Posts

The UNSECURITY Podcast – Episode 68 Show Notes – Who does what?

Trying to get back to posting show notes on Fridays. We’ll see…

The Week

It’s been another amazing week at SecurityStudio and FRSecure! I was in the office all week, so I got to see some of the magic first hand. You’d be amazed, truly.

OUR PEOPLE ARE INCREDIBLE! (yes, I shouted that).

Some of the things that come to mind right now:

  • Discussions and meetings with awesome people like Chris Roberts, Steve Hawkins, Mike Johnson, Augustine Doe, Jeremy Swenson, and Devin Harris this week. Each of them is awesome in their own way. Had lots of meetings this week, but these are the ones that stand out right now. Giving them all shout outs. They are wonderful people.
  • Brad’s kickin’ butt on some new service offerings, including a new CMMC readiness assessment. Checked out his executive summary report mock-up, and it’s sweet!
  • One of our analysts, “Ben” (he’s been on the podcast show before) has discovered some (16ish) significant potential/confirmed breaches of data in his research. Learning a ton about responsible disclosure. 😉
  • Lunch with John Harmon, FRSecure’s president on Thursday was incredible. We ate some sweet BBQ and talked strategy. This dude has some great ideas and I’m pumped about what he’s up to!
  • Ryan (“cola”) Cloutier is a machine. Opening doors, making a difference in education (K-12 & higher ed), and taking things global (UK, Australia, APAC, etc.). Letting this guy do his thing.
  • The marketing stuff and coordination for RSA next week is all set, thanks to the leadership of Andy Forsberg. This dude’s got in under control! There are seven SecurityStudio people heading out to RSA next week and we’ve all got brand new blue Nike’s and brand new blue branded T-shirts, not to mention 1,000 books to give away, and all the details. Excited to go have some fun with this group next week! (P.S. I think I got Andy hooked on Rockstar Energy drinks. I’m a bad influence, and I’m sorry.)

I could write something about every person here. The ALL pour their heart and soul into our mission of fixing this broken industry. They ALL understand that information security isn’t about information or security as much as it is about people. There are no words to describe the experience of working on this mission with this amazing group!

Breathe

OK, enough braggin’ for now, we got a podcast to do.

In last week’s show, Brad and I discussed the topic of information security roles and responsibilities at a macro level. We gave our opinions about the role of government, the role of business, the role of schools, etc. This week, we’re going to take the same topic and apply it at a micro level.

This is sure to be a great discussion!


SHOW NOTES – Episode 68

Date: Monday, February 24th, 2020

Show Topics:

Our topics this week:

  • Opening
    • What’s up?
    • One thing.
  • Information Security Roles and Responsibilities (Part 2 of 2)
    • Last week, quick recap of roles and responsibilities at a macro level.
    • The importance of definition, formality, and communication.
    • SIMPLIFY and operationalize.
    • At work:
      • Executive Management
      • CISO (or similar), two jobs.
      • IT
      • Legal
      • Everyone else.
    • At home:
      • Information security, privacy, and safety cannot be separated.
      • Parent
      • Spouse
      • Children
    • What are things we can do to simplify and operationalize?
    • What should every “normal” person know about information security?
  • News
Opening

[Brad] Good morning UNSECURITY podcast listeners! I’m Brad Nigh and this is episode 68. The date is February 24th, 2020. Joining me in studio is my co-host, Brad Nigh. Good morning Evan!

[Evan] Stuff and things…

[Brad] We have a great show planned today. Before we dive in, let’s catch up. Crazy week behind us and another crazy one ahead! What’s going on?

Catching up

Some back and forth happens here.

[Brad] Wow! Alright, let’s shift gears now a little. Last week, we talked about information security roles and responsibilities. Not the most exciting topic, but an absolutely critical one for sure! We’re approaching this topic from two different perspectives, from a macro level and a micro level. Last week was part one, the macro level. This week is part two, the micro level. You ready to get started?

[Evan] For sure.

Information Security Roles and Responsibilities (Part 1 of 2) – Micro Level

[Brad] You mentioned that we’re working on this book together. It’s a book focused on simplifying and operationalizing information security for underserved markets like state/local government, schools (K-12 and higher ed), small businesses, and individuals. Part of all this is understanding who does what, or at least who should be doing what. We started last week with our opinions about the importance of defining roles and responsibilities for governments, businesses, schools, etc. Now, let’s take it down to a more practical level.

We’ll share our opinions this week on the following:

  • How important is it to define, formalize, and communicate information security roles and responsibilities?
  • If we haven’t defined, formalized, or communicated information security roles and responsibilities, where should we start?
  • Why is it important to simplify information security, and how can I do it?
  • What does operationalizing information security look like and how can I accomplish this?
  • Roles and Responsibilities at Work:
    • Executive Management
    • CISO (or similar), two jobs.
    • IT
    • Legal
    • Everyone else.
  • Roles and Responsibilities at Home:
    • Information security, privacy, and safety cannot be separated.
    • Parent
    • Spouse
    • Children
  • What are things we can do to simplify and operationalize information security at home?
  • What should every “normal” person know about information security?

[Brad] Great conversation. We could have taken any one of these subtopics and devoted an entire show to it. I’m really looking forward to finishing this book with you. This book could help tons of people! Alright, as usual, let’s get to some news.

News

[Brad] Here’s what we’ve got for news this week:

Closing

[Brad] There you have it. Episode 68. Good talk today. Got any parting words?

[Evan] It’s a secret.

[Brad] Thank you to our listeners, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet sometimes. I’m @BradNigh and Evan’s @evanfrancen. Be sure to watch social media for news from RSA! SecurityStudio will be tweeting and LinkedInning all week! Check out @studiosecurity frequently. FRSecure’s Twitter handle is @FRSecure, and they’re sure to have some good things too. Especially the week after next when FRSecure is out at SecureWorld North Carolina. Lots going on and lots of chatter!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 67 Show Notes – Who does what?

Did you even notice that I skipped posting show notes for last week’s podcast? Time got away from us. Sometimes our day job gets in the way. No matter. We recorded a pretty good show for you last week anyway, and you can catch a listen here.

We’re almost back on track this week.

Here we go…


SHOW NOTES – Episode 67

Date: Monday, February 17th, 2020

Show Topics:

Our topics this week:

  • Opening
    • What’s up?
    • One thing.
  • Information Security Roles and Responsibilities (Part 1 of 2)
    • How important are information security roles and responsibilities?
    • Is it important to define them formally, or do people just know?
    • Roles and responsibilities at a macro level.
      • Government(s).
      • Business(es).
        • B2C.
        • Employer(s).
      • School(s).
      • Consumer(s)/citizen(s)
    • Ideas for making things better.
    • Part 2 – Information Security Roles and Responsibilities (micro-level).
  • News
Opening

[Evan] Howdy. Welcome to episode 67 of the UNSECURITY Podcast. Today is February 17th, 2020 and this angelic voice you’re hearing is me, Evan Francen. Joining me in studio today is my security bestie, Brad Nigh. Good morning Brad!

[Brad] Hopefully he got some sleep and he’s ready to impart some of his wisdom!

[Evan] We have a great show planned today. Before we dive in, let’s catch up. As usual, I want to know how you’re doing and what you’re up to. Give it to me.

Catching up

Some back and forth happens here.

[Evan] Let’s see if you prepped for today’s show. I want you to share one information security truth. Pick any one you want.

[Brad] Shares a truth.

[Evan] Boom! Hashtag truth. Here’s one that’s on my mind…

[Evan] This weekend I was doing some work on our book. For those of you who don’t know yet, we are writing a really cool book. There are two purposes for the book. The first is to simplify information security, and the second is to operationalize information security in underserved markets. Underserved markets are state/local government, schools (K-12 and higher ed), small businesses, and individuals. How do we embed information security in such a way that it becomes a normal part of everyday life and a competitive advantage?

This book is being written by me, Brad, and Ryan (aka “cola”).

I’m just about done with my initial outline, which are really just thoughts. Soon, we’ll get going full speed with these guys. We’ll be collaborating big time!

Anyway, here’s why this is relevant to today’s podcast. As I was writing, I had a thought. One of the foundational components of information security is understanding and implementing roles and responsibilities. This leads to an idea of doing a two-part series. In part one (today), I’d like to discuss information security roles and responsibilities at a macro level. In part two (next week), we can discuss information security roles and responsibilities at a micro level. You game?

[Brad] Brad’s almost always game. He’s one of the most collaborative and easy-going security guys I know!

