Posts

The UNSECURITY Podcast – Episode 82 Show Notes – World On Fire

So, in case you missed it, the world blew up last week. Again.

This time it’s not COVID-19 that takes the headlines, it’s rioting. Rioting that was triggered by (NOT caused by) one of the most disturbing videos I’ve ever watched, that of Minneapolis Police officer Derek Chauvin kneeling on the neck of George Floyd. As I write this, riots are taking place (or have taken place) in Atlanta, Bakersfield, Boston, Chicago, Columbus, Dallas/Fort Worth, Des Moines, Denver, Detroit, District of Columbia, Houston, Los Angeles, Louisville, Memphis, Minneapolis, New York City, Phoenix, Portland, Sacramento, and San Jose, among many others. The media is reporting riots are even taking place in other countries!

Seems like the world is on fire. While this isn’t the place for us to dig into the debate about racial injustice and inequality, we’ve all got opinions (and I’ll share mine later, in another place/time). The UNSECURITY Podcast is dedicated to information security, so we’ll stay on topic. Today’s current events are hard to process, but a relevant question is, what do current events mean to/for information security? This will be our topic.

I’m not going to recap last week/weekend personal events here either. We might discuss these things a little during the time that Brad and I catch up with each other, but otherwise, we have plenty to discuss in this episode. Let’s get to it!

These are my (Evan) show notes…


SHOW NOTES – Episode 82

Date: Monday, June 1st, 2020

Episode 82 Topics

  • Opening
  • Catching Up (as per usual)
  • World On Fire
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey there! Welcome to episode 82 of the UNSECURITY Podcast. Today’s date is June 1st, 2020. Due to a lack of personal hygiene, well mostly a hair cut, I’m your information security chia pet, Evan Francen. Joining me is my good friend and co-host Brad Nigh. Good morning Brad!

[Brad] He wishes all the listeners nothing but the best of mornings!

[Evan] Some serious stuff to talk about in today’s show, but one of the most serious things, for me at least, is checking in with you. How you doing Mr. Nigh?

Catching Up

Quick discussion about last week, the weekend, family, safety etc.

[Brad] Gives us the low down on his haps.

[Evan] I give the low down on my haps. Also, I hit a deer on my motorcycle on Saturday (again). What the?!?! Who does this?

World On Fire

[Evan] It was easy to pick a topic for this week’s show. Just when you think the world couldn’t get any crazier, we encounter the events of last week. There are so many thoughts and emotions running through our heads. Everything from sorrow to anger to frustration and everything in between. We don’t ever want to shy away from tough issues, but we also need to keep things on topic (information security) for the show. What I’d like to do is discuss today’s current events and apply them to what we do. Ultimately, what do all these things mean to information security?

Whatya say Brad, you game?

[Brad] He’s a smart and competitive son of a gun. You know he’s game!

Things to discuss:

  • FRSecure’s Information Security Principle #1; a business is in business to make money.
  • Physical security implications, lessons, ideas, etc.
  • What does this mean for cyber/technical security?
  • Some organizations are targets.
  • Personnel information security implications.
  • If COVID-19 wasn’t enough to motivate better response planning, does this?
  • Whatever other pertinent thoughts come to mind.

[Evan] Great discussion and lots of good advice I think! Let’s do some newsy stuff.

News

[Evan] Even though information security may not be dominating the news, there are still plenty of information security news stories to choose from. Here are three news stories that caught my eye.

Wrapping Up – Shout outs

[Evan] Alright listeners! That’s episode 82. Brad, who you got a shout out for?

[Brad] Somebody special for sure!

[Evan] Here’s mine…

[Evan] Thank you to all our listeners! You guys are a big deal to us. PLEASE be safe out there; physically, mentally, and electronically. Let us know what you think of this episode or whatever else is on your mind. Send us things (preferably not malware, but whatever) by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and you can find this Brad guy @BradNigh. If you wanna follow our company’s stuff, you can follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for whatever cool things they’re up to.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 80 Show Notes – Zero Trust

We write our show notes either at the end of the week (Friday) or at the very beginning of the next (Sunday). It’s easier to remember the things that happened during the week on Friday than Sunday, that’s for sure! Only one day away (Saturday), and it’s easy to forget all that we did.

