Posts

UNSECURITY Episode 138 Show Notes

Hope you had a wonderful Independence Day (July 4th)! We’ve gone through a lot together in this country, and I love this place we call home. Lots to do in making the USA better, but this will always be the case. This is the best country in the world, and I’m grateful!

In case you missed it, two big events last week; the Kaseya ransomware attack and Microsoft’s PrintNightmare.

Kaseya Ransomware

So, you might have heard. On Friday (going into July 4th weekend), computers around the world (not all of them, but maybe ~1,000,000 of them) started to lock up. The announcement came around midday that Kaseya’s VSA servers were being used to distribute ransomware, primarily to MSP customers. My first thought was “Oh shit! We might have another SolarWinds.” Thank God, this wasn’t the case.

Facts started to come in, and it became evident that this was an attack directed at VSA servers hosted by MSPs. Some MSPs (about 2,200 of them) installed their VSA servers so that they were accessible from the Internet. I’m not a VSA expert, but this high number implies this as standard practice. A zero day vulnerability (and exploit) was discovered by the REvil ransomware gang (or an affiliate) and was used to infect clients.

Kaseya already knew about the vulnerability thanks to the good work by Wietse Boonstra and his compatriots at NIVD. The vulnerability was reported to Kaseya and the two groups were working on a patch at the time of the ransomware attack. The end result was somewhere between 60-70 MSPs affected and somewhere between 1,200-1,500 companies infected. Kaseya did a good job responding, and so did many MSPs. Lessons learned are TBD after the dust settles.

Links referenced in today’s show are below.

Microsoft PrintNightmare

If it hadn’t been for Kaseya, this would have been top news. In terms of scope, this is much bigger, affecting many millions of servers (and companies). In terms of potential impact, this also exceeds the Kaseya attack. News broke on June 30th about an impressive and potentially very damaging vulnerability in the Microsoft Print Spooler service. On July 1st, Microsoft released additional information about the vulnerability and offered (un)helpful guidance.

There is an exploit in the wild for this vulnerability that allows complete control over a server (and Active Directory).

We’ll talk a little about this too. Links referenced in today’s show are also below.

 

OK. Show notes for episode 138…


SHOW NOTES – Episode 138 – Tuesday July 6th, 2021

Opening

[Evan] Welcome listeners! It’s good to have you join us. Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 138, and the date is July 6th, 2021. Joining me is my good friend, Mr. Brad Nigh. Good Morning Brad!

[Evan] Hope you had a wonderful 4th of July. Many people had the day off yesterday, but some people were fighting the fire caused by ransomware deployed through Kaseya’s VSA servers. This is where we’ll start.

Kaseya Ransomware Attack

Here’s a list of links/articles we’re explore in this episode:

All in all, this attack could have been MUCH worse than it was. Incident responders did a great job and communicated well. More to come in time…

Microsoft PrintNightmare

This one is a doozy. Here are the three links/articles we’ll reference in this episode:

Last week’s show was all about Microsoft security debacles, and now this. A patch is not available yet and many IT teams are scrambling right now. I’m become less and less of a Microsoft fan with each passing day.

That’s it for today’s show. Lots of work to do!

Wrapping Up – Shout Outs

Who’s getting shout outs this week?

Thank you to all our listeners! Thank you Brad for a great conversation! If you have something you’d like to tell us, feel free to email the show at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh.

Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure.

That’s it. Talk to you all again next week!

…and we’re done.

UNSECURITY Episode 137 Show Notes

It’s been a few weeks since I posted show notes, and even then, I’m late!

If you working in the information security industry, you’re probably extremely busy. My busyness is what’s kept me from updating show notes and things.

Episode 137 was a fun one. Brad was back and we talked about all Microsoft’s recent blunders/issues.

John McAfee

Before we get into it, I want to take a moment to remember John McAfee. On June 23, he was found unresponsive in his jail cell at the Brians 2 Penitentiary Center near Barcelona, Spain. Sadly, he passed away at the age of 75 after an apparent suicide by hanging. He had just lost his hearing for extradition to the United States.

