Posts

UNSECURITY Episode 129 Show Notes

/in /by

We have another great guest for episode 129, and we’re excited to get his take on things!

Special Guest – Ron Woerner

In this episode of the UNSECURITY Podcast, we’re joined by another good friend of ours, Ron Woerner.

Ron and I (Evan) first met at the RSA Conference last year (2020) after being introduced to each other by Ryan Cloutier, another good friend. Ron is a no nonsense, plain English-speaking information security expert with a heart for helping people from all walks protect themselves better. I love this guy and I’m excited to chat with him on the show!

Things about Ron:

We’re in for a treat in this episode!

Other Guests – Past, Present, and Future
  • Episode 128 Special Guest – Roger Grimes (0n 4/20)
  • Episode 129 Special Guest – Ron Woerner (this week)
  • Episode 130 Special Guest – John Strand (on 5/4)
    • Believe it or not, I have never met John in person. Despite running in some of the same circles for many years, this will be the first time I meet him.
    • John also has a laundry list of accomplishments. He’s the Founder and Owner of Black Hills Information Security, Senior Instructor with the SANS Institute, teaches SEC504: Hacker Techniques, Exploits, and Incident Handling; SEC560: Network Penetration Testing and Ethical Hacking; SEC580: Metasploit Kung Fu for Enterprise Pen Testing; and SEC464: Hacker Detection for System Administrators. John is the course author for SEC464: Hacker Detection for System Administrators and the co-author for SEC580: Metasploit Kung Fu for Enterprise Pen Testing. He’s also presented at the FBI, NASA, NSA, DefCon, and lots of other places.
  • Episode 131 Special Guest – Chris Roberts (on 5/11)
  • Episode 132 Special Guest – Gabriel Friedlander (on 5/18)

Lots of GREAT conversations with lots of GREAT information security folks!

SHOW NOTES – Episode 129 – Tuesday April 27th, 2021

Recorded Monday April 26th, 2021

Opening

[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 129, and the date is April 27th, 2021. Joining me is my good friend, solid partner, and and top infosec expert Brad Nigh. Welcome Brad!

Also joining the UNSECURITY Podcast is our special guest, Mr. Ron Woerner! Welcome Ron. It’s an honor to have you on our show!

Introducing Ron Woerner

It’s great to have Ron on our show! He gets information security and he always has an interesting perspective on things.

  • Open Discussion.
  • Top of mind things.
  • Current projects.
  • Current events.

Pretty sure we’ll get to talk about Ron’s talks at RSA, his work/lectures at Bellevue University, social engineering things, information security as a life skill, and other goodies!

News

We’ll probably skip news in this show. Guessing that Brad, Ron, and myself will have no problem filling the entire show with good discussion.

Wrapping Up – Shout Outs

Who’s getting shout outs this week?

Thank you to all our listeners! HUGE thank you to Ron for joining us. If you have something you’d like to tell us, feel free to email the show at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh.

Ron can be reached on LinkedIn, Twitter (@RonW123), and other places he’ll probably share during the show.

Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure.

That’s it. Talk to you all again next week!

…and we’re done.

UNSECURITY Episode 128 Show Notes

/in /by

Oh boy. Chalk last week up as “the lost week”.

I live in a suburb of Minneapolis, Minnesota (MN). The same Minneapolis, MN where George Floyd died last May, sparking civil unrest around the world. The same Minneapolis, MN where the eyes of the world are anxiously awaiting the verdict in the trial of former police officer Derek Chauvin, charged with second-degree murder in George Floyd’s death. The same Minneapolis, MN where Daunte Wright lost his life on April 11th, at the hands of 26-year veteran police officer Kimberly Ann Potter.

Minneapolis seems like ground zero for crazy.

Me being me, I don’t like when things don’t make sense. Despite knowing it’s best to let some things go, I decided to embark on a journey of self reflection and sense-making.

The result?

