Posts

UNSECURITY Episode 123 Show Notes

Happy St. Patrick’s Day! For those of you who aren’t into this holiday (for whatever reason), Happy (everyday) Day!

This has been a week full of great experiences and awesome conversations with wonderful people. It’s the people we serve who inspire us to work as hard as we do. Here’s a small sampling:

  • Daytona Bike Week (last week) – if you’ve never been to a bike rally before, I recommend you try it out someday (even if you don’t ride). There are interesting people from all walks of life and the diversity (backgrounds, race, preferences, thought, etc.) would probably surprise you.
  • Co-workers – discussions about everything from mental health (many of us did the Mental Health First Aid certification course together last week), to life challenges (relationships, family, health, etc.), to work challenges, and everything in between. It’s a blessing (to them and to me) when I stop, listen, and invest in others.
  • Customers/peers – had some check-ins this week with a few enterprise CISOs I call friends. Life as a CISO can be extremely DIFFICULT. It’s encouraging to know people care about me, and I them. CISOs are human beings who need love just like all of us do!
  • Everyday people – we’re all beautifully unique. We are similar in some respects, but there are wonderful things that make me me and you you. We’re a hodge podge of emotions, biases, beliefs, perspectives, and experiences. Rather than fight because you think differently than I do, why don’t I embrace the uniqueness and differences? Why not try to understand them and you better?

We’re not doing this enough in society and we’re not doing this enough in our industry either.

    • Why?
    • Have we lost our respect for other human beings?
    • Have we lost our ability to reason?
    • Are we afraid to share who we really are out of fear? Fear of being marginalized, silenced, and attacked (physically and online)?

I believe people are AMAZING! I believe people are worthy of respect (even if it’s only a little). I believe people should be heard and understood. I believe information security isn’t about information or security as much as it is about people. I believe people are who we serve. I believe we must invest in people more. I believe in understanding people (better). I believe loving people gives us our best chance at doing our (information security) jobs effectively, and I believe loving people gives us our only chance of saving society.

Now on to show notes for episode 123…


SHOW NOTES – Episode 123 – Wednesday March 17th, 2021

Opening

[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 123, and the date is March 17th, 2021. Filling in for Brad again this week if my good friend and co-worker Ryan Cloutier. Welcome Ryan, glad to have you back!

  • We’ve got a great show planned today. We’ll start with the importance of reason and logic in information security, our jobs, and in life. There are many parallels between information security (or “cybersecurity” as some people call it) and life.
  • Then, if we have time, we’ll talk about passwords. Everybody hates passwords.
  • We’ll close the show with a few mentions; about the FRSecure CISSP Mentor Program and SecurityStudio’s free S2Me (very quickly growing in popularity).
  • Oh yeah, we’ve got a couple news stories too, but whatever.

Reason

  • Have we lost our ability to reason?
  • What is reason anyway?
  • Why is reason (and logic) critical to information security?
  • Why is reason (and logic) critical to risk (all risk)?
  • Why is reason (and logic) critical to life?
  • There are parallels here, like:
    • Information security is risk management.
    • There’s no such thing as risk elimination or infinite risk; they are two different ends of the spectrum.
    • There’s no such think as 100% reason/logic without emotion or vice versa; two different ends of the spectrum.
    • The goal is management.
  • If we’ve lost our ability to reason, how can we get it back? Or, if we never had the ability to reason, how do we learn it?
    • Ask “Why?” often, almost incessantly, like a three year-old.
    • Ask yourself “Why”.
      • Not in a way that beats yourself up, but in a way that you understand why you’re doing what you’re doing and/or why you believe what you believe.
      • Notice the difference between emotional response and logical response.
      • Learn to use logic and emotion where they are and how they are appropriate. Seems mechanical and awkward at first, but it should become natural/habitual over time.
    • Ask others “Why”.
      • Respectfully out of a desire to understand, and not in a confrontational manner.
      • Learn how to ask without offense. If the person your asking takes offense despite your best efforts, that’s on them.
      • Maybe they need help understanding logic versus emotion? Interesting tells about people who are unable or unwilling to use reason or logic to defend a position (or make a point):
        • They change the subject. You asked a question about one thing, and quickly find yourself in a discussion about something different.
        • They attack your character. This is a classic emotional response where the person you’re questioning probably isn’t sure why he/she believes what they do. Don’t take offense, but recognize this tactic for what it is.
    • Encourage others (especially people you trust) to question you.
      • Be prepared to defend why you believe what you believe. If you can’t (with reason), then maybe you should question what you believe.
      • When other people ask you “why”, view it as an opportunity to state your case.
      • When other people ask you “why”, it’s a great opportunity for you to learn (about perspective and reason).

NOTE: We could talk for a long time about Reason, so we might not get to the topic of “Passwords”. If we don’t get to Passwords in this episode, we’ll get to it in episode 124.

Passwords

  • Why do we need them?
  • What makes a password good versus bad?
  • What do we (Ryan and I) do to practice good password behavior? BTW, neither of us is perfect!

NOTE: Regardless of timing, we will discuss “Mentions” in this episode.

Mentions

  • FRSecure CISSP Mentor Program – We’re less than one month away from the start! I think there are more than 4,000 students signed up, so this is going to be AWESOME!
  • S2Me – the FREE SecurityStudio personal risk management tool has been growing very fast (in terms of popularity). Big news happening here, and we’re making a difference!

News

Wrapping Up – Shout Outs

Good talk. Thank you Ryan, and thank you listeners!

…and we’re done.

UNSECURITY Podcast – Ep 102 Show Notes – PsyberReslience Project

Happy Tuesday (again)!

There are always 100s of things to talk about each week, and if you’re ADHD* like me, you know how hard it can be to stay focused on one thing for too long!

Here are a few things that are top of mind right now:

  • Security ABCs – I’ve been writing the information security ABCs the last week or two. This is a journey through the basics and fundamentals of information security. The “experts” can use the reminders and the inexperienced can use the direction (I think). The reception has been great so far, and I love the comments I’ve been getting, in my LinkedIn feed and on Twitter! So far, I’m through “D”. Stay tuned for “E” and “F” which are both scheduled for this week.
  • Election is only two weeks away – Have you already voted or are you planning to? If not, shame. Every U.S. citizen should voice their support for who they want leading this country. If you’re like me, I’m not wild about either of the two leading candidates, but it won’t stop me from casting a vote for who I think is best (out of my limited options). Last week, we talked about election security in episode 101. The notes for that episode have some good resources in them.
  • Disinformation is rampant – Last Thursday, Ryan Cloutier, Chris Roberts, and I opened our three-part series about election disinformation on the Security Shit Show. This first episode was titled “Disunited States of America (Election Disinformation)” and despite our share of technical difficulties, it was a great talk!
  • Business is good – FRSecure is running at near full capacity and SecurityStudio is serving people well with simple, fundamental, and effective information security risk tools. Good things! FRSecure is hiring BTW.
  • Cold/Winter

Lot’s of blessings, despite the crazy society we’re living in.

