Posts

The UNSECURITY Podcast – Episode 67 Show Notes – Who does what?

Did you even notice that I skipped posting show notes for last week’s podcast? Time got away from us. Sometimes our day job gets in the way. No matter. We recorded a pretty good show for you last week anyway, and you can catch a listen here.

We’re almost back on track this week.

Here we go…


SHOW NOTES – Episode 67

Date: Monday, February 17th, 2020

Show Topics:

Our topics this week:

  • Opening
    • What’s up?
    • One thing.
  • Information Security Roles and Responsibilities (Part 1 of 2)
    • How important are information security roles and responsibilities?
    • Is it important to define them formally, or do people just know?
    • Roles and responsibilities at a macro level.
      • Government(s).
      • Business(es).
        • B2C.
        • Employer(s).
      • School(s).
      • Consumer(s)/citizen(s)
    • Ideas for making things better.
    • Part 2 – Information Security Roles and Responsibilities (micro-level).
  • News
Opening

[Evan] Howdy. Welcome to episode 67 of the UNSECURITY Podcast. Today is February 17th, 2020 and this angelic voice you’re hearing is me, Evan Francen. Joining me in studio today is my security bestie, Brad Nigh. Good morning Brad!

[Brad] Hopefully he got some sleep and he’s ready to impart some of his wisdom!

[Evan] We have a great show planned today. Before we dive in, let’s catch up. As usual, I want to know how you’re doing and what you’re up to. Give it to me.

Catching up

Some back and forth happens here.

[Evan] Let’s see if you prepped for today’s show. I want you to share one information security truth. Pick any one you want.

[Brad] Shares a truth.

[Evan] Boom! Hashtag truth. Here’s one that’s on my mind…

[Evan] This weekend I was doing some work on our book. For those of you who don’t know yet, we are writing a really cool book. There are two purposes for the book. The first is to simplify information security, and the second is to operationalize information security in underserved markets. Underserved markets are state/local government, schools (K-12 and higher ed), small businesses, and individuals. How do we embed information security in such a way that it becomes a normal part of everyday life and a competitive advantage?

This book is being written by me, Brad, and Ryan (aka “cola”).

I’m just about done with my initial outline, which are really just thoughts. Soon, we’ll get going full speed with these guys. We’ll be collaborating big time!

Anyway, here’s why this is relevant to today’s podcast. As I was writing, I had a thought. One of the foundational components of information security is understanding and implementing roles and responsibilities. This leads to an idea of doing a two-part series. In part one (today), I’d like to discuss information security roles and responsibilities at a macro level. In part two (next week), we can discuss information security roles and responsibilities at a micro level. You game?

[Brad] Brad’s almost always game. He’s one of the most collaborative and easy-going security guys I know!

Information Security Roles and Responsibilities (Part 1 of 2) – Macro Level

We’ll share opinions on these things:

  • How important are information security roles and responsibilities?
  • Is it important to define them formally, or do people just know?
  • Roles and responsibilities at a macro level.
    • Government(s).
    • Business(es).
      • B2C.
      • Employer(s).
    • School(s).
    • Consumer(s)/citizen(s)
  • Ideas for making things better.
  • Part 2 – Information Security Roles and Responsibilities (micro-level).

[Evan] Good discussion man! We take so many of these things for granted. Good things for us to keep in mind as we continue down the path of writing our book.

[Brad] Brad is Brad.

[Evan] Let’s cover some news now.

News

[Evan] I’ve got a few goodies today:

Closing

[Evan] There you have it. Episode 67. Always great chatting with you Brad! Got any parting words?

[Brad] Maybe he does, maybe he doesn’t…

[Evan] Thank you to our listeners, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet sometimes. I’m @evanfrancen and Brad’s @BradNigh. If you like company stuff, we work for SecurityStudio (@studiosecurity) and FRSecure (@FRSecure). The company people post good things from time to time too!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 61 Show Notes – 2020 Look Ahead

Hello 2020! What do you have in store for us?

