Posts

UNSECURITY Podcast – Ep 105 Show Notes – Honest IR

Alright, the U.S. election season is over. Now we can all focus again, right?

Maybe, maybe not.

Before we get too far, I want to call your attention to an article I wrote last week titled “Good People Didn’t Vote For Your Guy“. Healing and unity are long overdue in our country. I’m hoping we will find our way back to being countrymen/women working together for our common good. I’m also hoping that our elected officials don’t steal this opportunity for thier own selfish gain.

OK, now back to work…

Last week on the UNSECURITY Podcast, episode 104, we talked with a good friend Richie Breathe about the security industry’s perceived stigma against healthy stuff. It was a great episode and a real pleasure spending time with such a cool guy. If you missed the episode, go give it a listen.

Also last week, Ryan Cloutier, Chris Roberts, and myself had a GREAT time chatting on the Security Shit Show. Our topic was “Seven Ways Security Can Improve Your Sex Life“. Chris found a “Fitbit for your man bits” online, and the conversation went on from there. Lots of fun!

Plenty of businessy stuff went on last week as well, including a half dozen (or so) partnership discussions with some great organizations. Things continue to hum along, so watch for announcements from FRSecure and SecurityStudio in the coming weeks.

On to the show!

Episode 105 Topic and Special Guest

FRSecure’s Director of Technical Solutions and Services, Oscar Minks is joining us on the show again this week. For those who don’t know Oscar, he’s the awesome leader of FRSecure’s Team Ambush and an all around incredible guy. We’ll ask him to tell us who Team Ambush is on the show, but these are essentially the people who do all (or at least most) things technical at FRSecure, including penetration testing, red/blue/purple teaming, incident response, CTF competitions, exploit development and training, etc. Seriously an INCREDIBLE team!

We’ve got Oscar on this week to talk primarily about what TO DO, and what NOT TO DO during an incident response. In the last few months, we’ve seen a significant increase in the number of reported incidents, and we’ve seen too many people make mistakes. Don’t get us wrong, there are people who do things right, but sadly this is too rare.

Should a great talk!

Let’s get on to the notes…

Brad’s leading the discussion today, and these are his notes.


SHOW NOTES – Episode 105

Date: Tuesday November 10th, 2020

Episode 105 Topics

  • Opening
  • Catching Up
    • What’s new?
    • How 4th quarter got you going? 😉
  •  Special Guest Oscar Minks – What TO DO, and what NOT TO DO during an incident response
    • First, tell us about “Team Ambush”
    • Recent Incidents/Stories
    • Top things to do
    • Top things NOT to do (examples)
    • What’s next for Team Ambush?
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 105 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is November 10th, and joining me this morning as usual is Evan Francen.

[Evan] Talks about mindfulness after the last three shows…

[Brad] We have Oscar Minks with us today. Good morning Oscar.

[Oscar] Says a few things in his sweet southern drawl…

[Brad] As is tradition, let’s catch up with what happened over the last week.

[Evan] The weather was really nice this weekend, so I think Evan got in a good ride (or two).

Quick Catchup

Brad, Evan, and Oscar do a little friendly catching up…

NOTE: We know this isn’t specifically security-related, but security folks gotta have a life too, right?

Transition

Special Guest Oscar Minks – What TO DO, and what NOT TO DO during an incident response

[Brad] Okay so it’s no surprise that IR work is keeping us busy, the report from DHS and Secret Service around healthcare is proof of that. I thought it would be a good discussion today to talk about what are some do’s and don’ts when working with an IR firm, which is why Oscar is joining us this morning.

Open discussion points:

  • Tell us about “Team Ambush”
  • Recent Incidents/Stories
  • Top things to do
  • Top things NOT to do (examples)
  • What’s next for Team Ambush?

Begin Discussion

[Brad] Great discussion. Here are some news stories.

News

[Brad] Always plenty of interesting things going on in our industry. Here’s a few stories that caught my attention recently:

Wrapping Up – Shout outs

[Brad] That’s it for episode 105. Thank you Evan and Oscar, do you have any shout outs this week?

[Evan] We’ll see…

[Oscar] We’ll see…

[Brad] Thank you to all our listeners! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

UNSECURITY Podcast – Ep 104 Show Notes – Stigma Against Healthy

Last week was nuts. Is “nuts” the norm? God, I hope not.

The week started off with what seemed like a run of the mill ransomware attack against a healthcare client. The investigation led us to threat hunting with another client. During the threat hunting exercise, Brian Krebs called. He claimed to have information about 427 healthcare organizations who could be attacked by Wednesday (10/28). This led us down all sorts of paths with a few renowned researchers, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, Secret Service (don’t ask), and others.

