Posts

The UNSECURITY Podcast – Episode 90 Show Notes – Women in Security Pt7

So far we’ve featured six INCREDIBLE women in the Women in Security Series. Think we’re done?

Nope!

We’ve got another great guest willing to share her story, opinion, and perspective in the seventh installment! Read on…

Women in Security Series

Brad and I started this series because we wanted to learn more about challenges women face in the information security industry. Neither Brad nor I know what it’s like to walk in these shoes, so we’ve enlisted help from some of the women we know in our industry.

What better way to get a woman’s perspective on things than to ask them directly?!

So far, we’ve had six women join us as guests on the show. Each woman brought her own set of experiences, perspectives, and opinions. No two guests have been alike, and we’ve learned a TON!

Here’s our guest line up thus far:

  • Episode 84 – Renay Ruter (an information security business/IT executive)
  • Episode 85 – Lori Blair (a 35-year information security veteran)
  • Episode 86 – Victoria Fogarty (relatively new to the industry)
  • Episode 87 – Kristin Judge (founder and CEO of the Cybercrime Support Network, SC Media “Women in IT Security Influencer” in 2017, former Director of Government Affairs at the National Cyber Security Alliance (NCSA), thought leader, and all-around amazing information security expert)
  • Episode 88 – Andrea Hatcher (Senior majoring in Cybersecurity Analytics and Operations at Pennsylvania State University)
  • Episode 89 – Judy Hatchett (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts)
  • Episode 90 – Amy McLaughlin (this show) (Information security leader and expert in education, having served with the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University)
  • Episode 91 – Theresa Semmens (Chief Information Security Officer at the Nevada System of Higher Education, former AVP/Chief Information Security Officer at the University of Miami, and former Chief Information Security Officer at North Dakota State University)
    /not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)
  • Episode 92 – Lee Ann Villella (Senior Enterprise Security Sales Consultant at FRSecure, Program Director for the Minnesota Chapter of the Information Systems Security Association, and member of the Cyber Security Summit Advisory Board Committee)
  • Episode 93 – TBD/not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)

Seriously, this is an amazing lineup of information security professionals! These women represent our information security industry extremely well, and we’re honored to speak with them on our show!

Here’s what we’ve done so far…

Women in Security Series – Part One

We kicked off the Women in Security series on June 15th, and we couldn’t have chosen a better first guest! Renay Rutter, FRSecure’s COO, got the series started by sharing the experience, wisdom, and insight she’s gained over her 30+ year IT career. Renay expressed how important it has been for her to be strong throughout her career, and in her opinion, women need to be strong to survive in the information security industry. This was a great show!

If you missed this episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Thank you Renay!

Women in Security Series – Part Two

We kept things in the FRSecure family for week two, hosting Lori Blair. Lori is full of information security knowledge and wisdom! She started her career in the industry in 1985, working for the federal government. Over the next 35 years, she’s traveled the world helping organizations with their information security needs and held various leadership positions. She’s excelled everywhere she’s gone and even found time to raise children along the way! Today, Lori is a Senior Information Security Consultant at FRSecure, tackling difficult challenges and mentoring other women.

I have a TON of respect for Lori, and her opinions carry weight for me (and many others). It’s not just her experience that makes Lori amazing, she’s a wonderful, practical, and level-headed person who loves mentoring others. This is a can’t miss episode, go give a listen here; https://podcasts.apple.com/us/podcast/unsecurity-episode-85-women-in-security-pt-2-lori-blair/id1442520920?i=1000479175255

Thank you Lori!

Women in Security Series – Part Three

We welcomed up and comer Victoria Fogarty to the show for Part Three. Victoria is an Associate Information Security Analyst at FRSecure, where she started her career in 2019. She possesses natural gifts for this industry, and her perspectives were fresh. She’s intelligent, relatable, and an excellent communicator. She did a great job explaining how she researched a career in information security while she was an Insurance Adjuster, a job she disliked. Her journey is pretty cool so far, and her future is VERY bright! She even shared a shocker (at least for Brad and me) in this episode. Definitely worth the listen!

If you missed episode 86, here it is; https://podcasts.apple.com/us/podcast/unsecurity-episode-86-women-in-security-pt-3-victoria/id1442520920?i=1000480167348

Thank you Victoria!

Women in Security Series – Part Four

Kristin was our first non-FRSecure guest in the series. This was a great interview! Kristin shared how she got her introduction to information security while she was serving as an elected official (Washtenaw County Commissioner). She has an incredible journey so far, especially considering she has only been in the industry for a little more than 10 years.

She held some very exciting roles before founding the Cybercrime Support Network in late-2017. Her passion for helping people is inspiring, and we’re looking forward to making a difference in this industry together!

Learn about Kristin Judge, her journey, her opinions, and her work founding and running the Cybercrime Support Network in episode 87. If you missed it, go give it a listen; https://podcasts.apple.com/us/podcast/unsecurity-episode-87-women-in-security-pt-4-kristin-judge/id1442520920?i=1000482892565

Truly an amazing person; we loved chatting with her!

Thank you Kristin!

Women in Security Series – Part Five

It was a pleasure having Andrea join us in this episode! She is a Senior at Pennsylvania State University (Penn State), majoring in Cybersecurity Analytics and Operations. She is an avid listener to our show who contacted us through email about a question she had. She was shocked and VERY appreciative when we asked her to join us. We were pleasantly surprised by how well-spoken and determined she was.

Andrea has an incredible future ahead of her in the information security industry! Here’s her take on things in episode 88, WARNING: You’ll be impressed!

Thank you Andrea!

This brings us to today’s episode…

Women in Security Series – Part Six

Judy Hatchett is truly a top-notch, no nonsense information security leader. She’s the first woman on the show with the title Chief Information Security Officer and we were very grateful to spend some time with her. Judy’s path through the information security industry took her through big corporate America (Best Buy, 3M, etc.) before she decided to tackle some of the difficult challenges in healthcare. We first met Judy back when she was the CISO at Fairview, and now we cheer her on in her new role at Surescripts. You’re going to love her perspectives and opinions!