*Speaking of ADHD, mental health is a serious issue in our society and our industry. Helping people with mental health disorders is important for all of us, and it’s a cause that I’m deeply committed to. This is the topic for today’s show.

I’m VERY excited to welcome a special guest this week. He’s the Founder of the PsyberReslience Project, and a long time information security advisor and expert; Neal O’Farrell!

On to the show! Brad is out with a sinus infection (or something), so it’s just me and our guest. These are my notes.


SHOW NOTES – Episode 102

Date: Tuesday October 20th, 2020

Episode 102 Topics

  • Opening
  • Special Guest – Neal O’Farrell from the PsyberReslience Project
    • Introduction to Neal
    • About the PsyberReslience Project
    • Mental Health Discussion
    • What can we do to help?
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hi everybody. Welcome to another episode of the UNSECURITY Podcast! This is episode 102, the date is October 20th, 2020, and I’m Evan Francen, your host.

Unfortunately, Brad Nigh, my good friend and regular co-host, is out with a sinus infection (I think) today. So, it’s me flying solo, but not really.

I’m REALLY excited to introduce you to a great guy and tremendous asset to the information security community; Neal O’Farrell.

Hi Neal.

[Neal] Cue Neal.

Special Guest – Neal O’Farrell from the PsyberReslience Project

[Evan] Neal, thanks for joining us for the podcast. Tell us about you and your journey through the information security industry.

Begin Discussion

Topics to discuss (or ideas):

  • Neal’s background.
  • The PsyberResilience Project
    • Its purpose.
    • Why Neal started it.
    • What makes it different?
    • Current initiatives and goals.
    • How can people find you?
  • Mental Health
    • What’s wrong with our industry, in terms of mental health?
    • Have problems gotten worse, especially with today’s current events?
    • Have we fixed/solved anything?
    • Personal mental health issues.
    • What do we need to do?
  • What we’re doing together (SecurityStudio and the PsyberResilience Project

Discuss whatever else comes to mind.

[Evan] Thank you Neal! Great discussion and I’m thrilled to be doing good things with you.

Now, we’re at the part of the show where we review a few news items that caught our eye this past week. Neal, please feel free to comment anytime too!

News

[Evan] Just one large news reference for this week. From the Register:

First, Patch Tuesday. Now, Oh Hell, Monday: Microsoft emits bonus fixes for Visual Studio, Windows 10 security bugshttps://www.theregister.com/2020/10/19/security_in_brief/

[Evan] For the most part, I like reading the Register for news. Neal, do you have a favorite news source in our industry?

[Neal] Cue Neal.

Wrapping Up – Shout outs

[Evan] Great! Episode 102 is just about complete. Thanks Neal! It was great having you join us this week and I’m very happy to have you fighting on the good side. Once again, how can we help?

[Neal] Cue Neal.

[Evan] Always grateful for our listeners! We’re behind on email still, but we’ll get there! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Neal, do you have a way you prefer people get in touch with you?

[Neal] Cue Neal.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

UNSECURITY Podcast – Ep 101 Show Notes – Election Security

Well, it’s already mid-October and the election is 21 days (three weeks) away. Things have never seemed crazier or more divided, at least not in my lifetime. Good fodder for discussion in episode 101 of the UNSECURITY Podcast!

Work-wise things are also crazy, but good. Fourth quarter is always nuts for an information security company, and doesn’t matter is it’s consulting (FRSecure) or SaaS (SecurityStudio). Everyone is running at full capacity and finding life margin is a challenge!

Hope you’re happy and healthy! On the the show; I’m (Evan) leading this show and these are my notes.


SHOW NOTES – Episode 101

Date: Wednesday October 14th, 2020

Episode 101 Topics

  • Opening
  • Catching Up (as per usual)
  • Election Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey there, thank you for tuning into this episode of the UNSECURITY Podcast. The date is October 14th, 2020 and this is episode 101. I’m Evan Francen, your host for this show. Joining me is my good friend and co-host Brad Nigh. Good morning Brad.

[Brad] Brad does Brad.

[Evan] I know we’re a day late getting the podcast out again this week, but holy cow we’ve been busy! We’ll try to get back on track next week.

Brad, I want to reiterate how I enjoyed our discussion the past couple of weeks about the social dilemma, a Netflix documentary about social media and its effects on society. Lots to think about. In fact, I’m planning to watch it again this week.

[Brad] He might comment here.

Catching Up

[Evan] So, what’s new? Tell us what a day in the life of Brad looks like.

[Brad] Cue Brad.

[Evan] I’ll share some stuff too (probably).

Transition

Election Security

[Evan] As you know, we’re only 20 days from the election. If you haven’t registered to vote yet, you should. Go to vote.gov and check it out. Brad have you registered to vote?

[Brad] Cue Brad.

[Evan] I’m registered and ready to cast my ballot! The date is November 3rd.

There’s been much said about election security. A simple Google search of “election security” produces over 2.2 million results! Election security isn’t a new thing, even though it’s been front and center the past few election cycles.

There’s more to election security than protecting voting machines, so let’s talk about this.

Resources

[Evan] There’s a lot more to election security than infrastructure. What about voter intimidation, disinformation, and security after election night? We’re talking about disinformation on Thursday night’s Security Sh*t Show because this is a significant issue in today’s society.

Election Security Discussion

Open discussion

[Evan] Good discussion! Securing an election has never been more difficult. Let’s catchup on some news quick.

News

[Evan] Here are some recent and interesting news stories to talk about.

Wrapping Up – Shout outs

[Evan] Great! Episode 101 is just about complete. Thanks Brad, do you have any shout outs this week?

[Brad] We’ll see.

[Evan] Always grateful for our listeners! We’re behind on email, but we’ll promise to respond soon. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

UNSECURITY Podcast – Episode 97 Show Notes

Good morning! Happy Tuesday!

Thinking Brad is back again this week. I dig that because I dig Brad!

Last week, Brad was out feeling sick. This led to a solo recording of the UNSECURITY Podcast; go check out episode 96 if you want to hear me do my most awkward podcast yet.

Busy, Busy, Busy

We’ve been very busy around here, and it sounds like many of you are too. There are many good signs recently that the economy may be rebounding. The positives:

  • Elections – although the next 50ish days are going to be chaotic, there will be some settling in after the elections are complete. Regardless of which way you swing (blue or red), the completion of an election cycle brings a sense of stability.
  • COVID-19 – there’s been a lot of positive news about medical treatments and possible vaccines. The sooner we can put the pandemic behind us, the better. Once the pandemic is behind us (closer with each passing day), the economy should settle.
  • Markets – the stock and housing markets have held there own through all the chaos of 2020. This is a good sign of good things ahead in our opinion.