Eventually, CISA issued a joint cybersecurity advisory with the FBI and Department of Health and Human Services (HHS). See: Ransomware Activity Targeting the Healthcare and Public Health Sector.

On Friday, FRSecure issued their own statement and hosted a very well-attended webinar. See: Situation Update: RYUK Ransomware in Healthcare.

One thing we learned is that incident response in the United States, in terms of our readiness across the public/private sector is in bad shape. It shouldn’t take 3+ days to legitimize a threat and coordinate a response. Thank God we didn’t witness a coordinated attack against 427 hospitals at once. Had this been a real attack against 427 hospitals, we would have been in a world of hurt!

Other things that happened last week include:

  • Episode 103 of the UNSECURITY Podcast, Part Two with Neal O’Farrell of the PsyberResilience Project was awesome! If you missed it, you should go check it out.
  • FRSecure is rocking it! We’re running on all cylinders and making a positive difference in our industry. I’m very proud and humbled at the same time.
  • SecurityStudio finished another incredible month! People are buying into the concept of focusing on the fundamentals and simplification. In case you didn’t know, complexity is the worst enemy of information security.
  • The Security Shit Show was awesome on Thursday night! Personally, I needed the time to talk shit with my peers, Ryan Cloutier and Chris Roberts. It’s like therapy. The title for our discussion was “Kiss and Make Up?” and we talked about what life might look like after the election.

There was probably other important stuff sprinkled in last week too, but the brain can only handle so much!

On to the show!

Episode 104 Topic and Special Guest

A few important things about this episode:

  • This is episode 104, the two-year anniversary of the UNSECURITY Podcast! Holy crap, where did the time go?! It’s been an incredible ride so far, and we’ve met 100s of amazing people along the way.
  • Our topic (or, I guess title) is “The security industry’s stigma against healthy stuff“. Is there a stigma against healthy stuff in our industry? Maybe. We’ll look into it in this episode.
  • We have another special guest, and he’s a good one! We call him Richie Breathe, and he’s a great guy with interesting perspectives on wellness. He’s the perfect guest to wrap up what turned into another semi-series about us and our health.
  • Next week, we’re going to dive back in to incident response. We’ve seen some very interesting (and alarming) trends, and it’ll be good to share with you.

Let’s get on to the notes…

Oh yeah, one more thing before we forget.

GO VOTE!


SHOW NOTES – Episode 104

Date: Tuesday November 3rd, 2020

Episode 104 Topics

  • Opening
  • Happy Anniversary (to us)
    • What’s been your favorite thing about the UNSECURITY Podcast?
    • What’s been your favorite moment or episode?
  •  Special Guest Richie Breathe and the security industry’s stigma against healthy stuff
    • Who’s Richie Breathe?
    • Is there a stigma? If so, how bad do we think it is?
    • Ideas for improving wellness in our industry.
    • Where to go next.
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hi again everyone. Welcome to another episode of the UNSECURITY Podcast! This is episode 104, the date is November 3rd, 2020, and I’m Evan Francen, your host. Joining me is my good friend and co-worker, Brad Nigh. Good morning Brad.

[Brad] Cue Brad.

[Evan] Also joining us, is a good friend Richie Breathe. Good morning Richie.

[Richie] Cue Richie.

[Evan] First things first. Today is election day. Did you guys vote?

[Brad & Richie] Well, did they?

Happy Anniversary (to us)

[Evan] This is our 104th episode in a row, meaning 104 weeks in a row, meaning two years! I can hardly believe it. Seems like yesterday we did our first episode together Brad. Happy anniversary!

[Brad] Cue Brad

[Evan] I gotta tell you man. I’ve loved every minute of this with you. Sincere gratitude for being my pal in this journey.

[Brad] Cue Brad

[Evan] Now, Richie. You’ve been listening for a while, and we actually met through the podcast, didn’t we?

[Richie] Cue Richie

[Evan] I’ve met 100s of amazing people over the past two years from this show. So many incredible memories. Brad, what’s your favorite thing about the UNSECURITY Podcast?

[Brad] Cue Brad

[Evan] How about you Richie?

[Richie] Cue Richie

[Evan] My favorite thing.

I couldn’t have imagined so much and I’m VERY grateful. How about a favorite moment or episode? Brad?

[Brad] Cue Brad

[Evan] Richie?

[Richie] Cue Richie

[Evan] My favorite moment/episode.

Like I said, it’s been an amazing ride. Here’s to many more episodes and lots more memories!

