Posts

The UNSECURITY Podcast – Episode 86 Show Notes – Women in Security Pt3

Hoping everyone reading this is healthy and doing well. Losing focus on what matters is too easy in today’s craziness. Reach out to someone if you need a listen.

Women in Security Series

Well, we’re a couple weeks into the Women in Security Series, and so far the feedback has been great! Brad and I continue to learn great things from our guests. We’re not sure yet how long the series will go yet, but we have guests booked for the next six (6) shows (after this one). So, we DO know the Women in Security Series will go through (at least) episode 92 (August 10th). The guests we have lined up are incredible:

  • Today – Victoria Fogarty (see below)
  • Episode 87 – CEO of an information security-related non-profit
  • Episode 88 – A Senior, majoring in Cybersecurity Analytics and Operations at a leading university
  • Episode 89 – A CISO from a really cool large company
  • Episodes 90 through 92 – A CISO working in healthcare, a renowned educator, and a cool lady working in information security sales.

This journey is just getting started!

Women in Security Series – Part One

We kicked off the Women in Security series on June 15th, and we couldn’t have chosen a better first guest! Renay Rutter, FRSecure’s COO, got the series started with sharing her experience, wisdom, and insight she’s gained over her 30+ year IT career. Brad and I learned a ton!

If you missed this episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Thank you Renay!

Women in Security Series – Part Two

We kept things in the FRSecure family for week two, hosting Lori Blair. Lori is a treasure chest of information security knowledge and wisdom, beginning from when she started her information security career in 1985. Think about that for a second; 1985?! For the math folks in the house, that’s 35 years!

I have a TON of respect for Lori, and her opinions carry weight for me (and many others). It’s not just her experience that makes Lori amazing, she’s a wonderful, practical, and level-headed person who loves mentoring others. This is a can’t miss episode, go give a listen here; https://podcasts.apple.com/us/podcast/unsecurity-episode-85-women-in-security-pt-2-lori-blair/id1442520920?i=1000479175255

Thank you Lori!

Women in Security Series – Part Three

Here we are, Part Three. In episode 86 (this one), we’ll introduce you to Victoria Fogarty. Victoria works at FRSecure and does some pretty cool things around here. You’ll get to meet her and hear her perspective on all sorts of things, including the information security industry (as a whole), her journey, what it’s like to do what she does, etc. Victoria is a pretty cool lady, and you’ll definitely enjoy her energy!

WELCOME VICTORIA!

Let’s get on with the show!

I’m (Evan) leading the show this week, and these are my notes…


SHOW NOTES – Episode 86

Date: Monday, June 29th, 2020

Episode 86 Topics

  • Opening
  • Introducing Our Special Guest: Victoria Fogarty
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey all! Welcome to this episode, number 86, of the UNSECURITY Podcast! For those of you who are new to the show, I’m your host, Evan Francen, and the date is June 29th, 2020. We’re a good 100(ish) days into the COVID pandemic here in the States, so it’s easy to lose track of the date. At least for me it is! Joining me this morning is my good friend and colleague, Mr. Brad Nigh. Morning Brad!

[Brad] <<<INSERT BRAD’S GREETING HERE>>>

[Evan] We’re on our 3rd week of the Women in Security series, and I’m super excited to welcome our guest, Victoria Fogarty! Victoria works here at FRSecure and is an all-around awesome person! Join me in welcoming Victoria. Welcome Victoria!

[Victoria] Every time I’ve talked with Victoria, she’s always got energy and a GREAT attitude. Let’s see if this is true at 7am on Monday morning (when we record the UNSECURITY Podcast)

[Evan] You all know what we do first before jumping into business, we check in quick. What’s up guys? How you doing, and how was your weekend?

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

[Brad] Guessing he got outside, did some family stuff, did some yard/garden work, made some sweet BBQ, and other cool things.

[Evan] Victoria, how about you?

[Victoria] Looking forward to this. I don’t really know what Victoria does for fun, hobbies, etc. Opportunity to learn.

[Evan] Ugh. Interesting weekend (aren’t they all?) here…

Alright, now on to our series topic.

Women in Security, Part Three

[Evan] This is the 3rd week in the Women in Security Series. It’s been a blast so far! Feedback keeps rolling in, and so do the guests. I’m excited to hear about Victoria’s perspectives because honestly, I don’t know many (if any) of them. This will be a great discussion!

So, Victoria, thanks again for joining us. Let’s start out with how you got started with information security.

Open Discussion (~30 minutes)

  • How you got into the industry?
  • Your journey in the industry.
  • Advice you have for someone starting out.
  • Do you think we need more women in our industry and why?
  • Opinions about the talent shortage in our industry.
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Whatever else we’d like to share.

[Evan] Thank you Victoria! Nice work! I’m sure our listeners learned some good things.

News

[Evan] Time for newsy things again. My God, there’s never a shortage of news, is there?! We could use an entire day and not cover it all. Our day jobs won’t allow us an entire day, so I’ll just take a few that caught my eye:

Wrapping Up – Shout outs

[Evan] There you have it. Episode 86 is almost in the books. Just wrapping up and shout outs before we go. Victoria, thank you for joining us. Also, thank you for sharing you story and your thoughts.