Most weeks are crazy, for us at FRSecure and SecurityStudio, and for people in general.

Normal(ish)

Are you feeling like things are slowly returning to normal? I am, and it’s great news! Personally, I don’t like the term “new normal”. I think I don’t like it because I feel like people have twisted it to serve their own desires and/or opinions without any factual basis. Normal is normal, and the greatest abnormality (in my opinion) has been our lack of in-person contact. We’ve been built, or wired, for analog personal interaction. Digital, online interaction will never substitute for it, and the longer we go without it, the more mentally unhealthy we become.

Four Things

Last week was a great week! Four cool things stand out in particular:

  1. Last week’s podcast was awesome! I love every opportunity to chat with Brad, and it’s a blessing to hang out every Monday morning. Recording episode 79 was a great way to kick things off last week. If you missed it, we talked about information security in K12, and you should go catch it.
  2. We made great progress in helping state governments last week! Had a great conversation with Minnesota’s CISO, Rohit Tandon, on Wednesday as we discussed third-party information security risk management. This was followed by the scheduling of a similar meeting with the State of New Mexico and joining the National Association of State CIOs (NASCIO) Cybersecurity Committee on Thursday.
  3. Chris Roberts, Ryan Cloutier, and I did Episode #1 of The Security Shit Show on Thursday night. It was a ton of fun hanging out with these guys! We’re planning to do our episodes/shows live every Thursday night at 10pm CDT, record them for future playback, and use he audio for our podcast. It’s definitely entertaining for our viewers/listeners and therapeutic for us. Be sure to tune in if you can!
  4. The Daily inSANITY Check-ins are still going strong, and this past week was great! People supporting each other and helping where we can is what it’s all about. Come join us when you can.

There were many great things about last week, but these were the four that came to mind when I sat down to write these show notes.

Speaking of show notes, let’s get to it! Today we’re going to talk about Zero Trust; what it is, why it’s a hot topic today, and what you should be doing about it.


SHOW NOTES – Episode 80

Date: Monday, May 18th, 2020

Episode 80 Topics

  • Opening
  • Catching Up (as per usual)
  • Zero Trust
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey everyone! Welcome to the UNSECURITY Podcast. This is episode 80, the date is May 18th, 2020, and I’m Evan Francen. With me today is my co-host, Brad Nigh. Good morning Brad!

[Brad] We’ll see what sort of mood Brad is in this morning…

[Evan] We’ve got a good show planned today! There’s this thing called “zero trust” that people are talking about, and I thought it’d be good for you and I to discuss it. Personally, I’ve received a lot of questions about it, and I’m sure you have too Brad. Like always, before we dig in, let’s catch up. What were some highlights for you from last week and how was your weekend?

Catching Up

Quick discussion about last week, last weekend, COVID-19, life, and other stuff.

Zero Trust

[Evan] A simple Google search of Zero Trust turns up “About 691,000,000 results”. A Google search of “Zero Trust” (with quotes) turns up “About 1,940,000 results“. So, clearly there are a lot of people who know what it means, right? Here’s some returns from the first page of search results:

The fact that there are so many “what is zero trust?” search returns might be a hint that people are confused. Let’s tackle this!

Zero Trust Discussion

Let’s try to clear some of the confusion:

  • What is Zero Trust?
  • Is it really new?
  • Is Zero Trust possible?
  • If I want Zero Trust, what do I need to do?
  • What common mistakes should I look out for?

[Evan] Alright. Good talk Brad. Thanks for sharing your insight! I think our listeners have a clearer picture of Zero Trust and what it means to them. If they have additional questions or comments, they can always contact us for more!

News

[Evan] News stuff! What the heck happened in the world last week? Let’s see…

I found four articles that caught my attention. Let’s talk about them!

Wrapping Up – Shout outs

[Evan] Never a shortage of things to talk about in this industry is there? Well, episode 80 of the UNSECURITY Podcast is just about a wrap. Brad, you have any shoutouts?