Transition

Special Guest –  Richie Breathe and the security industry’s stigma against healthy stuff

[Evan] Richie, thanks for being here man. I know we talked about this a while back, and the time has finally come. You first learned about me and Brad through the UNSECURITY Podcast, then started coming to the Daily inSANITY Checkin, right?

[Richie] Cue Richie.

[Evan] The Daily inSANITY Checkin is another HUGE blessing for me. I’ve met some incredible people there and I love sharing life with them. Shout out to you guys!

For people who want to know more, the Daily inSANITY Checkin is just what it says. It’s a daily informal meeting with people who care about each other. It’s a safe place to come, share thoughts, share ideas, or share whatever else comes to mind. The only real rules are to show respect and be yourself. Simple.

We started the Daily inSANITY Checkin immediately after the COVID-19 lockdowns started in March and we’ve been going strong ever since. It’s been incredible. So, Richie. You’re there almost every day, and I’m grateful to have gotten to know you. I know you, but tell the listeners a little about yourself.

[Richie] Cue Richie.

Begin Discussion

The security industry’s stigma against healthy stuff

  • Who’s Richie Breathe?
  • Is there a stigma? If so, how bad do we think it is?
  • Ideas for improving wellness in our industry.
  • Where to go next.

[Evan] Awesome! Great discussion. Thanks again Richie!

Now, we’re at the part of the show where we review a few news items that caught our eye this past week. Richie, please feel free to comment anytime too!

News

[Evan] Always plenty of interesting things going on in our industry. Here’s a few stories that caught my attention recently:

Wrapping Up – Shout outs

[Evan] Great! Episode 104 is just about complete. Thanks guys! Next week we’re going to tackle some incident response stuff. Things like what’s going on, what people are doing wrong, and how to do things better. Episode 105 will be great, and maybe we’ll invite a guest to boot!

Richie, loved having you join us this week. Thank you!

Any shout outs for either of you?

[Brad and/or Richie] We’ll see.

[Evan] Always grateful for our listeners! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Richie, how can listeners find you?

[Richie] Cue Richie.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

UNSECURITY Podcast – Ep 103 Show Notes – PsyberReslience Project Pt. 2

Happy Tuesday (again)!

There are always 100s of things to talk about each week, and if you’re ADHD like me, you know how hard it can be to stay focused on one thing for too long!

Here are a few things that are top of mind right now:

  • Security ABCs:
  • Election is next week. Please vote. Regardless of who you vote for, you have a voice. The voice might seem insignificant, but when millions of voices speak together, you have something special. This election season has been crazy, just like 2020 has been crazy. I’m looking forward to it being over, so we can return our focus to serious issues facing all of us.
  • Last week on the Security Shit Show, we talked about election security. The title of the show was “Is My Vote Secure?”. This week it’s Chris Roberts‘ topic, and he hasn’t announced it yet. Stay tuned!
  • Business is good – FRSecure is running at or near full capacity and SecurityStudio is serving people well with simple, fundamental, and effective information security risk tools. Good things! FRSecure is hiring BTW.
  • Incidents and calls for our incident response team continue to roll in. There was an incident that occurred this past weekend. Sadly, the way the incident was handled by the client provided good examples of what NOT to do. I’ll right a separate blog post on this story later, but here’s two things you need to do RIGHT NOW. Drop what you’re doing and make sure you’re squared away on:
    1. Check your incident response plan and be sure you know who to call.
      • Double-check the contact information.
      • Is there 24×7 response? Incidents will inevitably happen at the worst time.
      • Who do you call, and who do you call first? Your incident responders, your insurance provider, your legal team, executive management, law enforcement, or…?
    2. Make sure your preferred 3rd-party incident handler/provider is on your insurance provider’s approved list for reimbursement.
      • You waste precious time, energy, and money when you don’t know.
      • Engaging with a 3rd-party incident responder who isn’t on the list will force you into declined reimbursements and/or changed providers (losing more time).
  •  Not a sales push at all, but here’s what FRSecure provides. At a minimum, it makes sense to register with your incident responder (See: IR Registration Services).

  • Not digging the cold weather, but I do live in Minnesota, so…

Episode 102 Quick Recap

Originally, we weren’t planning on making the discussion with Neal O’Farrell into a series, but the talk in episode 102 was too AWESOME! Brad was out sick for the show, but Neal and I had a great talk about his 40(ish) years in our industry, his background growing up in Ireland, his organization (the PsyberResilience Project), our personal mental health issues (stress, burnout, etc.), and mental health in our industry. This is a serious issue in our industry, and we’re not doing a good enough job in tackling our problems.

I’m VERY excited to welcome Neal back again! We’ll talk about resources people can use to improve their lives. Sure to be another great discussion!