John McAfee was a very interesting guy, and some might say he was nuts and a crook. While that might be true (I don’t have evidence to say either way), I remember him before the mid-2000s, when he was an icon in our industry. The guy was smart as hell!

  • 1968 – 1970, programmer for NASA working on the Apollo Program
  • Software designed for Univac
  • Operating system architect for Xerox
  • Software consultant for Computer Sciences Corporation
  • Consultant for Booz Allen Hamilton
  • Software engineer for Lockheed (where he first learned about computer viruses and came up with the idea to remove them programmatically)
  • 1987, founded McAfee Associates Inc which sold the world’s first anti-virus software
  • 1990, sold millions of copies of McAfee anti-virus software leading to John’s $5M/year salary
  • 1992, McAfee’s initial public offering (IPO)
  • August 1993, steps down as CEO.
  • 1994, sold all his remaining stake in McAfee Associates Inc.

In January 2014, after Intel (who’d acquired McAfee in August 2010) announced that McAfee products would be marketed as “Intel Security”:

I am now everlastingly grateful to Intel for freeing me from this terrible association with the worst software on the planet.” – John McAfee

Soon afterwards, the business was de-merged from Intel and re-acquired the McAfee name.

John McAfee was all over the place after divesting from the company with his name. He invested in many ventures, travelled, dabbled in politics (two U.S. presidential candidacies), was a person of interest in a Belize homicide investigation, charged with tax evasion, posted hundreds of public remarks and videos on social media, before it all eventually ended on June 23rd. He was a very interesting person who was influential in our industry.

I will miss him.

OK, now the show notes. Here’s the notes (with relevant links). Episode 137…


SHOW NOTES – Episode 137 – Tuesday June 29th, 2021

Opening

[Evan] Welcome listeners! It’s good to have you join us. Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 137, and the date is June 29th, 2021. Joining me is my good friend, Mr. Brad Nigh. Good Morning Brad!

[Evan] Welcome back sir. Happy that you’re back in the saddle again. Microsoft was front and center in the information security news this week. Let’s dissect some of this.

Microsoft in the (Information Security) News

Here’s a list of articles that we talk about in this episode:

Obviously, Microsoft has its hands full. Don’t we all? One issue with Microsoft is how much control they have over our industry and how much data they hold. Significant information security events at Microsoft have a significant impact for millions of organizations.

Just one other news article of interest this week: One billion dollars lost by over-60s through online fraud in 2020, says FBI – https://hotforsecurity.bitdefender.com/blog/one-billion-dollars-lost-by-over-60s-through-online-fraud-in-2020-says-fbi-26049.html

That’s a lot to unpack! Hopefully you caught all that.

Wrapping Up – Shout Outs

Who’s getting shout outs this week?

Thank you to all our listeners! Thank you Brad for a great conversation! If you have something you’d like to tell us, feel free to email the show at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh.

Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure.

That’s it. Talk to you all again next week!

…and we’re done.

UNSECURITY Episode 134 Show Notes

Alright, welcome back! We had a great run of guests over the past 7 or 8 weeks, and now it’s back to Brad and I for a bit.

If you missed any of the guest episode, here’s a recap:

Memorial Day

Monday, May 31st was Memorial Day. It’s a day of remembrance and gratitude. Here’s the text from one of my Twitter posts:

  • A small table set for one, symbolizing the isolation of our absent service member.
  • The table is round to represent the everlasting concern the survivors have for the missing.
  • The white tablecloth symbolizes the pure motives of our lost service members who responded to our country’s call to arms.
  • A single rose in the vase represents the blood our service members have shed in sacrifice to ensure the freedom of the United States of America.
  • The rose also represents family and friends who keep the faith while awaiting the return of the missing service members.
  • The red ribbon represents our service members’ love of country that inspired them to serve our country.
  • A slice of lemon on the bread plate represents the bitter fate of the missing.
  • Salt sprinkled on the bread plate represents the tears shed by waiting families.
  • The inverted glass represents the fact that the missing and fallen cannot partake.
  • A Bible represents the spiritual strength and faith to sustain the lost.
  • A lit candle symbolizes a light of hope that lives in hearts to illuminate the missing’s way home.
  • An empty chair represents the absence of our beloved missing and fallen. service members.