Information Security Roles and Responsibilities (Part 1 of 2) – Macro Level

We’ll share opinions on these things:

  • How important are information security roles and responsibilities?
  • Is it important to define them formally, or do people just know?
  • Roles and responsibilities at a macro level.
    • Government(s).
    • Business(es).
      • B2C.
      • Employer(s).
    • School(s).
    • Consumer(s)/citizen(s)
  • Ideas for making things better.
  • Part 2 – Information Security Roles and Responsibilities (micro-level).

[Evan] Good discussion man! We take so many of these things for granted. Good things for us to keep in mind as we continue down the path of writing our book.

[Brad] Brad is Brad.

[Evan] Let’s cover some news now.

News

[Evan] I’ve got a few goodies today:

Closing

[Evan] There you have it. Episode 67. Always great chatting with you Brad! Got any parting words?

[Brad] Maybe he does, maybe he doesn’t…

[Evan] Thank you to our listeners, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet sometimes. I’m @evanfrancen and Brad’s @BradNigh. If you like company stuff, we work for SecurityStudio (@studiosecurity) and FRSecure (@FRSecure). The company people post good things from time to time too!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 65 Show Notes – Money Grab

Another week down. Damn, a whole month is down! January is already in the books.

While I’ve got you here, help us out with our mission. We’re busting our tails off doing our part to fix the broken information security industry. We’re striving and doing these things:

  • Setting a common information security language that can be spoken by everyone; the S2Score.
  • Developing and delivering simple (but effective and credible) information security risk assessments for the under-served (SMBs, state and local government, K-12, etc.):
  • Developing and delivering simple (but effective and credible) tools to help the under-served do information security better.
  • Teaching and mentoring others for free. The FRSecure CISSP Mentor Program is in it’s 11th year! We started with six students in 2010, last year we had 532, and this year we had more than 540 enrollments within the first 24 hours! Check it out and enroll here.

What can you do to help? Simple. You can help in (at least) three ways:

  • Do your own S2Org and S2Me assessments.
  • Contribute your opinions and feedback (after all, we’re all in this together).
  • Spread the word. Tell others. Tell them about the S2Org and S2Me assessments and tell them about the FREE FRSecure CISSP Mentor Program!

OK, on to the show…

February is already upon us, and RSA is just around the corner. Speaking of RSA, let’s talk about our industry’s money grab in this week’s episode. Let’s also discuss tips for talking to the board of directors about information security stuff .

This will be fun!

Alright, on to the show notes. This is my (Evan) show to lead and these (below) are my notes.


SHOW NOTES – Episode 65

Date: Monday, February 2nd, 2020

Show Topics:

Our topics this week:

  • Opening
    • Normal Stuff
    • Got Mail?
  • The Money Grab
    • It’s alive and well – everybody wants your $$$.
    • The Bad Guys Of Course
    • The “Good Guys” Too?
  • Talking to the Board
    • Tips
    • Recent Experiences
  • News
Opening

[Evan] Alright, welcome! This is Evan Francen, this is episode 65 of the UNSECURITY Podcast, and the date is February 3rd, 2020. In studio with me is none other than Mr. Brad Nigh. Howdy Brad.

[Brad] We’ll see how awake he is on an early Monday morning.

[Evan] I’m curious, are you a morning person or a night person?

[Brad] I don’t know what he’ll say here…

[Evan] We’ve got a great show planned for you today. Lots to talk about, for sure! We’re going to talk about this industry’s money grab and we’ll cover some tips for speaking to the board of directors. Before we dig in, Brad, how you doing?

Quick Catch-up Talk

[Evan] Alright. Well, let’s get to it. Let’s talk about the money grab in this industry. In case you didn’t know, I’m referring to the information security industry. You have the something that everybody wants. The bad guys, the good guys, and everyone in between. They all want your money. Collectively, I call this the “money grab” and we’re going to discuss this. I want to discuss this because I don’t want you losing your hard earned money to some crook and I don’t want you to piss it away on something that doesn’t do what you thought.

Discussion about the Money Grab

The money grab is alive and well. Everybody wants your $$$. Everybody.

  • The Bad Guys Of Course
    • The 2018 cybercrime industry was worth at least $1.5 trillion
    • There is no low that’s too low.

This slideshow requires JavaScript.

  • The “Good Guys” Too?
    • Gartner estimated that 2019 industry spending was $124 billion in 2019, and by some estimated it’s expected to grow to more than $170 billion by 2022. NOTE: this is for context only and not to imply that this is wasted spending.
    • FUD (scare the sh*t out of you) and Sex Sell (buzzwords, new blinky lights, etc.)
    • Seems like everybody is fighting for your money.
      • Conferences (RSA, Black Hat, etc.)
      • Companies (borderline extortion, crappy advise, etc.)
    • We’re (FRSecure and SecurityStudio) human too. Mission over money, does it keep us honest?

[Evan] It’s a dangerous world and people (non-information security people are confused). I wonder how much of this is on purpose. The enterprise organizations can afford to make mistakes, but the smaller players are left in the cold and they’re suffering because they often miss the basics, the fundamentals. I feel bad for the under-served markets, especially SMBs. This is our primary focus. OK, on that note…

Discussion about talking boards of directors and executive management

[Evan] Brad, you and I have had the privilege on many occasions to talk to boards and executives. What tips do we have?

Some good back and forth discussion I’m sure…

After a while, let’s do some news.

News

[Evan] I’ve only got two stories to discuss today, but I think they’re interesting ones:

Closing

[Evan] OK, that’s it. Episode 65 is in the bag. Brad, you’ve got any ideas for next week’s show yet?

[Brad] Maybe he does, maybe he doesn’t…

[Evan] Thank you to our listeners, we love hearing from you. If you’ve got something to say, email us at unsecurity@protonmail.com. If you would rather do the whole social thing, we tweet sometimes. I’m @evanfrancen and Brad’s @BradNigh. If you like company stuff, we work for SecurityStudio (@studiosecurity) and FRSecure (@FRSecure). The company people post good things from time to time too!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 64 Show Notes – 3rd Party Risk

Here we are, already into the 4th week of January and this is the last show for the month.

Quick recap of last week because it was awesome!

On Saturday (1/18), we held our holiday party at Punch Bowl Social. FRSecure and SecurityStudio employees flocked in from all over the country (Nevada, Kentucky, Missouri, Florida, etc.) to celebrate together. We sort of took over the joint with 120+ people eating, drinking, singing karaoke, bowling, playing pool, and hanging out.

One of our core values is “work hard/play hard”, and Lord knows we are experts at both these things! The teams did incredible things in 2019 and every single person played a critical part in our success. It was so awesome to spend time with each other, celebrating (a great 2019) and looking forward to an even better year ahead (2020)! It was a great night!

We gathered everyone together on Monday (1/20) morning for our quarter end/year end meeting. There are no words to describe what these people did in 2019. There isn’t an adequate adjective. By every account, 2019 was a huge success. Not only in terms of dollars and cents, but more importantly in the impact we made on our industry and in people’s lives.

This slideshow requires JavaScript.

Just a few highlights:

  • FRSecure has helped more than 1,000 organizations build and maintain better information security programs.
  • The CISSP Mentor Program helped 532 people learn better information security, secure better career options, and/or successfully pass their CISSP exam. UPDATE: We exceeded the entire 2019 enrollment within 24 hours of opening this year’s registration!
  • We gave more than 100 talks at conferences all over the United States.
  • SecurityStudio made great strides in helping organizations and people speak the same (information security language), including the release of the S2Me.
  • The companies grew at more than 40% again (top line), for the 10th consecutive year.

I could write an entire book about what was accomplished in 2019, and I’m speechless when I think about what we’ll do together this year (2020)!

The Minnetonka HQ office was full and buzzing on Monday! The rest of the week was filled with meetings, conversations, and security stuff. All icing on the cake.

Alright, on to the show notes. This is Brad’s show to lead and these (below) are his notes.


SHOW NOTES – Episode 64

Date: Monday, January 27th, 2020

Show Topics:

Our topics this week:

  • Opening
    • Catching Up
    • FRSecure Year End
    • SecurityStudio Year End
  • 3rd-Party/Vendor Risk Management
    • Let’s get literal.
    • A deep dive.
    • Seven “must haves”.
    • A warning (or two)
  • Next Week
    • Tips for talking to boards
    • I’m going to RSA this year and I already regret it
  • News
Opening

[Brad] Welcome back! This is episode 64 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is  January 27th, and joining me is my co-host, Evan Francen. Good morning Evan.

[Evan] Something energetic and uplifting I’m sure.