[Brad] Maybe he does, maybe he doesn’t…

[Evan] Here’s mine…

[Evan] Can’t say enough thanks to our listeners! Crazy how we run into you in all sorts of places. Stay safe and let us know how we can help you. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh. Thinking about coming to hang out at the Daily inSANITY Check-in? You can follow this on Twitter too at @InSanityIn.

There you go, have a great week!

The UNSECURITY Podcast – Episode 72 Show Notes – COVID-19

Hi everyone. We’re hoping and praying for everyone’s health and mental well-being right now. Take care of what really matters, yourself and your loved ones.

Episode 72 of the UNSECURITY Podcast will be dedicated to continued discussion about COVID-19 and what the pandemic means, in our daily lives and in our vocation as information security people. It’s the topic on everyone’s mind, so to not talk about it seems a little tone deaf.

Before we get to the show notes (below), I’d like to highlight a few things going on around here.

One Word

What one word would you use to describe your past week? If you’re a Twitterer, let us know by tweeting your word with the hashtag #UNSECURITYoneword. Be sure to include us (@evanfrancen and @bradnigh) in the conversation.

Not Adjusted Yet

Not sure about you, but I haven’t adjusted yet. I’m an introvert, so I was expecting to thrive in isolation. I was wrong (for now). I was surprised to learn how much personal interaction really means to me.

Everything seemed different this past week and I was definitely a little off my game. I had trouble focusing on tasks and struggled with processing events occurring all around me. Nothing made sense at times.

On Tuesday (3/17) we (FRSecure and SecurityStudio) closed the offices, and by the next day, almost everyone was online and functionally working from home. Since there was nobody at the office, I decided to work from there.

The empty office was quiet. Too quiet. The quiet forced me to realize how social we are in our office. Every (normal) day is like a family get together. A family get together where everybody actually likes each other.

In a quiet office there are no dumb office jokes. No laughter. No smiles. No fist bumps. A quiet office is just filled with empty. Our office was filled with empty and me. It was a eerie and it was lonely.

I’m assuming the adjustment will just take time. Between now and then, let’s all keep our head up and look for ways to help others. Helping others can be a great coping mechanism!

The Pledge

Also on Tuesday, I wrote a pledge and posted it on LinkedIn. This pledge is one that I plan to live by, especially now.

My pledge:

  • I will NOT panic.
  • I will NOT give in to fear.
  • I WILL think things through.
  • I WILL make prudent decisions based upon the best (non-biased) information available.
  • I WILL be the person I’ve always been and learn to be better.
  • I WILL help my fellow humans whenever and however I can, putting my family first.
  • I will NOT use this (or anything else) to take advantage of people, and
  • I will NEVER put someone in danger if I can help it.

coronavirus panic fear think prudence decisions learning helpingpeople

What Else

We did a lot this past week.

The Impact of COVID-19 on Information Security Webinar(s)

In the midst of the chaos, we decided to put together a last minute webinar for Wednesday (3/18) afternoon.  Our motivation for the webinar was to help people and bring calm to the storm. Despite last minute arrangements and everything else going on, we had ~250 people come to the first session. Participation and interaction was more than we expected! There were many unanswered questions after the first session, so we decided to do a second session on Friday (3/20).

The topics we discussed were:

  • Introductions.
  • Before we get started.
    • #1 – The current state of affairs.
    • #2 – My pledge.
    • #3 – FRSecure Open Letter.
    • #4 – Ideas we’re kicking around.
  • Topics:
    • What is the impact of COVID-19 on information security?
    • How to securely shift employees to remote work during social distancing.
    • Some of the current social engineering scams around COVID-19 and how to avoid them.
    • How to create or adjust your business’s disaster recovery plan.
  • Where to go if/when you need help.

I’ve posted a copy of the presentation online for everyone.

Virtual Happy Hours

Our team started doing virtual happy hours on Thursday. Every organization should do these! We all get into an online Zoom meeting and hangout for a while. We share. We laugh. We joke. We smile. We love. These are amazing experiences that are healthy and good for the soul.