In last week’s episode, Brad and I discussed some of the crappy things from 2019. It’s no doubt, we’ve got a lot of work to do in this industry. Now, in this episode, we’re going to discuss some of the great things we did this year as an industry, and we’re going to look at what 2020 should have in store for us!

Exciting Announcements

We’re starting 2020 off right, and we have some cool announcements:

  1. Our good friend Ryan Cloutier has joined SecurityStudio!
  2. We’re writing a new book!
  3. I’m in Cancun (I guess this is sorta cool for me)!
Ryan Cloutier

If you’ve been listening to our podcast for a while, you might remember Ryan. He joined us on the show in episode 27, and again in episode 44. Ryan brings a wealth of knowledge, a refreshing perspective, and an unbridled passion for information security , and we’re jacked he’s on board! Ryan will be helping me and the rest of the SecurityStudio team reach K-12, local governments, and whoever else wants to get on board with establishing rock solid information security fundamentals.

New Book

I took off for my annual trip to Cancun yesterday (1/4) to begin writing our next book. This one will be co-written with Brad and probably Ryan too. The book is unofficially titled “Securing America” and it will provide an easy-to-use manual for building fundamental information security programs and habits in the most under-served areas; SMBs, local governments, education (K-12 and post-secondary), and home.

If you haven’t read my first book, I invite you to! You can either purchase it, or if you’re with us on our mission to fix the brokenness in our industry, contact me and tell me so. I’ll send you a free signed copy! P.S. I’m not publicizing this everywhere, so let’s see if your paying attention.

Cancun

Yeah, this is year three for this trip. Year one was spent writing UNSECURITY. Year two was spent starting a book that I shelved (for now) about information security for normal people. This year, I’m starting this book (referenced above) and we’ll publish it sometime in Q3/Q4 of 2020.

We’ll cover these things (above) and some of the good things from 2019 in this episode of the UNSECURITY Podcast.

Brad’s leading the show this week, joined in studio by Ryan Cloutier. I’m calling in from Mexico, and these are my notes.


SHOW NOTES – Episode 61

Date: Monday, January 6th, 2020

Show Topics:

Our topics this week:

  • Opening
    • Exciting News.
    • 2019 in review, some of the good things.
    • What we expect 2020 to bring us.
  • Closing
Opening

[Brad] Welcome to the first UNSECURITY Podcast episode of 2020! We’ve got a jam-packed show for you today. It’s Monday, January 6th, 2020, and I’m Brad Nigh. Joining me in studio is the newest member of our team, Ryan Cloutier. Welcome Ryan!

[Ryan] Ryan does Ryan. Would you expect anything different?

[Brad] Joining us by phone from Cancun, Mexico is my usual co-host, Evan Francen. Hi Evan.

[Evan] I do me.

[Brad] Probably says something about Cancun and how he should be here too, or instead or me. Maybe he’ll ask about the weather, maybe not.

[Brad] Well, let’s get started. We have a ton of stuff to talk about today. Let’s start off by talking about you Ryan. Today is day #1 at SecurityStudio, right?

[Ryan] Says stuff.

Exciting News – Welcoming Ryan

Quick discussion and welcome.

  • Questions that may come up:
    • What will you be doing at SecurityStudio?
    • What made you want to come to SecurityStudio?
    • What are some of the challenges that lie ahead?
  • We’re pumped that Ryan’s onboard, and we’re looking forward to great things!

[Brad] Alright, Evan’s down in Cancun starting another book. He’s getting it started, and rumor has it that I and you (Ryan) will be co-writing this sucker!

Exciting News – Another Book

Quick discussion about this upcoming book.

  • Questions that may come up:
    • What’s the point for this book?
    • Who’s the audience?
    • What’s it like to write a book?
    • When can I get a copy?
  • We’re jazzed about this book because it’s a way to get the word out and make an impact on people’s lives. The fact that it’s going to be a collaboration between the three of us makes it extra exciting!