[Brad] We’ve got another great show planned for you this week, and we’ve already got some good topics to talk about next week. This week we’re going to cover a deep dive into 3rd-party (or vendor) risk management. Next week we’re going to cover tips for talking to boards and have a conversation about the RSA money grab. Don’t miss it! I’m guessing it could get controversial.

Before we get started, let’s recap last week quick.

  • Brad’s update(s)
  • Evan’s update(s)

[Brad] I wanted to take some time today talking about Vendor Risk Management and the difference between an audit based certification (SOC2, ISO, HITRUST) vs a risk assessment (S2Org or similar).

[Evan] Yeah man! Let’s do it!

3rd-Party/Vendor Risk Management

[Brad] You added stuff to my show notes! What gives man?

[Evan] Yeah, I couldn’t help myself. Hope you’re OK with it.

[Brad] What’s with “let’s get literal”?

Discussion…

[Brad] Let’s talk about the differences between audit based certification (SOC2, ISO, HITRUST, etc.) versus a risk assessment (S2Org or similar).

  • The fundamental differences
  • The positives and negatives to both approaches
  • At the end of the day, what should an organization be trying to accomplish with their Vendor Risk Management program
  • What should the vendor share/not share, how do they handle requests for more than they are comfortable sharing

Be sure to mention the new article (not yet posted), “Seven must-haves for effective third-party information security risk management”. You can get the free preview download by emailing us.

[Brad] Hopefully that was helpful to people working on both sides of Vendor Risk Management. Let’s do some news.

News

[Brad]

Always plenty of things to talk about in the news, and here’s a few stories that caught my eye this week:

Closing

[Brad] That’s it. Episode 64 is a wrap. Thank you to our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh and Evan is @evanfrancen. Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies!

That’s it. Talk to you all again next week!

The UNSECURITY Podcast – Episode 61 Show Notes – 2020 Look Ahead

Hello 2020! What do you have in store for us?

In last week’s episode, Brad and I discussed some of the crappy things from 2019. It’s no doubt, we’ve got a lot of work to do in this industry. Now, in this episode, we’re going to discuss some of the great things we did this year as an industry, and we’re going to look at what 2020 should have in store for us!

Exciting Announcements

We’re starting 2020 off right, and we have some cool announcements:

  1. Our good friend Ryan Cloutier has joined SecurityStudio!
  2. We’re writing a new book!
  3. I’m in Cancun (I guess this is sorta cool for me)!
Ryan Cloutier

If you’ve been listening to our podcast for a while, you might remember Ryan. He joined us on the show in episode 27, and again in episode 44. Ryan brings a wealth of knowledge, a refreshing perspective, and an unbridled passion for information security , and we’re jacked he’s on board! Ryan will be helping me and the rest of the SecurityStudio team reach K-12, local governments, and whoever else wants to get on board with establishing rock solid information security fundamentals.

New Book

I took off for my annual trip to Cancun yesterday (1/4) to begin writing our next book. This one will be co-written with Brad and probably Ryan too. The book is unofficially titled “Securing America” and it will provide an easy-to-use manual for building fundamental information security programs and habits in the most under-served areas; SMBs, local governments, education (K-12 and post-secondary), and home.

If you haven’t read my first book, I invite you to! You can either purchase it, or if you’re with us on our mission to fix the brokenness in our industry, contact me and tell me so. I’ll send you a free signed copy! P.S. I’m not publicizing this everywhere, so let’s see if your paying attention.

Cancun

Yeah, this is year three for this trip. Year one was spent writing UNSECURITY. Year two was spent starting a book that I shelved (for now) about information security for normal people. This year, I’m starting this book (referenced above) and we’ll publish it sometime in Q3/Q4 of 2020.

We’ll cover these things (above) and some of the good things from 2019 in this episode of the UNSECURITY Podcast.

Brad’s leading the show this week, joined in studio by Ryan Cloutier. I’m calling in from Mexico, and these are my notes.


SHOW NOTES – Episode 61

Date: Monday, January 6th, 2020

Show Topics:

Our topics this week:

  • Opening
    • Exciting News.
    • 2019 in review, some of the good things.
    • What we expect 2020 to bring us.
  • Closing
Opening

[Brad] Welcome to the first UNSECURITY Podcast episode of 2020! We’ve got a jam-packed show for you today. It’s Monday, January 6th, 2020, and I’m Brad Nigh. Joining me in studio is the newest member of our team, Ryan Cloutier. Welcome Ryan!

[Ryan] Ryan does Ryan. Would you expect anything different?

[Brad] Joining us by phone from Cancun, Mexico is my usual co-host, Evan Francen. Hi Evan.

[Evan] I do me.

[Brad] Probably says something about Cancun and how he should be here too, or instead or me. Maybe he’ll ask about the weather, maybe not.

[Brad] Well, let’s get started. We have a ton of stuff to talk about today. Let’s start off by talking about you Ryan. Today is day #1 at SecurityStudio, right?

[Ryan] Says stuff.

Exciting News – Welcoming Ryan

Quick discussion and welcome.

  • Questions that may come up:
    • What will you be doing at SecurityStudio?
    • What made you want to come to SecurityStudio?
    • What are some of the challenges that lie ahead?
  • We’re pumped that Ryan’s onboard, and we’re looking forward to great things!

[Brad] Alright, Evan’s down in Cancun starting another book. He’s getting it started, and rumor has it that I and you (Ryan) will be co-writing this sucker!

Exciting News – Another Book

Quick discussion about this upcoming book.

  • Questions that may come up:
    • What’s the point for this book?
    • Who’s the audience?
    • What’s it like to write a book?
    • When can I get a copy?
  • We’re jazzed about this book because it’s a way to get the word out and make an impact on people’s lives. The fact that it’s going to be a collaboration between the three of us makes it extra exciting!

[Brad] Alright, some cool things to look forward to in 2020 and beyond! Let’s take a quick look back at 2019 and find some positive news. As infosec people, we sometimes get caught up in the bad news, but there are many good things happening.

2019 in Review – Good Things

[Brad] I think I speak for both Ryan and Evan when I say that we love this industry. There’s plenty of brokenness, but the people in this industry are amazing! Evan has a say that he uses a lot; “information security isn’t about information or security as much as it’s about people.” Using this as a segue, what good things happened in 2019 that we can be proud of?

Some things to discuss (in a positive light):

  • Is the information security industry more diverse now than it was at the beginning of 2019?
  • How are the job prospects for information security practitioners?
  • Are people more aware of information security?
  • Are CISOs emerging as real business leaders in greater numbers?
  • Is there improved collaboration among information security professionals?
  • More people are beginning to focus on fundamentals.

[Brad] Let’s focus on progress in 2020 and we should each be asking ourselves:

  1. Am I making a positive difference?
  2. Are my motives focused on greater good or selfish greed?
Closing

[Brad] OK, no news for today’s show. We’ve discussed plenty and we’re looking forward to another great year! We’re also wishing the best for all our listeners. Let’s kick some ass together in 2020!

That’s a wrap for today’s show. Thank you and welcome to the family Ryan. Evan, stay out of trouble.

Next week, we’ll start to devote 10 minutes out of every show to help someone who’s looking for a job or career change. If you’re one of these people, get in touch with us and we’ll feature you as a guest on future episode.

Get in contact with us through email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh, Ryan can be found at @CLOUTIERSEC, and Evan’s in his usual spot, @evanfrancen.

That’s it! Talk to you all again next week!

#S2Roadshow Recap – Week Nine

This week on the SecurityStudio Roadshow, we made the trip down to Scottsdale, Arizona to visit the people attending the ISSA Phoenix Q4 2019 Chapter Meeting. Of course, we got our fill of good BBQ too!

SecurityStudio Roadshow Summary

If you’re new, or you’re confused about this #S2Roadshow thing, start here (maybe).

Previous Week’s Recaps:

The purpose of the SecurityStudio Roadshow (#S2Roadhow) is to meet people and make partners. We want to meet people, understand their businesses, and help them grow using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).

Our mission is to fix the broken information security industry. Success requires collaboration, partnership, and transparency.

BBQ Reviews

In the spirit of transparency, we have a secondary mission on the #S2Roadshow. We eat as much BBQ as we can. After stuffing ourselves, I summarize our BBQ reviews at the end of each recap article (see below).

Scottsdale, Arizona

We arrived in Phoenix/Scottsdale on Wednesday (12/4), the day before the ISSA chapter meeting. After getting our sweet rental, a 2019 Dodge Charger Hemi, we drove straight to our first BBQ joint, NakedQ BBQ in Scottsdale.

This slideshow requires JavaScript.