Busy is good, and it would take a small book to tell you all the good things going on at SecurityStudio and FRSecure! SecurityStudio is well on it’s way to being a very healthy and profitable SaaS company and FRSecure is exploring expansion (acquisition, merger, and/or geographic expansion).

I sincerely hope you and your family are well!

Why Can’t We All Just Get Along?

Today’s topic is about our divisiveness in world today and what it means to our industry. We’ll be careful to be respectful of other people’s opinions as we navigate these waters, and this may be a good segue into a future series we’ve been thinking about recently; “Politics and Information Security”.

Let’s get on it. The show notes…


SHOW NOTES – Episode 97

Date: Tuesday, September 8st, 2020

Episode 97 Topics

  • Opening
  • Catching Up
  • Why Can’t We All Just Along?
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone. Thanks for tuning in. The date is September 15th, 2020 and this is episode 97 of the UNSECURITY Podcast! I’m your host, Evan Francen, and back with me this week is my good friend, Brad Nigh! Good morning Brad.

[Brad] Good things from this dude.

[Evan] Well, you were out ill last week. How you feeling? What’s new?

Catching Up

[Evan] Regular listeners to our show know that Brad and I normally start off with catching up with each other. Let’s do it.

Topics:

[Evan] Did you get a chance to hear last week’s episode? It was definitely awkward doing the show alone for the first time!

Transition

Why Can’t We All Just Get Along?

[Evan] It’s crazy how much information security reflects life and vice versa. I’ve been thinking about what our next series should be, and I’m always interested in tackling serious topics. We’re in the middle of an election cycle right now and I can’t remember a time when our country has been more divided than it is today. Me being me, I want to talk about it with you (Brad).

What are your first thoughts about the divisiveness in our country today?

[Brad] Chimin’ in.

[Evan] Here’s what I’d like to explore with you:

  • General divisiveness (political, social, information security, etc.)
    • Intimidation/bullying for sharing your thoughts, opinions, disagreements, etc.
    • When you find someone being a jerk or speaking/writing nonsense.
  • Outside Influences to Information Security
    • Today’s political climate.
    • Where do we find facts vs. opinions?
  • Within Information Security
    • How do we think our divisiveness affects information security?
    • Putting down others (competition, other professionals, etc.).
    • The divide between us and the business.
  • A couple of podcast reviews.

 

[Evan] I’m thinking about doing a series titled “Politics and Information Security”. We could interview special guests form both sides of the isle and get their opinions on all sorts of things. What would set us apart is respectfulness. We would do this in a way that respects opinions without attacking and bullying. This could be a great opportunity to set an example for others on how to discuss hot topics without beating each other up. What do you think?

[Brad] We’ll see what he thinks…

[Evan] The timing seems right to do a series like this. Alright. More to come on that! Let’s do newsy stuff now.

News

[Evan] Here’s some news I thought was interesting:

Wrapping Up – Shout outs

[Evan] OK. That’s about it. Episode 97 is almost a wrap. Brad, any shout outs this week?

[Brad] Shout out…

[Evan] It’s nice to have you back man. We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

UNSECURITY Podcast – Episode 96 Show Notes

Hope you had a fantastic Labor Day weekend! Personally, it was nice to get away with family and disconnect for a while!

Did you know the history of Labor Day?

It’s always the first Monday in September, ad it’s dedicated to the social and economic achievements of American workers. The first state to recognize the holiday was Oregon in 1887, and it became a federal holiday in 1894. So, this year we celebrate more than 125 years of American work!

Read more about the history of Labor Day on the U.S. Department of Labor website.

Brad’s out today.

Like most weeks, I’m writing the show notes last minute. On the way into work this morning (2:30am), Brad sent me a text message informing me that he is not feeling well. We think it might be a bout of food poisoning, so he should be OK with some rest. Please keep him in your thoughts and prayers.

No Brad today, so this means I’m left to my own devices. This will be the first episode I’ve done by myself. We’ll see how this shakes out.

Let’s get on with it! These are my (Evan) notes.


SHOW NOTES – Episode 96

Date: Tuesday, September 8st, 2020

Episode 96 Topics

  • Opening
  • Catching Up
  • Context Means Everything A Lot
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone. Thanks for tuning in. The date is September 8th, 2020 and this is episode 96 of the UNSECURITY Podcast! I’m your host, Evan Francen, and my buddy is out sick today. Normally Brad Nigh joins me as co-host, but he informed me early this morning that he might have a case of some food poisoning.

Wishing Brad a fast and full recovery!

Be warned. Without Brad, I might end up rambling a bit!

Catching Up

[Evan] Regular listeners to our show know that Brad and I normally start off with catching up with each other. No Brad today, so I’ll bore you with some of the stuff I’ve been up to:

  • Great weekend camping with my wife, my daughter, my good friend Ryan Cloutier, and his wife Aimee
  • Bunch of meetings last week, including 11 last Tuesday; Chubb, the Cybercrime Support Network, Schneider Downs (makers of Red Lure), etc.
  • Lots of great work going on at both companies; FRSecure and SecurityStudio.
    • New service offerings at both companies.
    • S2Org – working on a global S2Score, integrating S2Team, S2Vendor, and new deeper-dive risk assessments.
    • S2Vendor – working on customized workflows, custom due dates, integration of something called the “Cowbell Factor”, vendor breach data/news, etc.
    • S2Me – Redesign based on user feedback, definition of four new “normal” language dialects, and the introduction of “Sam”.
  • The Security Shit Show last Thursday night; topic was “Negativity is Bullsh*t”.
  • Some other miscellaneous things…

Crazy week, but it appears as though business is really picking up and market sentiment is positive(r).

[Evan] Alright, again, no Brad to catch up with. Hoping he had a great week and weekend, minus the food poisoning thing. Now on to the topic for today’s show.

Transition

Context Means Everything A Lot

[Evan] If you know me, you know I use many sayings/themes to try to get my point across. One saying I’ve muttered many times:

One of the easiest tells for determining a good information security advice from bad is using context.

Context is critical. Think about it. You make decisions all day, from the seemingly insignificant ones to the critical ones, and everything in between. How does the lack of context effect your decision-making? Without context, the quality of your decisions will suffer.

Without context people make crappy decisions

Recent conversation with “James”:

  • [James] We get the importance of a risk assessment, but we’re just not focusing on that right now. We’re focusing on partnering with firms with forensics capabilities and setting up a security operations center (or “SOC”).
  • [Mike] Are these our most significant risks to focus on right now?
  • [James] We think so. We don’t have any forensics capabilities and we don’t feel like we’re able to identify events happening in our environment.
  • [Mike] What’s the environment look like? How many servers, how many systems, how many applications, etc.?
  • [James] We’ve probably got 100(ish) servers and a couple hundred applications I’d guess.
  • [Mike] You guess?