You can catch Part Six with Judy here!

Thank you Judy!

Women in Security Series – Part Seven

I’m excited for this week’s guest! I was first introduced to her though my good friend (and co-worker) Ryan Cloutier. Together, they do great work at the Consortium of School Networking (CoSN), as well as deliver compelling talks at conferences and collaborate on cool projects. Ryan talked her up so much that I sort of thought he was full of it. Could this person be as good as he said she was? Really?!

Yes, yes she is! She’s the real deal and her name is Amy McLaughlin. Here’s some stuff about her:

  • The Director of Information Services at Oregon State University
  • Adjunct Faculty (Psychology) at Chemeketa Community College
  • Cyber Security & Network Consultant & Project Lead at the Consortium of School Networking (CoSN)
  • Home improvement expert (seems like it anyway)
  • A wonderful person and friend to many!

Since we first met, I’ve gotten to know Amy pretty well through our frequent visits on the Daily inSANITY Checkin and I’ve grown to really appreciate her common sense approach to life (and information security).

WELCOME AMY!

Let’s get to the show, shall we?

I’m (Evan) leading the show this week, and these are my notes…


SHOW NOTES – Episode 90

Date: Monday, July 27th, 2020

Episode 90 Topics

  • Opening
  • Introducing Our Special Guest: Amy McLaughlin 
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Welcome! Thanks for tuning in to episode 90 of the UNSECURITY Podcast. My name is Evan Francen, the date is July 27th, and I’m here with my buddy Brad Nigh. Good morning Brad!

[Brad] Cue Brad…

[Evan] This is Part Seven of the Women in Security Series, and we have a great guest joining us today! She’s the Director of Information Services at Oregon State University, Adjunct Faculty (Psychology) at Chemeketa Community College, the Cyber Security & Network Consultant & Project Lead at the Consortium of School Networking (CoSN), and home improvement extraordinaire, Amy McLaughlin. Welcome Amy!

[Amy] Cue Amy…

[Evan] Amy, I’ve been looking forward to this show for a few weeks, or ever since you agreed to join us. We’ve really gotten to know each other during the Daily inSANITY Checkins. Thanks for being here and thanks for being cool!

[Amy] Cue Amy again…

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Evan] OK, as is custom around here, let’s catch up quick. Brad, tell me about your weekend and how you’re doing!

[Brad] Cue Brad again…

[Evan] And Amy, how about you? What have you been up to?

[Amy] Cue Amy again…

[Evan] I’ll say some stuff about the weekend or something too.

Women in Security, Part Seven

[Evan] Alright, let’s get to it! We’ve been doing this series called the Women in Security Series, and it’s been an amazing experience!

  • In Part One (episode 84) we kicked this thing off with Renay Rutter, the COO of FRSecure. She’s a 30+ year IT veteran leader and she told us how important it is for a woman to be strong and confident.
  • For Part Two (episode 85) we welcomed Lori Blair to the show. She’s one of the coolest and humblest information security experts I know. She’s been in this industry since 1985 and gave us a lot on insight into how she got started back then and how she loves mentoring other women.
  • Part Three (episode 86) was Victoria Fogarty, someone who’s new(ish) to the industry after switching careers. She’s a great addition to FRSecure and our industry. She displayed her excellent communication skills and cheerful demeanor on the show. On the flip side, she shared a darker story too. When she was exploring the potential opportunities in our industry, one person she met commented on how her good looks would help her. Sad that people can be that shallow.
  • We went outside our own company for the first time in Part Four (episode 87) when we met Kristin Judge. Kristin is an amazing professional who sort of stumbled into our industry when she was a County Commissioner. Once she got her start, she was off to the races, and now leads the non-profit Cybercrime Support Network. An incredible journey!
  • We were joined by Andrea Hatcher, a Senior at Penn State majoring in Cybersecurity Analytics and Operations for Part Five (episode 88) of the series. It was great getting a perspective from someone who’s just beginning her career in our industry. It was a fresh look at things and we came away feeling like our future is in good hands!
  • Last week we met Judy Hatchett in Part Six (episode 89), a wonderful information security leader with tons of corporate experience. She’s a woman who’s risen through the ranks to be one of the most respected females in our industry and she’s working hard for future generations. Truly one of the best!

This brings us to this week, Part Seven (episode 90)! We’re talking with Amy McLaughlin. We’re BIG fans of hers!

Amy, once again welcome and thank you for taking the time to visit with us!

[Amy] Cue Amy again…

[Evan] Brad and I started the Women in Security Series because we wanted to get female perspectives about some of the issues in our industry. First we’ll take a few minutes getting to know you, then we’ll expand into your thoughts on various women’s topics.

Open Discussion (~30 minutes)

  • How did you get started in this field (information security)?
  • Tell us how you got to where you’re at today.
  • One thing that I find fascinating about you is your interest in/experience in psychology. What can you tell us about this?
  • What’s it like being a woman in our industry? Have you experienced the “bro culture”? If so, can you share the experience with us?
  • We hear a lot about various women’s issues in our industry, and one of those is we don’t have enough women working in our industry. What’s your take, do we have a shortage of women?
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Do any other women’s issues come to mind?
  • What can people do to help? How about Brad and I?

[Evan] Seriously, thank you Amy! Am I going to see you in the Daily inSANITY Checkin later?

[Amy] We’ll see…

[Evan] I appreciate you and your take Amy. Let’s do like we always do and touch on a few news stories from this past week. Amy, please stick around and chime in whenever you feel like it. You got chops!

News

[Evan] Alright, here’s some newsy things that I thought were interesting this past week:

[Evan] Alright, there you have the news.

Wrapping Up – Shout outs

[Evan] Sweet, that just about does it for episode 90, Part Seven of the Women in Security Series! We’re coming to the end of the series with only a few ladies left. Next week we welcome a CISO from a university system in Nevada and a good friend. I’m excited!