When you’re from Minnesota, a December trip to Scottsdale doesn’t suck. The weather was great. After BBQ, we were off to the hotel for some meetings and to catch up with work.

 

This slideshow requires JavaScript.

Next was a dinner meeting with a good friend and partner from the area, and afterwards day one was complete. Four or five great meetings, some good work completed, and two BBQ visits. Not bad.

Day two started with, you guessed it, more BBQ, before we headed off to the ISSA chapter meeting. Three BBQ visits in less than 24 hours. Think maybe we’re overdoing this? I think not!

ISSA Phoenix Q4 2019 Chapter Meeting

We’ve been to more than a couple ISSA chapter meetings, and this was one of the best! Lorna Kertész, the chapter President does a great job running things. She was running all over the place making sure things went off without a hitch. Huge shout out to Lorna!

Overall, this was a fantastic meeting! The venue was top notch, the speakers were great, and the happy hour was very well attended. On a scale of 1 – 10 for chapter meetings, this one was a 10!

When John and I arrived, it was cool to know that there were some people who were expecting me. A couple people came up to tell me that they’d read my book, and a few mentioned that they’d attended the FRSecure CISSP Mentor Program. Feels like we’re making a difference.

The first speaker of the day was Rachel Harpley from Recruit Bit Security. She gave a very good talk titled “Yule be Sorry without Security Researchers”. Rachel is cool. She’s got some great things to share and her perspectives about information security are spot on (in my opinion). If you haven’t met her, or attended one of her talks before, you should! It was fun to visit with her for after her talk.

The next speaker was Dr. Paulo Shakarian CEO and co-founder of CYR3CON. This dude is smart! He gave a legit talk titled “Artificial Intelligence Research for Forecasting Exploit Usage”. We caught up after his talk and scheduled a meeting (week after) to discuss how his research can make the SecurityStudio platform better. The prospects of tying legit AI into SecurityStudio’s S2Org technical vulnerability scoring are very exciting!

My talk followed the talks of these two esteemed speakers.

This slideshow requires JavaScript.

I gave a similar talk that I’ve given across the country now. Want the deck? Four topics in the agenda, housekeeping, meat, the dream, and call to action. The talk was well received, and the interaction with the attendees was super! Gave away three books, and had some wonderful discussions with people afterwards.Like I said earlier, this meeting was a 10 on a scale of 1 – 10. The only thing that would have made it better is if the guy next to me wouldn’t have gotten up and left his laptop unlocked.

I talked to him about it afterwards. We’re cool.

BBQ Reviews

You know how we roll, right?! BBQ man! As much as we can get, and yes, we (well I am) are gaining a few pounds along the way.

Three BBQ reviews this week; all three in Scottsdale. We expected good BBQ in Kansas City, but Scottsdale, Arizona?! Believe it or not, Scottsdale has some awesome BBQ joints! Here’s our take on the three we visited.

NakedQ BBQ – https://www.thenakedbbq.com/ – Overall: 8.25

  • Atmosphere – 7, the atmosphere for this place was OK. It was another one of those strip mall feeling sort of places.
  • Service – 9, Everyone was very pleasant and went out of their way to make sure you were satisfied. It’s great when people come out from behind the counter to see how you’re doing.
  • Portion/Value – 8, the price was better than I expected and the portions were generous.
  • Taste – 9, the food tasted great and you could tell it was made by people who know what they’re doing. The best brisket we’ve had in a while.

This slideshow requires JavaScript.

This was really, really good BBQ. I had a 1/4 pound of brisket, jalapeno sausage, turkey, and pulled pork, and they were all great. It’s a tie between the brisket and sausage for my favorite.

The Thumb – https://www.thethumb.com/ – Overall: 8.5

  • Atmosphere – 10, the atmosphere for this place was one of the best yet. The restaurant is part of a gas station and a gift shop. Totally comfortable and cozy. My kind of BBQ joint to just chill and visit with friends.
  • Service – 10, Seriously, these people know how to serve and make you feel like you’re a king (or queen, as the case may be)! One of the few places where they offer you a sample before you order. Once we ordered, they brought the food out to us, grabbed an assortment of sauces, gave us some free goodies, and constantly made sure we were happy.
  • Portion/Value – 7, the portions were hefty, but the price reflected it. Better than average, I’d say.
  • Taste – Maybe my expectations were set too high after experiencing the super cool atmosphere and getting service reserved for royalty, but the food tasted OK. Not great, but good maybe.

This slideshow requires JavaScript.

We met a good friend and business partner for dinner here. Overall, we had a great time and I’d visit this place again. Oh yeah, one more thing. This place was featured by Guy Fieri too. Some people think that’s pretty cool.

Little Miss BBQ – https://www.littlemissbbq.com/ – Overall: 8.75

  • Atmosphere – 9, this was a cool joint. It sort of felt like I was down south in the 70s. This is a order your food, grab your food, and sit sort of BBQ joint.
  • Service – 9, certainly above average. We arrived before the place was open and there was already a line around the corner. While we waited, a waitress walked the line offering samples of their home made sausage. While we ordered, the cook gave us a small cut sample of the pastrami brisket. After we ordered, we were assured that we had everything we needed to be happy.
  • Portion/Value – 8, very reasonable and worth every penny.
  • Taste – 9, We would have said “10”, but we use that number very sparingly. The brisket might have been the best we’ve had so far on the SecurityStudio Roadshow. It might be a toss-up between this place and Pecan Lodge (Dallas, TX in week #3). The taste of the meats here was incredible.

This slideshow requires JavaScript.

This was the best BBQ we’ve had for a long time, if ever, on the SecurityStudio Roadshow. If you like BBQ and you are in the Scottsdale area, you have to visit this place. It’s amazing!

BBQ Summary

Three new BBQ joints to add to our list, and this makes 28 we’ve visit so far. This was a VERY good BBQ week for us, with all three BBQ joints easily making the top 10. The winner this week was Little Miss BBQ, but it was close. Pecan Lodge is still on top as the overall #S2Roadshow leader with a score of 9 (but we need to go back an validate this now), and Little Miss joins Bowlegged BBQ in the #2 spot. The current overall standings are listed below.

Overall Standings (at the end of #S2Roadshow Week Eight):

  • Pecan Lodge – 9
  • Little Miss BBQ – 8.75
  • Bowlegged BBQ – 8.75
  • The Thumb – 8.5
  • Divine Swine – 8.5
  • Naked Q BBQ – 8.25
  • Dinosaur BBQ – 8.25
  • Big Ed’s BBQ – 8.25
  • Mission BBQ – 8
  • Slaps BBQ – 8
  • Q39 BBQ – 7.75
  • Cousin’s BBQ – 7.75
  • Blackwood BBQ – 7.5
  • Broad Street BBQ – 7.5
  • Hard Eight – 7.25
  • Spring Creek Barbeque – 7.25
  • Redd’s BBQ – 7.25
  • RIBBRO BBQ – 7.25
  • Iron Horse – 7
  • Lucille’s Smokehouse BBQ – 7
  • Texas Bar-B-Q Joint – 7
  • Fire Breather BBQ – 7
  • Smoque – 6.75
  • Sweet Lucy’s Smokehouse – 6.75
  • Red Coal BBQ – 6.75
  • Bad to the Bone BBQ – 6.75
  • Unkl Moe’s – 6.5
  • Hambone’s Smokehouse – 6.25
  • Shakedown BBQ – N/A (wasn’t open when it was supposed to be, wasted trip)

Next Week’s #S2Roadshow

A couple of talks this week, one in St. Paul, MN and another visit to Dallas, TX. We’re visiting the Minnesota Government IT Symposium on Wednesday and we’re visiting the Dallas/Fort Worth ISC2 chapter on Friday. Looking forward to meeting a bunch of great people this week, and we’re looking forward to revisiting Pecan Lodge.

Stay tuned for next week’s #S2Roadshow updates. You can follow us on Twitter (@evanfrancen, @HarmonJohn, @StudioSecurity, and the #S2Roadshow hashtag) and on LinkedIn.

See you next week! If you want to collaborate with us, get in touch!

Happy (belated) Thanksgiving – #S2Roashow BBQ Top 10

Happy (belated) Thanksgiving!

We have many, many things to be thankful for this year! So far, the SecurityStudio Roadshow (#S2Roadshow) has been a great success. The thing we’re most thankful for are the super cool people we’ve met on the road. Cool people with incredible stories and valuable perspectives.

Another thing we’re thankful for is all the great BBQ we’ve eaten. Who doesn’t like BBQ? Well, I suppose the vegans aren’t too much into it. For all the non-vegans, here’s our top 10 BBQ joints that we’ve visited thus far.

