Posts

UNSECURITY Podcast – Episode 98 Show Notes

Here we are again, another Tuesday, and another episode of the UNSECURITY Podcast!

Tons going on, as usual.

Last week we released a couple new FREE things at SecurityStudio:

  • Work From Home Security Policy Template – Located at the bottom of our S2Team page. If you don’t know what S2Team is, you should definitely take a look. If you just want the template and don’t care, here it is.
  • Ransomware Recovery Contract – A simple contract between executive management and IT to ensure accountability for ransomware recovery. Executive management likes it because they finally know what to ask for, and IT likes it because they can use it to show they’re doing what they should/can to prevent a prolonged ransomware outage. I’ve uploaded the contract to my site here.

ADDED: Brad reminded me on the show that FRSecure made a free Incident Response Plan Template available last week. Take a look. It’s really, really good (and free)!

Other goings on include developing and improvement of new services (including the release of SecurityStudio v3.9 and an incident response capability assessment), continued collaboration with great partners, a few speaking engagements, episode 19 of the Security Shit Show, deployment of S2Team, and other things.

Alright, enough about that. Let’s get to the show notes, shall we? These are my (Evan) notes.


SHOW NOTES – Episode 98

Date: Tuesday, September 22nd, 2020

Episode 98 Topics

  • Opening
  • Catching Up
  • Accountability
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone. Thanks for tuning in to episode 98 of the UNSECURITY Podcast. Today is September 22nd, 2020 and joining me is my co-host and friend Brad Nigh.

Good morning Brad.

[Brad] Cue Brad.

[Evan] I think we have a good show planned for listeners this week. This episode is all about accountability. I’d like to discuss how accountability works in information security, who should be accountable for what, and give some tips for improving accountability where we work and in the world around us.

Lots to cover on the topic of accountability. Before we jump in, quick catchup with Brad.

Catching Up

[Evan] Brad, how you doing? What’s new?

[Brad] Cue Brad.

[Evan] Cue Evan.

Transition

Accountability

[Evan] Alright, let’s talk about accountability, or maybe the lack of accountability, in information security. This has been a topic that’s been dominating my thoughts again for the past couple weeks. I say “again” because this isn’t the first time we’ve talked about it.

During an episode of the Security Shit Show a couple weeks ago, I think it was episode 18, we were talking about ransomware. The talk was great, but the frustration we all felt was apparent. Why do we keep doing the same things over and over again? Why don’t people do the basics? My take was the lack of accountability. So, I drafted a Ransomware Recovery Contract to help.

Have you seen the Ransomware Recovery Contract?

[Brad] Cue Brad (I’m sort of springing this on him).

[Evan] So, the greater issue of accountability in general. Let’s talk about it here, for our benefit and the benefit of our listeners.

  • The importance of accountability.
    • Repeating the same mistakes over and over.
    • Safe to assume people know?
    • People die now.
  • When to define accountability.
  • Who’s ultimately accountable for what?
    • In tech – buggy software, social media (see the social dilemma), etc.
    • Big organizations.
    • Small organizations.
    • Public organizations.
    • School districts.
  • Examples of accountability disfunction.
  • Examples of good accountability.
  • What to do about it.
    • Get out ahead. Better now than never (or later).
    • Will CEOs be personally liable someday?

[Evan] This is a deep subject with much to be said. Everything moves so fast, and sadly accountability is severely lagging behind.

[Evan] For listeners who are wondering about us doing a series titled “Politics and Information Security”, it’s still being considered. We just have to put it all together.

[Evan] OK, news. Let’s do some quick news stories.

News

[Evan] Three news stories to talk about briefly this week:

Wrapping Up – Shout outs

[Evan] OK. That’s about it. Episode 98 is almost a wrap. Brad, any shout outs this week?

[Brad] Shout out…

[Evan] We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

UNSECURITY Podcast – Episode 97 Show Notes

Good morning! Happy Tuesday!

Thinking Brad is back again this week. I dig that because I dig Brad!

Last week, Brad was out feeling sick. This led to a solo recording of the UNSECURITY Podcast; go check out episode 96 if you want to hear me do my most awkward podcast yet.

Busy, Busy, Busy

We’ve been very busy around here, and it sounds like many of you are too. There are many good signs recently that the economy may be rebounding. The positives:

  • Elections – although the next 50ish days are going to be chaotic, there will be some settling in after the elections are complete. Regardless of which way you swing (blue or red), the completion of an election cycle brings a sense of stability.
  • COVID-19 – there’s been a lot of positive news about medical treatments and possible vaccines. The sooner we can put the pandemic behind us, the better. Once the pandemic is behind us (closer with each passing day), the economy should settle.
  • Markets – the stock and housing markets have held there own through all the chaos of 2020. This is a good sign of good things ahead in our opinion.

Busy is good, and it would take a small book to tell you all the good things going on at SecurityStudio and FRSecure! SecurityStudio is well on it’s way to being a very healthy and profitable SaaS company and FRSecure is exploring expansion (acquisition, merger, and/or geographic expansion).

I sincerely hope you and your family are well!

Why Can’t We All Just Get Along?

Today’s topic is about our divisiveness in world today and what it means to our industry. We’ll be careful to be respectful of other people’s opinions as we navigate these waters, and this may be a good segue into a future series we’ve been thinking about recently; “Politics and Information Security”.

Let’s get on it. The show notes…


SHOW NOTES – Episode 97

Date: Tuesday, September 8st, 2020

Episode 97 Topics

  • Opening
  • Catching Up
  • Why Can’t We All Just Along?
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone. Thanks for tuning in. The date is September 15th, 2020 and this is episode 97 of the UNSECURITY Podcast! I’m your host, Evan Francen, and back with me this week is my good friend, Brad Nigh! Good morning Brad.

[Brad] Good things from this dude.

[Evan] Well, you were out ill last week. How you feeling? What’s new?

Catching Up

[Evan] Regular listeners to our show know that Brad and I normally start off with catching up with each other. Let’s do it.

Topics:

[Evan] Did you get a chance to hear last week’s episode? It was definitely awkward doing the show alone for the first time!

Transition

Why Can’t We All Just Get Along?

[Evan] It’s crazy how much information security reflects life and vice versa. I’ve been thinking about what our next series should be, and I’m always interested in tackling serious topics. We’re in the middle of an election cycle right now and I can’t remember a time when our country has been more divided than it is today. Me being me, I want to talk about it with you (Brad).

What are your first thoughts about the divisiveness in our country today?

[Brad] Chimin’ in.

[Evan] Here’s what I’d like to explore with you:

  • General divisiveness (political, social, information security, etc.)
    • Intimidation/bullying for sharing your thoughts, opinions, disagreements, etc.
    • When you find someone being a jerk or speaking/writing nonsense.
  • Outside Influences to Information Security
    • Today’s political climate.
    • Where do we find facts vs. opinions?
  • Within Information Security
    • How do we think our divisiveness affects information security?
    • Putting down others (competition, other professionals, etc.).
    • The divide between us and the business.
  • A couple of podcast reviews.

 

[Evan] I’m thinking about doing a series titled “Politics and Information Security”. We could interview special guests form both sides of the isle and get their opinions on all sorts of things. What would set us apart is respectfulness. We would do this in a way that respects opinions without attacking and bullying. This could be a great opportunity to set an example for others on how to discuss hot topics without beating each other up. What do you think?

[Brad] We’ll see what he thinks…

[Evan] The timing seems right to do a series like this. Alright. More to come on that! Let’s do newsy stuff now.

News

[Evan] Here’s some news I thought was interesting:

Wrapping Up – Shout outs

[Evan] OK. That’s about it. Episode 97 is almost a wrap. Brad, any shout outs this week?

