Heyo! It’s Friday again. Actually, it’s Sunday because I’m late. Oh well.
I/we (speaking for Brad too) hope you had a great week!
Monday – Meeting day. Monday’s are always meeting days at the office. The good; we all get to see each other and catchup with life. The bad; meetings. Who likes meetings? In our case, the good FAR outweighs the bad, and I’ll take it!
Tuesday – The highlight of Tuesday was attending the Star Tribune Minnesota 150 Top Workplaces luncheon. CONGRATS FRSecure! Several of us were able to attend the event. Check out the pictures!
I LOVE working with the people at FRSecure and SecurityStudio. It’s a great honor and privilege. Brad wasn’t there, even though he’s a tremendous part of our success. He was back at the office working on another IR.
Wednesday – A focus day. A focus day consists of focus time. Everyone needs focus time on a periodic/regular basis. It’s healthy. In the evening, we celebrated the end of the 2019 CISSP Mentor Program by hosting a free BBQ dinner for all local students. The 2019 CISSP Mentor Program was an amazing success; this new crop of information security pros is going to be great!
One of the students already passed his CISSP exam!
Thursday – Led a client’s first incident response tabletop exercise (ever) with FRSecure’s very own vCISO Team Lead, Megan Larkins. Occasionally I get the opportunity to work on something with one of FRSecure’s analysts, and it’s always a great experience for me. The client seemed to like it too!
Here’s a quote from the client’s email to us late Thursday/early Friday:
Hello Evan and Megan,
Thank you, the time you spent with us yesterday was exceptional. I felt a lot was accomplished and everyone was appreciative of your ability to teach without judgment. %COMPANY% has a way to go but with great vendors like FRSecure, the path forward isn’t as difficult.”
Megan and I had a great time! Quick side note, for lunch we went to the place called D-Spot. It’s a place that’s known for their wings, and there are 50 or so different flavors to choose from. Here’s some of their flavors:
- Ben Grimm
- War Machine
- Widow Maker
- Iron Maiden
- Goat’s Blood
- Incredible Hulk
- El Loco
I went with something named “Brimstone”. I like hot stuff. I really like really hot stuff.
Took a bite. It started out sweet, then wait for it…
HOLY HELL WHAT IS HAPPENING TO MY TONGUE?!
WHY ARE MY EYES SWEATING?!
IS THAT A CRAMP IN MY ESOPHAGUS?! WHAT THE HELL IS A CRAMP IN MY ESOPHAGUS?!
JESUS, IS THAT YOU? ARE YOU MAD AT ME? I’M SORRY.
Poor Megan watched me progress from happy to concerned to sadness to panic to blackout and back. She looked genuinely concerned for my well being, but I came back to reality after a bit.
Only three more wings to go…
Needless to say, I finished all four of these death morsels from the center of the earth. Paid up front and paid again at about 8pm that night (no details available). My wife tells me, “you’re such a smart guy, so why do you do such obviously dumb things?”
She’s got a point.
Friday – Got the email above on Friday. Friday was another good day. Started with a ride, then a strategy meeting, the weekly FRSecure BBQ, and FRSecure Hawaiian shirt day.
Hawaiian shirt day
Seriously, what’s not to love about all this. We do security, sure, but what good is security without life? Do life first!
Crap, almost forgot about the show notes…
SHOW NOTES – Episode 32
Date: Monday, June 17th, 2019
Brad’s busy. Like, really busy. He’s been tied up all week working on an incident response (IR), so my notes (Evan).
- Security standards
- ASCO Ransomware
[Evan] Happy Monday! This is Evan Francen, and this is episode 32 of the UNSECURITY Podcast. Brad was supposed to lead today’s show, but he’s been tied up with incident response work. Ain’t that right Brad?
[Brad] Queue Brad.
[Evan] We’ve got a good show planned for you today, so let’s get to it.
[Brad] Queue Brad (again).
[Evan] I had some good thinking time this weekend. One of the things that I was thinking about was the use of standards in our industry. There’s a boatload of them. ISO, COBIT, NIST SPs, etc. What do we use standards for?
[Brad] Queue Brad (again).
Open discussion about information security standards.
[Evan] We got an email from one of our listeners this past week that I’d like to talk about.
Hey Evan and Brad,
I have been a listener from the beginning of your podcast and just came across this news item from my home country:
To me this is weird, the HR manager being the PR person after a big cyber incident? I did a quick look on linkedin but could not find anyone in the company with “security” in their title.
Next thing: I look into the profile of the IT director, since security is sometimes put under IT. But on his profile I can not see any “indicators” that this guy might have any security qualifications or experience in the field.
So this company has have to give all 1500 employees “technical unemployment” and keep extending the end date of this unemployment.
They don’t really communicate on what actually happened, they don’t talk about ransomware either.
At this moment I am pretty confident that my incident response plan is way better than theirs, and we are a small non-profit media company with about 100 employees.
Open discussion about the what we know about the ASCO ransomware attack.
[Evan] BIG thank you to our listeners, and this one in particular. Good talk. Let’s get to some news.
- XENOTIME Hacking Group Expands its Target to the U.S. Electric Utility Sector – https://gbhackers.com/xenotime-hacking-group-expands-its-target-to-the-u-s-electric-utility-sector/amp/
- U.S. Escalates Online Attacks on Russia’s Power Grid – https://www.msn.com/en-us/news/world/us-escalates-online-attacks-on-russias-power-grid/ar-AACV9BZ
- Amazon Sued Over Illegal Retention of Child Recordings Through Alexa – https://www.ehackingnews.com/2019/06/amazon-sued-over-illegal-retention-of.html
[Evan] That’s a wrap! Thanks again to our listeners, and thank you Brad! Let’s go have a great week! Don’t forget, you can follow me or Brad on Twitter; @evanfrancen and @BradNigh. Email us on the show at firstname.lastname@example.org.