We didn’t travel last week, so this is what you get.

Top 10 BBQ Joints

Through week #8 of the SecurityStudio Roadshow (#S2Roadshow)

A man’s got to eat, and this man’s got to eat BBQ! We eat a lot of BBQ. – Evan

#1 – Pecan Lodge – Dallas, Texas – Week #3

Overall Rating: 9

  • Atmosphere: 9
  • Service: 8
  • Portion/Value: 9
  • Taste: 10

We heard from multiple people that we had to go to Pecan Lodge located in Deep Elum, so we did. Are we ever glad we did! This was the best BBQ we’ve had yet on our three week-old #S2Roadshow, and I even made a friend.

This slideshow requires JavaScript.

I had the sliced brisket, pulled pork, and sausage. John had sliced brisket, pulled pork, and ribs. You should have seen the look on John’s face when he tasted the brisket for the first time! The atmosphere was awesome, with plenty of indoor and outdoor seating. The service was great. I even got the cook to show me his smokers (see pic). The portions were very generous too, but it was the taste that was amazing! I’ve never had better brisket and I may have never had better pulled pork in my life. I’ve had BBQ at 100+  of the best places all over the country, and I’ve never had brisket with the perfect mix of smoke flavor, fat cap, and rub.

Pecan Lodge is an absolute must visit for any BBQ lover. It’s almost worth a special visit to Dallas just to go to this place. The best I’ve had in a very long time, if ever.

P.S. My new friend’s name is Winston, and he’s from Michigan. He and his son travel the country riding roller coasters and trying new BBQ. BTW, he agreed that Pecan Lodge was awesome.

#2 – Bowlegged BBQ – San Diego, California – Week #4

Overall: 8.75

  • Atmosphere: 9
  • Service: 9
  • Portion/Value: 9
  • Taste: 8

OK, this was some good BBQ! I feel bad for all the people who live here, but never experienced the joy. The place is family-owned and the atmosphere was perfect for a BBQ joint. A little cluttered, a little dirty, a little nostalgic, and a whole bunch of character. Ordered my meat from Jordan behind the counter, and I told him all I wanted was meat, no sides. Ordered rib tips, ribs, and brisket. The price? 20 bucks.

This slideshow requires JavaScript.

10 minutes later, I get this Styrofoam container filled with deliciousness. Like really filled and like really delicious! As you can see in the picture, the meat is drowning in sauce, and that’s generally a big no-no for me. For some reason it worked. The sauce was some sort of rural Georgia-tasting stuff with a hint of cinnamon. Weird, but delicious! I texted John and told him it was like a love fest between my mouth, my brain, and my belly. Definitely recommended!

#3 – Divine Swine BBQ – Manheim, Pennsylvania – Week #1

Overall: 8.5

  • Atmosphere: 7
  • Service: 8
  • Portion/Value: 10
  • Taste: 9

After the Shakedown BBQ disappointment, we swung over to Manheim, where we found Divine Swine. This place takes the crown as the #S2Roadshow Week 1 BBQ Champ. The best tasting BBQ we had on the trip and huge portions. If you’re in the area, you have to visit this place!

This slideshow requires JavaScript.

Maybe we’re BBQ snobs, maybe not. One thing is certain, we enjoyed all of the BBQ we ate, and we’re pumped for next week’s adventures.

#4T – Dinosaur BBQ – Rochester, New York – Week #7

Overall: 8.25

  • Atmosphere – 8, it’s a cool place with a great vibe. The lighting is perfect for a BBQ joint, there’s a lot of wood, and the view of the river is super cool.
  • Service – 9, great service all-around. These people make you feel at home.
  • Portion/Value – 7, a little pricey for how much food you get, but what place isn’t?
  • Taste – 9, incredible, especially the ribs and wings.

In full transparency, I’ve eaten at Dinosaur BBQ in Rochester many times. It’s a great BBQ joint and I’ve enjoyed every visit I’ve made. This was Ryan Abraham’s first visit to Rochester, so we made sure to stop in. Actually, we ended up eating here twice during this trip. Poor us!

I’ve visited Rochester more than a dozen times and eaten BBQ at just about every place this city offers. Dinosaur is the best BBQ in Rochester. On this trip, I ate their ribs, brisket, wings, and pulled pork. The brisket and pulled pork were good, but the ribs and wings were friggin’ amazing! The ribs were arguably the best I’ve had on the SecurityStudio Roadshow so far. If you’re in Rochester, and you like BBQ (even if you don’t like BBQ), a visit to Dinosaur is a must!

#4T – Big Ed’s BBQ – Waukegan, Illinois – Week #3

Overall: 8.25

  • Atmosphere – 8
  • Service – 9
  • Portion/Value – 8
  • Taste – 9

We made the drive up to Waukegan to give Big Ed’s BBQ a try, and we’re definitely glad we did! This is a BBQ joint that is run by Ed (a few of his business partners) and his lovely family. You can read about the Big Ed story on their website. The atmosphere is great, with Ed’s son preparing the meat while Ed’s wife rings you up at the register. By the time we got there, they had already sold out of the brisket and burnt ends, so we settled for ribs and rib tips. We thought we were settling, but we were wrong! The ribs and tips were awesome!

The service was top notch, the portions were huge, and the meat was great! You have to visit this place. Highly recommended!

#6T – Mission BBQ – Harrisburg, Pennsylvania – Week #1

Overall: 8

  • Atmosphere – 7
  • Service – 10
  • Portion/Value – 7
  • Taste – 8

We ate at Mission BBQ in Harrisburg in the evening of the first day. I wasn’t that excited for it because I knew it was part of a chain, but it was the closest BBQ joint to where we were staying. The staff was AMAZING. I can’t remember ever getting better service that we did at this place.

The cashier asked us if this was our first time at Mission BBQ. We said it was, then she proceeded to tell us all about the menu and how they make their BBQ.

This slideshow requires JavaScript.

Once our order was ready, the lady behind the counter asked us if it was our first time at Mission BBQ. We said it was, then she proceeded to tell us all about the sauces and how to help ourselves.

After we sat down to eat, another lady came by our table three or four times to make sure we had everything we needed. She cleared our table for us too (even though this was a self-service joint).

The service was exceptional, so I rate it a 10. The food was good too, the best being the jalapeno cheddar sausage.

#6T – Slaps BBQ – Kansas City, Missouri – Week #8

Overall: 8

  • Atmosphere – 8, this was a pretty cool place, located in an industrial part of town. The all brick building featured an indoor eating area, plus there were two more eating areas outside. The eating area on top of the building featured a great view of the Kansas City skyline.
  • Service – 9, I love when the BBQ is made to order right in front of you. They cut the meat and dish it out as you order it, right in front of you. The staff was very courteous and very helpful.
  • Portion/Value – 8, definitely above average. We got filled up at a very reasonable price.
  • Taste – 7, the brisket was good and the pulled pork was good. The best part was the jalapeno cheddar sausage. All the BBQ was good, but not amazing.

This slideshow requires JavaScript.

We went to Slaps on a recommendation from a close friend. She’s a local and told us this was her favorite BBQ in all of Kansas City. It was good, but I’ve had better in this town.

#8T – Q39 BBQ – Kansas City, Missouri – Week #7

Overall: 7.75

  • Atmosphere – 7, this is a little too upscale feeling for me. A very nice restaurant, but not down-homey enough for my taste.
  • Service – 8, great service. I was in the middle of a conference call at the beginning, so I might have missed something here. Guess, I’ll have to visit again!
  • Portion/Value – 7, a little spendy.
  • Taste – 9, super! The burnt ends and brisket were the bomb!

This was the first stop for me and John after landing in Kansas City. We received a tip to visit this place from our rental car terminal bus driver, and obviously this guy knew what he was talking about! Kansas City is known for their BBQ and we had dozens of places to choose from, but we made a good call here.

This slideshow requires JavaScript.

This was a great welcome to Kansas City and we highly recommend visiting Q39!

#8T – Cousin’s BBQ – Dallas, Texas – Week #5

Overall: 7.75

  • Atmosphere – 8
  • Service – 8
  • Portion/Value – 7
  • Taste – 8

I arrived at the DFW airport for the trip home and realized that I’d only done one BBQ joint so far on this trip! I sort of panicked a bit before finding this little gem in the DFW airport. Thank God! A man can’t take a trip with only one portion of BBQ.

My expectations for this place were low to begin with. After all, what kind of BBQ can you expect to get in an airport? Needless to say, I was very pleasantly surprised! I ordered pulled pork and brisket, with broccoli salad and cole slaw on the side. The meat was surprisingly moist a very flavorful. The smoke ring was good too. In a pinch, this place will definitely do!