[Brad] Shout out…

[Evan] It’s nice to have you back man. We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

UNSECURITY Podcast – Episode 96 Show Notes

Hope you had a fantastic Labor Day weekend! Personally, it was nice to get away with family and disconnect for a while!

Did you know the history of Labor Day?

It’s always the first Monday in September, ad it’s dedicated to the social and economic achievements of American workers. The first state to recognize the holiday was Oregon in 1887, and it became a federal holiday in 1894. So, this year we celebrate more than 125 years of American work!

Read more about the history of Labor Day on the U.S. Department of Labor website.

Brad’s out today.

Like most weeks, I’m writing the show notes last minute. On the way into work this morning (2:30am), Brad sent me a text message informing me that he is not feeling well. We think it might be a bout of food poisoning, so he should be OK with some rest. Please keep him in your thoughts and prayers.

No Brad today, so this means I’m left to my own devices. This will be the first episode I’ve done by myself. We’ll see how this shakes out.

Let’s get on with it! These are my (Evan) notes.


SHOW NOTES – Episode 96

Date: Tuesday, September 8st, 2020

Episode 96 Topics

  • Opening
  • Catching Up
  • Context Means Everything A Lot
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone. Thanks for tuning in. The date is September 8th, 2020 and this is episode 96 of the UNSECURITY Podcast! I’m your host, Evan Francen, and my buddy is out sick today. Normally Brad Nigh joins me as co-host, but he informed me early this morning that he might have a case of some food poisoning.

Wishing Brad a fast and full recovery!

Be warned. Without Brad, I might end up rambling a bit!

Catching Up

[Evan] Regular listeners to our show know that Brad and I normally start off with catching up with each other. No Brad today, so I’ll bore you with some of the stuff I’ve been up to:

  • Great weekend camping with my wife, my daughter, my good friend Ryan Cloutier, and his wife Aimee
  • Bunch of meetings last week, including 11 last Tuesday; Chubb, the Cybercrime Support Network, Schneider Downs (makers of Red Lure), etc.
  • Lots of great work going on at both companies; FRSecure and SecurityStudio.
    • New service offerings at both companies.
    • S2Org – working on a global S2Score, integrating S2Team, S2Vendor, and new deeper-dive risk assessments.
    • S2Vendor – working on customized workflows, custom due dates, integration of something called the “Cowbell Factor”, vendor breach data/news, etc.
    • S2Me – Redesign based on user feedback, definition of four new “normal” language dialects, and the introduction of “Sam”.
  • The Security Shit Show last Thursday night; topic was “Negativity is Bullsh*t”.
  • Some other miscellaneous things…

Crazy week, but it appears as though business is really picking up and market sentiment is positive(r).

[Evan] Alright, again, no Brad to catch up with. Hoping he had a great week and weekend, minus the food poisoning thing. Now on to the topic for today’s show.

Transition

Context Means Everything A Lot

[Evan] If you know me, you know I use many sayings/themes to try to get my point across. One saying I’ve muttered many times:

One of the easiest tells for determining a good information security advice from bad is using context.

Context is critical. Think about it. You make decisions all day, from the seemingly insignificant ones to the critical ones, and everything in between. How does the lack of context effect your decision-making? Without context, the quality of your decisions will suffer.

Without context people make crappy decisions

Recent conversation with “James”:

  • [James] We get the importance of a risk assessment, but we’re just not focusing on that right now. We’re focusing on partnering with firms with forensics capabilities and setting up a security operations center (or “SOC”).
  • [Mike] Are these our most significant risks to focus on right now?
  • [James] We think so. We don’t have any forensics capabilities and we don’t feel like we’re able to identify events happening in our environment.
  • [Mike] What’s the environment look like? How many servers, how many systems, how many applications, etc.?
  • [James] We’ve probably got 100(ish) servers and a couple hundred applications I’d guess.
  • [Mike] You guess?

A recent article “Most cyber-security reports only focus on the cool threats

A recent conversation with “Bill”. Bill is the CEO:

  • [Bill] Hey Mike. We need to stop everything we’re working on and take care of this exploit I heard about from a friend.
  • [Mike] I’ve never heard of this exploit. Why do we need to stop everything and focus on it?
  • [Bill] My buddy over at XYZ company was just telling me about how his company got hit.
  • [Mike] OK, we’ll get right on it.

Regulators and auditors are notorious for missing context and often take us down the road of compliance management versus risk management.

Penetration testers, especially those who are newer to our industry are notorious for getting things out of context. Context is critical.

Same concept applies to the world Around Us

The information security industry is unique, but it’s not unique in the fact that human beings are the ones making decisions. Context works the same way.

Take COVID-19 for instance:

  • The headline reads “South Dakota dismisses ‘elite class of so-called experts,’ carries on with state fair after Sturgis rally fueled COVID-19 surge” – The words “Sturgis rally fueled COVID-19 surge” is troubling. If we made a decision based on these words it might be different than a decision with some context. The article goes on to say (buried in 6th paragraph) “Nationally, about 300 cases have been linked to the rally.” For context, there were an estimated 460,000 attendees. 300 cases out of 460,000 attendees works out to about .065%. Granted, there will likely be more, but the rally was a month ago now.
  • Another headline reads “New challenges in US battle against Covid-19 come with the approaching fall season” – This article goes on to say “The holiday crowds mark the unofficial end to a devastating summer across the country, with Covid-19 infections surging to more than 6.3 million and deaths topping 189,000.” The word “devastating” is not only subjective, but it lacks context. A single infection and a single death is bad, but in context it seems a little less devastating. 6.3 million people is about 1.91% of the U.S. population. More than 640,000 people die each year from heart disease and almost 600,000 die from cancer.

IMPORTANT: COVID-19 is a pandemic and it is VERY serious. I don’t mean to minimize the coronavirus in any way, but I do want to put it into context. Be courteous to others. Wear a mask and follow the CDC’s guidance. Speaking of the CDC, this is a great source for context!

Racism and police violence is another hot button issue. Judging from some of the news and reactions from some of the public, you’d certainly think this was worth burning down the “establishment”. I’m someone who wants to fix broken things, so if I’m interested in fixing broken things, I need to make good decisions in context. Here’s some context.

Spend some time reviewing the statistics and graph above. Don’t jump to any conclusions yet! There is a significant issue here, but I’d prefer to use logic versus emotion to drive my reaction.

Now, here’s a couple more things to think about:

Interesting information for sure, and I’m NOT going to draw any conclusions for you. Racism is a thing and it’s a very bad thing. Decisions about what we’re going to do about the problem will be more effective with context.

IMPORTANT: Racism is real and I’m praying for constructive solutions to end it versus destructive solutions that will probably make it worse.

Context is VERY important for decision-making and problem-solving.

Here’s another saying I use often:

Empty spaces get filled.

Without context, what do we rely on to make our decisions? Usually it’s assumptions, bias, and/or emotions. Where we lack information to make a good decisions, some of us have a tendency to make up our own information to fill the gap. You know what they say about assumptions, right? Bias is prejudice in favor of or against one thing, person, or group compared with another, usually in a way considered to be unfair, and this doesn’t sound like a good base for decision-making. Emotions are variable and always play a role in decision-making, but it can become a problem when it’s the dominant role. Emotions like fear, anger, and frustration can easily be played against you and drive you to make a decision you’ll come to regret.

So, what to do?

First, understand that information security is about risk management. Risk is the likelihood of something bad happening and the impact if it did. This requires context!

Slow down. Think about the data your consuming and ask yourself if there’s more to the story. Is the new exploit your boss read about the most critical thing you should be attending to? If someone asks you what your most significant risk is, would you have an answer? Could you defend your answer if challenged?