A recent article “Most cyber-security reports only focus on the cool threats

A recent conversation with “Bill”. Bill is the CEO:

  • [Bill] Hey Mike. We need to stop everything we’re working on and take care of this exploit I heard about from a friend.
  • [Mike] I’ve never heard of this exploit. Why do we need to stop everything and focus on it?
  • [Bill] My buddy over at XYZ company was just telling me about how his company got hit.
  • [Mike] OK, we’ll get right on it.

Regulators and auditors are notorious for missing context and often take us down the road of compliance management versus risk management.

Penetration testers, especially those who are newer to our industry are notorious for getting things out of context. Context is critical.

Same concept applies to the world Around Us

The information security industry is unique, but it’s not unique in the fact that human beings are the ones making decisions. Context works the same way.

Take COVID-19 for instance:

  • The headline reads “South Dakota dismisses ‘elite class of so-called experts,’ carries on with state fair after Sturgis rally fueled COVID-19 surge” – The words “Sturgis rally fueled COVID-19 surge” is troubling. If we made a decision based on these words it might be different than a decision with some context. The article goes on to say (buried in 6th paragraph) “Nationally, about 300 cases have been linked to the rally.” For context, there were an estimated 460,000 attendees. 300 cases out of 460,000 attendees works out to about .065%. Granted, there will likely be more, but the rally was a month ago now.
  • Another headline reads “New challenges in US battle against Covid-19 come with the approaching fall season” – This article goes on to say “The holiday crowds mark the unofficial end to a devastating summer across the country, with Covid-19 infections surging to more than 6.3 million and deaths topping 189,000.” The word “devastating” is not only subjective, but it lacks context. A single infection and a single death is bad, but in context it seems a little less devastating. 6.3 million people is about 1.91% of the U.S. population. More than 640,000 people die each year from heart disease and almost 600,000 die from cancer.

IMPORTANT: COVID-19 is a pandemic and it is VERY serious. I don’t mean to minimize the coronavirus in any way, but I do want to put it into context. Be courteous to others. Wear a mask and follow the CDC’s guidance. Speaking of the CDC, this is a great source for context!

Racism and police violence is another hot button issue. Judging from some of the news and reactions from some of the public, you’d certainly think this was worth burning down the “establishment”. I’m someone who wants to fix broken things, so if I’m interested in fixing broken things, I need to make good decisions in context. Here’s some context.

Spend some time reviewing the statistics and graph above. Don’t jump to any conclusions yet! There is a significant issue here, but I’d prefer to use logic versus emotion to drive my reaction.

Now, here’s a couple more things to think about:

Interesting information for sure, and I’m NOT going to draw any conclusions for you. Racism is a thing and it’s a very bad thing. Decisions about what we’re going to do about the problem will be more effective with context.

IMPORTANT: Racism is real and I’m praying for constructive solutions to end it versus destructive solutions that will probably make it worse.

Context is VERY important for decision-making and problem-solving.

Here’s another saying I use often:

Empty spaces get filled.

Without context, what do we rely on to make our decisions? Usually it’s assumptions, bias, and/or emotions. Where we lack information to make a good decisions, some of us have a tendency to make up our own information to fill the gap. You know what they say about assumptions, right? Bias is prejudice in favor of or against one thing, person, or group compared with another, usually in a way considered to be unfair, and this doesn’t sound like a good base for decision-making. Emotions are variable and always play a role in decision-making, but it can become a problem when it’s the dominant role. Emotions like fear, anger, and frustration can easily be played against you and drive you to make a decision you’ll come to regret.

So, what to do?

First, understand that information security is about risk management. Risk is the likelihood of something bad happening and the impact if it did. This requires context!

Slow down. Think about the data your consuming and ask yourself if there’s more to the story. Is the new exploit your boss read about the most critical thing you should be attending to? If someone asks you what your most significant risk is, would you have an answer? Could you defend your answer if challenged?

About the world stuff, in short:

  • Will COVID-19 be the end of the world? – No, it’s highly unlikely. COVID-19 is a pandemic and all pandemics come to an end.
  • Is COVID-19 serious? – Absolutely! People get sick and people die. It’s 100% serious and we should all do what we can to help ourselves and each other be safe.
  • If you’re a black man in America, are you going to die at the hands of police? – Even by the most credible research I could find, there’s a 99.9% chance that this will NOT happen. Even .1% is way too high! We need to do everything we can to drive this number much lower. In context, the problem goes beyond the police though.

Well, I hope this helped. Remember to put things into context as much as you are able.

[Evan] Let’s move on to some news topics.

News

[Evan] Here’s some news I thought was interesting:

Wrapping Up – Shout outs

[Evan] OK. That’s about it. Episode 96 is coming to an end. Lonely without Brad, but hopefully useful to our listeners.

[Evan] Shout out…

[Evan] We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

UNSECURITY Podcast – Episode 95 Show Notes

I don’t have any words to describe 2020. COVID-19, social justice events (George Floyd, Black Lives Matter, protests, riots, etc., etc.), economic issues, the election cycle, and on and on. This is going to be a helluva year to recap come December, and it’s a helluva year to remember (or forget).

One thing that struck me this morning is the fact that it’s already the last day of August. With everything going on this year, I might be grateful it’s flying by.

Despite all the craziness, there’s been good things too. The family time has been great, we’ve gotten a ton of work done around the house, Chris Roberts, Ryan Cloutier and I started the Security Shit Show, business is relatively good, and the optimist in me says the future looks bright.

Well, let’s get on with the show, shall we? I’m (Evan) leading the show this week, and these are my notes.


SHOW NOTES – Episode 95

Date: Tuesday, September 1st, 2020

Episode 95 Topics

  • Opening
  • Catching Up
  • What has this crazy year done for information security?
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning listeners! My name is Evan Francen, the date is August 31st, and this is episode 95 of the UNSECURITY Podcast. I’m your host today, and joining me is my good friend Brad Nigh. Good morning Brad!

[Brad] Brad’s a nice guy. He’ll say “hi” or something.

[Evan] For our listeners who were expecting our show to come out yesterday, we’ve switched things up. We are recording the shows on Tuesday mornings now due to crazy schedules with getting kids ready/off to school and other things. For the time being, we’ll be recording on Tuesday mornings and releasing the podcast around noon.

Catching Up

[Evan] Same thing each week man. We start by catching up. New listeners might not know that we originally started the UNSECURITY Podcast so that you and I could find an hour each week to catch up with each other. So, let’s catch up! What’s new with you?

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How’s family?
  • New stuff at home or at work?
  • How’s work?
  • Anything got you excited or ticked off?