I prefer to sit and listen most of the time. Just taking it in. The sounds of my team laughing, their smiles, their dumb jokes (like really dumb), and sharing our day together are beyond magical. The joy these guys bring to my day is the best way to end it!

The Daily inSANITY Check-in

Nobody has this thing figured out and nobody has it all together.

We want to help, so we’re starting the Daily inSANITY Check-in webinar series. The purpose of the Daily inSANITY Check-in is to provide a safe place for people to discuss current events, information security things, challenges we’re facing, or whatever else comes to mind. The check-ins are short (30- to- 60-minute) daily meetings with discussion. People are always free to come and go as they please.

This is new, and we’re just getting started. Don’t expect all the kinks to be worked out day one. Visit the registration page for the full description and to signup.

K12 Cybersecurity Podcast

Good news! Our buddy Ryan Cloutier just released the first episode of the K12 Cybersecurity Podcast. His first episode is awesome! It’s so much better than our first UNSECURITY Podcast. In this episode, Ryan’s special guest is Amy McLaughlin. Amy is the Information Services Director at Oregon State University and cybersecurity project director for the Consortium for School Networking (CoSN).

This was a timely and well done episode. I recommend you subscribe to Ryan’s K12 Cybersecurity Podcast and get ready for more great content!

Pretty sure I forgot something, but that’s all for now. Let’s do a podcast (or something)!


SHOW NOTES – Episode 72

Date: Monday, March 23rd, 2020

Show Topics:

  • Opening
    • The week that was.
    • The week that is to come.
  • COVID-19
    • Priorities, and where does information security fit?
      • Mental and Physical Health
      • Yourself and Your Loved Ones
      • Business – Survival
    • The Bass and The Barracuda
      • Don’t be a bass. Be a barracuda.

This slideshow requires JavaScript.

Opening

[Evan] Hello listeners, this is another episode of the UNSECURITY Podcast. My name is Evan Francen, this is episode 72, and the date is March 23rd, 2020. Joining me in studio is my buddy Brad Nigh. Good morning Brad!

[Brad] If it’s a good morning for Brad, we’ll know by how he responds.

[Evan] Last week was nuts. You and I hardly had a chance to connect with all that’s going on, so we’re a little out of sorts. This would normally be your week to lead the podcast, but since we didn’t really connect, I’m hosting again. Hope that’s OK.

[Brad] He’s one of the nicest guys you’ll ever meet. He’s probably OK with this.

[Evan] We’ve got a lot to talk about this week. Top of mind or course is COVID-19 and what the pandemic is doing to our daily lives. Sort of hard to talk about much else right now, right?

[Brad] He might agree.

[Evan] Last week was crazy. Let’s talk about the week that was and then talk a little about what’s coming this week.

Catching Up Discussion

Discussing last week’s events and what we’re expecting this week.

[Evan] Alright, there has never been anything in my lifetime that’s been as disruptive as the COVID-19 pandemic. I sort of feel like we’d be tone deaf if we didn’t keep up the conversation.

COVID-19 Discussion

Our topics this week include:

  • Priorities, and where does information security fit?
    • Mental and Physical Health
    • Protecting Yourself and Your Loved Ones
    • Business – Survival
  • The Bass and The Barracuda
  • Another plug for S2Me.
  • Next Week:
    • Maybe a guest; it’s been a while.
    • What happens on the other side?
    • Daily inSANITY Check-in Update
    • What we’re doing to help.

[Evan] The world has hardly seemed any crazier than it is today. Do all you can to maintain (or restore) your health. Good talk. Now let’s get to some non-COVID-19-related news.

News

[Evan] Alright, let’s talk about a non-coronavirus story (or two or three). Remember, attacks aren’t going to stop. In fact, they are increasing and are expected to continue to increase. Don’t ever put anything past or too low for the lowest among us.