These are my (Evan) notes.


SHOW NOTES – Episode 103

Date: Tuesday October 27th, 2020

Episode 103 Topics

  • Opening
  • Special Guest – Neal O’Farrell from the PsyberReslience Project
    • Recap episode 102 – Where we left off.
    • Mental Health Discussion.
    • Specific self-help approaches, what we’ve learned from trying them.
    • Other resources and what you can do to help.
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hi everybody. Welcome to another episode of the UNSECURITY Podcast! This is episode 103, the date is October 27th, 2020, and I’m Evan Francen, your host. Joining me is my good friend and co-worker, Brad Nigh. Good morning Brad.

[Brad] Cue Brad.

[Evan] Also joining us, for the second week in a row is our good friend and founder of the PsyberResilience Project, Neal O’Farrell. Good morning Neal.

[Neal] Cue Neal.

[Evan] How are you guys today? What’s new?

Quick Catch-up

Discussion about any current events, life or otherwise…

Transition

 

Special Guest – Neal O’Farrell from the PsyberReslience Project

[Evan] Neal, thanks for joining us for the podcast again this week. Last week we had a great talk. So great, in fact, we didn’t leave any time for news stuff. No matter though, people can always read news things for themselves.

Anyway, we talked about your background, both of us shared our personal struggles with mental health, and we talked about your organization (the PsyberResilience Project). This week Brad’s joining us, and we’re going to focus on specific self-help approaches that we’ve tried. Before we jump in, Brad, did you get a chance to listen to last week’s podcast?

[Brad] Cue Brad.

[Evan] What did you think about it?

[Brad] Cue Brad.

[Evan] Great! Let’s dig in.

Begin Discussion

Topics to discuss (or ideas):

  • Recap episode 102 – Where we left off.
  • Mental Health Discussion.
  • Specific self-help approaches, what we’ve learned from trying them.
  • Other resources and what you can do to help.

Discuss whatever else comes to mind.

[Evan] Excellent discussion, and I’m sure our listeners found value in it!

Now, we’re at the part of the show where we review a few news items that caught our eye this past week. Neal, please feel free to comment anytime too!

News

[Evan] Some interesting nation-state stuff caught my attention this week. God knows, there’s always plenty of nation-state stuff going on!

Wrapping Up – Shout outs

[Evan] Great! Episode 103 is just about complete. Thanks guys! Neal, it was great having you on the show again this week. I’m looking forward to working together to make our industry better. Brad, always happy when you’re here. Glad you’re feeling better this week!

Any shout outs for either of you?

[Brad and/or Neal] We’ll see.

[Evan] Always grateful for our listeners! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Neal, remind our listeners again how they can get in touch with you.

[Neal] Cue Neal.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

UNSECURITY Podcast – Ep 102 Show Notes – PsyberReslience Project

Happy Tuesday (again)!

There are always 100s of things to talk about each week, and if you’re ADHD* like me, you know how hard it can be to stay focused on one thing for too long!

Here are a few things that are top of mind right now:

  • Security ABCs – I’ve been writing the information security ABCs the last week or two. This is a journey through the basics and fundamentals of information security. The “experts” can use the reminders and the inexperienced can use the direction (I think). The reception has been great so far, and I love the comments I’ve been getting, in my LinkedIn feed and on Twitter! So far, I’m through “D”. Stay tuned for “E” and “F” which are both scheduled for this week.
  • Election is only two weeks away – Have you already voted or are you planning to? If not, shame. Every U.S. citizen should voice their support for who they want leading this country. If you’re like me, I’m not wild about either of the two leading candidates, but it won’t stop me from casting a vote for who I think is best (out of my limited options). Last week, we talked about election security in episode 101. The notes for that episode have some good resources in them.
  • Disinformation is rampant – Last Thursday, Ryan Cloutier, Chris Roberts, and I opened our three-part series about election disinformation on the Security Shit Show. This first episode was titled “Disunited States of America (Election Disinformation)” and despite our share of technical difficulties, it was a great talk!
  • Business is good – FRSecure is running at near full capacity and SecurityStudio is serving people well with simple, fundamental, and effective information security risk tools. Good things! FRSecure is hiring BTW.
  • Cold/Winter

Lot’s of blessings, despite the crazy society we’re living in.

*Speaking of ADHD, mental health is a serious issue in our society and our industry. Helping people with mental health disorders is important for all of us, and it’s a cause that I’m deeply committed to. This is the topic for today’s show.

I’m VERY excited to welcome a special guest this week. He’s the Founder of the PsyberReslience Project, and a long time information security advisor and expert; Neal O’Farrell!