We are grateful for all our men and women who serve in uniform and we hold those who sacrificed all in the highest esteem.

The Show Must Go On

Visiting with our guests the past couple months has been a lot of fun and we hope it’s been educational and entertaining for our listeners. We hope listeners enjoyed listening as much as we enjoyed hosting!

This week (episode 134), Brad and I are going to take a look at some of the recent news. Lord knows, there’s plenty to cover!

Let’s get to the episode 134 show notes, shall we?


SHOW NOTES – Episode 134 – Wednesday June 2nd, 2021

Opening

[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 134, and the date is June 2nd, 2021. Joining me is my good friend, Mr. Brad Nigh. Good Morning Brad!

[Evan] Welcome back from Memorial Day weekend. It was a beautiful weekend to pay our respects.

What’s going on in the world of “cybersecurity”?

Today, we’re going to change things up a little. There’s so much going on in the world around us, I thought it would be good for us to focus on six news articles and discuss them. Here they are:

That’s a lot to unpack! Hopefully you caught all that.

Wrapping Up – Shout Outs

Who’s getting shout outs this week?

Thank you to all our listeners! Thank you Brad for a great conversation! If you have something you’d like to tell us, feel free to email the show at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh.

Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure.

That’s it. Talk to you all again next week!

…and we’re done.

UNSECURITY Podcast – Ep 101 Show Notes – Election Security

Well, it’s already mid-October and the election is 21 days (three weeks) away. Things have never seemed crazier or more divided, at least not in my lifetime. Good fodder for discussion in episode 101 of the UNSECURITY Podcast!

Work-wise things are also crazy, but good. Fourth quarter is always nuts for an information security company, and doesn’t matter is it’s consulting (FRSecure) or SaaS (SecurityStudio). Everyone is running at full capacity and finding life margin is a challenge!

Hope you’re happy and healthy! On the the show; I’m (Evan) leading this show and these are my notes.


SHOW NOTES – Episode 101

Date: Wednesday October 14th, 2020

Episode 101 Topics

  • Opening
  • Catching Up (as per usual)
  • Election Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey there, thank you for tuning into this episode of the UNSECURITY Podcast. The date is October 14th, 2020 and this is episode 101. I’m Evan Francen, your host for this show. Joining me is my good friend and co-host Brad Nigh. Good morning Brad.

[Brad] Brad does Brad.

[Evan] I know we’re a day late getting the podcast out again this week, but holy cow we’ve been busy! We’ll try to get back on track next week.

Brad, I want to reiterate how I enjoyed our discussion the past couple of weeks about the social dilemma, a Netflix documentary about social media and its effects on society. Lots to think about. In fact, I’m planning to watch it again this week.

[Brad] He might comment here.

Catching Up

[Evan] So, what’s new? Tell us what a day in the life of Brad looks like.

[Brad] Cue Brad.

[Evan] I’ll share some stuff too (probably).

Transition

Election Security

[Evan] As you know, we’re only 20 days from the election. If you haven’t registered to vote yet, you should. Go to vote.gov and check it out. Brad have you registered to vote?

[Brad] Cue Brad.

[Evan] I’m registered and ready to cast my ballot! The date is November 3rd.

There’s been much said about election security. A simple Google search of “election security” produces over 2.2 million results! Election security isn’t a new thing, even though it’s been front and center the past few election cycles.

There’s more to election security than protecting voting machines, so let’s talk about this.

Resources

[Evan] There’s a lot more to election security than infrastructure. What about voter intimidation, disinformation, and security after election night? We’re talking about disinformation on Thursday night’s Security Sh*t Show because this is a significant issue in today’s society.

Election Security Discussion

Open discussion

[Evan] Good discussion! Securing an election has never been more difficult. Let’s catchup on some news quick.

News

[Evan] Here are some recent and interesting news stories to talk about.