[Brad] Alright, some cool things to look forward to in 2020 and beyond! Let’s take a quick look back at 2019 and find some positive news. As infosec people, we sometimes get caught up in the bad news, but there are many good things happening.

2019 in Review – Good Things

[Brad] I think I speak for both Ryan and Evan when I say that we love this industry. There’s plenty of brokenness, but the people in this industry are amazing! Evan has a say that he uses a lot; “information security isn’t about information or security as much as it’s about people.” Using this as a segue, what good things happened in 2019 that we can be proud of?

Some things to discuss (in a positive light):

  • Is the information security industry more diverse now than it was at the beginning of 2019?
  • How are the job prospects for information security practitioners?
  • Are people more aware of information security?
  • Are CISOs emerging as real business leaders in greater numbers?
  • Is there improved collaboration among information security professionals?
  • More people are beginning to focus on fundamentals.

[Brad] Let’s focus on progress in 2020 and we should each be asking ourselves:

  1. Am I making a positive difference?
  2. Are my motives focused on greater good or selfish greed?
Closing

[Brad] OK, no news for today’s show. We’ve discussed plenty and we’re looking forward to another great year! We’re also wishing the best for all our listeners. Let’s kick some ass together in 2020!

That’s a wrap for today’s show. Thank you and welcome to the family Ryan. Evan, stay out of trouble.

Next week, we’ll start to devote 10 minutes out of every show to help someone who’s looking for a job or career change. If you’re one of these people, get in touch with us and we’ll feature you as a guest on future episode.

Get in contact with us through email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh, Ryan can be found at @CLOUTIERSEC, and Evan’s in his usual spot, @evanfrancen.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 60 Show Notes – 2019 Year End Review

Goodbye 2019. It’s been real.

Where did the time go?

A common question, we ask ourselves. This year I decided to take a stab at answering it.

Here’s where my time went, for what it’s worth (roughly):

  • 38.58% (or 3,380 hours) working
  • 27.09% (or 2,373 hours) sleeping
  • 23.90% (or 2,094 hours) personal (family, friends, etc.) quality time
  • 10.42% (or 913 hours) other

I spent ~15% more time working than I did making memories with my family in 2019. Some priority adjustments are overdue for me in 2020.

Thank God for the gift of reflection.

The end of the year is a good time to reflect. Reflection is healthy. As I reflect on 2019, I can think of many good things about us like improved industry diversity, great personal growth, business accomplishments, and amazing people working round the clock for our collective benefit.

Unfortunately, there are also bad things. Since we’ve got plenty to cover, both good and bad, we’ll use this episode (#60) to discuss the bad. We won’t want to leave a sour taste in your mouth for too long, so we’ll cover the good things, and the things to look forward to in 2020, in next week’s episode (#61).

Now, the bad.

I already mentioned one of the bad things I discovered from 2019, that my priorities are out of whack, but I also learned things about the sad state of our industry. I learned that we’re (still) losing the war, and we’re losing it on multiple fronts.

Are you wondering what war?

The war where the bad people take advantage of the good people. The war where the immoral ones take advantage of the decent ones. Where the informed and corrupt beat the ignorant and noble every single time.

Let me preface the rest of this by saying I’m not a doomsayer. I’m a realist. I’m a realist with a deep desire to share the truth. If you’ve been paying attention, and can be objective, you’ll find it easier to predict our future. Predicting where a path leads is easier when there’s no (or little) change of course.

Our discussion points for episode 60’s year-end review:

  • Front #1 – Breaches are more common than ever, but we seem to care less than ever.
  • Front #2 – Our local governments and schools are losing their battles.
  • Front #3 – Our homes are part of the battleground and we’re not prepared.

All is not lost, and there’s hope. There’s good news too. We’ll cover good news next week. 2020 is the year for you, me, and our industry to get real. It’s time for us to tackle our most significant issues head-on, together!

I am (Evan) leading the show this week, and these are my notes.