Thank you once more Amy for being a great guest and asset to our industry.

Before we go, do either of you have any shout outs?

[Brad and/or Judy] We’ll see.

[Evan] Huge thank you to our loyal listeners! If you’re not loyal or a listener, you can ignore that. Just kidding. We love hearing from you, so reach out to us on LinkedIn, Twitter, or email. Whatever’s most convenient. Twittering us is easy, I’m @evanfrancen, Brad’s @BradNigh, and our show is at @UnsecurityP. You can email us at unsecurity@protonmail.com. Amy, you got a way you want people to find you?

[Amy] Cue Amy again…

[Evan] Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 77 Show Notes – Lots Going On

Keeping the show notes short again this week. We’ve been swamped here at FRSecure and SecurityStudio, so not a lot of time to recap what we’ve been up to.

Let’s just get to it, episode 77 show notes below…


SHOW NOTES – Episode 77

Date: Tuesday, April 28th, 2020

Episode 77 Topics

  • Opening
  • Catching Up (as per usual)
  • Remote Working and COVID-19 Stuff
  • Quick Zoom Update
  • Other Things
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 77 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is April 28th, and joining me this morning as usual is Evan Francen. Good morning.

[Evan] Evan says his “blah, blah, blah”.

[Brad] We have a jam packed show this week for sure, but before we jump in, let’s catch up quick. Lots going on.

[Evan] Yep. LOTS going on! Good things, but a helluva lot of good things!

Catching Up

Quick discussion about some of the cool things we’re doing.

[Brad] Good! Let’s shift gears now quick and talk about security remote workers. We’ve briefly touched on it over the last few weeks but as this appears to be becoming the “new norm”, I would like to spend some time dedicated to the topic.

[Evan] Yeah man! Sounds good.

Remote Working and COVID-19 Stuff

Discussion about many news articles, topics, announcements and such…

[Brad] First up, a news article titled “Malware Risks Triple on WFH Networks: Experts Offer Advice”

[Brad] Obviously this is bitsight so we know the limitations however I think in this use-case the data is valuable. We’ve got some other good resources and guidance to share, including:

[Evan] Yeah, these are all great resources that are worth looking at. I think our listeners will appreciate them all. Quick announcement, S2Me version two is releasing this week! It’s a limited release, but it’s a VERY good one! We’ll get into S2Me and how it works with S2Team to offer a unique (and what we think is a better) approach to securing the remote workforce.

[Brad] Cool. Should be a good show next week then!

Quick Zoom Update

[Brad] Zoom has been all over the news since the COVID-19 outbreak, and the stories have been all over the place. Thought we’d mention some of the latest developments. As a quick aside, we’ve touched on Zoom the last few weeks and it’s interesting that some of the other options have flown under the radar despite attacks that seem to be more severe.

And Zoom has released quite a few new security features, there’s this good write-up on Tech Republic titled “Zoom 5.0 Includes Security and Privacy Improvementshttps://www.techrepublic.com/article/zoom-5-0-is-coming-with-improved-security-features-heres-whats-new/

Other Things

[Brad] Like we said, there’s always a lot going on around here at FRSecure and SecurityStudio. Quick list of things:

  • FRSecure CISSP Mentor Program (we started this 11+ years before the COVID-19 pandemic)
  • Safety and Cybersecurity at Home 101 Webinar Series (Videos here).
  • SecurityStudio Partner Community (Join here).
  • The Daily inSANITY Check-in (Join here).

[Brad] Good conversation. Thank you Evan. Let’s do some news quick.

News

[Brad] Always plenty of things to talk about in the news, and here’s a few stories that caught my eye:

Wrapping Up – Shout outs

[Brad] That’s it. Episode 77 is a wrap. Thank you listeners! We hope you’ve enjoyed the show. Any quick shout outs for you Evan?

[Evan] Yes, I have two…

[Brad] Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh, and Evan is @evanfrancen. Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 76 Show Notes – Tough Times

Keeping the show notes short this week. We have a special guest, a great friend of mine, Serge Suponitskiy!

There are many, many things going on around here (@FRSecure and @SecurityStudio). I can’t recap everything for you, to do so would be very time consuming. There was one highlight from last week that stood out from the rest though…

2020 FRSecure CISSP Mentor Program

The 2020 FRSecure CISSP Mentor Program kicked off last week with Class #1 on Monday (4/13) and Class #2 on Wednesday (4/15)! It’s crazy, this is the 11th consecutive year of our free training program. With 1,444 students registered in 2020, we have now helped more than 2,825 students over the years!

We’ve had many people try to convince us to charge for this, even if only a small sum, but the answer is always “NO”. This is one of the ways we try to give back to our community, and we’ll continue to do this well into the future. We have done this since 2010, well before COVID-19 showed up at our front door.

Since COVID-19, we moved class to 100% online, with live streaming to YouTube. We archive the videos so anyone can watch any time (even those who never registered). The archives are here:

We’ve also setup an online study group. The study group, as of this morning, has 470 active members.

Here’s to a great 2020 program, and here’s to much success for the students!

On to the episode 76 show notes now.


SHOW NOTES – Episode 76

Date: Monday, April 20th, 2020

Episode 76 Topics

Opening

[Evan] Good morning everyone! This is the 76th episode of the UNSECURITY Podcast. The date is April 20th, 2020 and I’m Evan Francen. Joining me is my co-host Brad Nigh.

Good morning Brad.

[Brad] Brad says “hi”.

[Evan] We have a special guest! Let me give you a little background about this guy.

He’s a global business and technology leader with more than 20 years experience building enterprise innovative solutions. He’s guided many organizations through successful transformations, but arguably none more difficult than the one he’s currently facing with COVID-19. He’s currently working at Fight Centre, a global travel company, and as you know, the travel industry has been decimated by the pandemic.