About the world stuff, in short:

  • Will COVID-19 be the end of the world? – No, it’s highly unlikely. COVID-19 is a pandemic and all pandemics come to an end.
  • Is COVID-19 serious? – Absolutely! People get sick and people die. It’s 100% serious and we should all do what we can to help ourselves and each other be safe.
  • If you’re a black man in America, are you going to die at the hands of police? – Even by the most credible research I could find, there’s a 99.9% chance that this will NOT happen. Even .1% is way too high! We need to do everything we can to drive this number much lower. In context, the problem goes beyond the police though.

Well, I hope this helped. Remember to put things into context as much as you are able.

[Evan] Let’s move on to some news topics.

News

[Evan] Here’s some news I thought was interesting:

Wrapping Up – Shout outs

[Evan] OK. That’s about it. Episode 96 is coming to an end. Lonely without Brad, but hopefully useful to our listeners.

[Evan] Shout out…

[Evan] We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

UNSECURITY Podcast – Episode 95 Show Notes

I don’t have any words to describe 2020. COVID-19, social justice events (George Floyd, Black Lives Matter, protests, riots, etc., etc.), economic issues, the election cycle, and on and on. This is going to be a helluva year to recap come December, and it’s a helluva year to remember (or forget).

One thing that struck me this morning is the fact that it’s already the last day of August. With everything going on this year, I might be grateful it’s flying by.

Despite all the craziness, there’s been good things too. The family time has been great, we’ve gotten a ton of work done around the house, Chris Roberts, Ryan Cloutier and I started the Security Shit Show, business is relatively good, and the optimist in me says the future looks bright.

Well, let’s get on with the show, shall we? I’m (Evan) leading the show this week, and these are my notes.


SHOW NOTES – Episode 95

Date: Tuesday, September 1st, 2020

Episode 95 Topics

  • Opening
  • Catching Up
  • What has this crazy year done for information security?
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning listeners! My name is Evan Francen, the date is August 31st, and this is episode 95 of the UNSECURITY Podcast. I’m your host today, and joining me is my good friend Brad Nigh. Good morning Brad!

[Brad] Brad’s a nice guy. He’ll say “hi” or something.

[Evan] For our listeners who were expecting our show to come out yesterday, we’ve switched things up. We are recording the shows on Tuesday mornings now due to crazy schedules with getting kids ready/off to school and other things. For the time being, we’ll be recording on Tuesday mornings and releasing the podcast around noon.

Catching Up

[Evan] Same thing each week man. We start by catching up. New listeners might not know that we originally started the UNSECURITY Podcast so that you and I could find an hour each week to catch up with each other. So, let’s catch up! What’s new with you?

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How’s family?
  • New stuff at home or at work?
  • How’s work?
  • Anything got you excited or ticked off?

[Brad] Things and such probably…

[Evan] Things and such probably too…

[Evan] Good to catch up with you man. Let’s hope this is a great week!

Transition

What has this crazy year done for information security?

[Evan] Obviously, there’s lots going on in the world this year. It was about six months ago (March) when our reaction to the COVID-19 pandemic flipped the world on it’s head, at least that’s what it was like around here. For many, COVID-19 is old news, and people are tired of talking about it. I don’t want to talk about COVID-19 as much as I want to discuss how our reaction to it has affected information security.

COVID-19 Information Security Effects

[Evan] I remember the day like it was yesterday, March 16th. This was the day we closed our physical office at FRSecure and SecurityStudio. Let’s talk about how information security has changed since then and what we think the future of information security will look like.

COVID-19 & Information Security Discussion

[Evan] May 25th and 26th are also days I remember well. May 25th was Memorial Day and it started off like any other Memorial Day. I was camping with my family, and being a military family, we were honoring those who gave their lives while serving our country. It wasn’t until May 26th that I heard the news about George Floyd. Things haven’t been the same since. I’m not going to use our time to discuss social justice issues, but I want to discuss how the events of May 25th have affected our profession (information security).

Social Justice Issues & Information Security Discussion

NOTE: We know that social justice and racism are very sensitive topics. We will discuss these issues only in how we think they relate to information security. This DOES NOT mean anything more, and please DO NOT read anything more into it.

[Evan] This is a year like no other, that’s for sure. I’m hoping and praying that love will prevail. Great discussion Brad! Let’s move on to some news topics.

News

[Evan] Yay! Newsy things. Here’s some news I thought was interesting:

Wrapping Up – Shout outs

[Evan] Sheesh. Thinking maybe we should have done an episode on insider threats! Maybe next week, eh Brad?

[Brad] Cue the Brad.

[Evan] Well, that’s about it folks. Episode 95 is almost in the can. Brad, you have a shout out to give?

[Brad] We’ll see if he does.

[Evan] We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

The UNSECURITY Podcast – Episode 94 Show Notes – Transition

Happy Monday! You know what it’s time for, right?

Show notes!

Last week’s episode with FRSecure’s Director of Technical Solutions and Services, Oscar Minks was GREAT! I’m still pumped about Team Ambush and how well they did in their competitions (not one, but four) at DEF CON Safe Mode. That team kicks ass and the future looks incredible for that team.

Now, we’re sort of between series here at the UNSECURITY Podcast, so we’re going to try something new. We’re going to do a Google search of an industry term, then discuss what the results are. Should be fun and educational, all at the same time.

Brad is leading the show this week, so let’s get to it!


SHOW NOTES – Episode 94

Date: Monday, August 24th, 2020

Episode 94 Topics

  • Opening
  • Catching Up
  • Google Search – “Cybersecurity”
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Good morning and welcome to episode 94 of the UNSECURITY Podcast. Today is August 24th. My name is Brad Nigh and joining me is my co-host, Evan Francen. Good morning Evan.

[Evan] This is where I usually say “good morning” back to Brad.

Catching Up

[Brad] What’s up and what’s new?

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Evan] Things and such probably…

[Brad] Things and such probably too…

Transition

Google Search – “Cybersecurity”

[Brad] Alright, well we’re between series right now. We finished up the Women in Security Series a couple weeks ago and last week we caught up with Oscar Minks. This week we’ll do something educational. Here’s the idea. We’ll do a Google search of the word “cybersecurity” and you and I will discuss the first page of results. What do you think about that?

[Evan] Sounds good to me. Let’s do it!

[Brad] Cool. So, open your favorite browser. Go to https://google.com if it’s not your default search engine and type “cybersecurity” (all one word). What do you see? Do you agree with what the links say or show? The thing about information security is we need to be a little more literal because of all the confusion. So let’s talk about it.

Open discussion about Google’s search results.

[Brad] That was sort of cool. Hopefully our listeners learned something or maybe they shot up in their chair disagreeing with you and I. We’ll see from the feedback we get!

How about some quick news stuff? We’ve got a few news stories of note…

News

[Brad] Alright, here’s some newsy things that I thought were interesting this past week:

Wrapping Up – Shout outs

[Brad] Well, that’ll do it. Episode 94 is a wrap. Good times! Evan, you have any shout outs to give?

[Evan] We’ll see.

[Brad] Got questions or suggestions for us? Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan is  @evanfrancen, and Mr. Nigh is @BradNigh.

Lastly, be sure to follow our show on Twitter (@UnsecurityP), and follow the companies we work for, SecurityStudio (@studiosecurity) and FRSecure (@FRSecure).

That’s it, talk you all again next week!

The UNSECURITY Podcast – Episode 93 Show Notes – DEFCON & Team Ambush

Hey reader person, hope you are well!

Today marks the seventh day since I left the 80th annual Sturgis Motorcycle Rally. My wife and I do not show any COVID symptoms, so that’s good news. Only 7 more days of self-isolation and we’ll be back to semi-normal (assuming there is such a thing anymore).