I learned how I process things. I learned I love people. I learned I’m not crazy. I learned we have significant problems facing our society, and not enough people willing to solve them. Even worse, the leaders we elect to solve problems, selfishly use problems to score popularity points and ignorant votes. If our leaders wanted to solve problems, they would. Simple as that.

More to come, but we have a podcast to do!

Special Guest – Roger Grimes

In this episode of the UNSECURITY Podcast, we’re joined by a good friend, a bona fide information security authority, renowned author (of 12 books), and all around awesome human being, Roger Grimes. This is a man I respect deeply and hold in very high esteem. We are information security kindred spirits in a way, and we’re honored to welcome him on our show!

Things about Roger:

  • LinkedIn Profile – https://www.linkedin.com/in/rogeragrimes/
  • Information technology and/or information security expert since the mid-late 1980s
  • Written more than 1,200 national magazine articles on information security and was the weekly computer security columnist for InfoWorld/CSO magazines from 2005 to 2019
  • His “goal in life is to get more people and companies to use data and the scientific method to improve their computer security.” He goes on to state, “If I leave this world without having made the Internet a safer place for all people to compute, I have failed.See, my kind of guy!
  • Spent more than 11 years as Microsoft’s Principal Security Architect.
  • Written 12 books (and working on two now), including:
    • Hacking Multifactor Authentication
    • Cryptography Apocalypse
    • A Data-Driven Computer Defense
    • Hacking the Hacker
    • Malicious Mobile Code
    • And more…

Seriously dig this guy, and pumped that he’s joining us this week!

Other Guests Coming

Roger is our first special guest in a series of special guests. We might keep hosting special guests indefinitely. Here’s what’s coming soon:

  • Episode 129 Special Guest – Ron Woerner
    • I met Ron through my good friend Ryan Cloutier, and I’m very grateful for it.
    • Ron has a laundry list of accolades. He’s the CEO and President of Cyber-AAA, Professor of CyberSecurity Studies at Bellevue University, featured speaker at the RSA conference for more than 12 years, and much more.
  • Episode 130 Special Guest – John Strand
    • Believe it or not, I have never met John in person. Despite running in some of the same circles for many years, this will be the first time I meet him.
    • John also has a laundry list of accomplishments. He’s the Founder and Owner of Black Hills Information Security, Senior Instructor with the SANS Institute, teaches SEC504: Hacker Techniques, Exploits, and Incident Handling; SEC560: Network Penetration Testing and Ethical Hacking; SEC580: Metasploit Kung Fu for Enterprise Pen Testing; and SEC464: Hacker Detection for System Administrators. John is the course author for SEC464: Hacker Detection for System Administrators and the co-author for SEC580: Metasploit Kung Fu for Enterprise Pen Testing. He’s also presented at the FBI, NASA, NSA, DefCon, and lots of other places.

We’re finalizing details with guests for episode 131 and 132 too. Lots of GREAT conversations to come!

Let’s get right to it, show notes for episode 128 of the UNSECURITY Podcast…

SHOW NOTES – Episode 128 – Tuesday April 20th, 2021

Recorded Friday April 16th, 2021

Opening

[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 128, and the date is April 20th, 2021. Joining me is my good friend, great guy, and infosec expert Brad Nigh. Welcome Brad!

Also joining the UNSECURITY Podcast is our special guest, Mr. Roger Grimes! Welcome Roger. It’s an honor to have you on our show!

Introducing Roger Grimes

Some of our listeners may not know Roger. That’s about to change! He has a fascinating information security mind, and we’re all sure to learn some things.

  • Open Discussion.
  • Top of mind things.
  • Current projects.
  • Current events.

Roger and I first met through a friend, Steve Marsden, a few years ago. Almost immediately it became clear that we see information security the same way. Soon after our first conversation, I flew out to see Roger give his talk at the RSA conference and have lunch with him and his wife. It confirmed that he is the “real deal” and I flew on to my next destination immediately after lunch. Since then, we’ve kept in touch, and he even served on SecurityStudio’s board of directors for a time.