You’re going to enjoy next week’s guest too! We’re going outside FRSecure to get perspectives from women beyond these four walls. Going to be a great show!

Either of you have any shout outs this week?

[Brad and/or Victoria] We’ll see.

[Evan] Thank you listeners! You guys are pretty cool, I think. Send us your questions, feedback and suggestions by email at unsecurity@protonmail.com. We still need to talk about the whole Mandiant, Capital One, incident response, confidential legal report thing. Ugh! Maybe next week.

Online social people can follow us on Twitter. I’m @evanfrancen and Brad is @BradNigh. Victoria, you got somewhere you want people to follow/interact with you?

[Victoria] Maybe/maybe not.

The companies we work for are pretty social too. SecurityStudio’s Twitter is @studiosecurity and FRSecure’s Twiiter is @FRSecure.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 85 Show Notes – Women in Security Pt2

It’s been a good week around here. I hope you’re well.

Women in Security Series – Part One

We kicked off the Women in Security series last week, and we couldn’t have chosen a better first guest to help us off on the right track! Renay Rutter, FRSecure’s COO, shared some of the experience, wisdom, and insight she’s gained over her 30+ year IT career. Brad and I learned a ton!

If you missed last week’s episode, you can catch up here; https://podcasts.apple.com/us/podcast/unsecurity-episode-84-women-in-security-pt-1-renay-rutter/id1442520920?i=1000478037575

Women in Security Series – Part Two

Now we’re heading into Part Two of the Women in Security series on the UNSECURITY Podcast, and we’re VERY excited to announce this week’s guest, Lori Blair! Lori’s another veteran, and you’ll love her practical, level-headed approach to information security. She’s another person with a ton of experience and some great insight to share.

WELCOME LORI!

Women in Security Series – Future Guests & Episodes

There’s been great interest in this series. We love it!

Many of our listeners have reached out to us (Brad and I), recommending women that we should have on the show as guests. We could easily dedicate our entire podcast to the topic; however, we do need to limit how long the series goes (for a number of reasons). As it looks now, we will be running this series through the end of July (at least)! So far, we have an additional five women lined up to speak with us (and you). Our future guests include a lady who’s sort of new to the field, a lady who’s won multiple awards and runs her own organization, a lady who’s studying information security topics as a senior in a well-respected university, a lady who’s been CISO in multiple organizations, and a lady who helps organizations by selling information security consulting services.

We’ve got an all-star lineup of amazing women to share their stuff with us!

Let’s get on with the show!

Brad’s leading the show this week, and these are his notes…


SHOW NOTES – Episode 85

Date: Monday, June 22nd, 2020

Episode 85 Topics

  • Opening
  • Introducing Our Special Guest: Lori Blair
  • Catching Up (as per usual)
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 85 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is June 22nd, and joining me this morning as usual is Evan Francen.

[Evan] I’m guessing he has stories about deck building or motorcycle riding.

[Brad] We have our 2nd guest in the Women in Security series this week. FRSecure’s own Senior Security Analyst, Lori Blair. Lori is easily one of our most experienced and talented Analysts at FRSecure. She has over 20 years experience in information security and has experience across multiple industries as both a consultant and as a manager in organizations. Thank you for joining us this morning!

[Lori] This is where we find out if Lori is a morning person or not.

[Brad] Before we get going, let’s recap our week quick.

Catching Up

Quick discussion about last week, the weekend, or whatever else comes to mind.

[Evan] Evan struggles, as I do, to remember what happened last week.

[Brad] And what about you Lori?

[Lori] Hopefully, she does better than Evan and I did at recapping her last week.

Alright, now on to our series topic.

Women in Security, Part Two

[Brad] This is the second week of our series discussing the topic of women in the information security industry. We’ve already received a ton of positive feedback from Part One, so I’m excited to keep the momentum going with Lori here in Part Two.

Do we have a shortage of women in our industry? If so, what’s the big deal? Why is the topic important for us to talk about? Lot’s of questions and I’m sure just about everyone has an opinion. Instead of people listening to our opinions, we’re going to talk to the people this relates to the most; women! What better way to get a woman’s perspective on things than to talk to a woman? Let’s do this.

Open Discussion

  • How you got into the industry?
  • Your journey in the industry.
  • Advice you have for someone starting out.
  • Do you think we need more women in our industry and why?
  • Opinions about the talent shortage in our industry.
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Whatever else we’d like to share.

[Brad] Thank you Lori! Good information and things to think about more. Much appreciated! How about some quick news stuff?

News

[Brad] Like every week, there is no shortage of news in our industry. Here are three stories I’d like to discuss quick:

Wrapping Up – Shout outs

[Brad] That’s it for episode 85. Thank you Lori for a great second installment of the Women in Security series. We’re lining up our guest for next week and it’s going to be another great show! Either of you have any shout outs this week?

[Evan and/or Lori] We’ll see.