His name is Serge Suponitskiy, and he’s the CTO, CISO, and now interim CIO at Flight Centre, Americas Region.

Welcome Serge!

[Serge] Serge does Serge.

Catching Up

[Evan] As is customary for us, before we jump in to the meat of the show, let’s catch up. If you’re a new listener, you might not know the first motivator for starting the UNSECURITY Podcast. It was to spend an hour shootin’ the breeze with Brad. So what’s up guys? How’s things?

Catching up. Recent events. Coping with *&#!

Introducing our Special Guest

[Evan] I invited Serge to our show for a couple of reasons, the first is, I really like the guy. He’s somebody I respect. The second reason I invited him was to get his perspective on dealing with COVID-19. Serge works in the travel industry, and everything in the travel industry has been turned upside down. He works for Flight Centre, a really great company, and it’s crazy what’s happening…

Topics for discussion:

  • Welcome Serge!
  • Our history and past together.
  • What’s happened to the travel industry since COVID-19?
  • What’s changed for you and your company?
  • What’s the focus for the next 3-6 months?
  • What do you think Flight Centre looks like on the other side?

[Evan] Thank you Serge. You’re a helluva guy and I’m sure everything will work out OK, even if it doesn’t seem like it sometimes.

Middle School Fight

[Evan] Interesting happenings last week between to industry middleweights; Rapid7 and Qualys. I’d like to get your take guys. On Thursday, I get this email…

It goes on…

[Evan] This sort of thing gets under my skin. In our industry, which is about serving and protecting people, we’re supposed to be better than this. So I wrote a short post on LinkedIn and reached out to my friend Chris Roberts for a sanity check.

Here this skinny:

[Evan] What do you guys (Brad and Serge) think about this?

Discussing the middle school playground fight between Rapid7 and Qualys.

News

[Evan] Just one news story this week; IT Services Giant Cognizant Hit by Maze Ransomware Cyber Attack.

Wrapping Up – Shout outs

[Evan] Alright, good show. Thank you for joining us Serge.

[Serge] May or may not say something.

[Evan] Lots going on this week. We continue our Daily inSANITY Checkins, everyone is welcome to join us. Just register online and you’ll get the invites. We also continue the CISSP Mentor Program with classes on Monday and Wednesday. Brad’s teaching tonight and Ryan (“cola”) Cloutier is teaching on Wednesday. I get the week off!

OK, shout out time. Brad, who you want to give a shout out to?

[Brad] We’ll see if he’s got someone.

[Evan] Serge, how about you? You have someone you want to give a shout out to?

[Serge] Maybe he does, maybe he doesn’t.

[Evan] I’d like to give a shout out to __________!

Well, that’s a wrap.

Huge thank you to our listeners. Episode 76 is about to go in the can. We love hearing from you, so if you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, feel free to follow us on Twitter. You can find me @evanfrancen, you can find Brad @BradNigh, and you can find Serge too @SergeSup.

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 75 Show Notes – Hope

Keeping the show notes short this week. Last week’s show notes post should have been broken into two or three posts!

I’m writing this on Easter Sunday, and I’m wishing everyone a Happy Easter! The meaning behind today is promise and hope. Hope is the key talking point for this episode of the UNSECURITY Podcast.

If you missed last week, we had Jim Nash on the show. Jim is our Minnesota State Representative. He shared his perspectives on things like COVID-19, information security in state government, etc. It was a good talk!

Give episode 74 a listen.

Let’s get right to it! Here are the episode 75 show notes…


NOTE: These are my show notes (Evan), but Brad is leading the show.

SHOW NOTES – Episode 75

Date: Monday, April 13th, 2020

Episode 75 Topics

  • Opening
  • Catching Up 
    • Easter Sunday
    • Another week at home.
    • What’s new?
  • Hope
    • Hope in our (information security) industry.
      • Signs we’ve seen during the pandemic.
      • Signs we hope to see post-pandemic.
    • How information security fits into the hope of economic recovery.
    • What’s FRSecure doing to instill hope?
    • What’s SecurityStudio doing to instill hope?
  • More About Zoom
    • What happened (without the BS)?
    • Is it safe to use Zoom or not?
  • Other Things
    • FRSecure CISSP Mentor Program (we started this 11+ years before the COVID-19 pandemic)
    • Safety and Cybersecurity at Home 101 Webinar Series (Videos here).
    • SecurityStudio Partner Community (Join here).
    • The Daily inSANITY Check-in (Join here).
  • Other News – Just one: Coronavirus-themed attacks April 05 – April 11, 2020
  • Wrapping Up – Shout outs
Opening

[Brad] Good morning everyone! This is the 75th episode of the UNSECURITY Podcast. The date is April 13th, 2020 and I’m Brad Nigh. Joining me is my co-host Evan Francen.

Good morning Evan.

[Evan] I’ll say good morning too, but the enthusiasm behind my words will depend on how early I got up today.

[Brad] We’re remote still, recording the show on Zoom. Yes, you heard that right. We’re on Zoom right now. We’ll talk more about this later on in the show.

First, as is customary for us. Let’s catch up a little.

Catching Up

[Brad] Yesterday was Easter Sunday. Did you have a good Easter, Evan?

[Evan] Maybe I did. Maybe I didn’t. Ooooh, the suspense!

Discussion between Evan and Brad

Hope

[Brad] Hope is a beautiful thing. Sometimes it’s all we have to hold on to. Let’s talk about the role that hope is playing these days, in our industry and in our companies.

Discussion about the following:

  • Hope in our (information security) industry.
    • Signs we’ve seen during the pandemic.
    • Signs we hope to see post-pandemic.
  • How information security fits into the hope of economic recovery.
  • What’s FRSecure doing to instill hope?
  • What’s SecurityStudio doing to instill hope?
More About Zoom

[Brad] The news and noise about Zoom and their information security issues didn’t slow much last week. Some of the issues are nothing more than FUD, but there are some legitimate concerns too. I think our listeners could really benefit from a continued discussion about this.