This will be a fun conversation, guaranteed!

News

We’ll probably skip news in this show. Guessing that Brad, Roger, and myself will have no problem filling the entire show with good discussion.

Wrapping Up – Shout Outs

Who’s getting shout outs this week?

Closing – Thank you to all our listeners! HUGE thank you to Roger for joining us. If you have something you’d like to tell us, feel free to email the show at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. Roger, where would you like people to connect with you? (his Twitter handle is @rogeragrimes). Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure. That’s it. Talk to you all again next week!

…and we’re done.

The UNSECURITY Podcast – Episode 69 Show Notes – Who does what?

/in /by

After last week’s BSOD on Brad’s laptop…

We were 50+ minutes into last week’s podcast when Windows said no more. The operating system crash brought episode 68 to a dead halt before we had a chance to cover the last part of our Roles and Responsibilities series. So, instead of two parts, we’re doing three. This is how it all worked out:

I’m excited about this episode because it hits close to home. It should hit close to home with everyone!

RSA Conference

We’ll also talk about last week’s RSA Conference in this show. SecurityStudio sent seven people to the conference this year, and here are some highlights we will discuss:

  • The theme for the conference this year was “Human Element”.

  • Roughly 36,000 attendees this year.
  • San Francisco’s State of Emergency, mid-conference
  • The money grab was alive and well (literally).

This slideshow requires JavaScript.

  • SecurityStudio’s first appearance as a sponsor.

This slideshow requires JavaScript.

    • Gave away 1,000 free, signed copies of UNSECURITY.

This slideshow requires JavaScript.

    • We became known as counterculture (which was super cool).
    • The theme “Mission before $” was born and etched onto each book.
    • We made (at least) 961 new friends.

This slideshow requires JavaScript.

Overall, the RSA Conference was a great experience for everyone and a huge success for SecurityStudio.

On to this week’s show notes…

SHOW NOTES – Episode 69

Date: Monday, March 2nd, 2020

Show Topics:

Our topics this week:

  • Opening
    • What’s up?
    • One thing.
  • RSA Conference
  • Information Security Roles and Responsibilities (Part 3 of 3)
    • Last week, quick recap of roles and responsibilities (at work).
    • People are creatures of habit.
    • SIMPLIFY – What are things we can do?
    • At home:
      • Information security, privacy, and safety cannot be separated.
      • Parent
      • Spouse
      • Children
    • What should every “normal” person know about information security?
    • The importance of definition, formality, and communication.
  • News
Opening

[Evan] Hi again UNSECURITY podcast listeners! My name is Evan Francen and this is episode 69. The date is March 2nd, 2020. Joining me in studio is my co-host, Brad Nigh. Good morning Brad!

[Brad] Rumor has it, he’s been working hard on some IR work. Let’s see if he’s in the mood to talk this morning.

[Evan] It’s great to be back in the office and good to be here. We have a really good show for our listeners this week, but before we dive in, let’s catch up. Brad, tell me about your week.

Catching up

Some back and forth happens here.

[Evan] I’m behind on just about everything. Hoping for a good catch-up week!

RSA Conference

[Evan] So, there was this RSA Conference thingy last week. Let’s talk about it.

RSA Conference discussion. What we learned and what we wish we hadn’t.

[Evan] We’ll invite some of the interesting people from RSA to join us a future guests.

Information Security Roles and Responsibilities (Part 3 of 3) – Micro Level (at home)

[Evan] OK. So last week, we had a nice visit from the BSOD genie. Probably a good thing because we were going sort of long anyway. We originally planned two episode for Roles and Responsibilities, but instead we’ve got three now. No big deal. I’m looking forward to this talk with you Brad! What do you think about the series thus far?

[Brad] His opinions…

Last week, quick recap of roles and responsibilities (at work).

[Evan] We’ve talked about roles and responsibilities at a macro level and we’ve talked about roles and responsibilities within an organization. Now, let’s talk about roles and responsibilities at home. I know that you and I both are very conscious of information security at home.