On to the show! Brad is out with a sinus infection (or something), so it’s just me and our guest. These are my notes.


SHOW NOTES – Episode 102

Date: Tuesday October 20th, 2020

Episode 102 Topics

  • Opening
  • Special Guest – Neal O’Farrell from the PsyberReslience Project
    • Introduction to Neal
    • About the PsyberReslience Project
    • Mental Health Discussion
    • What can we do to help?
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hi everybody. Welcome to another episode of the UNSECURITY Podcast! This is episode 102, the date is October 20th, 2020, and I’m Evan Francen, your host.

Unfortunately, Brad Nigh, my good friend and regular co-host, is out with a sinus infection (I think) today. So, it’s me flying solo, but not really.

I’m REALLY excited to introduce you to a great guy and tremendous asset to the information security community; Neal O’Farrell.

Hi Neal.

[Neal] Cue Neal.

Special Guest – Neal O’Farrell from the PsyberReslience Project

[Evan] Neal, thanks for joining us for the podcast. Tell us about you and your journey through the information security industry.

Begin Discussion

Topics to discuss (or ideas):

  • Neal’s background.
  • The PsyberResilience Project
    • Its purpose.
    • Why Neal started it.
    • What makes it different?
    • Current initiatives and goals.
    • How can people find you?
  • Mental Health
    • What’s wrong with our industry, in terms of mental health?
    • Have problems gotten worse, especially with today’s current events?
    • Have we fixed/solved anything?
    • Personal mental health issues.
    • What do we need to do?
  • What we’re doing together (SecurityStudio and the PsyberResilience Project

Discuss whatever else comes to mind.

[Evan] Thank you Neal! Great discussion and I’m thrilled to be doing good things with you.

Now, we’re at the part of the show where we review a few news items that caught our eye this past week. Neal, please feel free to comment anytime too!

News

[Evan] Just one large news reference for this week. From the Register:

First, Patch Tuesday. Now, Oh Hell, Monday: Microsoft emits bonus fixes for Visual Studio, Windows 10 security bugshttps://www.theregister.com/2020/10/19/security_in_brief/

[Evan] For the most part, I like reading the Register for news. Neal, do you have a favorite news source in our industry?

[Neal] Cue Neal.

Wrapping Up – Shout outs

[Evan] Great! Episode 102 is just about complete. Thanks Neal! It was great having you join us this week and I’m very happy to have you fighting on the good side. Once again, how can we help?

[Neal] Cue Neal.

[Evan] Always grateful for our listeners! We’re behind on email still, but we’ll get there! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Neal, do you have a way you prefer people get in touch with you?

[Neal] Cue Neal.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

UNSECURITY Podcast – Ep 101 Show Notes – Election Security

Well, it’s already mid-October and the election is 21 days (three weeks) away. Things have never seemed crazier or more divided, at least not in my lifetime. Good fodder for discussion in episode 101 of the UNSECURITY Podcast!

Work-wise things are also crazy, but good. Fourth quarter is always nuts for an information security company, and doesn’t matter is it’s consulting (FRSecure) or SaaS (SecurityStudio). Everyone is running at full capacity and finding life margin is a challenge!

Hope you’re happy and healthy! On the the show; I’m (Evan) leading this show and these are my notes.


SHOW NOTES – Episode 101

Date: Wednesday October 14th, 2020

Episode 101 Topics

  • Opening
  • Catching Up (as per usual)
  • Election Security
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Hey there, thank you for tuning into this episode of the UNSECURITY Podcast. The date is October 14th, 2020 and this is episode 101. I’m Evan Francen, your host for this show. Joining me is my good friend and co-host Brad Nigh. Good morning Brad.

[Brad] Brad does Brad.

[Evan] I know we’re a day late getting the podcast out again this week, but holy cow we’ve been busy! We’ll try to get back on track next week.

Brad, I want to reiterate how I enjoyed our discussion the past couple of weeks about the social dilemma, a Netflix documentary about social media and its effects on society. Lots to think about. In fact, I’m planning to watch it again this week.

[Brad] He might comment here.

Catching Up

[Evan] So, what’s new? Tell us what a day in the life of Brad looks like.

[Brad] Cue Brad.

[Evan] I’ll share some stuff too (probably).

Transition

Election Security

[Evan] As you know, we’re only 20 days from the election. If you haven’t registered to vote yet, you should. Go to vote.gov and check it out. Brad have you registered to vote?

[Brad] Cue Brad.

[Evan] I’m registered and ready to cast my ballot! The date is November 3rd.