Discussion about Zoom issues.

[Brad] There are always two sides to the story. I can’t remember seeing a company go through such a roller coaster of ups and downs in such a short period of time.

Other Things

[Brad] Lots of other things happening around here, that’s for sure! The pandemic, the lockdown, working remotely, and everything else that comes along with those things has not stopped us for a second! We’re just as busy as always.

Discussion about other things.

  • FRSecure CISSP Mentor Program (we started this 11+ years before the COVID-19 pandemic)
  • Safety and Cybersecurity at Home 101 Webinar Series (Videos here).
  • SecurityStudio Partner Community (Join here).
  • The Daily inSANITY Check-in (Join here).

[Brad] Alright. Lots going on. We’ll see what this week brings!

News

[Brad] Just one news story this week. Let’s look at a recap of Coronavirus-themed attacks from this past week posted on Security Affairs.

Wrapping Up – Shout outs

[Brad] Alright, good show. Give someone hope and encouragement today and every day this week! Evan, who do you have a shout out for this week?

[Evan] Some people for sure…

[Brad] I’d like to give a shout out to ________.

Thank you for listening to episode 75. We love hearing from you, so if you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet like that. I’m @BradNigh, and Evan’s @evanfrancen.

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 74 Show Notes – COVID-19 MN Response

If you reading this, I hope you and your loved ones are well! From what I read, we have another few tough weeks ahead of us in the U.S. before (maybe) we turn the corner a little. Keep up the good work by staying at home and/or maintaining your distance from others. Now is NOT the time to let up.

If you missed last week’s show notes or episode 73 of the UNSECURITY Podcast, we had a great time taking with our special guest, Oscar Minks. Oscar leads FRSecure’s Technical Services Team, and he shared some great insight into their current incident response activities.

Episode 74 Topics

Topics for this episode of the UNSECURITY Podcast include:

  • Opening
  • Special Guest – Jim Nash
  • Catching Up 
    • Another week at home.
    • What’s new?
  • COVID-19 Talk With Jim Nash
    • What’s going on in MN state government
    • What’s he hearing from other states
    • How he’s helping our community and tips for listeners
    • Opinion about impact on information security
  • Web Conferencing Craziness (mostly Zoom)
    • The Rise
    • The Bug
    • Zoombombing
    • Other Stuff
    • Overreaction
    • Benefactors
    • Logic and Reason
  • Work From Home – S2Me
    • NASCIO – COVID-19 Response Resources for State IT
    • Safety and Cybersecurity at Home 101 Webinar Series
    • Version Two
  • Other News
    • The Daily inSANITY Check-in
    • FRSecure CISSP Mentor Program
  • Wrapping Up – Shout outs

You can find the full show notes later in this post.

Thoughts

It’s good to get things off your chest from time to time, and it doesn’t matter if anyone else reads what you write. If you are reading this, I hope you get some value from it.

Good News

It’s been hard the last few weeks to find good news. Seems like everywhere I look, there’s bad news. Most of the time is related to Covid-19, but now always. The bad news can come from another breach, vulnerabilities in some application (this week it was Zoom), or any number of things.

If you want to find good news, you have to be intentional about it.

Here’s some good news sources/stories:

See? There are lots of good things happening around the world. Look for them and be encouraged.

Struggling

In the middle of all that’s going on, there are many people struggling. I may be OK and you might be OK too, but the number of people who aren’t OK has grown fast and continues to increase every day. People are losing their businesses, losing their jobs, and losing their minds.

For people who have lost their business, it may feel like you’ve lost your dream. You haven’t! The dream is still alive, it’s just deferred. It’s paused. You may have to start over, or maybe not. The point is to NOT give up. Starting over gives you a chance to do it better this time, using all that you’ve learned from the last time.

For people who have lost their jobs, you might be worried about bills or even where your next meal comes from. When you’re in the middle of the crap, it’s hard to see the other side. Missing payments can be stressful, but it’s not the end of the world. Do what you can to survive this (and you WILL survive this) and try to focus on what you will do or be on the other side. Plan now for what’s to come.

Personal Story

When we started FRSecure in 2008, the U.S. was in the middle of a recession. I thought we could power through it, and succeed despite the odds. I was wrong. We couldn’t find customers, and within a year, it became evident that we wouldn’t be able to pay our bills, including our house payment. I could have given up on the dream of my business and entered the job market again, or I could believe that things would get better. 11-12 years later and FRSecure is a very healthy company, employing more than 70 people and serving more than 1,000 customers. Foreclosure with a wife and five kids was very hard, but we didn’t give up.

Mental Health

For people who have or feel like they’ve lost their minds, please get help. Maintaining mental health during times of crisis can be extremely difficult. It’s OK to not be OK, but it’s not OK to let it rule you. There are many people who care about you and want you to let them help. This is the truth! The most common lie (I think) is believing that you’re not worthy and nobody cares. That’s the lie. Believe and follow the truth, here are some people who care (100%):

Remember, there is hope and there is help! This is the truth, and you have to believe it.

Social Media Stuff

It dawned on me that we have a lot going on, and we share a lot of it on social media. Here’s the list of social media accounts for us:

Those are some thoughts right now. Let’s get to the show notes!


SHOW NOTES – Episode 74

Date: Monday, April 6th, 2020

Show Topics:

  • Opening
  • Special Guest – Jim Nash
  • Catching Up 
    • Another week at home.
    • What’s new?
  • COVID-19 Talk With Jim Nash
    • What’s going on in MN state government
    • What’s he hearing from other states
    • How he’s helping our community and tips for listeners
    • Opinion about impact on information security
  • Web Conferencing Craziness (mostly Zoom)
    • The Rise
    • The Bug
    • Zoombombing
    • Other Stuff
    • Overreaction
    • Benefactors
    • Logic and Reason
  • Work From Home – S2Me
    • NASCIO – COVID-19 Response Resources for State IT
    • Safety and Cybersecurity at Home 101 Webinar Series
    • Version Two
  • Other News
    • The Daily inSANITY Check-in
    • FRSecure CISSP Mentor Program
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone! This is the 74th episode of the UNSECURITY Podcast. The date is April 6th, 2020 and I’m Evan Francen. Joining me is my co-host Brad Nigh along with our special guest Jim Nash.