Wrapping Up – Shout outs

[Evan] Great! Episode 101 is just about complete. Thanks Brad, do you have any shout outs this week?

[Brad] We’ll see.

[Evan] Always grateful for our listeners! We’re behind on email, but we’ll promise to respond soon. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

UNSECURITY Podcast – Ep 100 Show Notes – The Social Dilemma Pt2

Hard to believe that this is episode 100 already! I’ll have to write a recap of the journey sometime soon.

Crazy things all over the place here at FRSecure and SecurityStudio. If you’ve been an information security consultant, or if you know one, you know that 4th quarter is a crazy time of year. Turns out, COVID-19 and 2020 is NOT the exception. We’re happily swamped.

Having said all that, we’re a day late getting the podcast out again this week. Not because we didn’t try, but because life and work get in the way sometimes.

Hope you’re happy and healthy! On the the show; Brad’s leading and these are Brad’s notes.


SHOW NOTES – Episode 100

Date: Wednesday October 7th, 2020

Episode 100 Topics

  • Opening
  • Catching Up (as per usual)
  • the social dilemma, Part Two
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 100 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is October 6th, and joining me this morning as usual is Evan Francen.

[Evan] Talks about how busy things have been

[Brad] Last week we had a really good discussion about The Social Dilemma and we didn’t get to everything so we are doing part 2 today. But before we get going let’s recap our week.

Catching Up

[Evan] Evan’s cool story

[Brad] A recap of my week

Transition

the social dilemma, Part Two

[Brad] Okay let’s pick up where we left off. There are no shortage of takes on the movie, here are some I found interesting.

[Brad] Great discussion here are some news stories

News

[Brad] Here are news stories that caught me eye this week:

Wrapping Up – Shout outs

[Brad] That’s it for episode 100. Thank you Evan, do you have any shout outs this week?

[Evan] We’ll see.

[Brad] Thank you to all our listeners! Thank you to our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh, and Evan is @evanfrancen.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.
That’s it! Talk to you all again next week!

UNSECURITY Podcast – Ep 99 Show Notes – The Social Dilemma

Happy Tuesday! Here we are again, and lots going on…

The big news (sort of) is the first presidential debate is tonight. I wonder how many people will tune in. Personally, I’m not sure if I will. We’ll see.

A few weeks ago my wife asked me to watch the social dilemma with her on Netflix, so I did. I’d heard about the documentary/movie from some friends, but didn’t get around to watching it until then. Wow!

The opening quote from the movie:

Nothing vast enters the life of mortals without a curse

-Sophocles

He was right. Today, Brad and I will give your our reviews about the social dilemma and talk about our thoughts. These are my (Evan) show notes for episode 99.


SHOW NOTES – Episode 99

Date: Tuesday, September 29th, 2020

Episode 99 Topics

  • Opening
  • Catching Up
  • the social dilemma
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone. Thanks for tuning in to episode 99 of the UNSECURITY Podcast. Today is September 29th, 2020 and joining me is my co-host and friend Brad Nigh.

Good morning Brad.

[Brad] Cue Brad.

[Evan] We’ve got a special show planned for our listeners this week. Brad, you and I both watched the social dilemma on Netflix. It’s a documentary about social media in our society that was released in January. Funny how neither of us had watched it until recently, and now (as of this morning) it’s trending as the #6 most popular video on Netflix. I guess it’s better late to the party than not showing up at all!

Before we jump in, I’m dying to hear your thoughts, let’s catch up quick. This is customary.

Catching Up

[Evan] Brad, how you doing? What’s new?

[Brad] Cue Brad.

[Evan] Cue Evan.

Transition

the social dilemma

[Evan] You watched the social dilemma, right?

[Brad] Cue Brad.

[Evan] What did you think?

Our review and discussion

  • What if I’m not a social media user/addict, why should I care?
  • We see different realities? Different news feeds?
  • Data (you and I) sold to the highest bidder.
  • Where does this all end if we don’t act (now)?