[Brad] Things and such probably…

[Evan] Things and such probably too…

[Evan] Good to catch up with you man. Let’s hope this is a great week!

Transition

What has this crazy year done for information security?

[Evan] Obviously, there’s lots going on in the world this year. It was about six months ago (March) when our reaction to the COVID-19 pandemic flipped the world on it’s head, at least that’s what it was like around here. For many, COVID-19 is old news, and people are tired of talking about it. I don’t want to talk about COVID-19 as much as I want to discuss how our reaction to it has affected information security.

COVID-19 Information Security Effects

[Evan] I remember the day like it was yesterday, March 16th. This was the day we closed our physical office at FRSecure and SecurityStudio. Let’s talk about how information security has changed since then and what we think the future of information security will look like.

COVID-19 & Information Security Discussion

[Evan] May 25th and 26th are also days I remember well. May 25th was Memorial Day and it started off like any other Memorial Day. I was camping with my family, and being a military family, we were honoring those who gave their lives while serving our country. It wasn’t until May 26th that I heard the news about George Floyd. Things haven’t been the same since. I’m not going to use our time to discuss social justice issues, but I want to discuss how the events of May 25th have affected our profession (information security).

Social Justice Issues & Information Security Discussion

NOTE: We know that social justice and racism are very sensitive topics. We will discuss these issues only in how we think they relate to information security. This DOES NOT mean anything more, and please DO NOT read anything more into it.

[Evan] This is a year like no other, that’s for sure. I’m hoping and praying that love will prevail. Great discussion Brad! Let’s move on to some news topics.

News

[Evan] Yay! Newsy things. Here’s some news I thought was interesting:

Wrapping Up – Shout outs

[Evan] Sheesh. Thinking maybe we should have done an episode on insider threats! Maybe next week, eh Brad?

[Brad] Cue the Brad.

[Evan] Well, that’s about it folks. Episode 95 is almost in the can. Brad, you have a shout out to give?

[Brad] We’ll see if he does.

[Evan] We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

The UNSECURITY Podcast – Episode 90 Show Notes – Women in Security Pt7

So far we’ve featured six INCREDIBLE women in the Women in Security Series. Think we’re done?

Nope!

We’ve got another great guest willing to share her story, opinion, and perspective in the seventh installment! Read on…

Women in Security Series

Brad and I started this series because we wanted to learn more about challenges women face in the information security industry. Neither Brad nor I know what it’s like to walk in these shoes, so we’ve enlisted help from some of the women we know in our industry.

What better way to get a woman’s perspective on things than to ask them directly?!

So far, we’ve had six women join us as guests on the show. Each woman brought her own set of experiences, perspectives, and opinions. No two guests have been alike, and we’ve learned a TON!

Here’s our guest line up thus far:

  • Episode 84 – Renay Ruter (an information security business/IT executive)
  • Episode 85 – Lori Blair (a 35-year information security veteran)
  • Episode 86 – Victoria Fogarty (relatively new to the industry)
  • Episode 87 – Kristin Judge (founder and CEO of the Cybercrime Support Network, SC Media “Women in IT Security Influencer” in 2017, former Director of Government Affairs at the National Cyber Security Alliance (NCSA), thought leader, and all-around amazing information security expert)
  • Episode 88 – Andrea Hatcher (Senior majoring in Cybersecurity Analytics and Operations at Pennsylvania State University)
  • Episode 89 – Judy Hatchett (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts)
  • Episode 90 – Amy McLaughlin (this show) (Information security leader and expert in education, having served with the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University)
  • Episode 91 – Theresa Semmens (Chief Information Security Officer at the Nevada System of Higher Education, former AVP/Chief Information Security Officer at the University of Miami, and former Chief Information Security Officer at North Dakota State University)
    /not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)
  • Episode 92 – Lee Ann Villella (Senior Enterprise Security Sales Consultant at FRSecure, Program Director for the Minnesota Chapter of the Information Systems Security Association, and member of the Cyber Security Summit Advisory Board Committee)
  • Episode 93 – TBD/not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)

Seriously, this is an amazing lineup of information security professionals! These women represent our information security industry extremely well, and we’re honored to speak with them on our show!

Here’s what we’ve done so far…

Women in Security Series – Part One

We kicked off the Women in Security series on June 15th, and we couldn’t have chosen a better first guest! Renay Rutter, FRSecure’s COO, got the series started by sharing the experience, wisdom, and insight she’s gained over her 30+ year IT career. Renay expressed how important it has been for her to be strong throughout her career, and in her opinion, women need to be strong to survive in the information security industry. This was a great show!

If you missed this episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Thank you Renay!

Women in Security Series – Part Two

We kept things in the FRSecure family for week two, hosting Lori Blair. Lori is full of information security knowledge and wisdom! She started her career in the industry in 1985, working for the federal government. Over the next 35 years, she’s traveled the world helping organizations with their information security needs and held various leadership positions. She’s excelled everywhere she’s gone and even found time to raise children along the way! Today, Lori is a Senior Information Security Consultant at FRSecure, tackling difficult challenges and mentoring other women.

I have a TON of respect for Lori, and her opinions carry weight for me (and many others). It’s not just her experience that makes Lori amazing, she’s a wonderful, practical, and level-headed person who loves mentoring others. This is a can’t miss episode, go give a listen here; https://podcasts.apple.com/us/podcast/unsecurity-episode-85-women-in-security-pt-2-lori-blair/id1442520920?i=1000479175255

Thank you Lori!

Women in Security Series – Part Three

We welcomed up and comer Victoria Fogarty to the show for Part Three. Victoria is an Associate Information Security Analyst at FRSecure, where she started her career in 2019. She possesses natural gifts for this industry, and her perspectives were fresh. She’s intelligent, relatable, and an excellent communicator. She did a great job explaining how she researched a career in information security while she was an Insurance Adjuster, a job she disliked. Her journey is pretty cool so far, and her future is VERY bright! She even shared a shocker (at least for Brad and me) in this episode. Definitely worth the listen!

If you missed episode 86, here it is; https://podcasts.apple.com/us/podcast/unsecurity-episode-86-women-in-security-pt-3-victoria/id1442520920?i=1000480167348

Thank you Victoria!

Women in Security Series – Part Four

Kristin was our first non-FRSecure guest in the series. This was a great interview! Kristin shared how she got her introduction to information security while she was serving as an elected official (Washtenaw County Commissioner). She has an incredible journey so far, especially considering she has only been in the industry for a little more than 10 years.

She held some very exciting roles before founding the Cybercrime Support Network in late-2017. Her passion for helping people is inspiring, and we’re looking forward to making a difference in this industry together!