SHOW NOTES – Episode 60

Date: Monday, December 30th, 2019

Show Topics:

Our topics this week:

  • Opening
  • The year (2019) in review.
    • Priorities and life adjustments
    • Front #1 – Breaches are more common than ever, but we seem to care less than ever.
    • Front #2 – Our local governments and schools are losing their battles.
    • Front #3 – Our homes are part of the battleground and we’re not prepared.
  • Closing
Opening

[Evan] Welcome to the last UNSECURITY Podcast episode of 2019! We’ve got a great show planned for you. The date is December 30th, and this is episode number 60. Joining me as (almost) always is my guy Brad Nigh. Hi Brad.

[Brad] Early morning version of Brad…

[Evan] No guest today. It’s just me and you. How you doing?

[Brad] More early morning version Brad things…

[Evan] When I put together today’s show notes, I felt like I was a little harsh, maybe even depressing. It’s not like I was depressed when I wrote the notes, but when I take an objective look at what took place this year, it’s sort of depressing to me. 2019 brought with it a record number of breaches, a record number of records disclosed/stolen, ransomware everywhere, etc. Crap man. Do I seem depressed to you?

[Brad] He’s got something to say.

[Evan] Maybe I take this too personal, but I HATE seeing people get taken advantage of. There were too many times this year that we read about people being taken advantage of, and it sucks. Ugh. Maybe I am depressed.

[Brad] More things…

[Evan] Alright, let’s get to it. The 2019 year-end review…

The year (2019) in review discussion
  • Priorities and life adjustments
  • Front #1 – Breaches are more common than ever, and we seem to care less than ever.
    • Another record year for breaches, do we care?
    • Sources; https://www.cnet.com/news/2019-data-breach-hall-of-shame-these-were-the-biggest-data-breaches-of-the-year/ and https://lifehacker.com/the-worst-data-breaches-of-2019-1840616463
    • “total number of breaches was up 33% over last year”
    • “medical services, retailers and public entities most affected”
    • “5,183 data breaches for a total of 7.9 billion exposed records”
    • Risk Based Security stated that 2019 is/was the “worst year on record” for breaches
      • January – Marriott breach (383 million)
      • February – 617 million accounts, from 16 websites and for sale on the dark web
      • March – 100s of millions of Facebook and Instagram accounts
      • April – 540 million Facebook records
      • May – 885 million First American Financial records
      • June – 20 million patients, bill collector American Medical Collection Association
      • July – Capital One and 100 million credit card applications
      • August – MoviePass and 160 million unencrypted/unauthenticated records
      • September – 218 million Words with Friends accounts
      • October – 4 billion social media profile records (???)
      • November – Facebook again…
      • December – we’re still waiting…
    • Breach fatigue.
    • Are we getting better at finding/reporting breaches? Are breaches happening more often? Are we getting worse?
  • Front #2 – Our local governments and schools are losing their battles.
    • Ransomware nails our local governments and schools.
    • A great article by Michael Mayes at CPO Magazine; the Top 10 Ransomware Stories of 2019.
      • “As the year ends, it’s time to declare 2019 the Year of Ransomware Escalation.”
      • Baltimore was “just one of 82 cities and municipalities to publicly report being struck by ransomware” in 2019.
      • “By December 1, a total of 72 US school districts have fallen victim to ransomware, impacting 867 individual schools and over 10,000 students.”
      • Nine “school districts representing 98 individual schools have been attacked by ransomware just in November. They include:
        • Wood County Schools, Parkersburg, West VA
        • Port-Neches Grove Independent School District, Port Neches, TX
        • Penn-Harris-Madison School Corporation, Mishawaka, IN
        • Livingston New Jersey School District, Livingston, NJ
        • Chicopee Public Schools, Chicopee, MA
        • Claremont Unified School District, Claremont, CA
        • Sycamore School District 427, DeKalb, IL
        • Sunapee Middle High School, Sunapee, NH
        • Main School Administrative District #6, Buxton, ME”
      • Louisiana declared a state of emergency twice in 2019
    • Do we just accept it?
    • We started a civic duty push in 2019, calling for citizens to inquire about ransomware protections from their local government officials. We’ll need to pick this up again this year, and include schools too.
  • Front #3 – Our homes are part of the battleground and we seem ignorant about it.
    • Security, privacy, and safety at home.
    • We still don’t emphasize information security, privacy, and safety enough at home.
    • Did this problem get worse in 2019?
    • Will this get worse before it gets better?