Roles and Responsibilities at Home:

  • People are creatures of habit.
  • SIMPLIFY – What are things we can do?
  • Information security, privacy, and safety cannot be separated.
  • Roles
    • Parent
    • Spouse
    • Children
  • What should every “normal” person know about information security?
  • The importance of definition, formality, and communication.

[Evan] Great conversation. These things will all be covered in our book, and I’m really looking forward to finishing it with you. This book could help tons of people! Alright, as usual, let’s get to some news.

News

[Evan] Here’s what we’ve got for news this week:

Bonus, maybe a future episode; This breast cancer advocate says she discovered a Facebook flaw that put the health data of millions at riskhttps://www.cnn.com/2020/02/29/health/andrea-downing-facebook-data-breach-wellness-trnd/index.html

Closing

[Evan] There you have it. Episode 69. It’s good to be home this week.

[Evan] Thank you to our listeners, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet sometimes. I’m @evanfrancen, and Brad’s @BradNigh. Check out @studiosecurity and @FRSecure frequently. They’re always posting good things! Is FRSecure out at SecureWorld North Carolina this week? Lots going on and lots of chatter!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 68 Show Notes – Who does what?

/in /by

Trying to get back to posting show notes on Fridays. We’ll see…

The Week

It’s been another amazing week at SecurityStudio and FRSecure! I was in the office all week, so I got to see some of the magic first hand. You’d be amazed, truly.

OUR PEOPLE ARE INCREDIBLE! (yes, I shouted that).

Some of the things that come to mind right now:

  • Discussions and meetings with awesome people like Chris Roberts, Steve Hawkins, Mike Johnson, Augustine Doe, Jeremy Swenson, and Devin Harris this week. Each of them is awesome in their own way. Had lots of meetings this week, but these are the ones that stand out right now. Giving them all shout outs. They are wonderful people.
  • Brad’s kickin’ butt on some new service offerings, including a new CMMC readiness assessment. Checked out his executive summary report mock-up, and it’s sweet!
  • One of our analysts, “Ben” (he’s been on the podcast show before) has discovered some (16ish) significant potential/confirmed breaches of data in his research. Learning a ton about responsible disclosure. 😉
  • Lunch with John Harmon, FRSecure’s president on Thursday was incredible. We ate some sweet BBQ and talked strategy. This dude has some great ideas and I’m pumped about what he’s up to!
  • Ryan (“cola”) Cloutier is a machine. Opening doors, making a difference in education (K-12 & higher ed), and taking things global (UK, Australia, APAC, etc.). Letting this guy do his thing.
  • The marketing stuff and coordination for RSA next week is all set, thanks to the leadership of Andy Forsberg. This dude’s got in under control! There are seven SecurityStudio people heading out to RSA next week and we’ve all got brand new blue Nike’s and brand new blue branded T-shirts, not to mention 1,000 books to give away, and all the details. Excited to go have some fun with this group next week! (P.S. I think I got Andy hooked on Rockstar Energy drinks. I’m a bad influence, and I’m sorry.)

I could write something about every person here. The ALL pour their heart and soul into our mission of fixing this broken industry. They ALL understand that information security isn’t about information or security as much as it is about people. There are no words to describe the experience of working on this mission with this amazing group!

Breathe

OK, enough braggin’ for now, we got a podcast to do.

In last week’s show, Brad and I discussed the topic of information security roles and responsibilities at a macro level. We gave our opinions about the role of government, the role of business, the role of schools, etc. This week, we’re going to take the same topic and apply it at a micro level.

This is sure to be a great discussion!