Learn about Kristin Judge, her journey, her opinions, and her work founding and running the Cybercrime Support Network in episode 87. If you missed it, go give it a listen; https://podcasts.apple.com/us/podcast/unsecurity-episode-87-women-in-security-pt-4-kristin-judge/id1442520920?i=1000482892565

Truly an amazing person; we loved chatting with her!

Thank you Kristin!

Women in Security Series – Part Five

It was a pleasure having Andrea join us in this episode! She is a Senior at Pennsylvania State University (Penn State), majoring in Cybersecurity Analytics and Operations. She is an avid listener to our show who contacted us through email about a question she had. She was shocked and VERY appreciative when we asked her to join us. We were pleasantly surprised by how well-spoken and determined she was.

Andrea has an incredible future ahead of her in the information security industry! Here’s her take on things in episode 88, WARNING: You’ll be impressed!

Thank you Andrea!

This brings us to today’s episode…

Women in Security Series – Part Six

Judy Hatchett is truly a top-notch, no nonsense information security leader. She’s the first woman on the show with the title Chief Information Security Officer and we were very grateful to spend some time with her. Judy’s path through the information security industry took her through big corporate America (Best Buy, 3M, etc.) before she decided to tackle some of the difficult challenges in healthcare. We first met Judy back when she was the CISO at Fairview, and now we cheer her on in her new role at Surescripts. You’re going to love her perspectives and opinions!

You can catch Part Six with Judy here!

Thank you Judy!

Women in Security Series – Part Seven

I’m excited for this week’s guest! I was first introduced to her though my good friend (and co-worker) Ryan Cloutier. Together, they do great work at the Consortium of School Networking (CoSN), as well as deliver compelling talks at conferences and collaborate on cool projects. Ryan talked her up so much that I sort of thought he was full of it. Could this person be as good as he said she was? Really?!

Yes, yes she is! She’s the real deal and her name is Amy McLaughlin. Here’s some stuff about her:

  • The Director of Information Services at Oregon State University
  • Adjunct Faculty (Psychology) at Chemeketa Community College
  • Cyber Security & Network Consultant & Project Lead at the Consortium of School Networking (CoSN)
  • Home improvement expert (seems like it anyway)
  • A wonderful person and friend to many!

Since we first met, I’ve gotten to know Amy pretty well through our frequent visits on the Daily inSANITY Checkin and I’ve grown to really appreciate her common sense approach to life (and information security).

WELCOME AMY!

Let’s get to the show, shall we?

I’m (Evan) leading the show this week, and these are my notes…


SHOW NOTES – Episode 90

Date: Monday, July 27th, 2020

Episode 90 Topics

  • Opening
  • Introducing Our Special Guest: Amy McLaughlin 
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Welcome! Thanks for tuning in to episode 90 of the UNSECURITY Podcast. My name is Evan Francen, the date is July 27th, and I’m here with my buddy Brad Nigh. Good morning Brad!

[Brad] Cue Brad…

[Evan] This is Part Seven of the Women in Security Series, and we have a great guest joining us today! She’s the Director of Information Services at Oregon State University, Adjunct Faculty (Psychology) at Chemeketa Community College, the Cyber Security & Network Consultant & Project Lead at the Consortium of School Networking (CoSN), and home improvement extraordinaire, Amy McLaughlin. Welcome Amy!

[Amy] Cue Amy…

[Evan] Amy, I’ve been looking forward to this show for a few weeks, or ever since you agreed to join us. We’ve really gotten to know each other during the Daily inSANITY Checkins. Thanks for being here and thanks for being cool!

[Amy] Cue Amy again…

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Evan] OK, as is custom around here, let’s catch up quick. Brad, tell me about your weekend and how you’re doing!

[Brad] Cue Brad again…

[Evan] And Amy, how about you? What have you been up to?

[Amy] Cue Amy again…

[Evan] I’ll say some stuff about the weekend or something too.

Women in Security, Part Seven

[Evan] Alright, let’s get to it! We’ve been doing this series called the Women in Security Series, and it’s been an amazing experience!

  • In Part One (episode 84) we kicked this thing off with Renay Rutter, the COO of FRSecure. She’s a 30+ year IT veteran leader and she told us how important it is for a woman to be strong and confident.
  • For Part Two (episode 85) we welcomed Lori Blair to the show. She’s one of the coolest and humblest information security experts I know. She’s been in this industry since 1985 and gave us a lot on insight into how she got started back then and how she loves mentoring other women.
  • Part Three (episode 86) was Victoria Fogarty, someone who’s new(ish) to the industry after switching careers. She’s a great addition to FRSecure and our industry. She displayed her excellent communication skills and cheerful demeanor on the show. On the flip side, she shared a darker story too. When she was exploring the potential opportunities in our industry, one person she met commented on how her good looks would help her. Sad that people can be that shallow.
  • We went outside our own company for the first time in Part Four (episode 87) when we met Kristin Judge. Kristin is an amazing professional who sort of stumbled into our industry when she was a County Commissioner. Once she got her start, she was off to the races, and now leads the non-profit Cybercrime Support Network. An incredible journey!
  • We were joined by Andrea Hatcher, a Senior at Penn State majoring in Cybersecurity Analytics and Operations for Part Five (episode 88) of the series. It was great getting a perspective from someone who’s just beginning her career in our industry. It was a fresh look at things and we came away feeling like our future is in good hands!
  • Last week we met Judy Hatchett in Part Six (episode 89), a wonderful information security leader with tons of corporate experience. She’s a woman who’s risen through the ranks to be one of the most respected females in our industry and she’s working hard for future generations. Truly one of the best!

This brings us to this week, Part Seven (episode 90)! We’re talking with Amy McLaughlin. We’re BIG fans of hers!

Amy, once again welcome and thank you for taking the time to visit with us!

[Amy] Cue Amy again…

[Evan] Brad and I started the Women in Security Series because we wanted to get female perspectives about some of the issues in our industry. First we’ll take a few minutes getting to know you, then we’ll expand into your thoughts on various women’s topics.

Open Discussion (~30 minutes)

  • How did you get started in this field (information security)?
  • Tell us how you got to where you’re at today.
  • One thing that I find fascinating about you is your interest in/experience in psychology. What can you tell us about this?
  • What’s it like being a woman in our industry? Have you experienced the “bro culture”? If so, can you share the experience with us?
  • We hear a lot about various women’s issues in our industry, and one of those is we don’t have enough women working in our industry. What’s your take, do we have a shortage of women?
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Do any other women’s issues come to mind?
  • What can people do to help? How about Brad and I?

[Evan] Seriously, thank you Amy! Am I going to see you in the Daily inSANITY Checkin later?

[Amy] We’ll see…

[Evan] I appreciate you and your take Amy. Let’s do like we always do and touch on a few news stories from this past week. Amy, please stick around and chime in whenever you feel like it. You got chops!

News

[Evan] Alright, here’s some newsy things that I thought were interesting this past week:

[Evan] Alright, there you have the news.