[Evan] That wasn’t too depressing, was it?

[Brad] Gives his honest opinion.

[Evan] We’ve got a lot of work to do, and there are no easy answers. No easy buttons. I think the answer is found in learning and applying information security fundamentals. We spent 2019 working hard at SecurityStudio and FRSecure to reach people with simple, but practical information security solutions like our vCISO, S2Org (information security risk assessment for all organizations), S2Vendor, S2Me (information security risk assessment for all people) and others. We even made some of our tools free! We’ll continue our quest to reach people and help wherever we can!

Got anything to add Mr. Nigh?

[Brad] Adds if he wants to add.

Closing

[Evan] That’s a wrap for another show. Heck, not just another show, but another year!

Thank you and Happy New Year to our listeners! Be sure to tune in next week, when we’ll cover some positive developments from 2019 and maybe a prediction or two. We love recording these shows for you, and we hope you enjoy them. Send us your questions and feedback at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and this other guy is @BradNigh.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 59 Show Notes

If you’re an information security consultant, you know how crazy the end of the year is. It’s crazy!

We’re trying to wrap up all the projects that needed to be completed before the end of the year, and it’s always a challenge. Thank God for Project Managers and a top-notch operations group!

If you missed last week’s episode, we talked about information security in schools with Mike Dronen, the Executive Director of Technology for Minnetonka Public Schools (District 276). Mike shared some great insight and advice for addressing the unique information security challenges facing K-12 schools. If you missed the episode, give it a listen here!

It was no coincidence that last week I also gave the keynote at the East Central Minnesota Education Cable Cooperative (ECMECC) School Security Summit. The Summit was held at the Braham Event Center on December 19th, and was attended by a few hundred K12 school administrators, technology coordinators, facilities staff, and law enforcement. Met a ton of cool people and my keynote was well-received.

If you’d like a copy of the ECMECC presentation, you can go grab it here.

This is Christmas week! For those of us working this week, please take some time off to spend with your loved ones. Merry Christmas to all of you!

Brad is leading the show this week, and these are his notes.


SHOW NOTES – Episode 59

Date: Monday, December 23rd, 2019

Show Topics:

Our topics this week:

  • The SecurityStudio Roadshow Recap (not all the questions, but I have some surprises)
    • Let’s talk about who we met on the Roadshow; different roles, titles, experience levels, etc.
    • Anyone stand out in particular?
    • Was there a specific event that really stood out to you, and why?
    • What was something you learned that surprised you?
  • News
Opening

[Brad] Welcome back! This is episode 59 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is December 23rd, and joining me is my co-host, Evan Francen. Good morning Evan.

[Evan] Lots of words of wisdom I’m sure.

[Brad] We have an in-studio guest today. FRSecure and Security Studio President, John Harmon. Good morning John.

[John] John says something I hope.

[Brad] Before we dive in, we like to check-in. John, how you doing? How was your week and what do you expect this week?

[John] John wonders why he agreed to do a podcast again this early in the morning but is a good sport and says something.

[Brad] And Evan. How are you and what’s up?

[Evan] Probably isn’t sure what to do with himself since he isn’t traveling all the time.

[Brad] Sounds like everyone is ready for the holidays to recharge and prepare for the next year.  We thought it would be fun to answer some questions and hear from Evan and John their thoughts on the recently completed roadshow, so without further ado let’s dive in.