[Brad] Thank you to all our listeners! Keep the questions, feedback and suggestions coming. One topic suggestion we just received this morning was to discuss Mandiant, Capital One, incident response, and confidential legal reports. Interesting story that Evan might pick up next week. If you’ve got something you’d like to hear us talk about, you can email us at unsecurity@protonmail.com. You social types can follow us on Twitter if you’d like. I’m @BradNigh and Evan is @evanfrancen.

The companies we work for are pretty social too. SecurityStudio’s Twitter is @studiosecurity and FRSecure’s Twiiter is @FRSecure.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 84 Show Notes – Women in Security Pt1

Happy Monday!

Last week was another blur. The world hasn’t quite ended yet, but it seems to be getting closer.

Women in Security Series

Brad and I are starting a Women in Security Series this week. This will be (at least) a four-part series where we’ll talk about the topic of women in the information security industry. We’ll have a special female guest each week to give us their experiences, advice, opinions, etc. At FRSecure, we work with some amazing women, and we’ll start the series talking with them. After talking with some of our own, and if things seem to be going well, we’ll reach out to other women outside of FRSecure for an even broader perspective.

Our first guest in the series is Renay Rutter, FRSecure’s Chief Operations Officer. She’s pretty much all around awesome, and it will be great talking with her this week!

Let’s get on with the show!


SHOW NOTES – Episode 84

Date: Monday, June 15th, 2020

Episode 84 Topics

  • Opening
  • Introducing Our Special Guest: Renay Rutter
  • Catching Up (as per usual)
  • Recap of the 2020 FRSecure CISSP Mentor Program
  • Women in Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hi everyone. Episode 84 of the UNSECURITY Podcast is upon us. Wow, it’s already mid-June! June 15th, 2020 to be exact. I’m your host, Evan Francen and joining me as usual is Mr. Brad Nigh. Good morning Brad!

[Brad] Brad does Brad.

[Evan] Brad, last week I mentioned that I wanted to do a Women in Security series on our show and you seem pretty excited about it. Well, I was talking about this for a couple weeks with a close friend of ours and an awesome business person, Renay Rutter. Renay has more than 30 years of IT and business leadership experience, and we’ve had the pleasure of working with her here at FRSecure for the past 2(ish). She’s currently FRSecure’s Chief Operating Officer, and she’s pretty much kicking butt. Welcome to the show Renay!

[Renay] Renay does Renay.

[Evan] We have a lot to cover today, and before we jump into the meat of the show, let’s check in like we always do. What’s up you two?

Catching Up

Quick discussion about last week, the weekend, family, safety etc.

[Brad] Brad shares his things.

[Renay] Renay shares her things.

[Evan] Alright, that’s that. Was it last week or the week before that we finished up the 2020 FRSecure CISSP Mentor Program? Ugh. I can’t remember.

Recap of the 2020 FRSecure CISSP Mentor Program

This was the BEST year yet, by far. Just some of the highlights:

  • We had 1,444 total registrations at the beginning of class.
  • There were three instructors this year, which made life a lot smoother (me, Brad, and Ryan Cloutier)!
  • There have been 5,398 views of Session One.
  • Already had a dozen or so people inform us they’ve already passed the exam!
  • Renay (our guest) attended too!

[Evan] It was a great season and I’m pumped about what’s to come. The CISSP Mentor Program has been such a blessing for us ever since we started it 11 years ago. Huge thank you to our instructors, Brad and Ryan. Also, a huge shout out to the people behind the scenes who make this thing happen:

  • Brandon Matis, FRSecure Content Marketing Specialist
  • Lori Blair, FRSecure Senior Security Analyst
  • Ryan Abraham, FRSecure Senior Security Analyst
  • Chad Spoden, FRSecure Senior Security Analyst

A great team effort and a great success. Here’s to next year!

Alright, now on to our series topic.

Women in Security, Part One

[Evan] This could be the start of something cool. We’re going to take a big portion of the next four shows (or so) to get real and be honest about the topic of women in the information security industry. Do we have a shortage of women in our industry? If so, what’s the big deal? Why is the topic important for us to talk about? Lot’s of questions and I’m sure just about everyone has an opinion. Instead of people listening to our opinions Brad, we’re going to talk to the people this relates to the most; women! What better way to get a woman’s perspective on things than to talk to a woman?

Who better to start the series off with than Renay. Let’s do this.

Open Discussion

  • How you got into the industry?
  • Your journey in the industry.
  • Advice you have for someone starting out.
  • Do you think we need more women in our industry and why?
  • Opinions about the talent shortage in our industry.
  • What can we do better in recruiting more people, and specifically more women in our industry?
  • Whatever else we’d like to share.

[Evan] Thank you Renay. Good information and things to think about more. Much appreciated! How about some quick news stuff?

News

[Evan] Between COVID-19, the social justice things going on around the world, and everything else. Yes, there is plenty of information security news too! Here’s just a few stories to bring your attention to quick:

Wrapping Up – Shout outs

[Evan] There you go. That’s it for episode 84. Thank you Renay for giving a great start to the Women in Security series. We’re lining up our guest for next week and it’s going to be a great show too! Either of you have any shout outs this week?