Women In Security Series

Last week was the ninth, and final, installment in the Women in Security Series. It was a great experience for Brad and me. I may post a full write up soon, including the things we learned and places people can go to help (or for help). For now, here was the all-star lineup:

  • Part OneEpisode 84 – Renay Rutter (an information security business/IT executive)
  • Part TwoEpisode 85 – Lori Blair (a 35-year information security veteran)
  • Part ThreeEpisode 86 – Victoria Fogarty (relatively new to the industry)
  • Part FourEpisode 87 – Kristin Judge (founder and CEO of the Cybercrime Support Network, SC Media “Women in IT Security Influencer” in 2017, former Director of Government Affairs at the National Cyber Security Alliance (NCSA), thought leader, and all-around amazing information security expert)
  • Part FiveEpisode 88 – Andrea Hatcher (Senior majoring in Cybersecurity Analytics and Operations at Pennsylvania State University)
  • Part SixEpisode 89 – Judy Hatchett (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts)
  • Part SevenEpisode 90 – Amy McLaughlin (Information security leader and expert in education, having served with the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University)
  • Part EightEpisode 91 – Theresa Semmens (Chief Information Security Officer at the Nevada System of Higher Education, former AVP/Chief Information Security Officer at the University of Miami, and former Chief Information Security Officer at North Dakota State University)
  • Part NineEpisode 92 – Lee Ann Villella (Senior Enterprise Security Sales Consultant at FRSecure, Program Director for the Minnesota Chapter of the Information Systems Security Association, and member of the Cyber Security Summit Advisory Board Committee)

A HUGE thanks to all the women who gave their time to talk to us!

What’s Up Next

This week, we’re going to catch up with a good friend (fresh back from DEF CON) and then we may delve into another series.

A Good Friend

We’re going to take this week (episode 93) to catch up with FRSecure’s Director of Technical Solutions and Services, Oscar Minks. Oscar leads FRSecure’s Technical Services Team, a group of amazing information security experts who provide world-class incident response and best-in-class technical services (penetration testing, blue teaming, red teaming, purple teaming, research, etc., etc.).

The timing is perfect because Oscar’s back after DEF CON Safe Mode and the team impressed a helluva lot of folks there!

While my wife and I were in Sturgis, FRSecure’s Team Ambush was awake for many, many hours competing at DEF CON Safe Mode. The team competed in four events over the four day online conference; CMD+CTRL, OpenSOC Blue Team Village CTF, Biohacking Device Lab CTF, and Hack the Plan[e]t.

Last year, the team kicked ass in the Warl0ck Gam3s CTF, but that’s old news now. Warl0ck Gam3s CTF is gone this year, and it was time for these guys to switch things up.

CMD+CTRL

A description provided by the organizers:

Learn to see web applications from an attacker’s perspective. CMD+CTRL is an immersive hacking experience designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the leaderboard.

After attacking an application for yourself, you’ll have a better understanding of the vulnerabilities that put real applications at risk – and you’ll be better prepared to find and fix those vulnerabilities in your own code.

Remember that these websites are intentionally vulnerable, so any information sent to these sites is not secure. Never enter any sensitive information on these sites, including passwords, credit card numbers, or Social Security Numbers.

200 teams competed in this “Security Innovation cyber range” and our guys finished 2nd, only 50 points behind the winning team, n0j,

Full results are here.

OpenSOC Blue Team Village CTF

OpenSOC is a Digital Forensics, Incident Response (DFIR), and Threat Hunting challenge meant to teach and test practical incident response skills in an environment that’s as close to “the real thing” as it gets. This isn’t just another CTF. The platform was built to train real-world responders how to handle real-world situations.

There were more than 800 participants, more than 500 challenges, more than 350 teams, and more than 20 hours of  content in this CTF.

Team Ambush took home 9th place, finishing with the same number of points as the winning team. In a tie, the team that finished first wins.

Biohacking Device Lab CTF

This CTF was a little out of our team’s comfort zone, but this didn’t stop them from excelling! Some of the stats:

  • 30 volunteers building infrastructure, creating challenges, verifying flags, and solving support issues
  • 2 medical devices, connected in a volunteer’s home (not connected TO the volunteer)
  • 1 CTF vulnerability reported, fixed, and disclosed
  • 200+ players on 150+ teams from 15+ countries
  • 14,000+ flag submissions, with 5,700+ solves, on 150+ challenges
  • 150,000+ total points scored over 75 consecutive hours

Team Ambush took 7th! This is amazing considering most of our team had very little experience hacking medical devices.

Hack the Plan[e]t

Hack the Plan[e]t is a first-of-its-kind CTF: a slice of modern city life integrating both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge. Play for a few minutes or plan to stay for many hours as the challenge grows. The ICS Village will deliver a compelling experience using real IT and industrial equipment for all skill levels and practitioner types.

This CTF had 275 registered users, and Team Ambush placed 16th. The full scoreboard is here; https://hacktheplanet.ctfd.io/scoreboard

Really looking forward to this episode with Oscar. Oh, by the way, Brad Nigh (my co-host) also participated!

Another Series

We’re kicking around some ideas for our next series, and so far the leading candidate is a “Security in Healthcare” series. Stay tuned!

Let’s get to it!

Brad was supposed to lead the show this week, but since he participated at DEF CON with Oscar, I’m (Evan) going to take it. These are my notes.


SHOW NOTES – Episode 93

Date: Monday, August 17th, 2020

Episode 93 Topics

  • Opening
  • Catching Up
  • Closing Out the Women in Security Series
  • DEF CON Safe Mode & Team Ambush
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning. Thanks for tuning into the UNSECURITY Podcast. I’m Evan Francen, my co-host is Mr. Brad Nigh, this is episode 93, and the date is August 17th, 2020. Brad, Good morning!

[Brad] You know and love Brad! Brad will chime in here because he’s cool and stuff.

[Evan] Also joining us is my good friend and FRSecure’s awesome Director of Technical Solutions and Services, Oscar Minks. Good morning and welcome Oscar!

[Oscar] He does what Oscar does.

[Evan] It’s been a while since we had you on the show Oscar, and I’m super excited to talk to you about your team’s performance at DEF CON Safe Mode this year! Before we dive in though, let’s do what we always do first, catch-up a little.

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Evan] Brad, what’s up? What have you been up to and how was your weekend?

[Brad] Gives us the skinny…

[Evan] Oscar, your turn brother. Tell us things.

[Oscar] He tells us things.

[Evan] Alright, I guess it’s my turn now. Here’s my update…

Transition

Closing Out the Women in Security Series

[Evan] As you know, we just wrapped up our Women in Security Series. We hope that everyone enjoyed it and we also hope we’re all better off for it. Huge thank you to Renay, Lori, Victoria, Kristin, Andrea, Judy, Amy, Theresa, and Lee Ann! We talked to some incredible people during that series!

Brad, what’s one thing that sticks out for you?

[Brad] Gives us his one thing. 🙂

[Evan] Yeah, the one thing that sticks out for me is how important it is for us all to help each other, regardless of gender, race, background or anything else. People who shut others out or make them at all feel uncomfortable are jerks.

DEF CON Safe Mode & Team Ambush

[Evan] Alright, on to you Oscar! Tell us about DEF CON Safe Mode. You too Brad, I hear you did some work with the team also.

Open discussion about DEF CON, Team Ambush, the process, the results, etc.

30 minutes(ish)

[Evan] I’m so proud of you guys and the team! You’re not only VERY skilled, but you all do things right. We need to have you back on a future show so you can share how you build teams. People could really learn from you about how to build an incredible team and how to keep them together!

How about some quick news stuff? A few stories to cover quick. Oscar, you got chops, you can stay and comment if you’d like. Just chime in.

News

[Evan] Alright, here’s some newsy things that I thought were interesting this past week:

Wrapping Up – Shout outs

[Evan] Alright, it’s that time again. We’re at the end of the show and we get time to give a shout out or two.

Do either of you have shout outs to give this week?

[Brad and/or Oscar] We’ll see.