Here’s two news stories to consider this week:

Closing

[Evan] There you have it. Episode 72. Thank you for listening. We’re wishing everything health and sanity! Remember, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet like that. I’m @evanfrancen, and Brad’s @BradNigh. Check out @studiosecurity and @FRSecure frequently. They’re always posting good things!

Be safe. That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 69 Show Notes – Who does what?

After last week’s BSOD on Brad’s laptop…

We were 50+ minutes into last week’s podcast when Windows said no more. The operating system crash brought episode 68 to a dead halt before we had a chance to cover the last part of our Roles and Responsibilities series. So, instead of two parts, we’re doing three. This is how it all worked out:

I’m excited about this episode because it hits close to home. It should hit close to home with everyone!

RSA Conference

We’ll also talk about last week’s RSA Conference in this show. SecurityStudio sent seven people to the conference this year, and here are some highlights we will discuss:

  • The theme for the conference this year was “Human Element”.

  • Roughly 36,000 attendees this year.
  • San Francisco’s State of Emergency, mid-conference
  • The money grab was alive and well (literally).

This slideshow requires JavaScript.

  • SecurityStudio’s first appearance as a sponsor.

This slideshow requires JavaScript.

    • Gave away 1,000 free, signed copies of UNSECURITY.

This slideshow requires JavaScript.

    • We became known as counterculture (which was super cool).
    • The theme “Mission before $” was born and etched onto each book.
    • We made (at least) 961 new friends.

This slideshow requires JavaScript.

Overall, the RSA Conference was a great experience for everyone and a huge success for SecurityStudio.

On to this week’s show notes…


SHOW NOTES – Episode 69

Date: Monday, March 2nd, 2020

Show Topics:

Our topics this week:

  • Opening
    • What’s up?
    • One thing.
  • RSA Conference
  • Information Security Roles and Responsibilities (Part 3 of 3)
    • Last week, quick recap of roles and responsibilities (at work).
    • People are creatures of habit.
    • SIMPLIFY – What are things we can do?
    • At home:
      • Information security, privacy, and safety cannot be separated.
      • Parent
      • Spouse
      • Children
    • What should every “normal” person know about information security?
    • The importance of definition, formality, and communication.
  • News
Opening

[Evan] Hi again UNSECURITY podcast listeners! My name is Evan Francen and this is episode 69. The date is March 2nd, 2020. Joining me in studio is my co-host, Brad Nigh. Good morning Brad!

[Brad] Rumor has it, he’s been working hard on some IR work. Let’s see if he’s in the mood to talk this morning.

[Evan] It’s great to be back in the office and good to be here. We have a really good show for our listeners this week, but before we dive in, let’s catch up. Brad, tell me about your week.

Catching up

Some back and forth happens here.

[Evan] I’m behind on just about everything. Hoping for a good catch-up week!

RSA Conference

[Evan] So, there was this RSA Conference thingy last week. Let’s talk about it.

RSA Conference discussion. What we learned and what we wish we hadn’t.

[Evan] We’ll invite some of the interesting people from RSA to join us a future guests.

Information Security Roles and Responsibilities (Part 3 of 3) – Micro Level (at home)

[Evan] OK. So last week, we had a nice visit from the BSOD genie. Probably a good thing because we were going sort of long anyway. We originally planned two episode for Roles and Responsibilities, but instead we’ve got three now. No big deal. I’m looking forward to this talk with you Brad! What do you think about the series thus far?

[Brad] His opinions…

Last week, quick recap of roles and responsibilities (at work).

[Evan] We’ve talked about roles and responsibilities at a macro level and we’ve talked about roles and responsibilities within an organization. Now, let’s talk about roles and responsibilities at home. I know that you and I both are very conscious of information security at home.

Roles and Responsibilities at Home:

  • People are creatures of habit.
  • SIMPLIFY – What are things we can do?
  • Information security, privacy, and safety cannot be separated.
  • Roles
    • Parent
    • Spouse
    • Children
  • What should every “normal” person know about information security?
  • The importance of definition, formality, and communication.

[Evan] Great conversation. These things will all be covered in our book, and I’m really looking forward to finishing it with you. This book could help tons of people! Alright, as usual, let’s get to some news.