#10T – Blackwood BBQ – Chicago, Illinois – Week #3

Overall: 7.75

  • Atmosphere – 7
  • Service – 7
  • Portion/Value – 8
  • Taste – 8

There are five locations for Blackwood BBQ, and we visited the Schaumburg location for lunch. John and I both ordered combos. He got sliced brisket, pulled pork, and burnt ends. I got sliced brisket, burnt ends and ribs. It was a really nice BBQ joint with a rustic, busy, but open atmosphere. The BBQ is self-service, meaning you order at the counter and grab your food when it’s ready. The portions were generous and the taste was pretty darn good. I’d say overall, it was definitely above average is all aspects.

If you’re in the Chicago area, it’s definitely worth the trip.

#10T – Broad Street BBQ – Kingsport, Tennessee – Week #4

Overall: 7.75

  • Atmosphere – 7
  • Service – 9
  • Portion/Value – 8
  • Taste – 6

John’s words, “BBQ Review: Broad Street BBQ, Kingsport, TN. Brisket was decent, the rest was just ok. Will do in a pinch, but probably one and done on this one. Super nice people though!

That’s what he said.

Rounding out the rest…

Here are the rest of the BBQ joints that we visited along with their overall scores.

  • Hard Eight – 7.25
  • Spring Creek Barbeque – 7.25
  • Redd’s BBQ – 7.25
  • RIBBRO BBQ – 7.25
  • Iron Horse – 7
  • Lucille’s Smokehouse BBQ – 7
  • Texas Bar-B-Q Joint – 7
  • Fire Breather BBQ – 7
  • Smoque – 6.75
  • Sweet Lucy’s Smokehouse – 6.75
  • Red Coal BBQ – 6.75
  • Bad to the Bone BBQ – 6.75
  • Unkl Moe’s – 6.5
  • Hambone’s Smokehouse – 6.25
  • Shakedown BBQ – N/A (wasn’t open when it was supposed to be, wasted trip)

SecurityStudio Roadshow Summary

If you’re new, or you’re confused about this #S2Roadshow thing, start here (maybe).

Previous Week’s Recaps:

The purpose of the SecurityStudio Roadshow (#S2Roadhow) is to meet people and make partners. We want to meet people, understand their businesses, and help them grow using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).

Our mission is to fix the broken information security industry. Success requires collaboration, partnership, and transparency.

Next Week’s #S2Roadshow

John Harmon and I are off to Scottsdale, Arizona for a great Phoenix ISSA event this week. The weather doesn’t suck in the Phoenix in December!

If you’ve got any BBQ tips for the Phoenix area, let us know.

Stay tuned for next week’s #S2Roadshow updates. You can follow us on Twitter (@evanfrancen, @HarmonJohn, @StudioSecurity, and the #S2Roadshow hashtag) and on LinkedIn.

See you next week!

#S2Roadshow Recap – Week Eight

Kansas City (MO) and Irvine (CA)

Monday was spent catching up in the office before heading off to Kansas City early Tuesday morning.

A day in Kansas City and three days in Orange County, California this week. Not bad!

SecurityStudio Roadshow Summary

If you’re new, or you’re confused about this #S2Roadshow thing, start here (maybe).

Previous Week’s Recaps:

The purpose of the SecurityStudio Roadshow (#S2Roadhow) is to meet people and make partners. We want to meet people, understand their businesses, and help them grow using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).

Our mission is to fix the broken information security industry. Success requires collaboration, partnership, and transparency.

BBQ Reviews

In full transparency, we have a secondary mission on the #S2Roadshow. We eat as much BBQ as we can. After stuffing ourselves, I summarize our BBQ reviews at the end of each recap article (see below).

Kansas City, Missouri

The Roadshow officially started on early Tuesday morning with a five something AM flight to Kansas City. The primary purpose for making the trip back to Kansas City was an important meeting with Lockton, our awesome partner. We had four people visiting from our office; myself, John Harmon, Alex Titze, and Chris Dian. I took a earlier flight than the other guys, so my job was to get the car and come back to pick them up.

I was greeted in Kansas City by the happiest and most encouraging rental car bus driver you could imagine. Ross was great!

Got the car, grabbed a coffee (red eye) at Starbuck’s, then came back to the airport to pick up the guys. Love these guys!

This slideshow requires JavaScript.

Lockton Meeting

The meeting with Lockton went great! We gave an introductory presentation to personnel in offices throughout the United States and discussed logistics about how we work together. Before heading back to the airport, we had to make a BBQ stop. This time we drove to Slaps BBQ (review below).

At the airport, we had great meeting with Chubb, a new potential partner. Chubb is reviewing the entire SecurityStudio platform, and seems most interested in using the S2Team/S2Me for their clients.

After this meeting, I was off to Irvine/Orange County, while the others headed back to Minneapolis.

Irvine, California

California is a beautiful place, that’s for sure! I had meetings with partners and potential partners while I was here, but things were low-key for the most part. Low-key is good when I have many days worth of email to catch-up on. The primary purpose for this visit was to preach at Webster University on Thursday evening.

My rental car was nicer than usual. Enterprise upgraded me (for no cost) to a Mercedes GL 320. If you know me, you know that I’m not a flashy guy who feels the need to drive a flashy car. At home, I drive a base model F250, so this is a change. A friend  told me that it looks like I’m driving a storm trooper helmet. Take a look at the picture below, yes?

John Harmon joined me on Thursday morning. We decided to check under the hood. Looks complicated.

This slideshow requires JavaScript.

We had some extra time on Thursday afternoon, so we took in a few sights. Like I said earlier, California is a beautiful place!

This slideshow requires JavaScript.

ISSA-OC

My talk is part of the “Cybersecurity Seminar Series”, a joint effort of ISSA of Orange County and Webster University. I wasn’t scheduled to be there until 6:00(ish) PM, so we made a stop at an In-N-Out Burger on the way. On all my travels, this was my first ever experience with an In-N-Out Burger. I can’t believe what I’d been missing!

This slideshow requires JavaScript.

We arrived on time (yay us!) and were greeted by the event organizer, Dr. Brian Dozer. Brian is the Director at Webster University and the ISSA Program Director. Super cool and nice guy! The facility was great, the audience was great, and we met some great people here!

Here’s a copy of my slide deck. Use it (or not) in any manner you wish! I added a slide to the usual deck, a simple challenge for audience members to get a free copy of my book. The challenge is to solve a simple monoalphabetic substitution cipher of one of Robby Bragg’s poems. If you don’t know (or remember), Robby was a wonderful person who used to work at FRSecure before he tragically took his own life on May 17th, 2018. I keep Robby’s memory alive on the #S2Roadshow by highlighting the need to address mental health issues head-on. The slides with Robby’s tribute and the challenge are pictured below.

This slideshow requires JavaScript.

After giving the talk, it was back to the hotel. More meetings on Friday, then back to Minneapolis Friday afternoon. Another great trip!

BBQ Reviews

You know how we roll, right?! BBQ man! As much as we can get, and yes, we (well I am) are gaining a few pounds along the way.

Four BBQ reviews this week. One in Kansas City (Slaps BBQ) and three in California (Fire Breather BBQ, RIBBRO BBQ, and Bad to the Bone BBQ). Reviews below!

Slaps BBQ – https://slapsbbqkc.com/ – Overall: 8 

  • Atmosphere – 8, this was a pretty cool place, located in an industrial part of town. The all brick building featured an indoor eating area, plus there were two more eating areas outside. The eating area on top of the building featured a great view of the Kansas City skyline.
  • Service – 9, I love when the BBQ is made to order right in front of you. They cut the meat and dish it out as you order it, right in front of you. The staff was very courteous and very helpful.
  • Portion/Value – 8, definitely above average. We got filled up at a very reasonable price.
  • Taste – 7, the brisket was good and the pulled pork was good. The best part was the jalapeno cheddar sausage. All the BBQ was good, but not amazing.

This slideshow requires JavaScript.

We went to Slaps on a recommendation from a close friend. She’s a local and told us this was her favorite BBQ in all of Kansas City. It was good, but I’ve had better in this town.

Fire Breather BBQ – http://www.firebreatherbbq.com/ – Overall: 7

  • Atmosphere – 6, there wasn’t anything special about this place. It was located in a strip mall type setting and sort of felt like fast food.
  • Service – 7, average(ish). The staff was courteous and helpful, but nothing special.
  • Portion/Value – 8, definitely above average. Again, I got my fill and I didn’t have to mortgage my house for it.
  • Taste – 7, the brisket had a great fat cap on it, and it was an excellent cut of meat, but there was no smoke ring at all. It was hard to taste the smoke flavor in the other meat too (pulled pork).