Wrapping Up – Shout outs

[Evan] Sweet, that just about does it for episode 90, Part Seven of the Women in Security Series! We’re coming to the end of the series with only a few ladies left. Next week we welcome a CISO from a university system in Nevada and a good friend. I’m excited!

Thank you once more Amy for being a great guest and asset to our industry.

Before we go, do either of you have any shout outs?

[Brad and/or Judy] We’ll see.

[Evan] Huge thank you to our loyal listeners! If you’re not loyal or a listener, you can ignore that. Just kidding. We love hearing from you, so reach out to us on LinkedIn, Twitter, or email. Whatever’s most convenient. Twittering us is easy, I’m @evanfrancen, Brad’s @BradNigh, and our show is at @UnsecurityP. You can email us at unsecurity@protonmail.com. Amy, you got a way you want people to find you?

[Amy] Cue Amy again…

[Evan] Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 89 Show Notes – Women in Security Pt6

Ready for another installment of the UNSECURITY Women in Security Podcast Series?

NOTE: I forgot to post these notes ahead of the podcast recording. Episode 89 with Judy Hatchett was awesome! It’s been recorded and published here. THANK YOU JUDY! Now the show notes…

We have another GREAT special guest joining us! One of my favorites, Judy Hatchett, Vice President and Chief Information Security Officer (CISO) at Surescripts will share her story and opinions in this episode (#89).

First, a quick recap of the Women in Security series thus far…

Women in Security Series

Brad and I started this series because we wanted to learn more about challenges women face in the information security industry. It would be shallow and dry if Brad and I chose to discuss this subject ourselves. Instead, we chose to interview women that we know and ones who were referred to us.

What better way to get a woman’s perspective on things than to ask them directly?!

So far, we’ve had five women join us as guests on the show. Each woman brought her own set of experiences, perspectives, and opinions. No two guests have been alike, and we’ve learned a TON!

Here’s our guest line up thus far:

  • Episode 84 – Renay Ruter (an information security business/IT executive)
  • Episode 85 – Lori Blair (a 35-year information security veteran)
  • Episode 86 – Victoria Fogarty (relatively new to the industry)
  • Episode 87 – Kristin Judge (founder and CEO of the Cybercrime Support Network, SC Media “Women in IT Security Influencer” in 2017, former Director of Government Affairs at the National Cyber Security Alliance (NCSA), thought leader, and all-around amazing information security expert)
  • Episode 88 – Andrea Hatcher (Senior majoring in Cybersecurity Analytics and Operations at Pennsylvania State University)
  • Episode 89 – Judy Hatchett (this show) (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts)
  • Episode 90 – Amy McLaughlin (Information security leader and expert in education, having served with the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University)
  • Episode 91 – Theresa Semmens (Chief Information Security Officer at the Nevada System of Higher Education, former AVP/Chief Information Security Officer at the University of Miami, and former Chief Information Security Officer at North Dakota State University)
    /not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)
  • Episode 92 – Lee Ann Villella (Senior Enterprise Security Sales Consultant at FRSecure, Program Director for the Minnesota Chapter of the Information Systems Security Association, and member of the Cyber Security Summit Advisory Board Committee)
  • Episode 93 – TBD/not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)

This is an amazing lineup of information security professionals! These women represent our information security industry extremely well, and we’re honored to speak with each of them on our show!

Here’s what we’ve done so far…

Women in Security Series – Part One

We kicked off the Women in Security series on June 15th, and we couldn’t have chosen a better first guest! Renay Rutter, FRSecure’s COO, got the series started by sharing the experience, wisdom, and insight she’s gained over her 30+ year IT career. Renay expressed how important it has been for her to be strong throughout her career, and in her opinion, women need to be strong to survive in the information security industry. This was a great show!

If you missed this episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Thank you Renay!

Women in Security Series – Part Two

We kept things in the FRSecure family for week two, hosting Lori Blair. Lori is full of information security knowledge and wisdom! She started her career in the industry in 1985, working for the federal government. Over the next 35 years, she’s traveled the world helping organizations with their information security needs and held various leadership positions. She’s excelled everywhere she’s gone and even found time to raise children along the way! Today, Lori is a Senior Information Security Consultant at FRSecure, tackling difficult challenges and mentoring other women.

I have a TON of respect for Lori, and her opinions carry weight for me (and many others). It’s not just her experience that makes Lori amazing, she’s a wonderful, practical, and level-headed person who loves mentoring others. This is a can’t miss episode, go give a listen here; https://podcasts.apple.com/us/podcast/unsecurity-episode-85-women-in-security-pt-2-lori-blair/id1442520920?i=1000479175255

Thank you Lori!

Women in Security Series – Part Three

We welcomed up and comer Victoria Fogarty to the show for Part Three. Victoria is an Associate Information Security Analyst at FRSecure, where she started her career in 2019. She possesses natural gifts for this industry, and her perspectives were fresh. She’s intelligent, relatable, and an excellent communicator. She did a great job explaining how she researched a career in information security while she was an Insurance Adjuster, a job she disliked. Her journey is pretty cool so far, and her future is VERY bright! She even shared a shocker (at least for Brad and me) in this episode. Definitely worth the listen!

If you missed episode 86, here it is; https://podcasts.apple.com/us/podcast/unsecurity-episode-86-women-in-security-pt-3-victoria/id1442520920?i=1000480167348

Thank you Victoria!

Women in Security Series – Part Four

Kristin was our first non-FRSecure guest in the series. This was a great interview! Kristin shared how she got her introduction to information security while she was serving as an elected official (Washtenaw County Commissioner). She has an incredible journey so far, especially considering she has only been in the industry for a little more than 10 years.

She held some very exciting roles before founding the Cybercrime Support Network in late-2017. Her passion for helping people is inspiring, and we’re looking forward to making a difference in this industry together!

Learn about Kristin Judge, her journey, her opinions, and her work founding and running the Cybercrime Support Network in episode 87. If you missed it, go give it a listen; https://podcasts.apple.com/us/podcast/unsecurity-episode-87-women-in-security-pt-4-kristin-judge/id1442520920?i=1000482892565

Truly an amazing person; we loved chatting with her!

Thank you Kristin!

Women in Security Series – Part Five

It was a pleasure having Andrea join us in this episode! She is a Senior at Pennsylvania State University (Penn State), majoring in Cybersecurity Analytics and Operations. She is an avid listener to our show who contacted us through email about a question she had. She was shocked and VERY appreciative when we asked her to join us. We were pleasantly surprised by how well-spoken and determined she was.

Andrea has an incredible future ahead of her in the information security industry! Here’s her take on things in episode 88, WARNING: You’ll be impressed!

Thank you Andrea!

