan] Huge thank you to our loyal listeners! If you’re not loyal or a listener, you can ignore that. Just kidding. We love hearing from you, so reach out to us on LinkedIn, Twitter, or email. Whatever’s most convenient. Twittering us is easy, I’m @evanfrancen, Brad’s @BradNigh, and our show is at @UnsecurityP. You can email us at unsecurity@protonmail.com. Amy, you got a way you want people to find you?

[Amy] Cue Amy again…

[Evan] Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 79 Show Notes – K12 Cybersecurity

56 days.

That’s how many days have passed since we officially closed our (physical) offices at FRSecure and SecurityStudio. The date was March 16th, 2020, and it’s a common closure date for many organizations. It’s crazy, but I hardly remember the month of April or the first week and a half of May! I’ve either lost context, or I’m losing it in a big way. These are times like no other.

This thought about context got me thinking about how it applies to our work as information security professionals. I believe one of the biggest tells about good or bad information security leadership is the ability or inability to put risk into context. I think there’s a whole series of podcasts we could do on this topic focusing on how we can help people understand context better. The better we understand context, the better our information security decisions will be. Maybe we’ll start tackling this in a series of podcasts, starting with episode 80 next week.

This week, we’ve got a slightly different topic.

Today, in episode 79, we’re going to focus our attention on a recent report from the Consortium for School Networking (CoSN) titled “The State of Edtech Leadership in 2020“. There’s some really good information in this report, and kudos to CoSN for pulling it together!

Let’s just get to it, episode 79 show notes below…


SHOW NOTES – Episode 79

Date: Monday, May 11th, 2020

Episode 79 Topics

  • Opening
  • Catching Up (as per usual)
  • The State of Edtech Leadership in 2020
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey everyone! Welcome to the UNSECURITY Podcast. This is episode 79, the date is May 11th, 2020, and I’m Evan Francen. With me today is my co-host, Brad Nigh. Good morning Brad!

[Brad] Brad’ll say good morning I bet. He’s a super nice guy like that! 

[Evan] We’ve got a good show planned today! You and I both love helping people, and I think we’re covering some things in this episode that should help all our listeners. Before we get too deep though, let’s catch up. It’s what we do! How you doing and what’s new Brad?

Catching Up

Quick discussion about COVID-19, life, and other stuff.

The State of Edtech Leadership in 2020

[Evan] Like you Brad, I get asked a lot for my opinion about this or that in information security. If the question I get is focused, it’s easier to provide a quick answer, but when a question is vague or open-ended, it takes much longer. This hit home for me this weekend when I was asked to chime in on this article; K-12 Tech Leaders Prioritize Cybersecurity, But Many Underestimate Risks, Survey Says. There’s a lot to unpack here, and a good opinion takes more time.

[Brad] He probably hasn’t read the article yet, but we’ll see…

[Evan] One thought that came to mind when I was asked for my opinion was the concept of context. Anything taken out of context can be made to look anyway we want, good, bad, and/or anything in between. When I read the article, one statement stood out right away:

fewer than 20 percent marked any items on a list of cybersecurity threats as “high-risk” from their perspective

[Evan] What caught my attention were the words “from their perspective”. Questions popped into my head. How do Edtech leaders define “cybersecurity”? What’s on their list of “cybersecurity threats”? What’s “high-risk”? This is a can of worms.

The following are key quotes directly from the CoSN report.

Cybersecurity remains the number one technology priority for IT Leaders, yet the threat is generally underestimated.

For the third straight year, cybersecurity has ranked as the top priority. When it comes to maintaining network security, 69% of districts say they are proactive or very proactive – up significantly over last year’s 52%. Districts employ a variety of strategies to minimize risk, including the vast majority in which IT staff training is a top practice and a majority requiring teachers and principals to receive training as well. Despite concerns, the survey also found that less than a fifth of respondents (18%) have a dedicated full-time employee (FTE) whose sole job is cybersecurity. IT Leaders feel phishing scams pose the greatest risk to network security, with almost half (49%) rating them medium/high risk to high risk. Despite this, results also showed an overall trend to underestimate risk—less than a fifth of respondents considered any specific threat as high risk. This runs counter to the reality that school systems are being specifically targeted by cybercriminals with reported cyber incidents tripling in one year.