There’s been much said about election security. A simple Google search of “election security” produces over 2.2 million results! Election security isn’t a new thing, even though it’s been front and center the past few election cycles.

There’s more to election security than protecting voting machines, so let’s talk about this.

Resources

[Evan] There’s a lot more to election security than infrastructure. What about voter intimidation, disinformation, and security after election night? We’re talking about disinformation on Thursday night’s Security Sh*t Show because this is a significant issue in today’s society.

Election Security Discussion

Open discussion

[Evan] Good discussion! Securing an election has never been more difficult. Let’s catchup on some news quick.

News

[Evan] Here are some recent and interesting news stories to talk about.

Wrapping Up – Shout outs

[Evan] Great! Episode 101 is just about complete. Thanks Brad, do you have any shout outs this week?

[Brad] We’ll see.

[Evan] Always grateful for our listeners! We’re behind on email, but we’ll promise to respond soon. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.

That’s it! Talk to you all again next week!

UNSECURITY Podcast – Ep 100 Show Notes – The Social Dilemma Pt2

Hard to believe that this is episode 100 already! I’ll have to write a recap of the journey sometime soon.

Crazy things all over the place here at FRSecure and SecurityStudio. If you’ve been an information security consultant, or if you know one, you know that 4th quarter is a crazy time of year. Turns out, COVID-19 and 2020 is NOT the exception. We’re happily swamped.

Having said all that, we’re a day late getting the podcast out again this week. Not because we didn’t try, but because life and work get in the way sometimes.

Hope you’re happy and healthy! On the the show; Brad’s leading and these are Brad’s notes.


SHOW NOTES – Episode 100

Date: Wednesday October 7th, 2020

Episode 100 Topics

  • Opening
  • Catching Up (as per usual)
  • the social dilemma, Part Two
  • News
  • Wrapping Up – Shout outs
Opening

[Brad] Welcome back! This is episode 100 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is October 6th, and joining me this morning as usual is Evan Francen.

[Evan] Talks about how busy things have been

[Brad] Last week we had a really good discussion about The Social Dilemma and we didn’t get to everything so we are doing part 2 today. But before we get going let’s recap our week.

Catching Up

[Evan] Evan’s cool story

[Brad] A recap of my week

Transition

the social dilemma, Part Two

[Brad] Okay let’s pick up where we left off. There are no shortage of takes on the movie, here are some I found interesting.

[Brad] Great discussion here are some news stories

News

[Brad] Here are news stories that caught me eye this week:

Wrapping Up – Shout outs

[Brad] That’s it for episode 100. Thank you Evan, do you have any shout outs this week?

[Evan] We’ll see.

[Brad] Thank you to all our listeners! Thank you to our listeners! Keep the questions and feedback coming. Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @BradNigh, and Evan is @evanfrancen.

Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more goodies.
That’s it! Talk to you all again next week!

UNSECURITY Podcast – Ep 99 Show Notes – The Social Dilemma

Happy Tuesday! Here we are again, and lots going on…

The big news (sort of) is the first presidential debate is tonight. I wonder how many people will tune in. Personally, I’m not sure if I will. We’ll see.

A few weeks ago my wife asked me to watch the social dilemma with her on Netflix, so I did. I’d heard about the documentary/movie from some friends, but didn’t get around to watching it until then. Wow!

The opening quote from the movie:

Nothing vast enters the life of mortals without a curse

-Sophocles

He was right. Today, Brad and I will give your our reviews about the social dilemma and talk about our thoughts. These are my (Evan) show notes for episode 99.


SHOW NOTES – Episode 99

Date: Tuesday, September 29th, 2020

Episode 99 Topics

  • Opening
  • Catching Up
  • the social dilemma
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone. Thanks for tuning in to episode 99 of the UNSECURITY Podcast. Today is September 29th, 2020 and joining me is my co-host and friend Brad Nigh.

Good morning Brad.

[Brad] Cue Brad.

[Evan] We’ve got a special show planned for our listeners this week. Brad, you and I both watched the social dilemma on Netflix. It’s a documentary about social media in our society that was released in January. Funny how neither of us had watched it until recently, and now (as of this morning) it’s trending as the #6 most popular video on Netflix. I guess it’s better late to the party than not showing up at all!

Before we jump in, I’m dying to hear your thoughts, let’s catch up quick. This is customary.

Catching Up

[Evan] Brad, how you doing? What’s new?

[Brad] Cue Brad.

[Evan] Cue Evan.

Transition

the social dilemma

[Evan] You watched the social dilemma, right?

[Brad] Cue Brad.

[Evan] What did you think?