SHOW NOTES – Episode 68

Date: Monday, February 24th, 2020

Show Topics:

Our topics this week:

  • Opening
    • What’s up?
    • One thing.
  • Information Security Roles and Responsibilities (Part 2 of 2)
    • Last week, quick recap of roles and responsibilities at a macro level.
    • The importance of definition, formality, and communication.
    • SIMPLIFY and operationalize.
    • At work:
      • Executive Management
      • CISO (or similar), two jobs.
      • IT
      • Legal
      • Everyone else.
    • At home:
      • Information security, privacy, and safety cannot be separated.
      • Parent
      • Spouse
      • Children
    • What are things we can do to simplify and operationalize?
    • What should every “normal” person know about information security?
  • News
Opening

[Brad] Good morning UNSECURITY podcast listeners! I’m Brad Nigh and this is episode 68. The date is February 24th, 2020. Joining me in studio is my co-host, Brad Nigh. Good morning Evan!

[Evan] Stuff and things…

[Brad] We have a great show planned today. Before we dive in, let’s catch up. Crazy week behind us and another crazy one ahead! What’s going on?

Catching up

Some back and forth happens here.

[Brad] Wow! Alright, let’s shift gears now a little. Last week, we talked about information security roles and responsibilities. Not the most exciting topic, but an absolutely critical one for sure! We’re approaching this topic from two different perspectives, from a macro level and a micro level. Last week was part one, the macro level. This week is part two, the micro level. You ready to get started?

[Evan] For sure.

Information Security Roles and Responsibilities (Part 1 of 2) – Micro Level

[Brad] You mentioned that we’re working on this book together. It’s a book focused on simplifying and operationalizing information security for underserved markets like state/local government, schools (K-12 and higher ed), small businesses, and individuals. Part of all this is understanding who does what, or at least who should be doing what. We started last week with our opinions about the importance of defining roles and responsibilities for governments, businesses, schools, etc. Now, let’s take it down to a more practical level.

We’ll share our opinions this week on the following:

  • How important is it to define, formalize, and communicate information security roles and responsibilities?
  • If we haven’t defined, formalized, or communicated information security roles and responsibilities, where should we start?
  • Why is it important to simplify information security, and how can I do it?
  • What does operationalizing information security look like and how can I accomplish this?
  • Roles and Responsibilities at Work:
    • Executive Management
    • CISO (or similar), two jobs.
    • IT
    • Legal
    • Everyone else.
  • Roles and Responsibilities at Home:
    • Information security, privacy, and safety cannot be separated.
    • Parent
    • Spouse
    • Children
  • What are things we can do to simplify and operationalize information security at home?
  • What should every “normal” person know about information security?

[Brad] Great conversation. We could have taken any one of these subtopics and devoted an entire show to it. I’m really looking forward to finishing this book with you. This book could help tons of people! Alright, as usual, let’s get to some news.

News

[Brad] Here’s what we’ve got for news this week:

Closing

[Brad] There you have it. Episode 68. Good talk today. Got any parting words?

[Evan] It’s a secret.

[Brad] Thank you to our listeners, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet sometimes. I’m @BradNigh and Evan’s @evanfrancen. Be sure to watch social media for news from RSA! SecurityStudio will be tweeting and LinkedInning all week! Check out @studiosecurity frequently. FRSecure’s Twitter handle is @FRSecure, and they’re sure to have some good things too. Especially the week after next when FRSecure is out at SecureWorld North Carolina. Lots going on and lots of chatter!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 67 Show Notes – Who does what?

/in /by

Did you even notice that I skipped posting show notes for last week’s podcast? Time got away from us. Sometimes our day job gets in the way. No matter. We recorded a pretty good show for you last week anyway, and you can catch a listen here.

We’re almost back on track this week.

Here we go…

SHOW NOTES – Episode 67

Date: Monday, February 17th, 2020

Show Topics:

Our topics this week:

  • Opening
    • What’s up?
    • One thing.
  • Information Security Roles and Responsibilities (Part 1 of 2)
    • How important are information security roles and responsibilities?
    • Is it important to define them formally, or do people just know?
    • Roles and responsibilities at a macro level.
      • Government(s).
      • Business(es).
        • B2C.
        • Employer(s).
      • School(s).
      • Consumer(s)/citizen(s)
    • Ideas for making things better.
    • Part 2 – Information Security Roles and Responsibilities (micro-level).
  • News
Opening

[Evan] Howdy. Welcome to episode 67 of the UNSECURITY Podcast. Today is February 17th, 2020 and this angelic voice you’re hearing is me, Evan Francen. Joining me in studio today is my security bestie, Brad Nigh. Good morning Brad!