[Brad and/or Renay] We’ll see.

[Evan] Thank you to all our listeners! We dig all you folks (mostly). Let us know what you think about this show or share your ideas with us. You can email us at unsecurity@protonmail.com. You social types can follow us on Twitter if you’d like. I’m @evanfrancen, Brad is @BradNigh, and even Renay’s got some Twitter foo; she’s at @RenayRutter. The companies we work for are social too, heck everyone’s social nowadays. SecurityStudio’s Twitter is @studiosecurity and FRSecure’s Twiiter is @FRSecure.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 83 Show Notes – It’s About People

Ever have so many things going on that you can’t remember what happened last week? Yeah, that’s where I’m at right now.

Pretty sure Brad’s in the same place I am. So, rather than recapping everything (or trying to), I’ll just get to the show notes.

These are Brad’s show notes this week…


SHOW NOTES – Episode 83

Date: Monday, June 8th, 2020

Episode 83 Topics

  • Opening
  • Catching Up (as per usual)
  • Information Security Isn’t About Information or Security
  • Work, Life, and Mental Health
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 83 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is June 8th, and joining me this morning as usual is Evan Francen.

[Evan] Regales us with stories from the weekend. Oh God!

[Brad] Before we get going let’s recap our week.

Catching Up

Quick discussion about last week, the weekend, family, safety etc.

[Brad] What would you say you do here Evan?

[Evan] Hmmm. Good question! This outta be interesting.

Information Security Isn’t About Information or Security

Discussion about people, information security, working remote, stress, and overall mental health.

[Brad] Your blog from last Tuesday (Information Security Isn’t About Information or Security) really inspired me for this week’s podcast.  There have been countless articles written about how to secure remote workers so we aren’t going to focus on that, though it will probably come up in the course of this discussion.

Here’s the reality, it’s no secret that InfoSec and IT staff struggle with stress and a healthy work/life balance (Mental Health and Cybersecurity).  There really is no “done for the day”, systems can be attacked or suffer an outage anytime.  Add to that the now nearly 3 months of social distancing and quarantine that add even more stress.  We’ve seen an increase in cyber attacks the last 3 months and if your staff is struggling and has lost focus or is more distracted than usual your risk increases even more. So what can we do about it?  (Disclaimer, neither Evan or I are licensed mental health professionals and this conversation should not be taken as professional advice).

From an information security perspective I think you really captured the increased risks to organizations during this unprecedented time in your blog.

As a leader in an organization the employees’ health is critical, looking at it from a business perspective if they are not able to work we cannot deliver for our customers, but to me that feels cold & cynical.  I really do care for every one of our employees, I have a personal, vested interest in their well-being and want to be aware and in-touch with their status… That has become incredibly difficult during this time when you can’t read them face-to-face.

So what I want to do is talk about how we can be more aware and help reduce these risks.  First is being aware, I found these articles that I thought were really good to help identify and be proactive.

And then some really solid advice for employees, or really anyone feeling additional stress right now.

[Brad] Good conversation. Thank you Evan.

Let’s do some news…

News

[Brad] Always plenty of things to talk about in the news, and here’s a few stories that caught my eye this week:

Wrapping Up – Shout outs

[Brad] Alright, that’s it. Episode 83 is a wrap. We got any shout outs this week?

[Evan] We’ll see.

[Brad] Next week is Evan’s show and I think he’s sort of itchin’ to tell us his idea.

[Evan] Yep. Tune in.

[Brad] Thank you to all our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh (B-R-A-D-N-I-G-H) and this other dude is @evanfrancen (just spell his name without a space). Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for goodies and things.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 82 Show Notes – World On Fire

So, in case you missed it, the world blew up last week. Again.

This time it’s not COVID-19 that takes the headlines, it’s rioting. Rioting that was triggered by (NOT caused by) one of the most disturbing videos I’ve ever watched, that of Minneapolis Police officer Derek Chauvin kneeling on the neck of George Floyd. As I write this, riots are taking place (or have taken place) in Atlanta, Bakersfield, Boston, Chicago, Columbus, Dallas/Fort Worth, Des Moines, Denver, Detroit, District of Columbia, Houston, Los Angeles, Louisville, Memphis, Minneapolis, New York City, Phoenix, Portland, Sacramento, and San Jose, among many others. The media is reporting riots are even taking place in other countries!

Seems like the world is on fire. While this isn’t the place for us to dig into the debate about racial injustice and inequality, we’ve all got opinions (and I’ll share mine later, in another place/time). The UNSECURITY Podcast is dedicated to information security, so we’ll stay on topic. Today’s current events are hard to process, but a relevant question is, what do current events mean to/for information security? This will be our topic.

I’m not going to recap last week/weekend personal events here either. We might discuss these things a little during the time that Brad and I catch up with each other, but otherwise, we have plenty to discuss in this episode. Let’s get to it!

These are my (Evan) show notes…


SHOW NOTES – Episode 82

Date: Monday, June 1st, 2020

Episode 82 Topics

  • Opening
  • Catching Up (as per usual)
  • World On Fire
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey there! Welcome to episode 82 of the UNSECURITY Podcast. Today’s date is June 1st, 2020. Due to a lack of personal hygiene, well mostly a hair cut, I’m your information security chia pet, Evan Francen. Joining me is my good friend and co-host Brad Nigh. Good morning Brad!