SecurityStudio Roadshow Recap
  • Some surprise questions will be asked…
  • Let’s talk about who you met on the roadshow, roles, titles, experience levels, etc.
  • Anyone particular stand out?
  • Was there a specific event that really stood out to you, why?
  • What was something you learned doing this that surprised you?

[Brad] Great discussion.  Always fun talking with Evan and John.

Let’s do some news…

News

[Brad] Always plenty of things to talk about in the news, and here’s a few stories that caught my eye this week:

Closing

[Brad] That’s it. Episode 59 is a wrap. Thank you to John for joining us again, although this is the first time I’ve been here for it.

Thank you to our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh, and Evan is @evanfrancen. John, is there a way you prefer for people to interact with you?

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 58 Show Notes

We welcome Mike Dronen to be our guest in episode 58 of the UNSECURITY Podcast! Mike is the Executive Director of Technology for Minnetonka Public Schools (District 276), and he’s joining us to talk about information security challenges facing K-12.

In case you missed the past couple of weeks, we talked a ton about legal and privacy stuff with our favorite data privacy and “cybersecurity” attorney, Justin Webb. Justin works for Godfrey & Kahn, S.C. in Milwaukee, and here’s what we covered:

Lots of good content and advice in these past couple of episodes. This week with Mike Dronnen is sure to be great too!

I’m leading the show this week, and here are my notes.


SHOW NOTES – Episode 58

Date: Monday, December 16th, 2019

Show Topics:

Our topics this week:

  • Information Security Challenges in K-12
    • Article: The Cybersecurity Threats That Keep K–12 CIOs Up at Night
    • How does information security work in K-12?
    • What makes K-12 different than everywhere else?
    • What are there differences between large school districts and smaller ones?
    • What tips do we have for administrators?
    • What tips do we have for educators?
    • What tips do we have for parents?
  • News
Opening

[Evan] Welcome back! This is episode 58 of the UNSECURITY Podcast, and I’m your host this week, Evan Francen. Today is December 16th, and joining me is my co-host, Brad Nigh. Good morning Brad.

[Brad] We’ll see how awake he is this fine Monday morning.

[Evan] We’ve had a couple of great shows the past couple of weeks. We learned a lot from our guest, Justin Webb. We talked a ton about privacy things and legal things. This week we’re going to shift gears a bit, and talk about information security in K-12. To help us navigate these waters, I’ve invited the Executive Director of Technology from Minnetonka Public Schools to our show. Minnetonka is my alma mater, and Mike Dronnen is a good friend. Welcome Mike!

[Mike] Mike’s a good guy. He’ll surely say “hi” or something.

[Evan] Mike, we’re excited to have you on the show for a number of reasons. You’re a good guy, I’m a Skipper, and Brad’s got some kids in your district too. Thank you for joining, especially on short notice.

Before we dive in, I like to check-in. Mike, how you doing? How was your week and what do you expect this week?

[Mike] Mike shares what he’d like to share.

[Evan] And Brad. How are you and what’s up?

[Brad] Sharing is caring.

[Evan] We’re all busy. Hopefully, health busy. My quick recap…

Alright, let’s talk about information security in K-12, shall we?

Discussion about information security challenges in K-12
  • Article: The Cybersecurity Threats That Keep K–12 CIOs Up at Night
  • How does information security work in K-12?
  • What makes K-12 different than everywhere else?
  • What are there differences between large school districts and smaller ones?
  • What tips do we have for administrators?
  • What tips do we have for educators?
  • What tips do we have for parents?

[Evan] Another great discussion. There are some real challenges for K-12, and I think we’ve all got some skin in this game to do the best we can. Thanks Mike!

Let’s do some news…

News

[Evan] Always plenty of things to talk about in the news, and here’s a few stories that caught my eye this week:

Closing

[Evan] That’s it. Episode 58 is a wrap. Thank you to Mike for joining us and for sharing your perspectives on K-12 information security!

Thank you to our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. Mike, is there a way you prefer for people to interact with you?

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!