This slideshow requires JavaScript.

Overall, I could take it or leave it. I’d stop here again if I was driving by, but I wouldn’t go out of my way for this place.

RIBBRO BBQ – https://www.ribbrobbq.com/ – Overall: 7.25

  • Atmosphere – 8, This BBQ joint is also located in a strip mall setting, but they did a great job making it feel homey. Classic country music playing on the sound system seemed to round out a good atmosphere.
  • Service – 6, service was less than great. There were three people working here when we arrived and they were all busy trying to fill a catering order, which made the wait longer than it should have been. They were really nice people though!
  • Portion/Value – 7, the price was OK for what you get.
  • Taste – 8, the taste was definitely above average, but not great. The brisket was nice and moist. The ribs were good, but had some sort of weird spice in the dry rub. I couldn’t put a finger on what the spice was, and I wasn’t sure if I liked it or not.

This slideshow requires JavaScript.

John was VERY hungry after he got off the plane from Minneapolis, so we got here right when they opened. The service (which was what scored the lowest) might have been better if we’d gotten there a little later in the day.

Bad to the Bone BBQ – https://www.badtothebone-bbq.com/ – Overall: 6.75

  • Atmosphere – 8, this place felt like a BBQ joint on the one hand and a little like a sports bar on the other. Overall, the atmosphere was very good.
  • Service – 7, nothing special about the service. You order at the counter, grab a number, then wait for someone to bring your food.
  • Portion/Value – 5, the worst part about this place was the price for what you get. Even by California standards, this was too costly.
  • Taste – 7, the taste was good, but they put sauce on my meat. I don’t like sauce on my meat unless I’m the one putting it on.

This slideshow requires JavaScript.

I was expecting better, but maybe that’s what I get for having expectations. I probably wouldn’t visit this place again, primarily for the value/price factor.

BBQ Summary

Four new BBQ joints to add to our list. This was an OK BBQ week. The winner this week was Slaps BBQ (Kansas City). Pecan Lodge is still on top as the overall #S2Roadshow leader with a score of 9, and Bowlegged BBQ is still in the #2 spot. The current overall standings are listed below.

NOTE: I’ll organize this list with links to the reviews next week.

Overall Standings (at the end of #S2Roadshow Week Eight):

  • Pecan Lodge – 9
  • Bowlegged BBQ – 8.75
  • Divine Swine – 8.5
  • Dinosaur BBQ – 8.25
  • Big Ed’s BBQ – 8.25
  • Mission BBQ – 8
  • Slaps BBQ – 8
  • Q39 BBQ – 7.75
  • Cousin’s BBQ – 7.75
  • Blackwood BBQ – 7.5
  • Broad Street BBQ – 7.5
  • Hard Eight – 7.25
  • Spring Creek Barbeque – 7.25
  • Redd’s BBQ – 7.25
  • RIBBRO BBQ – 7.25
  • Iron Horse – 7
  • Lucille’s Smokehouse BBQ – 7
  • Texas Bar-B-Q Joint – 7
  • Fire Breather BBQ – 7
  • Smoque – 6.75
  • Sweet Lucy’s Smokehouse – 6.75
  • Red Coal BBQ – 6.75
  • Bad to the Bone BBQ – 6.75
  • Unkl Moe’s – 6.5
  • Hambone’s Smokehouse – 6.25
  • Shakedown BBQ – N/A (wasn’t open when it was supposed to be, wasted trip)

Next Week’s #S2Roadshow

No trip planned this week. We’re taking the week off for Thanksgiving. HAPPY THANKSGIVING!

Stay tuned for next week’s #S2Roadshow updates. You can follow us on Twitter (@evanfrancen, @HarmonJohn, @StudioSecurity, and the #S2Roadshow hashtag) and on LinkedIn.

See you next week! If you want to collaborate with us, get in touch!

#S2Roadshow Recap – Week Seven

Rochester (NY), Kansas City (MO), and Sacramento (CA)

A good week that started with serving a great FRSecure customer in Rochester before heading off to preach in Kansas City and Sacramento. This was the first week that we ran into a person (or group of people) who epitomized something that’s wrong with our industry. Read on.

SecurityStudio Roadshow Summary

If you’re new, or you’re confused about this #S2Roadshow thing, start here (maybe). It’s hard to believe that each week gets better, but it’s true, it does! Week #6 (this one) was the best yet.

Previous Week’s Recaps:

The purpose of the SecurityStudio Roadshow (#S2Roadhow) is to meet people and make partners. We want to meet people, understand their businesses, and help them grow using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).

Our mission is to fix the broken information security industry. Success requires collaboration, partnership, and transparency.

This is the first time we’ve done three cities in one week! It was tough, but very rewarding. The week started of in Rochester to work with a long-time FRSecure customer, then west to Kansas City (Greater Kansas City ISACA Chapter), then further west to Sacramento (Sacramento Valley ISSA Chapter).

Ryan Abraham from FRSecure joined me in Rochester. John Harmon was with me in Kansas City and Sacramento.

BBQ Reviews

In full transparency, we have a secondary mission on the #S2Roadshow. We eat as much BBQ as we can. After stuffing ourselves, I summarize our BBQ reviews at the end of each recap article (see below).

Rochester, New York

Flew to Rochester on Sunday evening. The week started off with some customer project work. I don’t get to work on many customer projects anymore, and I miss it sometimes. This project is a big one, and it requires the development of a new methodology (or two). Sort of cool. Here’s what I can tell you…

  • There are numerous projects.
  • Two of the projects include SecurityStudio products; S2Org and S2Team.
  • We’re putting together a board presentation for S2Org and their S2Score.
  • The customer wants to take the S2Org, S2Score, S2Team, and one of the new methodologies we developed to their group of other like companies. This could become a really big deal!

Honestly, these are some of my favorite people in the security business! We got a ton of work done and collaborated on some very cool things.

Ryan Abraham has worked at FRSecure for a couple of years now, and this is the first time we’ve had the opportunity to work on anything together. It was awesome! Ryan’s an incredible asset to FRSecure, our customers, and this industry. Had a great time getting a bunch of work done and preaching the good (security) news.

This slideshow requires JavaScript.

We nabbed some good BBQ at Dinosaur BBQ in Rochester (twice, review below).

This slideshow requires JavaScript.

It snowed 8(ish) inches while we were in Rochester. First snow storm of the year for me.

Got back to the Twin Cities late on Tuesday night. On to Kansas City Wednesday.

Kansas City, Missouri

The purpose of the trip to Kansas City is to meet with the local ISACA chapter and spread some love. Met John Harmon at the airport and we were off to Kansas City. On the way, we decided that we both needed a new pair of Bose noise cancelling headphones. Impulse buy, but these things are awesome!

This slideshow requires JavaScript.

John and I landed in Kansas City, grabbed our rental car, then got down to business. By business, I mean find BBQ. The rental car bus driver told us we had to try Q39, so that’s what we did (review below). After BBQ, I texted my Mexican son (long story that I’ll share in person if you find me), Officer Salinas of the Lenexa Police Department. We found him on patrol and hung out with him until he got a call he had to get to. I can’t begin to tell you how proud I am of this guy! He’s amazing.

This slideshow requires JavaScript.

Finished the day in Kansas City with some frozen yogurt (froyo) before checking in at the hotel and getting work done. You know, the real work.

Greater Kansas City ISACA Chapter

We met up with the great people who represent the Greater Kansas City ISACA Chapter on Thursday at the University of Kansas Edwards Campus. The venue was beautiful, and the people were even better. Preached the normal(ish) sermon about fixing our broken information security language problem, and encouraged everyone to get their free SecurityStudio account and complete their free  S2Org and S2Me assessments. Yes, they’re completely free!

My sermon has evolved a bit. The (newish) agenda goes from housekeeping (introduction) to the meat (our language, simplification, and fundamentals problem) to the dream (securing America) to the call to action (get our assessments, give us feedback by being part of our community, and preach). If you haven’t heard it yet, come get me. I’ll preach to you too!

I made some new friends including (but not limited to) J.J., Jennifer, Brian, Joan, and Beth. Seriously awesome people! They all stand out, and J.J. Widener is a champ. His support for what we’re doing is super helpful and appreciated! This guy gets it.

Here’s some pictures that John took at the event.

This slideshow requires JavaScript.