Any sufficiently advanced technology is indistinguishable from magic

-Arthur C. Clarke

[Evan] If you haven’t seen the social dilemma yet, I highly suggest you do. Sit down, spend the hour and a half, and consider it all. If you’ve got a spouse, invite them to watch it with you. If you’ve got teenage kids, see if you can peel them away from their phones long enough too.

We’ve got to do more about this, and we’ve got to move much quicker than we are.

[Evan] OK, news. Let’s do some quick news stories.

News

[Evan] Three news stories to talk about briefly this week:

Wrapping Up – Shout outs

[Evan] OK. That’s about it. Episode 99 is almost a wrap. Brad, any shout outs this week?

[Brad] Shout out…

[Evan] We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

UNSECURITY Podcast – Episode 98 Show Notes

Here we are again, another Tuesday, and another episode of the UNSECURITY Podcast!

Tons going on, as usual.

Last week we released a couple new FREE things at SecurityStudio:

  • Work From Home Security Policy Template – Located at the bottom of our S2Team page. If you don’t know what S2Team is, you should definitely take a look. If you just want the template and don’t care, here it is.
  • Ransomware Recovery Contract – A simple contract between executive management and IT to ensure accountability for ransomware recovery. Executive management likes it because they finally know what to ask for, and IT likes it because they can use it to show they’re doing what they should/can to prevent a prolonged ransomware outage. I’ve uploaded the contract to my site here.

ADDED: Brad reminded me on the show that FRSecure made a free Incident Response Plan Template available last week. Take a look. It’s really, really good (and free)!

Other goings on include developing and improvement of new services (including the release of SecurityStudio v3.9 and an incident response capability assessment), continued collaboration with great partners, a few speaking engagements, episode 19 of the Security Shit Show, deployment of S2Team, and other things.

Alright, enough about that. Let’s get to the show notes, shall we? These are my (Evan) notes.


SHOW NOTES – Episode 98

Date: Tuesday, September 22nd, 2020

Episode 98 Topics

  • Opening
  • Catching Up
  • Accountability
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone. Thanks for tuning in to episode 98 of the UNSECURITY Podcast. Today is September 22nd, 2020 and joining me is my co-host and friend Brad Nigh.

Good morning Brad.

[Brad] Cue Brad.

[Evan] I think we have a good show planned for listeners this week. This episode is all about accountability. I’d like to discuss how accountability works in information security, who should be accountable for what, and give some tips for improving accountability where we work and in the world around us.

Lots to cover on the topic of accountability. Before we jump in, quick catchup with Brad.

Catching Up

[Evan] Brad, how you doing? What’s new?

[Brad] Cue Brad.

[Evan] Cue Evan.

Transition

Accountability

[Evan] Alright, let’s talk about accountability, or maybe the lack of accountability, in information security. This has been a topic that’s been dominating my thoughts again for the past couple weeks. I say “again” because this isn’t the first time we’ve talked about it.

During an episode of the Security Shit Show a couple weeks ago, I think it was episode 18, we were talking about ransomware. The talk was great, but the frustration we all felt was apparent. Why do we keep doing the same things over and over again? Why don’t people do the basics? My take was the lack of accountability. So, I drafted a Ransomware Recovery Contract to help.

Have you seen the Ransomware Recovery Contract?

[Brad] Cue Brad (I’m sort of springing this on him).

[Evan] So, the greater issue of accountability in general. Let’s talk about it here, for our benefit and the benefit of our listeners.

  • The importance of accountability.
    • Repeating the same mistakes over and over.
    • Safe to assume people know?
    • People die now.
  • When to define accountability.
  • Who’s ultimately accountable for what?
    • In tech – buggy software, social media (see the social dilemma), etc.
    • Big organizations.
    • Small organizations.
    • Public organizations.
    • School districts.
  • Examples of accountability disfunction.
  • Examples of good accountability.
  • What to do about it.
    • Get out ahead. Better now than never (or later).
    • Will CEOs be personally liable someday?

[Evan] This is a deep subject with much to be said. Everything moves so fast, and sadly accountability is severely lagging behind.

[Evan] For listeners who are wondering about us doing a series titled “Politics and Information Security”, it’s still being considered. We just have to put it all together.