Our review and discussion

  • What if I’m not a social media user/addict, why should I care?
  • We see different realities? Different news feeds?
  • Data (you and I) sold to the highest bidder.
  • Where does this all end if we don’t act (now)?

Any sufficiently advanced technology is indistinguishable from magic

-Arthur C. Clarke

[Evan] If you haven’t seen the social dilemma yet, I highly suggest you do. Sit down, spend the hour and a half, and consider it all. If you’ve got a spouse, invite them to watch it with you. If you’ve got teenage kids, see if you can peel them away from their phones long enough too.

We’ve got to do more about this, and we’ve got to move much quicker than we are.

[Evan] OK, news. Let’s do some quick news stories.

News

[Evan] Three news stories to talk about briefly this week:

Wrapping Up – Shout outs

[Evan] OK. That’s about it. Episode 99 is almost a wrap. Brad, any shout outs this week?

[Brad] Shout out…

[Evan] We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

UNSECURITY Podcast – Episode 98 Show Notes

Here we are again, another Tuesday, and another episode of the UNSECURITY Podcast!

Tons going on, as usual.

Last week we released a couple new FREE things at SecurityStudio:

  • Work From Home Security Policy Template – Located at the bottom of our S2Team page. If you don’t know what S2Team is, you should definitely take a look. If you just want the template and don’t care, here it is.
  • Ransomware Recovery Contract – A simple contract between executive management and IT to ensure accountability for ransomware recovery. Executive management likes it because they finally know what to ask for, and IT likes it because they can use it to show they’re doing what they should/can to prevent a prolonged ransomware outage. I’ve uploaded the contract to my site here.

ADDED: Brad reminded me on the show that FRSecure made a free Incident Response Plan Template available last week. Take a look. It’s really, really good (and free)!

Other goings on include developing and improvement of new services (including the release of SecurityStudio v3.9 and an incident response capability assessment), continued collaboration with great partners, a few speaking engagements, episode 19 of the Security Shit Show, deployment of S2Team, and other things.

Alright, enough about that. Let’s get to the show notes, shall we? These are my (Evan) notes.


SHOW NOTES – Episode 98

Date: Tuesday, September 22nd, 2020

Episode 98 Topics

  • Opening
  • Catching Up
  • Accountability
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone. Thanks for tuning in to episode 98 of the UNSECURITY Podcast. Today is September 22nd, 2020 and joining me is my co-host and friend Brad Nigh.

Good morning Brad.

[Brad] Cue Brad.

[Evan] I think we have a good show planned for listeners this week. This episode is all about accountability. I’d like to discuss how accountability works in information security, who should be accountable for what, and give some tips for improving accountability where we work and in the world around us.

Lots to cover on the topic of accountability. Before we jump in, quick catchup with Brad.

Catching Up

[Evan] Brad, how you doing? What’s new?

[Brad] Cue Brad.

[Evan] Cue Evan.

Transition

Accountability

[Evan] Alright, let’s talk about accountability, or maybe the lack of accountability, in information security. This has been a topic that’s been dominating my thoughts again for the past couple weeks. I say “again” because this isn’t the first time we’ve talked about it.

During an episode of the Security Shit Show a couple weeks ago, I think it was episode 18, we were talking about ransomware. The talk was great, but the frustration we all felt was apparent. Why do we keep doing the same things over and over again? Why don’t people do the basics? My take was the lack of accountability. So, I drafted a Ransomware Recovery Contract to help.

Have you seen the Ransomware Recovery Contract?

[Brad] Cue Brad (I’m sort of springing this on him).

[Evan] So, the greater issue of accountability in general. Let’s talk about it here, for our benefit and the benefit of our listeners.

  • The importance of accountability.
    • Repeating the same mistakes over and over.
    • Safe to assume people know?
    • People die now.
  • When to define accountability.
  • Who’s ultimately accountable for what?
    • In tech – buggy software, social media (see the social dilemma), etc.
    • Big organizations.
    • Small organizations.
    • Public organizations.
    • School districts.
  • Examples of accountability disfunction.
  • Examples of good accountability.
  • What to do about it.
    • Get out ahead. Better now than never (or later).
    • Will CEOs be personally liable someday?

[Evan] This is a deep subject with much to be said. Everything moves so fast, and sadly accountability is severely lagging behind.

[Evan] For listeners who are wondering about us doing a series titled “Politics and Information Security”, it’s still being considered. We just have to put it all together.

[Evan] OK, news. Let’s do some quick news stories.

News

[Evan] Three news stories to talk about briefly this week:

Wrapping Up – Shout outs

[Evan] OK. That’s about it. Episode 98 is almost a wrap. Brad, any shout outs this week?