Good morning Brad.

[Brad] He’ll say what he wants.

[Evan] Welcome to the show again Jim and good morning!

[Jim] He’ll also say what he wants.

[Evan] Jim, do you remember the last time you were on the show? How long ago was that?

[Jim] Still saying what he wants.

[Evan] It’s customary now that we start the show by catching up a bit with each other.

Catching Up

Discussion between Evan, Brad, and Jim.

[Evan] Alright! We invited Jim to be on the show again for a couple reasons. #1 – We like him and #2 – We want to get his perspectives on COVID-19. He’s certainly got some unique things to share.

COVID-19 Talk With Jim Nash
  • What’s going on in MN state government?
  • What’s he hearing from other states?
  • How he’s helping our community and tips for listeners?
    • Supporting the community and small business.
    • Where can we find his videos, pictures, and updates?
  • Opinion about impact on information security

[Evan] For those who don’t know, Jim is my state representative. He represents the district in which I live and I couldn’t be prouder of the way he represents me!

OK, last week, news about Zoom was all the rage it seemed. There’s plenty of fear, misinformation and confusion about the web conferencing solution. I think our listeners could benefit from some straight talk about the issues.

I put together a series of stories and organized them into subtopics. It’ll be cool to get you guys’ perspective.

Web Conferencing Craziness (mostly Zoom) DIscussion

This slideshow requires JavaScript.

 

[Evan] Crazy. The plot is thick surrounding Zoom, isn’t it. The noise is loud and it’s hard to find the truth in all of it.

Let’s switch gears now and talk about something else that’s related. There is no shortage of articles and guidance for working from home. We built a simple assessment in the beginning of 2019, before all hype surrounding the pandemic. The simple assessment is known as S2Me, and it’s importance is higher than it’s ever been.

Work From Home – S2Me

Discussion about S2Me, including:

[Evan] There you go. S2Me is free and always will be free. Either of you guys feel comfortable sharing your personal S2Score?

Other News

[Evan] We had so many things to talk about this week. We’re going to skip other news stories again. Two quick things to tell you about though, before we go.

  • The Daily inSANITY Check-in
    • Still going strong.
    • Everyone is invited all the time!
  • FRSecure CISSP Mentor Program
Wrapping Up – Shout outs

[Evan] Well, that’s it for this week. Plenty going on and lots to do. Either of you guys have any shout outs?

Thank you for listening. We’re a couple of guys who really care about you. We’re hoping you all stay healthy and sane! We love hearing from you, so if you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet like that. I’m @evanfrancen, and this other guy is @BradNigh. Jim, you’re all over the place. Want to share some places where people can interact with you online?

Jim, thank you for coming on and sharing with us today!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 73 Show Notes – COVID-19 IR

Hope you and your loved ones are well! We can’t understate the importance of physical, mental, and spiritual health, especially in times like these.

If you missed last week’s show notes or episode 72 of the UNSECURITY Podcast, there’s some pretty good stuff there.

Episode 73 Topics

Topics for episode 73 of the UNSECURITY Podcast include:

  • Opening
  • Catching Up 
    • The first full week with a closed office.
    • Staying sane and healthy at home.
  • COVID-19 Affects on Information Security (some of them)
    • Introducing our special guest, FRSecure’s Director of Technical Solutions and Services
    • Incident Response During COVID-19
      • Current Events/Incidents
      • FRSecure’s IR Risk Registration (what is it and why would I consider it?)
    • COVID-19 Scams and Attacks
      • What have we seen?
      • What are we planning for?
    • Physical Security Considerations
  • The Daily inSANITY Check-in
  • FRSecure CISSP Mentor Program Update
  • Wrapping Up – Shout outs

You can find the full show notes near the bottom of this post. Before getting there, I need to get some thoughts out.

Thoughts

It’s been 13 days since FRSecure and SecurityStudio closed their offices. All of us are still around and working, but it’s crazy how much life has changed. Personally, I’m still struggling to make sense of things and I’m mulling over COVID-19 data almost obsessively. The COVID-19 scoreboards plastered everywhere don’t help. On one hand, I like being informed. On the other, I’m tired of tracking the number of infections and deaths.

As I write this, there are 140,164 infections in the United States and 2,476 deaths. What does this mean in the context of everything else? How do I make sense of these numbers? Here’s one attempt:

What does a “normal” 30 days look like in the U.S. for deaths/mortality? According to the CDC, there were nearly 3,000,000 deaths in the U.S. in 2018 (the latest data available). Using this data, here are the number of people who died within an average 30 day window:

  • 53,867 from heart disease (the top killer in the U.S. with 655,381 deaths)
  • 49,255 from cancer (#2 – 599,274 deaths)
  • 13,736 from accidents/unintentional injuries (#3 – 167,127 deaths)
  • 10,029 from Alzheimer’s Disease (#6 – 122,019 deaths)
  • 3,973 from suicide (#10 – 48,344 deaths)

Compare these numbers to where we’re at now with COVID-19. I’m NOT at all minimizing the impact of COVID-19. I’m trying to make sense. I know the number of infected people and deaths will rise significantly over the coming weeks/months, and sadly, we’re in for more terrible news. I’m trying to understand what the numbers mean in the context of other things that aren’t as foreign to me.

A single sick person and/or a single death is sad enough, let alone thousands.

OK. Got that off my chest. Lots and lots of great things going on at FRSecure and SecurityStudio. The best place to keep up with them right now is probably on social media:

Let’s get to the show notes now!


