Posts

Episode 110 Show Notes – All Hell Broke Loose

/in /by

Welcome! These are the show notes for episode 110 of the UNSECURITY Podcast.

We’re putting the Information Security @ Home series on hold again this week. In case you didn’t know, it seems we have a big problem on our hands. Over the course of this last week (or so), we’ve witnessed events in our industry that we’ve not seen before, in terms of magnitude and impact. It all started (publicly) with FireEye’s announcement of an intrusion and exfiltration of data. FireEye is one of the largest and most respected firms in our industry, so this was big news!

Unfortunately, this was only the tip of the iceberg.

Over the weekend, we learned of two more really significant breaches; one at the U.S. Treasury Department and the other at the U.S. Commerce Department. On Monday (12/14), all hell sort of broke loose when we learned that these breaches are all related, and the source is SolarWinds. Attackers compromised SolarWinds defenses and inserted malware into their premier product, the Orion platform. Orion is a network management system (NMS) used by thousands of organizations to manage and monitor their IT infrastructure. SolarWinds has become a single source of possible intrusions into ~18,000 other organizations. These intrusions into the other organizations aren’t run of the mill either, these are intrusions using “trusted” software (often) configured with elevated/privileged access. This and will continue to get worse before it gets better.

Seems 2020 isn’t done 2020ing yet. The end of 2020 countdown at the time of this writing:

Other things? Yes, or course!

There are always many, many things going on around here (SecurityStudio and FRSecure). One very newsworthy event included the announcement from the State of North Dakota. North Dakota has made our S2Me (personal information security risk assessment) available for all state residents and will use it to help their citizens be more secure at home! One down, and 49 left to go!

Alright, on to it. Brad’s leading the discussion this week, and these are his notes. GOOD NEWS, we’ve invited our good friend Oscar Minks to join us as we delve in to the whole SolarWinds debacle.

SHOW NOTES – Episode 110

Date: Tuesday December 15th, 2020

Episode 109 Topics

Opening

[Brad] Hey there! Thank you for tuning in to this episode the UNSECURITY Podcast. This is episode 110, the date is December 15th, 2020, and I’m your host, Brad Nigh. Joining me as usual is my good friend and co-worker, Evan Francen. Good morning Evan.

[Evan] Cue Evan.

[Brad] Also joining us this morning is another good friend and co-worker, Oscar Minks. Good morning Oscar.

[Oscar] Cue Oscar.

Quick Catchup

[Brad] As if 4th quarter wasn’t crazy enough we had the SolarWinds news break this week.  Before we dig into that let’s catch up and see how we are all doing with just over 2 weeks left in the year. What’s new?

Transition

Information Security @ Home
All Hell Broke Loose

[Brad] Well, we planned to do more security at home stuff, but as I said a couple weeks ago, 2020 won’t stop 2020’ing.

Topics

  • SolarWinds breach (only the beginning)
  • The timeline (FireEye announcement)
  • FireEye, U.S. Government, (possibly) 425 of the Fortune 500, and (probably) 18,000 organizations.
  • What happened?
  • What are the ramifications of all this?
  • What do you need to do?
  • What do we need to do?

Discussion between Brad, Evan, and Oscar

[Brad] 2020 is not going quietly into the night, is it? Alright, moving on for now.

News

[Brad] Amazingly SolarWinds wasn’t the only news in the last week. We probably won’t have time to get to all of these but they are good reads and good to stay on top of.

Wrapping Up – Shout outs

[Brad] That’s it for episode 110. Thank you Evan and Oscar! Who you got a shoutout for today?

[Evan & Oscar] We’ll see.

[Brad] Thank you to all our listeners! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m@BradNigh and Evan can be found @evanfrancen.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 83 Show Notes – It’s About People

/in /by

Ever have so many things going on that you can’t remember what happened last week? Yeah, that’s where I’m at right now.

Pretty sure Brad’s in the same place I am. So, rather than recapping everything (or trying to), I’ll just get to the show notes.

These are Brad’s show notes this week…

SHOW NOTES – Episode 83

Date: Monday, June 8th, 2020

Episode 83 Topics

  • Opening
  • Catching Up (as per usual)
  • Information Security Isn’t About Information or Security
  • Work, Life, and Mental Health
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 83 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is June 8th, and joining me this morning as usual is Evan Francen.

[Evan] Regales us with stories from the weekend. Oh God!

[Brad] Before we get going let’s recap our week.

Catching Up

Quick discussion about last week, the weekend, family, safety etc.

[Brad] What would you say you do here Evan?

[Evan] Hmmm. Good question! This outta be interesting.

Information Security Isn’t About Information or Security

Discussion about people, information security, working remote, stress, and overall mental health.

[Brad] Your blog from last Tuesday (Information Security Isn’t About Information or Security) really inspired me for this week’s podcast.  There have been countless articles written about how to secure remote workers so we aren’t going to focus on that, though it will probably come up in the course of this discussion.