[Evan] Oscar, thanks for joining us again! Team Ambush kicked ass this year and I’m pumped to see what the team does over the next year.

Got questions or suggestions for us? Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Mr. Nigh is @BradNigh.

Oscar, you’re a relatively quiet guy online. Is there a particular way you want people to find you?

Lastly, be sure to follow our show on Twitter (@UnsecurityP), and follow the companies we work for, SecurityStudio (@studiosecurity) and FRSecure (@FRSecure).

That’s it, talk you all again next week!

The UNSECURITY Podcast – Episode 92 Show Notes – Women in Security Pt9

Good morning from Sturgis, SD! My wife and I made the trip this past week, and it’s truly been one of the best things we could have done for our mental health.

Mental health is just as important (if not more important) than physical health.

We came here (as did the other 250K other people), knowing and accepting the risk of contracting COVID. We’ve been preaching self-isolation after leaving here (for at least 14 days), and I know the people in my party will be doing so; however, we can’t speak for the others. It’s one thing to accept risk for yourself, it’s an entirely different thing to put others at risk who didn’t.

Anyway, I’ll write more about that later. On to episode 92 of the podcast! We have another INCREDIBLE guest with us this week as we begin to wrap up our Women in Security Series. Both Brad and I hope we’ve helped make our industry a little better in doing this.

Women in Security Series Quick Recap

Brad and I started the Women in Security Series in mid-June, and to be honest, we didn’t know what to expect. The purpose was to help people (including ourselves) learn more about the topic of women in the information security industry. Two guys like us are NOT experts on the topic, nor will we ever be able to articulate experiences as well as the women who live it. Why not learn by listening to women tell us about their experience and opinions?

No expectations and no plan.

Neither of us have ever done a series like this before, but we’ve both become pretty good an “winging it”. We didn’t know who would be interested in talking with us, but soon after we got started, we had many women volunteer their time to share with us. We were blown away by the graciousness of so many.

We started safe, with women we work with at FRSecure. We kicked things off in mid-June (episode 84) with FRSecure’s Chief Operating Officer, Renay Rutter, and let things sort of develop from there.

Seven weeks later (so far), and we’ve been privileged to have discussions with seven INCREDIBLE ladies with diverse backgrounds. We’ve had a Chief Operating Officer, a 35+ year information security veteran, a career-changer with a couple years’ experience, a non-profit CEO, a college-student studying cybersecurity, a veteran corporate Chief Information Security Officer (CISO), an expert practitioner who bridges the gap between K-12 and post-secondary cybersecurity, and a super cool HigherEd CISO on the show so far!

What started with no expectations and no plan turned into something really special. We’re grateful for the time we’ve spent with these women and we’re both MUCH better off for it.

Here’s our guest line up thus far:

  • Episode 84 – Renay Rutter (an information security business/IT executive)
  • Episode 85 – Lori Blair (a 35-year information security veteran)
  • Episode 86 – Victoria Fogarty (relatively new to the industry)
  • Episode 87 – Kristin Judge (founder and CEO of the Cybercrime Support Network, SC Media “Women in IT Security Influencer” in 2017, former Director of Government Affairs at the National Cyber Security Alliance (NCSA), thought leader, and all-around amazing information security expert)
  • Episode 88 – Andrea Hatcher (Senior majoring in Cybersecurity Analytics and Operations at Pennsylvania State University)
  • Episode 89 – Judy Hatchett (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts)
  • Episode 90 – Amy McLaughlin (Information security leader and expert in education, having served with the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University)
  • Episode 91 – Theresa Semmens (Chief Information Security Officer at the Nevada System of Higher Education, former AVP/Chief Information Security Officer at the University of Miami, and former Chief Information Security Officer at North Dakota State University)
    /not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)
  • Episode 92 – Lee Ann Villella (this show) (Senior Enterprise Security Sales Consultant at FRSecure, Program Director for the Minnesota Chapter of the Information Systems Security Association, and member of the Cyber Security Summit Advisory Board Committee)
  • Episode 93 – TBD/not-yet-confirmed (not sure who to expect; expectations aren’t really our “thing”)

Seriously, this is an amazing lineup of information security professionals! These women represent our information security industry extremely well, and we’re honored to speak with them on our show!

Here’s what we’ve done so far…

Women in Security Series – Part One

We kicked off the Women in Security series on June 15th, and we couldn’t have chosen a better first guest! Renay Rutter, FRSecure’s COO, got the series started by sharing the experience, wisdom, and insight she’s gained over her 30+ year IT career. Renay expressed how important it has been for her to be strong throughout her career, and in her opinion, women need to be strong to survive in the information security industry. This was a great show!

If you missed this episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Thank you Renay!

Women in Security Series – Part Two

We kept things in the FRSecure family for week two, hosting Lori Blair. Lori is full of information security knowledge and wisdom! She started her career in the industry in 1985, working for the federal government. Over the next 35 years, she’s traveled the world helping organizations with their information security needs and held various leadership positions. She’s excelled everywhere she’s gone and even found time to raise children along the way! Today, Lori is a Senior Information Security Consultant at FRSecure, tackling difficult challenges and mentoring other women.

I have a TON of respect for Lori, and her opinions carry weight for me (and many others). It’s not just her experience that makes Lori amazing, she’s a wonderful, practical, and level-headed person who loves mentoring others. This is a can’t miss episode, go give a listen here; https://podcasts.apple.com/us/podcast/unsecurity-episode-85-women-in-security-pt-2-lori-blair/id1442520920?i=1000479175255

Thank you Lori!

Women in Security Series – Part Three

We welcomed up and comer Victoria Fogarty to the show for Part Three. Victoria is an Associate Information Security Analyst at FRSecure, where she started her career in 2019. She possesses natural gifts for this industry, and her perspectives were fresh. She’s intelligent, relatable, and an excellent communicator. She did a great job explaining how she researched a career in information security while she was an Insurance Adjuster, a job she disliked. Her journey is pretty cool so far, and her future is VERY bright! She even shared a shocker (at least for Brad and me) in this episode. Definitely worth the listen!

If you missed episode 86, here it is; https://podcasts.apple.com/us/podcast/unsecurity-episode-86-women-in-security-pt-3-victoria/id1442520920?i=1000480167348

Thank you Victoria!

Women in Security Series – Part Four

Kristin was our first non-FRSecure guest in the series. This was a great interview! Kristin shared how she got her introduction to information security while she was serving as an elected official (Washtenaw County Commissioner). She has an incredible journey so far, especially considering she has only been in the industry for a little more than 10 years.

She held some very exciting roles before founding the Cybercrime Support Network in late-2017. Her passion for helping people is inspiring, and we’re looking forward to making a difference in this industry together!

Learn about Kristin Judge, her journey, her opinions, and her work founding and running the Cybercrime Support Network in episode 87. If you missed it, go give it a listen; https://podcasts.apple.com/us/podcast/unsecurity-episode-87-women-in-security-pt-4-kristin-judge/id1442520920?i=1000482892565

Truly an amazing person; we loved chatting with her!

Thank you Kristin!

Women in Security Series – Part Five

It was a pleasure having Andrea join us in this episode! She is a Senior at Pennsylvania State University (Penn State), majoring in Cybersecurity Analytics and Operations. She is an avid listener to our show who contacted us through email about a question she had. She was shocked and VERY appreciative when we asked her to join us. We were pleasantly surprised by how well-spoken and determined she was.

Andrea has an incredible future ahead of her in the information security industry! Here’s her take on things in episode 88, WARNING: You’ll be impressed!

Thank you Andrea!

Women in Security Series – Part Six

Judy Hatchett is truly a top-notch, no nonsense information security leader. She’s the first woman on the show with the title Chief Information Security Officer and we were very grateful to spend some time with her. Judy’s path through the information security industry took her through big corporate America (Best Buy, 3M, etc.) before she decided to tackle some of the difficult challenges in healthcare. We first met Judy back when she was the CISO at Fairview, and now we cheer her on in her new role at Surescripts. You’re going to love her perspectives and opinions!