SHOW NOTES – Episode 73

Date: Monday, March 30th, 2020

Show Topics:

  • Opening
  • Catching Up 
    • The first full week with a closed office.
    • Staying sane and healthy at home.
  • COVID-19 Affects on Information Security (some of them)
    • Introducing our special guest, FRSecure’s Director of Technical Solutions and Services
    • Incident Response During COVID-19
      • Current Events/Incidents
      • FRSecure’s IR Risk Registration (what is it and why would I consider it?)
    • COVID-19 Scams and Attacks
      • What have we seen?
      • What are we planning for?
    • Physical Security Considerations
  • The Daily inSANITY Check-in
  • FRSecure CISSP Mentor Program Update
  • Wrapping Up – Shout outs
Opening

NOTE: The show notes were written by me (Evan), but Brad’s leading this episode.

[Brad] Hello listeners, this is another episode of the UNSECURITY Podcast. My name is Brad Nigh, this is episode 73, and the date is March 30th, 2020. Joining me is my co-host Evan Francen. Good morning Evan.

[Evan] Good morning Brad!

[Brad] Also joining us for the show is our special guest and FRSecure’s Director of Technical Solutions and Services, Oscar Minks. Good morning Oscar!

[Oscar] Says good morning or something with his cool southern accent.

[Brad] We’ve got lots to talk about! As is our custom, let’s get started by catching up quick.

Catching Up

Topics here include how we’re coping with COVID-19, the first full week with a closed office, and staying sane (and healthy) at home. Brad found a really good video online; Covid-19 Protecting Your Family, Dr. Dave Price

[Brad] Here’s a can of worms (maybe). Let’s talk about some of the effects that COVID-19 has on what we do. Some of the effects on information security, starting with incident response and physical security. We already mentioned that we’ve got our special guest Oscar Minks here. He’s got some good insights to share, and this should be a good discussion.

Discussion – COVID-19 Affects on Information Security (some of them)
  • Introducing our special guest (again), FRSecure’s Director of Technical Solutions and Services
  • Incident Response During COVID-19
    • Current Events/Incidents
    • FRSecure’s IR Risk Registration (what is it and why would I consider it?)
  • COVID-19 Scams and Attacks
    • What have we seen?
    • What are we planning for?
  • Physical Security Considerations

[Brad] Sadly, the frequency of scams and attacks only increases during times of distress. It’s important that we keep our eye on the ball and not compound our problems with an information security lapse.

OK, switching gears now. Some people are struggling right now. Struggling with making sense of things, struggling with employment, struggling with anxiety, or struggling with any number of things. We started this thing called the Daily inSANITY Check-in last week. Evan, tell the listeners about this thing.

Daily inSANITY Check-in Discussion

The purpose of the Daily inSANITY Check-in is to provide a safe place for people to discuss current events, information security things, challenges we’re facing, or whatever else comes to mind. The check-ins are short (30- to- 60-minute) daily meetings with discussion. People are always free to come and go as they please.

[Brad] The Daily inSANITY Check-in is just one place to get support out of many within our community. The point is to find help when you need it and to help people where you can. It’s cool to see so many people rally and help.

FRSecure CISSP Mentor Program Update

[Brad] Real quick, we made an announcement last week about the FRSecure CISSP Mentor Program. We’re happy to say that we are still going through with this year’s class! The only change is that we have cancelled the in-person portion of the program. As of last Monday, the 23rd, we have 1,007 registered students! That’s crazy! Oh, and I should mention, if you haven’t registered yet, registration is still open.

Wrapping Up

[Brad] No news this week because we had so many other things to talk about. Two last things to mention:

  • Our pal Ryan Cloutier, aka “Cola” just wrapped up the second episode of his K12 Cybersecurity Podcast. It’s a great podcast and you should give it a listen!
  • A shout out to one of our regular listeners, Olga Hoogendoorn – Startseva. Evan promised to give her a shout out because she’s pretty awesome!

Well, that’s it for this week. Plenty going on and lots to do.

Thank you for listening. We’re a couple of guys who really care about you. We’re hoping you all stay healthy and sane! We love hearing from you, so if you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet like that. I’m @BradNigh, and this other guy is @evanfrancen. Also, don’t forget to check out @studiosecurity and @FRSecure. They post some good things! Let us know how we can help you!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 72 Show Notes – COVID-19

Hi everyone. We’re hoping and praying for everyone’s health and mental well-being right now. Take care of what really matters, yourself and your loved ones.

Episode 72 of the UNSECURITY Podcast will be dedicated to continued discussion about COVID-19 and what the pandemic means, in our daily lives and in our vocation as information security people. It’s the topic on everyone’s mind, so to not talk about it seems a little tone deaf.

Before we get to the show notes (below), I’d like to highlight a few things going on around here.

One Word

What one word would you use to describe your past week? If you’re a Twitterer, let us know by tweeting your word with the hashtag #UNSECURITYoneword. Be sure to include us (@evanfrancen and @bradnigh) in the conversation.

Not Adjusted Yet

Not sure about you, but I haven’t adjusted yet. I’m an introvert, so I was expecting to thrive in isolation. I was wrong (for now). I was surprised to learn how much personal interaction really means to me.

Everything seemed different this past week and I was definitely a little off my game. I had trouble focusing on tasks and struggled with processing events occurring all around me. Nothing made sense at times.

On Tuesday (3/17) we (FRSecure and SecurityStudio) closed the offices, and by the next day, almost everyone was online and functionally working from home. Since there was nobody at the office, I decided to work from there.

The empty office was quiet. Too quiet. The quiet forced me to realize how social we are in our office. Every (normal) day is like a family get together. A family get together where everybody actually likes each other.

In a quiet office there are no dumb office jokes. No laughter. No smiles. No fist bumps. A quiet office is just filled with empty. Our office was filled with empty and me. It was a eerie and it was lonely.

I’m assuming the adjustment will just take time. Between now and then, let’s all keep our head up and look for ways to help others. Helping others can be a great coping mechanism!

The Pledge

Also on Tuesday, I wrote a pledge and posted it on LinkedIn. This pledge is one that I plan to live by, especially now.