Here’s the reality, it’s no secret that InfoSec and IT staff struggle with stress and a healthy work/life balance (Mental Health and Cybersecurity).  There really is no “done for the day”, systems can be attacked or suffer an outage anytime.  Add to that the now nearly 3 months of social distancing and quarantine that add even more stress.  We’ve seen an increase in cyber attacks the last 3 months and if your staff is struggling and has lost focus or is more distracted than usual your risk increases even more. So what can we do about it?  (Disclaimer, neither Evan or I are licensed mental health professionals and this conversation should not be taken as professional advice).

From an information security perspective I think you really captured the increased risks to organizations during this unprecedented time in your blog.

As a leader in an organization the employees’ health is critical, looking at it from a business perspective if they are not able to work we cannot deliver for our customers, but to me that feels cold & cynical.  I really do care for every one of our employees, I have a personal, vested interest in their well-being and want to be aware and in-touch with their status… That has become incredibly difficult during this time when you can’t read them face-to-face.

So what I want to do is talk about how we can be more aware and help reduce these risks.  First is being aware, I found these articles that I thought were really good to help identify and be proactive.

And then some really solid advice for employees, or really anyone feeling additional stress right now.

[Brad] Good conversation. Thank you Evan.

Let’s do some news…

News

[Brad] Always plenty of things to talk about in the news, and here’s a few stories that caught my eye this week:

Wrapping Up – Shout outs

[Brad] Alright, that’s it. Episode 83 is a wrap. We got any shout outs this week?

[Evan] We’ll see.

[Brad] Next week is Evan’s show and I think he’s sort of itchin’ to tell us his idea.

[Evan] Yep. Tune in.

[Brad] Thank you to all our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh (B-R-A-D-N-I-G-H) and this other dude is @evanfrancen (just spell his name without a space). Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for goodies and things.

That’s it! Talk to you all again next week!

The UNSECURITY Podcast – Episode 81 Show Notes – Hard Truths

/in /by

Welcome back! Episode 81 is sure to be a good one, but before I get started, just a few thoughts…

We just went through our first Memorial Day weekend under COVID-19. I don’t know what to say about it, other than the world seems as crazy, or crazier, than ever. Seems like 1/2 the country is out and about like everything’s normal while the other 1/2 of the country stays cooped up as though the apocalypse were upon us. To complicate matters, both halves seem to look upon each other with disdain.

We’re learning more and more each day about this coronavirus we call COVID-19. One thing appears certain, we’ve had crappy data to work with since day one. Crappy data leads to crappy decisions and crappy decisions lead to crappy outcomes. I’ll just leave it at that.

Memorial Day

This is one of my favorite holidays. I wonder how many of us know what it stands for or what it means. I wonder because I was wished a Happy Memorial Day numerous times yesterday, yet there’s nothing “happy” about it. The day is set aside to remember and honor our nation’s war dead from the Civil War onwards. It’s a day to stop what you’re doing, spend (at least) a few moments remembering the sacrifices that were made by our soldiers, and be grateful.

I suppose there are happy parts too, but these are mostly the product of what somebody else gave for you and me.

Not sure if I’m in a pissier mood today or what. No matter, I’ll snap out of it soon. Let’s get to Brad’s show notes!

SHOW NOTES – Episode 81

Date: Tuesday, May 26th, 2020

Episode 81 Topics

  • Opening
  • Catching Up (as per usual)
  • Hard Truths
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 81 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is May 26th, and joining me this morning as usual is Evan Francen.

[Evan] Has some sort of story for us I’m sure

[Brad] We’ve got a good show planned today! Before we get going though, let’s recap our week.

Catching Up

Quick discussion about last week, Memorial Day, last weekend, COVID-19, life, and other stuff.

[Evan] Evan talks about the cool things he did.

[Brad] I talk about the cool things I did.

Hard Truths

[Brad] So interestingly, at least to me, this is the first time I struggled with what to cover in our podcast.  Maybe the monotony of quarantine, the tidal wave of news around breaches and new attack vectors, or just plain old writer’s block but even sitting down to write this I don’t know where it ended up.

Because I was stuck I decided to start with news, there have been several really interesting things that have come out lately and that’s when I found this article from CSO Online 6 hard truths security pros must learn to live with and, yeah we can talk about this.

The Hard Truths

Discussion about the hard truths outlined in the CSO Online article:

  1. Hackers are probably inside your network right now
  2. You can do everything right and a careless end user can ruin everything
  3. You face critical staffing and skills shortages
  4. IoT creates new and unforeseen security problems
  5. You sometimes feel misunderstood and underappreciated
  6. Stress, anxiety and burnout come with the territory

[Brad] Good conversation, thank you Evan.

Let’s do some news…

News

[Brad] Always plenty of things to talk about in the news, and here’s a few stories that caught my eye

Wrapping Up – Shout outs

[Brad] That’s it, Episode 81 is a wrap. Evan, you have any shout outs?

[Evan] Of course he does!

[Brad] Here’s mine…

[Brad] Huge thank you to our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan’s @evanfrancen. Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.

That’s it! Talk to you all again next week!