Artificial Intelligence (AI) holds both promise and peril for IT Leaders.

The majority (55%) of IT Leaders anticipate that of the emerging technologies, AI will play a significant or transformational role in teaching and learning over the next five years. However, AI also poses concerns, with privacy being the biggest. Before AI becomes adopted at scale and can deliver on its promise, privacy issues will need to be addressed.

The top three challenges persist: budget, professional development, and department silos.

These three areas have been vexing IT Leaders since 2017. While budget is often beyond district control and directly affects professional development, it is within districts’ abilities to address the existence of silos. As outlined in CoSN’s “Digital Leap Success Matrix,” cross-functional executive team leadership is integral to the development of a successful digital learning environment. Until the executive leadership breaks down the silos, IT Leaders will continue to face difficulty in achieving their district’s own technology goals.

Other items from the report

Page 14:

Districts without a dedicated person on staff use a variety of methods to monitor network security. The most common approach is sharing the responsibility across several jobs (46%) followed by incorporating network security monitoring as part of another job (30%). Outsourcing is used by 11% of respondents. A concerning 10% of respondents have an ad hoc approach and do not have anyone assigned to monitoring their district’s network security. A makeshift approach to addressing cybersecurity is one reason why “school districts are proving to be particularly enticing to hackers.”

Page 15:

When it comes to maintaining network security, 69% of districts say they are proactive or very proactive. This represents a significant increase over the prior year’s 52%. Only 13% describe their activity as reactive or very reactive, a decrease from 23% the prior year. These year-over-year results indicate that districts are highly aware of increased network attacks in K-12 environments and are increasing efforts to thwart them. It is likely that lack of resources, not lack of awareness, is responsible for the 13% described as reactive/very reactive. As one respondent lamented: How is our small district able to fend off a multitude of possible cyber threats with the staff we have?

When asked to rate their perception of various risks to network security, respondents did not make significant distinctions between threat types. The largest segment fell into the Medium risk range—low/medium, medium, high/medium. With 49% rating it medium/high risk or high risk, phishing was deemed the greatest risk. It is surprising more did not consider it a greater risk. Phishing attacks have reached the “highest level in three years” with more than two-thirds of all phishing sites using SSL protection. With SSL decreasing as a reliable indicator of security, risks increase for users unable to spot phishing sites. Less than a third (31%) of respondents perceive ransomware attacks as medium/high riisk or high risk. This risk level assessment is also likely lower than it should be as the FBI is reporting ransomware schemes are being specifically designed to target public schools.8 With less than a fifth of respondents rating any threat as high risk (phishing received the most with 16%), threats overall appear underrated. Only 5% assessed student data to be at high risk, yet, according the most recent data on reported K-12 cybersecurity incidents, “the most frequently experienced type of school-related cyber incident…..were data breaches, primarily involving the unauthorized disclosure of student data.” With the number of reported K-12 cybersecurity incidents rising—nearly triple from 2018 to 201910—perceptions in perceived risks should start to realign more closely with reality.

[Evan] No doubt, we have a lot of work to do in K-12. It’s our obligation to do everything we can to help. Check out SecurityStudio’s free resources and do a holistic information security risk assessment like the S2School we developed earlier this year. Put information security risk into perspective and make much better choices.

News

[Evan] Alright. Good talk. Thanks Brad! Let’s cover a couple of interesting news stories before we wrap this up. Here are a couple stories that caught my attention:

Wrapping Up – Shout outs

[Evan] Sheesh! Lots of stuff. Well, that’s it for episode 79. Brad, you have any shoutouts?

[Brad] Maybe he does, maybe he doesn’t…

[Evan] Here’s mine…

[Evan] Seriously, a huge thank you to our listeners! We love your encouragement and we don’t take your advice lightly. You’re all great! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Have a great week!