You can catch Part Six with Judy here!

Thank you Judy!

Women in Security Series – Part Seven

I was first introduced to her though my good friend (and co-worker) Ryan Cloutier. Together, they do great work at the Consortium of School Networking (CoSN), as well as deliver compelling talks at conferences and collaborate on cool projects. Ryan talked her up so much that I sort of thought he was full of it. Could this person be as good as he said she was? Really?!

Yes, yes she is! She’s the real deal and her name is Amy McLaughlin. Here’s some stuff about her:

  • The Director of Information Services at Oregon State University
  • Adjunct Faculty (Psychology) at Chemeketa Community College
  • Cyber Security & Network Consultant & Project Lead at the Consortium of School Networking (CoSN)
  • Home improvement expert (seems like it anyway)
  • A wonderful person and friend to many!

Since we first met, I’ve gotten to know Amy pretty well through our frequent visits on the Daily inSANITY Checkin and I’ve grown to really appreciate her common sense approach to life (and information security).

Thank you Amy!

Women in Security Series – Part Eight

I’m a big fan of Theresa Semmens! She’s done great work everywhere she’s been and she’s a serious asset to our industry. She established the very respectable information security program at North Dakota State University (NDSU), played a pivotal role in starting the highly-successful North Dakota Cybersecurity Conference, did great things as CISO at the University of Miami, and now does wonderful things at the Nevada System of Higher Education.

Our conversation with Theresa Semmens was awesome! If you missed it, you should go give it a listen here; https://podcasts.apple.com/us/podcast/unsecurity-information-security-podcast/id1442520920?i=1000486972404. Great episode with some serious wisdom.

Thank you Theresa!

Women in Security Series – Part Nine

This brings us to today, and we welcome another favorite of mine, Lee Ann Villella! Lee Ann is FRSecure’s Senior Enterprise Security Sales Consultant, the Program Director for the Minnesota Chapter of the Information Systems Security Association (ISSA), and an active member of the Cyber Security Summit Advisory Board Committee.

Lee Ann brings so much more to our industry than people realize! She lives out FRSecure’s mission to “fix our broken industry” every day and sets the example for so many others.

You and I have all been hounded by sales people in our industry and sold stuff we don’t necessarily need. Not with Lee Ann! She is the epitome of what a sales person should be. She constantly has her finger on the pulse of information security, takes the time to deeply understand her customers, volunteers her time to help others, and is just all-around amazing!

We’re VERY excited to have Lee Ann on our show!

Let’s get to it!

I’m (Evan) leading the show this week, and these are my notes…


SHOW NOTES – Episode 92

Date: Monday, August 10th, 2020

Episode 91 Topics

  • Opening
  • Introducing Our Special Guest: Lee Ann Villella 
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hi there! Thanks for tuning into the UNSECURITY Podcast. I’m Evan Francen, my co-host is Mr. Brad Nigh, this is episode 92, and the date is August 10th, 2020. Brad, you here? Good morning!

[Brad] You know and love Brad! Brad will chime in here because he’s cool and stuff.

[Evan] So, you mighta heard, we’ve been doing this Women in Security Series. I don’t know about you Brad, but I wanted to do this series for two reasons; 1) I wanted to learn more about women’s perspectives and 2) I wanted to give women a voice, even if it’s a small one.

[Brad] Cue Brad.

[Evan] There are entire podcasts devoted to women in our industry, but I wanted to get it first hand. I have been blown away by the incredible women we’ve talked to! I’ve learned more than I could have asked for. We’re not done yet!

Today, we welcome another amazing lady. A HUGE welcome and a ton of gratitude to Lee Ann Villella for joining us today.

[Lee Ann] Cue Lee Ann.

[Evan] Lee Ann, did you know that you’re one of my favorites? So happy you’re here!

[Lee Ann] Cue Lee Ann again (maybe)

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Evan] As is custom around here, before we jump in on our topic, we catchup. So, Brad, how was last week and this past weekend?

[Brad] Gives us the skinny…

[Evan] And Lee Ann? What have you been up to lately?

[Lee Ann] She tells it like it is…

[Evan] My turn, I guess. Highlight was/is the time @Sturgis. I’ll tell it like I lived it.

Transition

Women in Security, Part Nine

[Evan] We’re coming to an end of our Women in Security Series and it’s been an amazing experience. Eight weeks so far, and eight great discussions with wonderful ladies in our industry. If you’ve missed any of the episodes (84 through 91), I highly suggest you go back and listen to them. Lots of really good perspective.

All this brings us to now, episode 92 and part nine of our series. Again, we welcome one of our very own, Lee Ann Villella!

Some starter questions or things for us to think about…

Do we have a shortage of women in our industry? If so, what’s the big deal?

Open Discussion (~30 minutes)

  • How did you get started in this field (information security)?
  • Tell us how you got to where you’re at today.
  • So, you’re a female selling information security services.
    • Is this a male dominated area of our industry?
    • Would you say you’re primarily interfacing with men or women?
    • Would you say it’s an advantage or disadvantage to be a woman in your position?
  • Have you experienced the “bro culture”? If so, can you share the experience with us?
  • We hear a lot about various women’s issues in our industry, and one of those is we don’t have enough women working in our industry. What’s your take, do we have a shortage of women?
  • How important is mentoring? Do you have a mentor?
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Do any other women’s issues come to mind?
  • What can people do to help? How about Brad and I?

[Evan] Thank you Lee Ann. Your pragmatic approach and great communication skills make things easy to understand. Always good stuff to think more about.

How about some quick news stuff? Lee Ann, please stick around and feel free to share your thoughts when you feel like it.

News

[Evan] Alright, here’s some newsy things that I thought were interesting this past week:

Wrapping Up – Shout outs

[Evan] There you go. That’s about it for episode 92, part nine of the Women in Security Series. One more episode left in the series, then we’ll move on. HUGE thank you again Lee Ann.

Do either of you have shout outs to give this week?

[Brad and/or Lee Ann] We’ll see.

[Evan] Thank you to all our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Mr. Nigh is @BradNigh.

Lee Ann, is there a particular way you’d prefer people to find you?

Lastly, be sure to follow our show on Twitter (@UnsecurityP), and follow the companies we work for, SecurityStudio (@studiosecurity) and FRSecure (@FRSecure).

That’s it, talk you all again next week!

The UNSECURITY Podcast – Episode 88 Show Notes – Women in Security Pt5

We continue the Women in Security series this week with another great guest!

Women in Security Series

The Women in Security series continues to get better each week. Brad and I started this series because we wanted to learn more about challenges women face in the information security industry. It would be shallow and dry if Brad and I chose to discuss this subject ourselves. Instead, we chose to interview women that we know and ones who were referred to us.

What better way to get a woman’s perspective on things than to ask them directly?!

So far, we’ve had four women join us as guests on the show. Each woman brought her own set of experiences, perspectives, and opinions. No two guests have been alike, and we’ve learned a TON!