After the ISACA talk, we headed out for more BBQ and the airport. Last stop before heading home this week was Sacramento. The weather there doesn’t suck.

Sacramento, California

This turned out to be a quick stop for us. We arrived at 1am (local time) Friday, got some rest at the hotel, gave our talk at the Sacramento Valley ISSA chapter meeting, and got back on a plane for a long flight back to the Twin Cities. No BBQ, which was sort of sad, but I don’t know what kind of BBQ they have in Sacramento anyway.

Sacramento Valley ISSA

This was a relatively small gathering, and one where we hit our first snag on the SecurityStudio Roadshow. Seven weeks in, and our first snag, not bad! Here’s the deal.

We make numerous points in our Roadshow presentation, and two key points are #1, we need to simplify information security for “normal” people and #2, we need to get much better on agreeing what the hell it is we do as a profession. We learned the first point based on what “normal” people have told us after asking ~1,000 of them in a survey and through experience. Yes, we asked people what they think instead of telling them what they think. Big difference!

We learned the second point through basic logic.

The snag came not because the points are invalid, but because we had someone in the audience who liked to think that he was the smartest person in the room.

On point #1. We asked almost 1,000 “normal” people (business people and people who don’t do information security for a living) what we (information security people) can do to make information security more useful, and what we can do to serve them better. Once we received their answers, we made a word map of the raw data (see pic below). The most common word in their answers was “simple”. We need to make information security more simple. This is a good thing because complexity is the enemy of information security (thank you Bruce Schneier).

On this point, most people in this audience agreed (based upon their head nodding and facial expressions); however, I could already sense trouble brewing from the person I alluded to above.

My talk then goes on to tackle an issue that simplification requires a common agreement among security professionals. We will never effectively translate our language to “normal” people’s language until we agree on our language first. Logical, right? Let’s start with the most basic issue at hand, what is “information security”? We should all be able to agree on this fundamental definition. Things started to get sideways here.

Information Security is… (the question posed to the audience). Most audiences give some definitions, then I offer mine. Not that mine is the end all, be all.

I go on. Information Security is managing risk. On this point, I haven’t received disagreement from anyone before, but our guy starts starts chiming in. He doesn’t chime in from an angle of disagreement, but more to add his two cents.

Next. Information Security is NOT eliminating risk, despite what some people think. General agreement on this point too, but our guy still has to add his two cents.

Next. Information Security is NOT compliance, despite the fact that most information security dollars are spent from this motivator. Now our guy feels the need to completely sidetrack the conversation and before we know it, we’re deep in a rabbit hole.

It took almost full hour to get to what I was hoping would be our common definition of information security as “managing risk to unauthorized disclosure, alteration, and/or destruction of information using administrative, physical, and technical controls“. It’s not so much that our guy disagreed with the definition or (God-forbid) gave us an alternative definition as much as his deep desire to be the smartest guy in the room. I called him out for this during the presentation (whether I should have or not is debatable) and it got tense, but whatever. You call it like you see it.

Eventually, we got through the presentation. Due to the monopolization of time, we didn’t have any left for visiting afterwards. We had to run immediately after the talk to catch our flight back to the Twin Cities.

Here’s what I learned from this talk:

  • Everyone is entitled to their opinions.
  • There is a time and a place for opinions and wasting everyone’s time is not the place for your opinions.
  • I could have done a much better job of controlling the dialog during my talk.
  • As long as we’re all fighting to be the smartest guy in the room, we’ll never solve our industry’s problems.
  • Once you choose your hill to die on, you will probably die on that hill.

Made it back safe and sound in Minneapolis. Overall, it was an incredible week!

BBQ Reviews

Three BBQ reviews this week. Three is better than two, which is all we got in the previous few weeks. Our BBQ visits this week included Dinosaur BBQ in Rochester, Q39 in Overland Park, and Iron Horse BBQ in Platte City.

Dinosaur BBQ – https://www.dinosaurbarbque.com/rochester/ – Overall: 8.25

  • Atmosphere – 8, it’s a cool place with a great vibe. The lighting is perfect for a BBQ joint, there’s a lot of wood, and the view of the river is super cool.
  • Service – 9, great service all-around. These people make you feel at home.
  • Portion/Value – 7, a little pricey for how much food you get, but what place isn’t?
  • Taste – 9, incredible, especially the ribs and wings.

In full transparency, I’ve eaten at Dinosaur BBQ in Rochester many times. It’s a great BBQ joint and I’ve enjoyed every visit I’ve made. This was Ryan Abraham’s first visit to Rochester, so we made sure to stop in. Actually, we ended up eating here twice during this trip. Poor us!

This slideshow requires JavaScript.

I’ve visited Rochester more than a dozen times and eaten BBQ at just about every place this city offers. Dinosaur is the best BBQ in Rochester. On this trip, I ate their ribs, brisket, wings, and pulled pork. The brisket and pulled pork were good, but the ribs and wings were friggin’ amazing! The ribs were arguably the best I’ve had on the SecurityStudio Roadshow so far. If you’re in Rochester, and you like BBQ (even if you don’t like BBQ), a visit to Dinosaur is a must!

Q39 – https://q39kc.com/ – Overall: 7.75

  • Atmosphere – 7, this is a little too upscale feeling for me. A very nice restaurant, but not down-homey enough for my taste.
  • Service – 8, great service. I was in the middle of a conference call at the beginning, so I might have missed something here. Guess, I’ll have to visit again!
  • Portion/Value – 7, a little spendy.
  • Taste – 9, super! The burnt ends and brisket were the bomb!

This was the first stop for me and John after landing in Kansas City. We received a tip to visit this place from our rental car terminal bus driver, and obviously this guy knew what he was talking about! Kansas City is known for their BBQ and we had dozens of places to choose from, but we made a good call here.

This slideshow requires JavaScript.

This was a great welcome to Kansas City and we highly recommend visiting Q39!

Iron Horse BBQ – no website – Overall: 7.0

  • Atmosphere – 5, I’m not a big fan of the strip mall BBQ joint vibe, so this was a downer.
  • Service – 9, great service! These guys gave us some free burnt ends and came out from behind the counter to visit with us. Really cool people here!
  • Portion/Value – 8, very reasonably priced for large portions of food.
  • Taste – 6, the taste was too bland and overall disappointing.

We were in a bit of a rush after the ISACA talk, but we had to fit in one more BBQ visit before we left. It’s Kansas City for crying out loud!

This slideshow requires JavaScript.

We’ll give these guys the benefit of the doubt. I think they recently moved into this new location, and I don’t think they’ve gotten completely settled yet. It’s worth trying again some time in the future, but it might be hard to get back here given all the awesome BBQ joints in Kansas City.

No promises.

BBQ Summary

Three new BBQ joints to add to our list. This was a good BBQ week. The winner this week was Dinosaur BBQ (Rochester). Pecan Lodge is still on top as the overall #S2Roadshow leader with a score of 9, and Bowlegged BBQ is still in the #2 spot. The current overall standings are listed below.

Overall Standings (at the end of #S2Roadshow Week Seven):

  • Pecan Lodge – 9
  • Bowlegged BBQ – 8.75
  • Divine Swine – 8.5
  • Dinosaur BBQ – 8.25
  • Big Ed’s BBQ – 8.25
  • Mission BBQ – 8
  • Q39 BBQ – 7.75
  • Cousin’s BBQ – 7.75
  • Blackwood BBQ – 7.5
  • Broad Street BBQ – 7.5
  • Hard Eight – 7.25
  • Spring Creek Barbeque – 7.25
  • Redd’s BBQ – 7.25
  • Iron Horse – 7
  • Lucille’s Smokehouse BBQ – 7
  • Texas Bar-B-Q Joint – 7
  • Smoque – 6.75
  • Sweet Lucy’s Smokehouse – 6.75
  • Red Coal BBQ – 6.75
  • Unkl Moe’s – 6.5
  • Hambone’s Smokehouse – 6.25
  • Shakedown BBQ – N/A (wasn’t open when it was supposed to be, wasted trip)

Next Week’s #S2Roadshow

A less busy week, but still a great one planned. The Roadshow starts on Tuesday with another visit to Kansas City, then it’s on to Webster University in Irvine, California. We’re giving the standard sermon at a joint seminar between Webster University, ISSA, ISACA, and OWASP. Pretty pumped!

Looking forward to another great week!

Stay tuned for next week’s #S2Roadshow updates. You can follow us on Twitter (@evanfrancen, @HarmonJohn, @StudioSecurity, and the #S2Roadshow hashtag) and on LinkedIn.

See you next week! If you want to collaborate with us, get in touch!