[Brad] Hopefully he got some sleep and he’s ready to impart some of his wisdom!

[Evan] We have a great show planned today. Before we dive in, let’s catch up. As usual, I want to know how you’re doing and what you’re up to. Give it to me.

Catching up

Some back and forth happens here.

[Evan] Let’s see if you prepped for today’s show. I want you to share one information security truth. Pick any one you want.

[Brad] Shares a truth.

[Evan] Boom! Hashtag truth. Here’s one that’s on my mind…

[Evan] This weekend I was doing some work on our book. For those of you who don’t know yet, we are writing a really cool book. There are two purposes for the book. The first is to simplify information security, and the second is to operationalize information security in underserved markets. Underserved markets are state/local government, schools (K-12 and higher ed), small businesses, and individuals. How do we embed information security in such a way that it becomes a normal part of everyday life and a competitive advantage?

This book is being written by me, Brad, and Ryan (aka “cola”).

I’m just about done with my initial outline, which are really just thoughts. Soon, we’ll get going full speed with these guys. We’ll be collaborating big time!

Anyway, here’s why this is relevant to today’s podcast. As I was writing, I had a thought. One of the foundational components of information security is understanding and implementing roles and responsibilities. This leads to an idea of doing a two-part series. In part one (today), I’d like to discuss information security roles and responsibilities at a macro level. In part two (next week), we can discuss information security roles and responsibilities at a micro level. You game?

[Brad] Brad’s almost always game. He’s one of the most collaborative and easy-going security guys I know!

Information Security Roles and Responsibilities (Part 1 of 2) – Macro Level

We’ll share opinions on these things:

  • How important are information security roles and responsibilities?
  • Is it important to define them formally, or do people just know?
  • Roles and responsibilities at a macro level.
    • Government(s).
    • Business(es).
      • B2C.
      • Employer(s).
    • School(s).
    • Consumer(s)/citizen(s)
  • Ideas for making things better.
  • Part 2 – Information Security Roles and Responsibilities (micro-level).

[Evan] Good discussion man! We take so many of these things for granted. Good things for us to keep in mind as we continue down the path of writing our book.

[Brad] Brad is Brad.

[Evan] Let’s cover some news now.

News

[Evan] I’ve got a few goodies today:

Closing

[Evan] There you have it. Episode 67. Always great chatting with you Brad! Got any parting words?

[Brad] Maybe he does, maybe he doesn’t…

[Evan] Thank you to our listeners, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet sometimes. I’m @evanfrancen and Brad’s @BradNigh. If you like company stuff, we work for SecurityStudio (@studiosecurity) and FRSecure (@FRSecure). The company people post good things from time to time too!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 65 Show Notes – Money Grab

/in /by

Another week down. Damn, a whole month is down! January is already in the books.

While I’ve got you here, help us out with our mission. We’re busting our tails off doing our part to fix the broken information security industry. We’re striving and doing these things:

  • Setting a common information security language that can be spoken by everyone; the S2Score.
  • Developing and delivering simple (but effective and credible) information security risk assessments for the under-served (SMBs, state and local government, K-12, etc.):
  • Developing and delivering simple (but effective and credible) tools to help the under-served do information security better.
  • Teaching and mentoring others for free. The FRSecure CISSP Mentor Program is in it’s 11th year! We started with six students in 2010, last year we had 532, and this year we had more than 540 enrollments within the first 24 hours! Check it out and enroll here.