News

[Evan] Here’s what we’ve got for news this week:

Bonus, maybe a future episode; This breast cancer advocate says she discovered a Facebook flaw that put the health data of millions at riskhttps://www.cnn.com/2020/02/29/health/andrea-downing-facebook-data-breach-wellness-trnd/index.html

Closing

[Evan] There you have it. Episode 69. It’s good to be home this week.

[Evan] Thank you to our listeners, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet sometimes. I’m @evanfrancen, and Brad’s @BradNigh. Check out @studiosecurity and @FRSecure frequently. They’re always posting good things! Is FRSecure out at SecureWorld North Carolina this week? Lots going on and lots of chatter!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 52 Show Notes

Yay us! This is the one year anniversary of the UNSECURITY Podcast! 

Episode 52. One year, one episode per week, fifty-two episodes. Hard to believe it’s already been a year. We didn’t miss a single week, and if you know us (well, me anyway), you know that’s almost miraculous. Some weeks were tough to get something recorded, but we did it anyway.

Last week was a good one around here. I’m not sure what Brad’s been up to because we haven’t caught up with each other yet.

For me, I gave a couple talks at a couple of conferences, made a short Dallas trip, and did some other neat stuff.

Last week was a great show with special guest, lead pen-tester, and all around awesome guy Eric Hanson. We’re pleased to have another special guest this week! David Kruse is joining us to share his perspectives on things. It’s gonna be another great show!

My show to lead this week and these are my notes.


SHOW NOTES – Episode 52

Date: Monday, November 4th, 2019

Show Topics:

Our topics this week:

  • One Year Anniversary
  • Introducing David Kruse
    • How’d you get here? 
    • Cyber Insurance
    • Speaking
  • Industry News
Opening

[Evan] Hey UNSECURITY Podcast listeners! This is episode 52, the date is November 4th, 2019, and I’m your host, Evan Francen. My guy is with me, Brad Nigh. Tell the folks something Brad.

[BradWords, words, words, etc.

[Evan] Alright, we’ve got a great show planned!

  • We’re going to talk about 0ur first year of podcasting, and some of what we’ve learned.
  • We’re going to welcome our guest David Kruse. He’s an awesome dude who’s got a cool career story. He also knows a ton about cyber insurance, so we’re going ask him all sorts of challenging cyber insurance questions.
  • After all this, we’re going to discuss some interesting news stories, including Google’s Fitbit purchase announcement.\

Ready Brad?

[Brad] Of course he is.

[Evan] OK. Joining us this morning is a pretty swell guy, David Kruse. Good morning David!

[David] Unless we have technical issues, David will probably say something.

[Evan] You guys, I can’t believe this is the one year anniversary of the UNSECURITY Podcast! We’ll do the official One Year Anniversary Show next week, but let’s talk about this.

One Year Anniversary Discussion
  • Reminiscing – some cool and some funny show moments
  • People we’ve met, and some of our favorite peeps
  • What’s next? Ideas.

[Evan] It’s been a good year. Here’s to an even better one ahead! OK, now let’s talk about you David. 

Introducing David Kruse
  • How’d you get here? – One of the most fascinating things David shared with me was his career path. It’s pretty wild. There are some interesting parallels between his path and mine. Should be a good talk!
  • Cyber Insurance – David has some awesome cyber insurance experience and advice.
  • Speaking – David does some speaking, including keynotes. Let’s get his perspective, tips, and tricks on this too.

[Evan] It’s great talking to you and it’s great knowing you David! Thanks for sharing brother. Let’s wrap the show up with some news stories. 

News

[Evan] We’ve got two (maybe three) news stories to discuss this week, but one news story in particular that caught my eye was Google’s intended purchase of FitBit. Ugh.

Closing

[Evan] Episode 52 is a wrap. Well, almost. Thank you for joining us David! Hopefully we can do this again in the future.

Thank you to our listeners! Keep the questions and feedback coming. We love it,. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. David, do you have a way you want people to social ice with you? 

Follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies!

That’s it! Talk to you all again next week!