[Evan] OK, news. Let’s do some quick news stories.

News

[Evan] Three news stories to talk about briefly this week:

Wrapping Up – Shout outs

[Evan] OK. That’s about it. Episode 98 is almost a wrap. Brad, any shout outs this week?

[Brad] Shout out…

[Evan] We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

UNSECURITY Podcast – Episode 97 Show Notes

Good morning! Happy Tuesday!

Thinking Brad is back again this week. I dig that because I dig Brad!

Last week, Brad was out feeling sick. This led to a solo recording of the UNSECURITY Podcast; go check out episode 96 if you want to hear me do my most awkward podcast yet.

Busy, Busy, Busy

We’ve been very busy around here, and it sounds like many of you are too. There are many good signs recently that the economy may be rebounding. The positives:

  • Elections – although the next 50ish days are going to be chaotic, there will be some settling in after the elections are complete. Regardless of which way you swing (blue or red), the completion of an election cycle brings a sense of stability.
  • COVID-19 – there’s been a lot of positive news about medical treatments and possible vaccines. The sooner we can put the pandemic behind us, the better. Once the pandemic is behind us (closer with each passing day), the economy should settle.
  • Markets – the stock and housing markets have held there own through all the chaos of 2020. This is a good sign of good things ahead in our opinion.

Busy is good, and it would take a small book to tell you all the good things going on at SecurityStudio and FRSecure! SecurityStudio is well on it’s way to being a very healthy and profitable SaaS company and FRSecure is exploring expansion (acquisition, merger, and/or geographic expansion).

I sincerely hope you and your family are well!

Why Can’t We All Just Get Along?

Today’s topic is about our divisiveness in world today and what it means to our industry. We’ll be careful to be respectful of other people’s opinions as we navigate these waters, and this may be a good segue into a future series we’ve been thinking about recently; “Politics and Information Security”.

Let’s get on it. The show notes…


SHOW NOTES – Episode 97

Date: Tuesday, September 8st, 2020

Episode 97 Topics

  • Opening
  • Catching Up
  • Why Can’t We All Just Along?
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone. Thanks for tuning in. The date is September 15th, 2020 and this is episode 97 of the UNSECURITY Podcast! I’m your host, Evan Francen, and back with me this week is my good friend, Brad Nigh! Good morning Brad.

[Brad] Good things from this dude.

[Evan] Well, you were out ill last week. How you feeling? What’s new?

Catching Up

[Evan] Regular listeners to our show know that Brad and I normally start off with catching up with each other. Let’s do it.

Topics:

[Evan] Did you get a chance to hear last week’s episode? It was definitely awkward doing the show alone for the first time!

Transition

Why Can’t We All Just Get Along?

[Evan] It’s crazy how much information security reflects life and vice versa. I’ve been thinking about what our next series should be, and I’m always interested in tackling serious topics. We’re in the middle of an election cycle right now and I can’t remember a time when our country has been more divided than it is today. Me being me, I want to talk about it with you (Brad).

What are your first thoughts about the divisiveness in our country today?

[Brad] Chimin’ in.

[Evan] Here’s what I’d like to explore with you:

  • General divisiveness (political, social, information security, etc.)
    • Intimidation/bullying for sharing your thoughts, opinions, disagreements, etc.
    • When you find someone being a jerk or speaking/writing nonsense.
  • Outside Influences to Information Security
    • Today’s political climate.
    • Where do we find facts vs. opinions?
  • Within Information Security
    • How do we think our divisiveness affects information security?
    • Putting down others (competition, other professionals, etc.).
    • The divide between us and the business.
  • A couple of podcast reviews.

 

[Evan] I’m thinking about doing a series titled “Politics and Information Security”. We could interview special guests form both sides of the isle and get their opinions on all sorts of things. What would set us apart is respectfulness. We would do this in a way that respects opinions without attacking and bullying. This could be a great opportunity to set an example for others on how to discuss hot topics without beating each other up. What do you think?

[Brad] We’ll see what he thinks…

[Evan] The timing seems right to do a series like this. Alright. More to come on that! Let’s do newsy stuff now.