Here’s our guest line up thus far:

  • Episode 84 – Renay Ruter (an information security business/IT executive)
  • Episode 85 – Lori Blair (a 35-year information security veteran)
  • Episode 86 – Victoria Fogarty (relatively new to the industry)
  • Episode 87 – Kristin Judge (founder and CEO of the Cybercrime Support Network, SC Media “Women in IT Security Influencer” in 2017, former Director of Government Affairs at the National Cyber Security Alliance (NCSA), thought leader, and all-around amazing information security expert)
  • Episode 88 – Andrea Hatcher (Today’s Show) (Senior majoring in Cybersecurity Analytics and Operations at Pennsylvania State University)
  • Episode 89 – Judy Hatchett (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts)
  • Episode 90 – Amy McLaughlin (Information security leader and expert in education, having served with the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University)
  • Episode 91 – Theresa Semmens (Chief Information Security Officer at the Nevada System of Higher Education, former AVP/Chief Information Security Officer at the University of Miami, and former Chief Information Security Officer at North Dakota State University)
    /not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)
  • Episode 92 – Lee Ann Villella (Senior Enterprise Security Sales Consultant at FRSecure, Program Director for the Minnesota Chapter of the Information Systems Security Association, and member of the Cyber Security Summit Advisory Board Committee)
  • Episode 93 – TBD/not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)

This is an amazing lineup of information security professionals! These women represent our information security industry extremely well, and we’re honored to speak with each of them on our show!

Here’s what we’ve done so far…

Women in Security Series – Part One

We kicked off the Women in Security series on June 15th, and we couldn’t have chosen a better first guest! Renay Rutter, FRSecure’s COO, got the series started by sharing the experience, wisdom, and insight she’s gained over her 30+ year IT career. Renay expressed how important it has been for her to be strong throughout her career, and in her opinion, women need to be strong to survive in the information security industry. This was a great show!

If you missed this episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Thank you Renay!

Women in Security Series – Part Two

We kept things in the FRSecure family for week two, hosting Lori Blair. Lori is full of information security knowledge and wisdom! She started her career in the industry in 1985, working for the federal government. Over the next 35 years, she’s traveled the world helping organizations with their information security needs and held various leadership positions. She’s excelled everywhere she’s gone and even found time to raise children along the way! Today, Lori is a Senior Information Security Consultant at FRSecure, tackling difficult challenges and mentoring other women.

I have a TON of respect for Lori, and her opinions carry weight for me (and many others). It’s not just her experience that makes Lori amazing, she’s a wonderful, practical, and level-headed person who loves mentoring others. This is a can’t miss episode, go give a listen here; https://podcasts.apple.com/us/podcast/unsecurity-episode-85-women-in-security-pt-2-lori-blair/id1442520920?i=1000479175255

Thank you Lori!

Women in Security Series – Part Three

We welcomed up and comer Victoria Fogarty to the show for Part Three. Victoria is an Associate Information Security Analyst at FRSecure, where she started her career in 2019. She possesses natural gifts for this industry, and her perspectives were fresh. She’s intelligent, relatable, and an excellent communicator. She did a great job explaining how she researched a career in information security while she was an Insurance Adjuster, a job she disliked. Her journey is pretty cool so far, and her future is VERY bright! She even shared a shocker (at least for Brad and me) in this episode. Definitely worth the listen!

If you missed episode 86, here it is; https://podcasts.apple.com/us/podcast/unsecurity-episode-86-women-in-security-pt-3-victoria/id1442520920?i=1000480167348

Thank you Victoria!

Women in Security Series – Part Four

Kristin was our first non-FRSecure guest in the series. This was a great interview! Kristin shared how she got her introduction to information security while she was serving as an elected official (Washtenaw County Commissioner). She has an incredible journey so far, especially considering she has only been in the industry for a little more than 10 years.

She held some very exciting roles before founding the Cybercrime Support Network in late-2017. Her passion for helping people is inspiring, and we’re looking forward to making a difference in this industry together!

Learn about Kristin Judge, her journey, her opinions, and her work founding and running the Cybercrime Support Network in episode 87. If you missed it, go give it a listen; https://podcasts.apple.com/us/podcast/unsecurity-episode-87-women-in-security-pt-4-kristin-judge/id1442520920?i=1000482892565

Truly an amazing person; we loved chatting with her!

Thank you Kristin!

This brings us to today’s episode…

Women in Security Series – Part Five

Today we welcome Andrea Hatcher to the show! Andrea is a Senior at Pennsylvania State University (Penn State), majoring in Cybersecurity Analytics and Operations. Andrea is an avid listener to our show who contacted us through email. We invited her to be our guest, and we’re thrilled she accepted! We’ve only talked to Andrea once; a brief telephone call to prep her a little for her time in the spotlight. 🙂

Can’t wait to get Andrea’s take on things!

WELCOME ANDREA!

Let’s get to the show, shall we?

I’m (Evan) leading the show this week, and these are my notes…


SHOW NOTES – Episode 88

Date: Monday, July 13th, 2020

Episode 88 Topics

  • Opening
  • Introducing Our Special Guest: Andrea Hatcher (Penn State Senior majoring in Cybersecurity Analytics and Operations)
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey there! Thanks for joining us for episode 88 of the UNSECURITY Podcast. Today is July 13th, 2020, and I’m your host, Evan Francen. I’m joined by my good friend and co-worker, Brad Nigh. Good morning Brad!

[Brad] Cue Brad!

[Evan] Today we’re doing Part Five of the Women in Security Series, and I’m excited to welcome our guest! She’s a Senior at Penn State University, majoring in Cybersecurity Analytics and Operations, and her name is Andrea Hatcher. Welcome Andrea!

[Andrea] Cue Andrea!

[Evan] I’m especially excited for today’s show for a couple of reasons. One, because Andrea is just beginning her information security career journey and we get to play a small part in it, and two, Andrea is a fan of the show. Fans of the show are the best fans in my opinion! 😉 Thanks again for agreeing to be on the podcast Andrea.

[Andrea] Cue Andrea again…

[Evan] First things first. Before we get too deep, we gotta check in.

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

  • How are you guys?
  • Tell me about your weekend quick.
  • Anything in particular that you’re excited about?

[Evan] Thanks guys! Alright, let’s get to it.

Women in Security, Part Five

[Evan] This is Part Five of the Women in Security series, and each week just gets better and better. The purpose behind the series is bring to light the unique experiences, perspectives, and opinions of women in our industry in the hopes of making the path smoother and more inviting for others. We’re doing this by inviting women as guests of our show to share with us. They’re sharing their experience, their wisdom, and their opinions on a variety of topics.

We purposely chose women at various stages of their career and in various roles. The more varied the perspectives, the better the learning for all of us. That’s the theory anyway.

All that being said, let’s get back to our current guest, Andrea Hatcher!

Do we have a shortage of women in our industry? If so, what’s the big deal? Why is the topic important for us to talk about? Lot’s of questions and I’m sure just about everyone has an opinion. Instead of people listening to our opinions, we’re going to talk to the people this relates to the most; women! What better way to get a woman’s perspective on things than to talk to a woman? Let’s do this.

Open Discussion (~30 minutes)

  • How did you get started? Why information security?
  • How soon do you graduate? Got a dream job in mind?
  • Tell us about any internships you might have coming up.
  • Tell us about the Penn State Cybersecurity Analytics and Operations major.
    • How big are the classes?
    • Did you have to qualify to get accepted into the program?
    • What’s the gender ratio?
    • What do your family and friends think about your major?
  • What challenges or difficulties have you encountered so far?
  • Do you have any advice for someone just starting out?
  • Have you heard about our (alleged) industry talent shortage?
    • Do you think we need more women in our industry and why?
    • Opinions about the talent shortage in our industry.
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Whatever else we’d like to share.

[Evan] Thanks again for joining us Andrea! We’re very excited about your future and we’re sure you’ll be great!

Now it’s time for some news. Andrea, please stick around. If you’ve got anything to add to our commentary, please don’t hesitate.

News

[Evan] More newsy things…

Wrapping Up – Shout outs

[Evan] There you have it! Episode 88 is a wrap. Well, almost. Thank you Andrea for a joining us and making this fifth installment of to the Women in Security series a great one! Next week, we welcome another great guest, Judy Hatchett. Judy is a very skilled enterprise information security leader.

Either of you have any shout outs this week?

[Brad and/or Andrea] We’ll see.