[Brad] Shout out…

[Evan] We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!

UNSECURITY Podcast – Episode 97 Show Notes

Good morning! Happy Tuesday!

Thinking Brad is back again this week. I dig that because I dig Brad!

Last week, Brad was out feeling sick. This led to a solo recording of the UNSECURITY Podcast; go check out episode 96 if you want to hear me do my most awkward podcast yet.

Busy, Busy, Busy

We’ve been very busy around here, and it sounds like many of you are too. There are many good signs recently that the economy may be rebounding. The positives:

  • Elections – although the next 50ish days are going to be chaotic, there will be some settling in after the elections are complete. Regardless of which way you swing (blue or red), the completion of an election cycle brings a sense of stability.
  • COVID-19 – there’s been a lot of positive news about medical treatments and possible vaccines. The sooner we can put the pandemic behind us, the better. Once the pandemic is behind us (closer with each passing day), the economy should settle.
  • Markets – the stock and housing markets have held there own through all the chaos of 2020. This is a good sign of good things ahead in our opinion.

Busy is good, and it would take a small book to tell you all the good things going on at SecurityStudio and FRSecure! SecurityStudio is well on it’s way to being a very healthy and profitable SaaS company and FRSecure is exploring expansion (acquisition, merger, and/or geographic expansion).

I sincerely hope you and your family are well!

Why Can’t We All Just Get Along?

Today’s topic is about our divisiveness in world today and what it means to our industry. We’ll be careful to be respectful of other people’s opinions as we navigate these waters, and this may be a good segue into a future series we’ve been thinking about recently; “Politics and Information Security”.

Let’s get on it. The show notes…


SHOW NOTES – Episode 97

Date: Tuesday, September 8st, 2020

Episode 97 Topics

  • Opening
  • Catching Up
  • Why Can’t We All Just Along?
  • News
  • Wrapping Up – Shout outs
Opening

[Evan] Good morning everyone. Thanks for tuning in. The date is September 15th, 2020 and this is episode 97 of the UNSECURITY Podcast! I’m your host, Evan Francen, and back with me this week is my good friend, Brad Nigh! Good morning Brad.

[Brad] Good things from this dude.

[Evan] Well, you were out ill last week. How you feeling? What’s new?

Catching Up

[Evan] Regular listeners to our show know that Brad and I normally start off with catching up with each other. Let’s do it.

Topics:

[Evan] Did you get a chance to hear last week’s episode? It was definitely awkward doing the show alone for the first time!

Transition

Why Can’t We All Just Get Along?

[Evan] It’s crazy how much information security reflects life and vice versa. I’ve been thinking about what our next series should be, and I’m always interested in tackling serious topics. We’re in the middle of an election cycle right now and I can’t remember a time when our country has been more divided than it is today. Me being me, I want to talk about it with you (Brad).

What are your first thoughts about the divisiveness in our country today?

[Brad] Chimin’ in.

[Evan] Here’s what I’d like to explore with you:

  • General divisiveness (political, social, information security, etc.)
    • Intimidation/bullying for sharing your thoughts, opinions, disagreements, etc.
    • When you find someone being a jerk or speaking/writing nonsense.
  • Outside Influences to Information Security
    • Today’s political climate.
    • Where do we find facts vs. opinions?
  • Within Information Security
    • How do we think our divisiveness affects information security?
    • Putting down others (competition, other professionals, etc.).
    • The divide between us and the business.
  • A couple of podcast reviews.

 

[Evan] I’m thinking about doing a series titled “Politics and Information Security”. We could interview special guests form both sides of the isle and get their opinions on all sorts of things. What would set us apart is respectfulness. We would do this in a way that respects opinions without attacking and bullying. This could be a great opportunity to set an example for others on how to discuss hot topics without beating each other up. What do you think?

[Brad] We’ll see what he thinks…

[Evan] The timing seems right to do a series like this. Alright. More to come on that! Let’s do newsy stuff now.

News

[Evan] Here’s some news I thought was interesting:

Wrapping Up – Shout outs

[Evan] OK. That’s about it. Episode 97 is almost a wrap. Brad, any shout outs this week?

[Brad] Shout out…

[Evan] It’s nice to have you back man. We’re very grateful for our listeners and we love hearing from you. Send us messages by email at unsecurity@protonmail.com or check us out on Twitter, @UnsecurityP.

If you wanna socialize with me or Brad directly, we dare you! I’m @evanfrancen, and Brad’s @BradNigh. We work for people and if you want to follow those people, SecurityStudio is @studiosecurity and FRSecure is @FRSecure.

That’s it, talk you all again next week!