News

[Evan] Here’s some news I thought was interesting:

Wrapping Up – Shout outs

[Evan] OK. That’s about it. Episode 97 is almost a wrap. Brad, any shout outs this week?

[Brad] Shout out…

[Evan] It’s nice to have you back man. We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

The UNSECURITY Podcast – Episode 72 Show Notes – COVID-19

Hi everyone. We’re hoping and praying for everyone’s health and mental well-being right now. Take care of what really matters, yourself and your loved ones.

Episode 72 of the UNSECURITY Podcast will be dedicated to continued discussion about COVID-19 and what the pandemic means, in our daily lives and in our vocation as information security people. It’s the topic on everyone’s mind, so to not talk about it seems a little tone deaf.

Before we get to the show notes (below), I’d like to highlight a few things going on around here.

One Word

What one word would you use to describe your past week? If you’re a Twitterer, let us know by tweeting your word with the hashtag #UNSECURITYoneword. Be sure to include us (@evanfrancen and @bradnigh) in the conversation.

Not Adjusted Yet

Not sure about you, but I haven’t adjusted yet. I’m an introvert, so I was expecting to thrive in isolation. I was wrong (for now). I was surprised to learn how much personal interaction really means to me.

Everything seemed different this past week and I was definitely a little off my game. I had trouble focusing on tasks and struggled with processing events occurring all around me. Nothing made sense at times.

On Tuesday (3/17) we (FRSecure and SecurityStudio) closed the offices, and by the next day, almost everyone was online and functionally working from home. Since there was nobody at the office, I decided to work from there.

The empty office was quiet. Too quiet. The quiet forced me to realize how social we are in our office. Every (normal) day is like a family get together. A family get together where everybody actually likes each other.

In a quiet office there are no dumb office jokes. No laughter. No smiles. No fist bumps. A quiet office is just filled with empty. Our office was filled with empty and me. It was a eerie and it was lonely.

I’m assuming the adjustment will just take time. Between now and then, let’s all keep our head up and look for ways to help others. Helping others can be a great coping mechanism!

The Pledge

Also on Tuesday, I wrote a pledge and posted it on LinkedIn. This pledge is one that I plan to live by, especially now.

My pledge:

  • I will NOT panic.
  • I will NOT give in to fear.
  • I WILL think things through.
  • I WILL make prudent decisions based upon the best (non-biased) information available.
  • I WILL be the person I’ve always been and learn to be better.
  • I WILL help my fellow humans whenever and however I can, putting my family first.
  • I will NOT use this (or anything else) to take advantage of people, and
  • I will NEVER put someone in danger if I can help it.

coronavirus panic fear think prudence decisions learning helpingpeople

What Else

We did a lot this past week.

The Impact of COVID-19 on Information Security Webinar(s)

In the midst of the chaos, we decided to put together a last minute webinar for Wednesday (3/18) afternoon.  Our motivation for the webinar was to help people and bring calm to the storm. Despite last minute arrangements and everything else going on, we had ~250 people come to the first session. Participation and interaction was more than we expected! There were many unanswered questions after the first session, so we decided to do a second session on Friday (3/20).

The topics we discussed were:

  • Introductions.
  • Before we get started.
    • #1 – The current state of affairs.
    • #2 – My pledge.
    • #3 – FRSecure Open Letter.
    • #4 – Ideas we’re kicking around.
  • Topics:
    • What is the impact of COVID-19 on information security?
    • How to securely shift employees to remote work during social distancing.
    • Some of the current social engineering scams around COVID-19 and how to avoid them.
    • How to create or adjust your business’s disaster recovery plan.
  • Where to go if/when you need help.

I’ve posted a copy of the presentation online for everyone.

Virtual Happy Hours

Our team started doing virtual happy hours on Thursday. Every organization should do these! We all get into an online Zoom meeting and hangout for a while. We share. We laugh. We joke. We smile. We love. These are amazing experiences that are healthy and good for the soul.

I prefer to sit and listen most of the time. Just taking it in. The sounds of my team laughing, their smiles, their dumb jokes (like really dumb), and sharing our day together are beyond magical. The joy these guys bring to my day is the best way to end it!