My pledge:

  • I will NOT panic.
  • I will NOT give in to fear.
  • I WILL think things through.
  • I WILL make prudent decisions based upon the best (non-biased) information available.
  • I WILL be the person I’ve always been and learn to be better.
  • I WILL help my fellow humans whenever and however I can, putting my family first.
  • I will NOT use this (or anything else) to take advantage of people, and
  • I will NEVER put someone in danger if I can help it.

coronavirus panic fear think prudence decisions learning helpingpeople

What Else

We did a lot this past week.

The Impact of COVID-19 on Information Security Webinar(s)

In the midst of the chaos, we decided to put together a last minute webinar for Wednesday (3/18) afternoon.  Our motivation for the webinar was to help people and bring calm to the storm. Despite last minute arrangements and everything else going on, we had ~250 people come to the first session. Participation and interaction was more than we expected! There were many unanswered questions after the first session, so we decided to do a second session on Friday (3/20).

The topics we discussed were:

  • Introductions.
  • Before we get started.
    • #1 – The current state of affairs.
    • #2 – My pledge.
    • #3 – FRSecure Open Letter.
    • #4 – Ideas we’re kicking around.
  • Topics:
    • What is the impact of COVID-19 on information security?
    • How to securely shift employees to remote work during social distancing.
    • Some of the current social engineering scams around COVID-19 and how to avoid them.
    • How to create or adjust your business’s disaster recovery plan.
  • Where to go if/when you need help.

I’ve posted a copy of the presentation online for everyone.

Virtual Happy Hours

Our team started doing virtual happy hours on Thursday. Every organization should do these! We all get into an online Zoom meeting and hangout for a while. We share. We laugh. We joke. We smile. We love. These are amazing experiences that are healthy and good for the soul.

I prefer to sit and listen most of the time. Just taking it in. The sounds of my team laughing, their smiles, their dumb jokes (like really dumb), and sharing our day together are beyond magical. The joy these guys bring to my day is the best way to end it!

The Daily inSANITY Check-in

Nobody has this thing figured out and nobody has it all together.

We want to help, so we’re starting the Daily inSANITY Check-in webinar series. The purpose of the Daily inSANITY Check-in is to provide a safe place for people to discuss current events, information security things, challenges we’re facing, or whatever else comes to mind. The check-ins are short (30- to- 60-minute) daily meetings with discussion. People are always free to come and go as they please.

This is new, and we’re just getting started. Don’t expect all the kinks to be worked out day one. Visit the registration page for the full description and to signup.

K12 Cybersecurity Podcast

Good news! Our buddy Ryan Cloutier just released the first episode of the K12 Cybersecurity Podcast. His first episode is awesome! It’s so much better than our first UNSECURITY Podcast. In this episode, Ryan’s special guest is Amy McLaughlin. Amy is the Information Services Director at Oregon State University and cybersecurity project director for the Consortium for School Networking (CoSN).

This was a timely and well done episode. I recommend you subscribe to Ryan’s K12 Cybersecurity Podcast and get ready for more great content!

Pretty sure I forgot something, but that’s all for now. Let’s do a podcast (or something)!


SHOW NOTES – Episode 72

Date: Monday, March 23rd, 2020

Show Topics:

  • Opening
    • The week that was.
    • The week that is to come.
  • COVID-19
    • Priorities, and where does information security fit?
      • Mental and Physical Health
      • Yourself and Your Loved Ones
      • Business – Survival
    • The Bass and The Barracuda
      • Don’t be a bass. Be a barracuda.

This slideshow requires JavaScript.

Opening

[Evan] Hello listeners, this is another episode of the UNSECURITY Podcast. My name is Evan Francen, this is episode 72, and the date is March 23rd, 2020. Joining me in studio is my buddy Brad Nigh. Good morning Brad!

[Brad] If it’s a good morning for Brad, we’ll know by how he responds.

[Evan] Last week was nuts. You and I hardly had a chance to connect with all that’s going on, so we’re a little out of sorts. This would normally be your week to lead the podcast, but since we didn’t really connect, I’m hosting again. Hope that’s OK.

[Brad] He’s one of the nicest guys you’ll ever meet. He’s probably OK with this.

[Evan] We’ve got a lot to talk about this week. Top of mind or course is COVID-19 and what the pandemic is doing to our daily lives. Sort of hard to talk about much else right now, right?

[Brad] He might agree.

[Evan] Last week was crazy. Let’s talk about the week that was and then talk a little about what’s coming this week.

Catching Up Discussion

Discussing last week’s events and what we’re expecting this week.

[Evan] Alright, there has never been anything in my lifetime that’s been as disruptive as the COVID-19 pandemic. I sort of feel like we’d be tone deaf if we didn’t keep up the conversation.

COVID-19 Discussion

Our topics this week include:

  • Priorities, and where does information security fit?
    • Mental and Physical Health
    • Protecting Yourself and Your Loved Ones
    • Business – Survival
  • The Bass and The Barracuda
  • Another plug for S2Me.
  • Next Week:
    • Maybe a guest; it’s been a while.
    • What happens on the other side?
    • Daily inSANITY Check-in Update
    • What we’re doing to help.

[Evan] The world has hardly seemed any crazier than it is today. Do all you can to maintain (or restore) your health. Good talk. Now let’s get to some non-COVID-19-related news.

News

[Evan] Alright, let’s talk about a non-coronavirus story (or two or three). Remember, attacks aren’t going to stop. In fact, they are increasing and are expected to continue to increase. Don’t ever put anything past or too low for the lowest among us.

Here’s two news stories to consider this week:

Closing

[Evan] There you have it. Episode 72. Thank you for listening. We’re wishing everything health and sanity! Remember, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet like that. I’m @evanfrancen, and Brad’s @BradNigh. Check out @studiosecurity and @FRSecure frequently. They’re always posting good things!

Be safe. That’s it. Talk to you all again next week!