[Evan] We appreciate you, our listeners. If you’ve got something to say to us on the show, send us an email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter. We finally set up an UNSECURITY Podcast Twitter account; @UnsecurityP. If you want to socialize with Brad, he’s @BradNigh. If you want to socialize with me, I’m @evanfrancen. Andrea, do you want people to get in touch with you? If so, how should they?

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 87 Show Notes – Women in Security Pt4

Welcome back! Hope you and your loved ones had an enjoyable 4th of July holiday. It was a HOT one here in Minnesota!

Women in Security Series

So far, the Women in Security Series has been a smashing success! We’ve had three women share their perspectives on our show thus far, and we’ve got another five or six planned. We’re honored that our guests would share their stories about being a woman in our industry and also give us their opinions about women in information security in general. We’ve learned a ton already, and we’re hungry to learn more!

Our series will be at least ten parts long, meaning 1) we’re not even half done yet and 2) we’ll continue this until mid-August (episode 93 or 94).

Here’s our guest line up thus far:

  • Episode 84 – Renay Ruter (an information security business/IT executive)
  • Episode 85 – Lori Blair (a 35-year information security veteran)
  • Episode 86 – Victoria Fogarty (relatively new to the industry)
  • Episode 87 (today) – Kristin Judge (founder and CEO of the Cybercrime Support Network, SC Media “Women in IT Security Influencer” in 2017, former Director of Government Affairs at the National Cyber Security Alliance (NCSA), thought leader, and all-around amazing information security expert)
  • Episode 88 – Andrea Hatcher (Senior majoring in Cybersecurity Analytics and Operations at Pennsylvania State University)
  • Episode 89 – Judy Hatchett (Information security corporate leader and expert formerly with Accenture, Best Buy, SUPERVALU, 3M, Fairview Health Services, and current VP, Information Security and CISO at Surescripts)
  • Episode 90 – Amy McLaughlin (Information security leader and expert in education, having served with the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University)
  • Episode 91 – TBD/not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)
  • Episode 92 – TBD/not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)
  • Episode 93 – TBD/not-yet-confirmed (information security executive in healthcare, CISO in higher education, or senior information security sales executive)

How awesome is this lineup?!  WOW! We purposely selected a variety of different perspectives from within the women in our field, but this is way better than we expected!

Here’s what we’ve done so far…

Women in Security Series – Part One

We kicked off the Women in Security series on June 15th, and we couldn’t have chosen a better first guest! Renay Rutter, FRSecure’s COO, got the series started with sharing her experience, wisdom, and insight she’s gained over her 30+ year IT career. Brad and I learned a ton!

If you missed this episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Thank you Renay!

Women in Security Series – Part Two

We kept things in the FRSecure family for week two, hosting Lori Blair. Lori is a treasure chest of information security knowledge and wisdom, beginning from when she started her information security career in 1985. Think about that for a second; 1985?! For the math folks in the house, that’s 35 years!

I have a TON of respect for Lori, and her opinions carry weight for me (and many others). It’s not just her experience that makes Lori amazing, she’s a wonderful, practical, and level-headed person who loves mentoring others. This is a can’t miss episode, go give a listen here; https://podcasts.apple.com/us/podcast/unsecurity-episode-85-women-in-security-pt-2-lori-blair/id1442520920?i=1000479175255

Thank you Lori!

Women in Security Series – Part Three

Part Three was incredible! Victoria is very relatable and she’s a natural when it comes to effective communication. She did a great job explaining how she transitioned from Insurance Adjuster to Information Security Associate Analyst at FRSecure. Her journey is pretty cool so far, and her future is VERY bright in our industry. She even shared a shocker (at least for me) in this episode. Definitely worth the listen! If you missed episode 86, here it is; https://podcasts.apple.com/us/podcast/unsecurity-episode-86-women-in-security-pt-3-victoria/id1442520920?i=1000480167348

Thank you Victoria!

Women in Security Series – Part Four

This is our first guest in the series who works outside the FRSecure/SecurityStudio family, and we’re honored to have her join us! We welcome Kristin Judge to our show for Part Four and Episode 87. We don’t know Kristin as well as we know the previous three guests, but judging from her BIO and LinkedIn profile, she stacks up with the best our industry has to offer! This episode is Brad’s to lead and there is no shortage of things we could talk to Kristin about (her work as Washtenaw County Commissioner, her start in information security, her time as Executive Director of Trusted Purchasing Alliance at the Center for Internet Security, her time as Director of Special Projects and Government Affairs for the National Cyber Security Alliance, her time as an information security entrepreneur, her founding of the Cybercrime Support Network, etc., etc.). Truly an amazing person that we’re very excited to chat with!

WELCOME KRISTIN!

Let’s get on with the show!

Brad’s leading the show this week, and these are his notes…


SHOW NOTES – Episode 87

Date: Monday, July 6th, 2020

Episode 87 Topics

  • Opening
  • Introducing Our Special Guest: Kristin Judge (current CEO/President of the Cybercrime Support Network)
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 87 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is July 6th, and joining me this morning as usual is Evan Francen.

[Evan] Hopefully Evan took the holiday weekend off to relax, let’s find out.

[Brad] We have an incredible guest this week, our 4th in the Women in Security series! She’s our first guest in the series from outside the FRSecure family, and I’m sure she has great stories and wonderful insights to share with us. She’s got a long BIO, including:

  • Former Washtenaw (MI) County Commissioner
  • Former Center for Internet Security (CIS) Director of Partner Engagement and Executive Director of Trusted Purchasing Alliance
  • Former National Cyber Security Alliance (NCSA) Director of Special Projects and Government Affairs
  • Former Principal and Owner of Opcio Solutions
  • Current Cybersecurity Author of numerous education and awareness courses
  • Current CEO/President and Founder of the Cybercrime Support Network (CSN)

And I’m sure, many, many other cool things. We’re honored to have Kristin Judge join us on the show this morning. Welcome Kristin!

[Kristin] I haven’t actually met Kristin prior to this so I don’t know what she will say.

[Brad] We sort of have a tradition around here. Before we dive in, we catch-up with each other quick. Let’s recap our week.

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

[Evan] Short week and long weekend…

[Brad] And what about you Kristin?

[Kristin] I’m sure she did something very cool.

[Brad] Alright, let’s get on with the series!

Women in Security, Part Four

[Brad] This is the fourth week of our series discussing the topic of women in the information security industry. Personally I’ve found the first three weeks to be incredibly enlightening, even with people that I’ve worked with very closely for years. I’m really looking forward to hearing an “outsider’s” perspective and continue this conversation. So with that let’s dive in!

Do we have a shortage of women in our industry? If so, what’s the big deal? Why is the topic important for us to talk about? Lot’s of questions and I’m sure just about everyone has an opinion. Instead of people listening to our opinions, we’re going to talk to the people this relates to the most; women! What better way to get a woman’s perspective on things than to talk to a woman? Let’s do this.

Open Discussion (~30 minutes)

  • How you got into the industry?
  • Your journey in the industry.
  • Advice you have for someone starting out.
  • Do you think we need more women in our industry and why?
  • Opinions about the talent shortage in our industry.
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Whatever else we’d like to share.

[Brad] Thank you Kristin! Again, we’re honored to have you join us! Please feel free to stick around while we cover a few news stories from the past week.

News

[Brad] Here are a few news stories from the pas week that I thought were interesting…

Wrapping Up – Shout outs

[Brad] That’s it for episode 87. Thank you Kristin for a joining us and making this fourth installment of to the Women in Security series a great one! We’ve got more amazing guests lined up for the next five(ish) weeks, again I’m really looking forward to hearing their perspectives. Either of you have any shout outs this week?

[Evan and/or Kristin] We’ll see.

[Brad] Thank you to all our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh, and Evan is @evanfrancen. Kristin, is there a particular way you’d prefer people to find you?

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!