The Daily inSANITY Check-in

Nobody has this thing figured out and nobody has it all together.

We want to help, so we’re starting the Daily inSANITY Check-in webinar series. The purpose of the Daily inSANITY Check-in is to provide a safe place for people to discuss current events, information security things, challenges we’re facing, or whatever else comes to mind. The check-ins are short (30- to- 60-minute) daily meetings with discussion. People are always free to come and go as they please.

This is new, and we’re just getting started. Don’t expect all the kinks to be worked out day one. Visit the registration page for the full description and to signup.

K12 Cybersecurity Podcast

Good news! Our buddy Ryan Cloutier just released the first episode of the K12 Cybersecurity Podcast. His first episode is awesome! It’s so much better than our first UNSECURITY Podcast. In this episode, Ryan’s special guest is Amy McLaughlin. Amy is the Information Services Director at Oregon State University and cybersecurity project director for the Consortium for School Networking (CoSN).

This was a timely and well done episode. I recommend you subscribe to Ryan’s K12 Cybersecurity Podcast and get ready for more great content!

Pretty sure I forgot something, but that’s all for now. Let’s do a podcast (or something)!


SHOW NOTES – Episode 72

Date: Monday, March 23rd, 2020

Show Topics:

  • Opening
    • The week that was.
    • The week that is to come.
  • COVID-19
    • Priorities, and where does information security fit?
      • Mental and Physical Health
      • Yourself and Your Loved Ones
      • Business – Survival
    • The Bass and The Barracuda
      • Don’t be a bass. Be a barracuda.

This slideshow requires JavaScript.

Opening

[Evan] Hello listeners, this is another episode of the UNSECURITY Podcast. My name is Evan Francen, this is episode 72, and the date is March 23rd, 2020. Joining me in studio is my buddy Brad Nigh. Good morning Brad!

[Brad] If it’s a good morning for Brad, we’ll know by how he responds.

[Evan] Last week was nuts. You and I hardly had a chance to connect with all that’s going on, so we’re a little out of sorts. This would normally be your week to lead the podcast, but since we didn’t really connect, I’m hosting again. Hope that’s OK.

[Brad] He’s one of the nicest guys you’ll ever meet. He’s probably OK with this.

[Evan] We’ve got a lot to talk about this week. Top of mind or course is COVID-19 and what the pandemic is doing to our daily lives. Sort of hard to talk about much else right now, right?

[Brad] He might agree.

[Evan] Last week was crazy. Let’s talk about the week that was and then talk a little about what’s coming this week.

Catching Up Discussion

Discussing last week’s events and what we’re expecting this week.

[Evan] Alright, there has never been anything in my lifetime that’s been as disruptive as the COVID-19 pandemic. I sort of feel like we’d be tone deaf if we didn’t keep up the conversation.

COVID-19 Discussion

Our topics this week include:

  • Priorities, and where does information security fit?
    • Mental and Physical Health
    • Protecting Yourself and Your Loved Ones
    • Business – Survival
  • The Bass and The Barracuda
  • Another plug for S2Me.
  • Next Week:
    • Maybe a guest; it’s been a while.
    • What happens on the other side?
    • Daily inSANITY Check-in Update
    • What we’re doing to help.

[Evan] The world has hardly seemed any crazier than it is today. Do all you can to maintain (or restore) your health. Good talk. Now let’s get to some non-COVID-19-related news.

News

[Evan] Alright, let’s talk about a non-coronavirus story (or two or three). Remember, attacks aren’t going to stop. In fact, they are increasing and are expected to continue to increase. Don’t ever put anything past or too low for the lowest among us.

Here’s two news stories to consider this week:

Closing

[Evan] There you have it. Episode 72. Thank you for listening. We’re wishing everything health and sanity! Remember, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet like that. I’m @evanfrancen, and Brad’s @BradNigh. Check out @studiosecurity and @FRSecure frequently. They’re always posting good things!

Be safe. That’s it. Talk to you all again next week!