Happy St. Patrick’s Day! For those of you who aren’t into this holiday (for whatever reason), Happy (everyday) Day!
This has been a week full of great experiences and awesome conversations with wonderful people. It’s the people we serve who inspire us to work as hard as we do. Here’s a small sampling:
- Daytona Bike Week (last week) – if you’ve never been to a bike rally before, I recommend you try it out someday (even if you don’t ride). There are interesting people from all walks of life and the diversity (backgrounds, race, preferences, thought, etc.) would probably surprise you.
- Co-workers – discussions about everything from mental health (many of us did the Mental Health First Aid certification course together last week), to life challenges (relationships, family, health, etc.), to work challenges, and everything in between. It’s a blessing (to them and to me) when I stop, listen, and invest in others.
- Customers/peers – had some check-ins this week with a few enterprise CISOs I call friends. Life as a CISO can be extremely DIFFICULT. It’s encouraging to know people care about me, and I them. CISOs are human beings who need love just like all of us do!
- Everyday people – we’re all beautifully unique. We are similar in some respects, but there are wonderful things that make me me and you you. We’re a hodge podge of emotions, biases, beliefs, perspectives, and experiences. Rather than fight because you think differently than I do, why don’t I embrace the uniqueness and differences? Why not try to understand them and you better?
We’re not doing this enough in society and we’re not doing this enough in our industry either.
- Have we lost our respect for other human beings?
- Have we lost our ability to reason?
- Are we afraid to share who we really are out of fear? Fear of being marginalized, silenced, and attacked (physically and online)?
I believe people are AMAZING! I believe people are worthy of respect (even if it’s only a little). I believe people should be heard and understood. I believe information security isn’t about information or security as much as it is about people. I believe people are who we serve. I believe we must invest in people more. I believe in understanding people (better). I believe loving people gives us our best chance at doing our (information security) jobs effectively, and I believe loving people gives us our only chance of saving society.
Now on to show notes for episode 123…
SHOW NOTES – Episode 123 – Wednesday March 17th, 2021
[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 123, and the date is March 17th, 2021. Filling in for Brad again this week if my good friend and co-worker Ryan Cloutier. Welcome Ryan, glad to have you back!
- We’ve got a great show planned today. We’ll start with the importance of reason and logic in information security, our jobs, and in life. There are many parallels between information security (or “cybersecurity” as some people call it) and life.
- Then, if we have time, we’ll talk about passwords. Everybody hates passwords.
- We’ll close the show with a few mentions; about the FRSecure CISSP Mentor Program and SecurityStudio’s free S2Me (very quickly growing in popularity).
- Oh yeah, we’ve got a couple news stories too, but whatever.
- Have we lost our ability to reason?
- What is reason anyway?
- Why is reason (and logic) critical to information security?
- Why is reason (and logic) critical to risk (all risk)?
- Why is reason (and logic) critical to life?
- There are parallels here, like:
- Information security is risk management.
- There’s no such thing as risk elimination or infinite risk; they are two different ends of the spectrum.
- There’s no such think as 100% reason/logic without emotion or vice versa; two different ends of the spectrum.
- The goal is management.
- If we’ve lost our ability to reason, how can we get it back? Or, if we never had the ability to reason, how do we learn it?
- Ask “Why?” often, almost incessantly, like a three year-old.
- Ask yourself “Why”.
- Not in a way that beats yourself up, but in a way that you understand why you’re doing what you’re doing and/or why you believe what you believe.
- Notice the difference between emotional response and logical response.
- Learn to use logic and emotion where they are and how they are appropriate. Seems mechanical and awkward at first, but it should become natural/habitual over time.
- Ask others “Why”.
- Respectfully out of a desire to understand, and not in a confrontational manner.
- Learn how to ask without offense. If the person your asking takes offense despite your best efforts, that’s on them.
- Maybe they need help understanding logic versus emotion? Interesting tells about people who are unable or unwilling to use reason or logic to defend a position (or make a point):
- They change the subject. You asked a question about one thing, and quickly find yourself in a discussion about something different.
- They attack your character. This is a classic emotional response where the person you’re questioning probably isn’t sure why he/she believes what they do. Don’t take offense, but recognize this tactic for what it is.
- Encourage others (especially people you trust) to question you.
- Be prepared to defend why you believe what you believe. If you can’t (with reason), then maybe you should question what you believe.
- When other people ask you “why”, view it as an opportunity to state your case.
- When other people ask you “why”, it’s a great opportunity for you to learn (about perspective and reason).
NOTE: We could talk for a long time about Reason, so we might not get to the topic of “Passwords”. If we don’t get to Passwords in this episode, we’ll get to it in episode 124.
- Why do we need them?
- What makes a password good versus bad?
- What do we (Ryan and I) do to practice good password behavior? BTW, neither of us is perfect!
NOTE: Regardless of timing, we will discuss “Mentions” in this episode.
- FRSecure CISSP Mentor Program – We’re less than one month away from the start! I think there are more than 4,000 students signed up, so this is going to be AWESOME!
- S2Me – the FREE SecurityStudio personal risk management tool has been growing very fast (in terms of popularity). Big news happening here, and we’re making a difference!
- Microsoft Released a one-click Exchange Mitigation Tool to Mitigate Recently Disclosed ProxyLogon Vulnerabilities – https://gbhackers.com/one-click-exchange-mitigation-tool/
- FBI warns of increase in PYSA ransomware attacks targeting education – https://blog.malwarebytes.com/awareness/2021/03/fbi-warns-of-increase-in-pysa-ransomware-attacks-targeting-education/
Wrapping Up – Shout Outs
Good talk. Thank you Ryan, and thank you listeners!
- Who’s getting shout outs this week?
- Closing – Thank you to all our listeners! Send things to us by email at firstname.lastname@example.org. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, Ryan is @CLOUTIERSEC, and Brad’s @BradNigh. Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure. That’s it. Talk to you all again next week!
…and we’re done.