What can you do to help? Simple. You can help in (at least) three ways:

  • Do your own S2Org and S2Me assessments.
  • Contribute your opinions and feedback (after all, we’re all in this together).
  • Spread the word. Tell others. Tell them about the S2Org and S2Me assessments and tell them about the FREE FRSecure CISSP Mentor Program!

OK, on to the show…

February is already upon us, and RSA is just around the corner. Speaking of RSA, let’s talk about our industry’s money grab in this week’s episode. Let’s also discuss tips for talking to the board of directors about information security stuff .

This will be fun!

Alright, on to the show notes. This is my (Evan) show to lead and these (below) are my notes.

SHOW NOTES – Episode 65

Date: Monday, February 2nd, 2020

Show Topics:

Our topics this week:

  • Opening
    • Normal Stuff
    • Got Mail?
  • The Money Grab
    • It’s alive and well – everybody wants your $$$.
    • The Bad Guys Of Course
    • The “Good Guys” Too?
  • Talking to the Board
    • Tips
    • Recent Experiences
  • News
Opening

[Evan] Alright, welcome! This is Evan Francen, this is episode 65 of the UNSECURITY Podcast, and the date is February 3rd, 2020. In studio with me is none other than Mr. Brad Nigh. Howdy Brad.

[Brad] We’ll see how awake he is on an early Monday morning.

[Evan] I’m curious, are you a morning person or a night person?

[Brad] I don’t know what he’ll say here…

[Evan] We’ve got a great show planned for you today. Lots to talk about, for sure! We’re going to talk about this industry’s money grab and we’ll cover some tips for speaking to the board of directors. Before we dig in, Brad, how you doing?

Quick Catch-up Talk

[Evan] Alright. Well, let’s get to it. Let’s talk about the money grab in this industry. In case you didn’t know, I’m referring to the information security industry. You have the something that everybody wants. The bad guys, the good guys, and everyone in between. They all want your money. Collectively, I call this the “money grab” and we’re going to discuss this. I want to discuss this because I don’t want you losing your hard earned money to some crook and I don’t want you to piss it away on something that doesn’t do what you thought.

Discussion about the Money Grab

The money grab is alive and well. Everybody wants your $$$. Everybody.

  • The Bad Guys Of Course
    • The 2018 cybercrime industry was worth at least $1.5 trillion
    • There is no low that’s too low.

This slideshow requires JavaScript.

  • The “Good Guys” Too?
    • Gartner estimated that 2019 industry spending was $124 billion in 2019, and by some estimated it’s expected to grow to more than $170 billion by 2022. NOTE: this is for context only and not to imply that this is wasted spending.
    • FUD (scare the sh*t out of you) and Sex Sell (buzzwords, new blinky lights, etc.)
    • Seems like everybody is fighting for your money.
      • Conferences (RSA, Black Hat, etc.)
      • Companies (borderline extortion, crappy advise, etc.)
    • We’re (FRSecure and SecurityStudio) human too. Mission over money, does it keep us honest?

[Evan] It’s a dangerous world and people (non-information security people are confused). I wonder how much of this is on purpose. The enterprise organizations can afford to make mistakes, but the smaller players are left in the cold and they’re suffering because they often miss the basics, the fundamentals. I feel bad for the under-served markets, especially SMBs. This is our primary focus. OK, on that note…

Discussion about talking boards of directors and executive management

[Evan] Brad, you and I have had the privilege on many occasions to talk to boards and executives. What tips do we have?

Some good back and forth discussion I’m sure…

After a while, let’s do some news.

News

[Evan] I’ve only got two stories to discuss today, but I think they’re interesting ones:

Closing

[Evan] OK, that’s it. Episode 65 is in the bag. Brad, you’ve got any ideas for next week’s show yet?

[Brad] Maybe he does, maybe he doesn’t…

[Evan] Thank you to our listeners, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet sometimes. I’m @evanfrancen and Brad’s @BradNigh. If you like company stuff, we work for SecurityStudio (@studiosecurity) and FRSecure (@FRSecure). The company people post good things from time to time too!

That’s it. Talk to you all again next week!