[Brad] He wishes all the listeners nothing but the best of mornings!

[Evan] Some serious stuff to talk about in today’s show, but one of the most serious things, for me at least, is checking in with you. How you doing Mr. Nigh?

Catching Up

Quick discussion about last week, the weekend, family, safety etc.

[Brad] Gives us the low down on his haps.

[Evan] I give the low down on my haps. Also, I hit a deer on my motorcycle on Saturday (again). What the?!?! Who does this?

World On Fire

[Evan] It was easy to pick a topic for this week’s show. Just when you think the world couldn’t get any crazier, we encounter the events of last week. There are so many thoughts and emotions running through our heads. Everything from sorrow to anger to frustration and everything in between. We don’t ever want to shy away from tough issues, but we also need to keep things on topic (information security) for the show. What I’d like to do is discuss today’s current events and apply them to what we do. Ultimately, what do all these things mean to information security?

Whatya say Brad, you game?

[Brad] He’s a smart and competitive son of a gun. You know he’s game!

Things to discuss:

  • FRSecure’s Information Security Principle #1; a business is in business to make money.
  • Physical security implications, lessons, ideas, etc.
  • What does this mean for cyber/technical security?
  • Some organizations are targets.
  • Personnel information security implications.
  • If COVID-19 wasn’t enough to motivate better response planning, does this?
  • Whatever other pertinent thoughts come to mind.

[Evan] Great discussion and lots of good advice I think! Let’s do some newsy stuff.

News

[Evan] Even though information security may not be dominating the news, there are still plenty of information security news stories to choose from. Here are three news stories that caught my eye.

Wrapping Up – Shout outs

[Evan] Alright listeners! That’s episode 82. Brad, who you got a shout out for?

[Brad] Somebody special for sure!

[Evan] Here’s mine…

[Evan] Thank you to all our listeners! You guys are a big deal to us. PLEASE be safe out there; physically, mentally, and electronically. Let us know what you think of this episode or whatever else is on your mind. Send us things (preferably not malware, but whatever) by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and you can find this Brad guy @BradNigh. If you wanna follow our company’s stuff, you can follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for whatever cool things they’re up to.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 81 Show Notes – Hard Truths

Welcome back! Episode 81 is sure to be a good one, but before I get started, just a few thoughts…

We just went through our first Memorial Day weekend under COVID-19. I don’t know what to say about it, other than the world seems as crazy, or crazier, than ever. Seems like 1/2 the country is out and about like everything’s normal while the other 1/2 of the country stays cooped up as though the apocalypse were upon us. To complicate matters, both halves seem to look upon each other with disdain.

We’re learning more and more each day about this coronavirus we call COVID-19. One thing appears certain, we’ve had crappy data to work with since day one. Crappy data leads to crappy decisions and crappy decisions lead to crappy outcomes. I’ll just leave it at that.

Memorial Day

This is one of my favorite holidays. I wonder how many of us know what it stands for or what it means. I wonder because I was wished a Happy Memorial Day numerous times yesterday, yet there’s nothing “happy” about it. The day is set aside to remember and honor our nation’s war dead from the Civil War onwards. It’s a day to stop what you’re doing, spend (at least) a few moments remembering the sacrifices that were made by our soldiers, and be grateful.

I suppose there are happy parts too, but these are mostly the product of what somebody else gave for you and me.

Not sure if I’m in a pissier mood today or what. No matter, I’ll snap out of it soon. Let’s get to Brad’s show notes!


SHOW NOTES – Episode 81

Date: Tuesday, May 26th, 2020

Episode 81 Topics

  • Opening
  • Catching Up (as per usual)
  • Hard Truths
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 81 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is May 26th, and joining me this morning as usual is Evan Francen.

[Evan] Has some sort of story for us I’m sure

[Brad] We’ve got a good show planned today! Before we get going though, let’s recap our week.

Catching Up

Quick discussion about last week, Memorial Day, last weekend, COVID-19, life, and other stuff.

[Evan] Evan talks about the cool things he did.

[Brad] I talk about the cool things I did.

Hard Truths

[Brad] So interestingly, at least to me, this is the first time I struggled with what to cover in our podcast.  Maybe the monotony of quarantine, the tidal wave of news around breaches and new attack vectors, or just plain old writer’s block but even sitting down to write this I don’t know where it ended up.

Because I was stuck I decided to start with news, there have been several really interesting things that have come out lately and that’s when I found this article from CSO Online 6 hard truths security pros must learn to live with and, yeah we can talk about this.

The Hard Truths

Discussion about the hard truths outlined in the CSO Online article:

  1. Hackers are probably inside your network right now
  2. You can do everything right and a careless end user can ruin everything
  3. You face critical staffing and skills shortages
  4. IoT creates new and unforeseen security problems
  5. You sometimes feel misunderstood and underappreciated
  6. Stress, anxiety and burnout come with the territory

[Brad] Good conversation, thank you Evan.