This brings us to today’s episode…

Women in Security Series – Part Six

Today’s guest is Judy Hatchett, a top-notch, no nonsense information security leader. She is the first Chief Information Security Officer we’ve had on the show in the series, and she’s more than worthy. We first met Judy back when she was the CISO at Fairview, and we’ve  been cheering her on (from a distance) in her new role at Surescripts. You’re going to love her perspectives and opinions!

WELCOME JUDY!

 

Let’s get to the show, shall we?

Brad’s leading the show this week, and these are his notes…


SHOW NOTES – Episode 89

Date: Monday, July 20th, 2020

Episode 89 Topics

  • Opening
  • Introducing Our Special Guest: Judy Hatchett (Vice President and Chief Information Security Officer at Surescripts)
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 89 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is July 20th, and joining me this morning as usual is Evan Francen. Good morning Evan.

[Evan] Cue Evan

[Brad] Today we’re recording Part Six of the Women in Security Series, and I’m excited to welcome our guest! She’s someone we greatly respect and someone with the experience to demand it! Today we welcome Judy Hatchett (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts) to the show. Welcome Judy!

[Judy] We know Judy and we expect something positive and/or funny

[Brad] Before we get going let’s recap our week.

Catching Up

[Evan] I don’t know if I talked to Evan since the last podcast (episode 88), I don’t know what’s up…

[Brad] And how about you Judy?

[Judy] Probably something cool…

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Brad] Thanks guys! Alright, let’s get to it.

Women in Security, Part Six

[Brad] This is the sixth week of our series discussing the topic of women in the information security industry.  I think we are starting to see some commonalities from the last five guests and I’m curious to see if Judy has similar insights. I’m also really looking forward to hearing another “outsider’s” perspective and continue this conversation. So with that let’s dive in!

Do we have a shortage of women in our industry? If so, what’s the big deal? Why is the topic important for us to talk about? Lot’s of questions and I’m sure just about everyone has an opinion. Instead of people listening to our opinions, we’re going to talk to the people this relates to the most; women! What better way to get a woman’s perspective on things than to talk to a woman? Let’s do this.

Open Discussion (~30 minutes)

  • How did you get started in this field (information security)?
  • Tell us how you got to where you’re at today.
  • Each of the ladies we’ve had on the show has given us some great insight and wisdom:
    • Part 1 – Renay mentioned the importance of being strong.
    • Part 2 – Lori mentioned the importance of mentoring
    • Part 3 – Victoria mentioned the importance of staying focused.
    • Part 4 – Kristin mentioned the importance of being yourself.
    • Part 5 – Andrea mentioned the importance of finding support.
    • Have you listened to what these ladies had to say in their interviews? If so, what were your thoughts?
  • What advice do you have for someone who’s just starting out?
  • Have you experienced the “bro culture” in our industry? If so, can you share the experience with us?
  • Have you heard about our (alleged) industry talent shortage?
    • Do you think we need more women in our industry and why?
    • Opinions about the talent shortage in our industry.
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Whatever else we’d like to share.

[Brad] Thank you Judy! Good information and things to think about more. Much appreciated! How about some quick news stuff?

Judy, please stick around. If you’ve got anything to add to our commentary, please don’t hesitate.

News

[Brad] More newsy things…

Lastly, I don’t think we need to spend any time on it as it’s been covered extensively but I thought Krebs had a really good writeup on the Twitter hack that the listeners will probably enjoy.

Wrapping Up – Shout outs

[Brad] There you go, episode 89 is in the bag. Thank you Judy for a great sixth installment of to the Women in Security series. Either of you have any shout outs this week?

[Evan and/or Judy] We’ll see.

[Brad] Thank you to all our listeners! Thank you to our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh, and Evan is @evanfrancen. Judy, is there a particular way you’d prefer people to find you?

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 83 Show Notes – It’s About People

Ever have so many things going on that you can’t remember what happened last week? Yeah, that’s where I’m at right now.

Pretty sure Brad’s in the same place I am. So, rather than recapping everything (or trying to), I’ll just get to the show notes.

These are Brad’s show notes this week…


SHOW NOTES – Episode 83

Date: Monday, June 8th, 2020

Episode 83 Topics

  • Opening
  • Catching Up (as per usual)
  • Information Security Isn’t About Information or Security
  • Work, Life, and Mental Health
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 83 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is June 8th, and joining me this morning as usual is Evan Francen.

[Evan] Regales us with stories from the weekend. Oh God!

[Brad] Before we get going let’s recap our week.

Catching Up

Quick discussion about last week, the weekend, family, safety etc.

[Brad] What would you say you do here Evan?

[Evan] Hmmm. Good question! This outta be interesting.

Information Security Isn’t About Information or Security

Discussion about people, information security, working remote, stress, and overall mental health.

[Brad] Your blog from last Tuesday (Information Security Isn’t About Information or Security) really inspired me for this week’s podcast.  There have been countless articles written about how to secure remote workers so we aren’t going to focus on that, though it will probably come up in the course of this discussion.

Here’s the reality, it’s no secret that InfoSec and IT staff struggle with stress and a healthy work/life balance (Mental Health and Cybersecurity).  There really is no “done for the day”, systems can be attacked or suffer an outage anytime.  Add to that the now nearly 3 months of social distancing and quarantine that add even more stress.  We’ve seen an increase in cyber attacks the last 3 months and if your staff is struggling and has lost focus or is more distracted than usual your risk increases even more. So what can we do about it?  (Disclaimer, neither Evan or I are licensed mental health professionals and this conversation should not be taken as professional advice).

From an information security perspective I think you really captured the increased risks to organizations during this unprecedented time in your blog.

As a leader in an organization the employees’ health is critical, looking at it from a business perspective if they are not able to work we cannot deliver for our customers, but to me that feels cold & cynical.  I really do care for every one of our employees, I have a personal, vested interest in their well-being and want to be aware and in-touch with their status… That has become incredibly difficult during this time when you can’t read them face-to-face.

So what I want to do is talk about how we can be more aware and help reduce these risks.  First is being aware, I found these articles that I thought were really good to help identify and be proactive.

And then some really solid advice for employees, or really anyone feeling additional stress right now.

[Brad] Good conversation. Thank you Evan.

Let’s do some news…

News

[Brad] Always plenty of things to talk about in the news, and here’s a few stories that caught my eye this week:

Wrapping Up – Shout outs

[Brad] Alright, that’s it. Episode 83 is a wrap. We got any shout outs this week?

[Evan] We’ll see.

[Brad] Next week is Evan’s show and I think he’s sort of itchin’ to tell us his idea.

[Evan] Yep. Tune in.

[Brad] Thank you to all our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh (B-R-A-D-N-I-G-H) and this other dude is @evanfrancen (just spell his name without a space). Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for goodies and things.

That’s it! Talk to you all again next week!