Let’s do some news…

News

[Brad] Always plenty of things to talk about in the news, and here’s a few stories that caught my eye

Wrapping Up – Shout outs

[Brad] That’s it, Episode 81 is a wrap. Evan, you have any shout outs?

[Evan] Of course he does!

[Brad] Here’s mine…

[Brad] Huge thank you to our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan’s @evanfrancen. Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 78 Show Notes – Working From Home

Keeping the show notes short again this week. It was another crazy week at FRSecure and SecurityStudio. We make progress towards our mission each and every day, regardless of COVID-19. Our mission is to fix the broken information security industry, which can be summed up by this statement:

Information security isn’t about information or security as much as it is about people.

When we help people, we help our industry. After all, would anyone care about information security is nobody suffered when things go wrong?

We’ll keep on trucking! We’re grateful for the people who put their trust in us and our credibility.

Let’s just get to it, episode 78 show notes below…


SHOW NOTES – Episode 78

Date: Monday, May 1st, 2020

Episode 78 Topics

  • Opening
  • Catching Up (as per usual)
  • Working from home
  • S2Me/S2Team
  • Listener Mail
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey guys and gals. Welcome to the UNSECURITY Podcast. This is episode 78, the date is May 4th, 2020, and I’m Evan Francen. With me today is my co-host, Brad Nigh. Good morning Brad!

[Brad] It is a good morning and Brad’ll be in a good mood for sure. Let’s see how he responds.

[Evan] Another good show planned for today, but before we jump in, let’s catch up. It’s sort of our usual thing to do about this time.

Catching Up

Quick discussion about some of the cool things we’re doing.

[Evan] We’ve been talking a lot lately about working remote or working from home. This has been a hot topic for some time, but since the COVID-19 outbreak, this is one of the top trending topics in the information security world. Let’s discuss another take on this, more of a future looking strategic perspective.

Working from home

Discussion about:

  1. What work from home looked like before COVID-19.
  2. What happened because of COVID-19.
  3. What the future looks like after COVID-19.

There are plenty of news articles about these topics and there’s no shortage of “expert” advice. Here’s just a few:

  • Is Working From Home The Future Of Work? – https://www.forbes.com/sites/nextavenue/2020/04/10/is-working-from-home-the-future-of-work/#4260c2c846b1“An early-April 2020 MIT survey of 25,000 American workers found that 34% of those who’d been employed four weeks earlier said they’re currently working from home. Combined with the roughly 15% who said they’d been working from home pre-COVID-19, that means nearly half the U.S. workforce might now be remote workers.”
    • “The Brookings Institution’s Katherine Guyot and Isabel V. Sawhill just wrote their take on remote work and COVID-19, calling the pandemic “among other things, a massive experiment in telecommuting.”
    • ‘In a March survey of HR execs by the Gartner IT research firm, 76% said the top employee complaint during the pandemic has been “concerns from managers about the productivity or engagement of their teams when remote.”’
    • “In Buffer.com’s9 State of Remote Report, 19% of remote workers called loneliness their biggest struggle with working from home and 17% cited collaborating and/or communication.”
  • Some May Work From Home Permanently After COVID-19: Gartner – https://www.crn.com/news/running-your-business/some-may-work-from-home-permanently-after-covid-19-gartner“Gartner last week released results from a March 30 survey of 317 CFOs and business finance leaders that found 74 percent of those surveyed expect at least 5 percent of their workforce who previously worked in company offices will become permanent work-from-home employees after the pandemic ends.”
    • “According to Gartner, about 25 percent of those surveyed expect 10 percent of their employees will remain remote, 17 percent expect 20 percent will remain remote, 4 percent expect 50 percent will remain remote, and 2 percent expect over 50 percent of employees now working from home to permanently work from home after the pandemic subsides.”
  • Working from home has a troubled history. Coronavirus is exposing its flaws again – https://www.theguardian.com/commentisfree/2020/apr/12/working-from-home-history-coronavirus-uk-lockdown“According to the Office for National Statistics, only 5% of the UK labour force worked mainly from home in 2019, but well over a quarter had some experience of home-working.”
    • “With all but key workers confined to their homes, the virtual office is now the new norm – a development that could prove to have far-reaching consequences.”
  • As working from home becomes more widespread, many say they don’t want to go back – https://www.cnbc.com/2020/04/24/as-working-from-home-becomes-more-widespread-many-say-they-dont-want-to-go-back.html“States of Play, a joint CNBC/Change Research survey of swing states, finds 42% of respondents nationwide saying they are working from home.”
    • “Once the economy reopens, 24% say they’d like to work either entirely or more from home compared to how they worked before, while 55% plan to head back to the office.”
    • “Some 60% report being either as productive or even more productive than they were working from the office.”

But what about information security?

There is no shortage of information security tips for people working from home. Just a small sampling:

A different approach – S2Me and S2Team

[Evan] In early 2019, SecurityStudio release its first version of S2Me. The S2Me was released (well ahead of COVID-19) to gauge people’s information security habits at home and S2Team was a way to share the results with an employer without violating privacy at home. Last week, SecurityStudio released version two of S2Me and I’d like to talk about all this.

  • What is S2Me?
  • What is S2Team?
  • How do S2Me and S2Team work together?
    • S2Me is a simple, personal information security risk analysis tool for use at home. S2Me helps people understand their risk related to security, privacy, and safety. Once these risks are understood, S2Me attempts to motivate people to build better information security habits at home.
    • S2Team is a collection of S2Me aggregated results to help organizations understand their employees information security habits. Organizations use S2Team to develop better, more personal information security training programs.
    • A couple of quotes from the “Introduction to S2Team and S2Me Topic Descriptions” draft document:
      • “The problem isn’t people. The problem is managing risk related to people.”
      • “People are creatures of habit. People will occasionally deviate from their habits, but habits are their default. Habits create peoples’ baseline and become nearly (or in some cases completely) involuntary.”
      • “People choose to form new habits because if they desire the positive outcome or because they fear a negative one.”
  • A quick peek into S2Me.
  • A quick peek into S2Team

[Evan] I think we’re on the right track, trying to help people build better information security habits at home where everyone ultimately benefits.

Listener Mail

[Evan] A loyal listener, one who got a shout out from me last week, Jason Dance, sent us this article that I thought was interesting and worthy of a brief discussion; It’s Not Just Zoom. Google Meet, Microsoft Teams, and Webex Have Privacy Issues, Too. – https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex/

Brief discussion

[Evan] Alright, now some newsy things quick.

News

[Evan] It’s easy to find interesting things to talk about in our industry! Here’s a few that caught my attention:

Wrapping Up – Shout outs

[Evan] Wow. Lots of things. Well, episode 78 is almost in the can. Brad, got a shout out or two?

[Brad] Maybe he does, maybe he doesn’t…

[Evan] Here’s mine…

[Evan] Seriously, a huge thank you to our listeners! We love your encouragement and we don’t take your advice lightly. You’re all great! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Have a great week!

The UNSECURITY Podcast – Episode 77 Show Notes – Lots Going On

Keeping the show notes short again this week. We’ve been swamped here at FRSecure and SecurityStudio, so not a lot of time to recap what we’ve been up to.

Let’s just get to it, episode 77 show notes below…


SHOW NOTES – Episode 77

Date: Tuesday, April 28th, 2020

Episode 77 Topics

  • Opening
  • Catching Up (as per usual)
  • Remote Working and COVID-19 Stuff
  • Quick Zoom Update
  • Other Things
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 77 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is April 28th, and joining me this morning as usual is Evan Francen. Good morning.

[Evan] Evan says his “blah, blah, blah”.

[Brad] We have a jam packed show this week for sure, but before we jump in, let’s catch up quick. Lots going on.

[Evan] Yep. LOTS going on! Good things, but a helluva lot of good things!

Catching Up

Quick discussion about some of the cool things we’re doing.

[Brad] Good! Let’s shift gears now quick and talk about security remote workers. We’ve briefly touched on it over the last few weeks but as this appears to be becoming the “new norm”, I would like to spend some time dedicated to the topic.

[Evan] Yeah man! Sounds good.

Remote Working and COVID-19 Stuff

Discussion about many news articles, topics, announcements and such…

[Brad] First up, a news article titled “Malware Risks Triple on WFH Networks: Experts Offer Advice”

[Brad] Obviously this is bitsight so we know the limitations however I think in this use-case the data is valuable. We’ve got some other good resources and guidance to share, including:

[Evan] Yeah, these are all great resources that are worth looking at. I think our listeners will appreciate them all. Quick announcement, S2Me version two is releasing this week! It’s a limited release, but it’s a VERY good one! We’ll get into S2Me and how it works with S2Team to offer a unique (and what we think is a better) approach to securing the remote workforce.

[Brad] Cool. Should be a good show next week then!

Quick Zoom Update

[Brad] Zoom has been all over the news since the COVID-19 outbreak, and the stories have been all over the place. Thought we’d mention some of the latest developments. As a quick aside, we’ve touched on Zoom the last few weeks and it’s interesting that some of the other options have flown under the radar despite attacks that seem to be more severe.

And Zoom has released quite a few new security features, there’s this good write-up on Tech Republic titled “Zoom 5.0 Includes Security and Privacy Improvementshttps://www.techrepublic.com/article/zoom-5-0-is-coming-with-improved-security-features-heres-whats-new/

Other Things

[Brad] Like we said, there’s always a lot going on around here at FRSecure and SecurityStudio. Quick list of things:

  • FRSecure CISSP Mentor Program (we started this 11+ years before the COVID-19 pandemic)
  • Safety and Cybersecurity at Home 101 Webinar Series (Videos here).
  • SecurityStudio Partner Community (Join here).
  • The Daily inSANITY Check-in (Join here).

[Brad] Good conversation. Thank you Evan. Let’s do some news quick.

News

[Brad] Always plenty of things to talk about in the news, and here’s a few stories that caught my eye:

Wrapping Up – Shout outs

[Brad] That’s it. Episode 77 is a wrap. Thank you listeners! We hope you’ve enjoyed the show. Any quick shout outs for you Evan?

[Evan] Yes, I have two…

[Brad] Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh, and Evan is @evanfrancen. Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 76 Show Notes – Tough Times

Keeping the show notes short this week. We have a special guest, a great friend of mine, Serge Suponitskiy!

There are many, many things going on around here (@FRSecure and @SecurityStudio). I can’t recap everything for you, to do so would be very time consuming. There was one highlight from last week that stood out from the rest though…

2020 FRSecure CISSP Mentor Program

The 2020 FRSecure CISSP Mentor Program kicked off last week with Class #1 on Monday (4/13) and Class #2 on Wednesday (4/15)! It’s crazy, this is the 11th consecutive year of our free training program. With 1,444 students registered in 2020, we have now helped more than 2,825 students over the years!

We’ve had many people try to convince us to charge for this, even if only a small sum, but the answer is always “NO”. This is one of the ways we try to give back to our community, and we’ll continue to do this well into the future. We have done this since 2010, well before COVID-19 showed up at our front door.

Since COVID-19, we moved class to 100% online, with live streaming to YouTube. We archive the videos so anyone can watch any time (even those who never registered). The archives are here:

We’ve also setup an online study group. The study group, as of this morning, has 470 active members.

Here’s to a great 2020 program, and here’s to much success for the students!

On to the episode 76 show notes now.


SHOW NOTES – Episode 76

Date: Monday, April 20th, 2020

Episode 76 Topics

Opening

[Evan] Good morning everyone! This is the 76th episode of the UNSECURITY Podcast. The date is April 20th, 2020 and I’m Evan Francen. Joining me is my co-host Brad Nigh.

Good morning Brad.

[Brad] Brad says “hi”.

[Evan] We have a special guest! Let me give you a little background about this guy.

He’s a global business and technology leader with more than 20 years experience building enterprise innovative solutions. He’s guided many organizations through successful transformations, but arguably none more difficult than the one he’s currently facing with COVID-19. He’s currently working at Fight Centre, a global travel company, and as you know, the travel industry has been decimated by the pandemic.

His name is Serge Suponitskiy, and he’s the CTO, CISO, and now interim CIO at Flight Centre, Americas Region.

Welcome Serge!

[Serge] Serge does Serge.

Catching Up

[Evan] As is customary for us, before we jump in to the meat of the show, let’s catch up. If you’re a new listener, you might not know the first motivator for starting the UNSECURITY Podcast. It was to spend an hour shootin’ the breeze with Brad. So what’s up guys? How’s things?

Catching up. Recent events. Coping with *&#!

Introducing our Special Guest

[Evan] I invited Serge to our show for a couple of reasons, the first is, I really like the guy. He’s somebody I respect. The second reason I invited him was to get his perspective on dealing with COVID-19. Serge works in the travel industry, and everything in the travel industry has been turned upside down. He works for Flight Centre, a really great company, and it’s crazy what’s happening…

Topics for discussion:

  • Welcome Serge!
  • Our history and past together.
  • What’s happened to the travel industry since COVID-19?
  • What’s changed for you and your company?
  • What’s the focus for the next 3-6 months?
  • What do you think Flight Centre looks like on the other side?

[Evan] Thank you Serge. You’re a helluva guy and I’m sure everything will work out OK, even if it doesn’t seem like it sometimes.

Middle School Fight

[Evan] Interesting happenings last week between to industry middleweights; Rapid7 and Qualys. I’d like to get your take guys. On Thursday, I get this email…

It goes on…

[Evan] This sort of thing gets under my skin. In our industry, which is about serving and protecting people, we’re supposed to be better than this. So I wrote a short post on LinkedIn and reached out to my friend Chris Roberts for a sanity check.

Here this skinny:

[Evan] What do you guys (Brad and Serge) think about this?

Discussing the middle school playground fight between Rapid7 and Qualys.

News

[Evan] Just one news story this week; IT Services Giant Cognizant Hit by Maze Ransomware Cyber Attack.

Wrapping Up – Shout outs

[Evan] Alright, good show. Thank you for joining us Serge.

[Serge] May or may not say something.

[Evan] Lots going on this week. We continue our Daily inSANITY Checkins, everyone is welcome to join us. Just register online and you’ll get the invites. We also continue the CISSP Mentor Program with classes on Monday and Wednesday. Brad’s teaching tonight and Ryan (“cola”) Cloutier is teaching on Wednesday. I get the week off!

OK, shout out time. Brad, who you want to give a shout out to?

[Brad] We’ll see if he’s got someone.

[Evan] Serge, how about you? You have someone you want to give a shout out to?

[Serge] Maybe he does, maybe he doesn’t.

[Evan] I’d like to give a shout out to __________!

Well, that’s a wrap.

Huge thank you to our listeners. Episode 76 is about to go in the can. We love hearing from you, so if you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, feel free to follow us on Twitter. You can find me @evanfrancen, you can find Brad @BradNigh, and you can find Serge too @SergeSup.

That’s it. Talk to you all again next week!