With Brad on vacation, Evan is joined by president John Harmon for episode 38 of the UNSECURITY podcast. Together, the two chat about Project Bacon—a project they’ll be taking on before the end of the year.
Protect Your Organization from Cybersecurity Threats
SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.
Podcast Transcription:
[00:00:22] Evan Francen: Good morning. Hi everybody. Holy buckets. Got a good show planned for you today in case you don’t know the voice yet. This is Evan. This is episode 38 of the Unsecurity podcast. No, Brad here with us today. He’s got a vacation. Those are air quotes when I did that. Uh, anyway, and this place is my good friend and security studios president John Harmon. This is where you say, hi John,
[00:00:48] John Harmon: you know, I think we’re off to a bad start. If I’m gonna do this podcast that you can’t tell me what to do the whole time.
[00:00:53] Evan Francen: No, no. That was the only time I think I’m telling you what to do. It’s just right
[00:00:56] John Harmon: there. Hi. Thanks for having me. That was the sharp tongue thing. I see. I read show notes. That’s what I do. Yeah, yeah. Well deserved vacation for brad. He’s been working his butt off for well years. But especially recently it’s good that he’s able to get away a little bit.
[00:01:10] Evan Francen: Yeah, yeah. It’s uh brad’s on vacation, mandatory vacation. We do that once in a while. Rene rudder. His boss are chief operating officer? Is that what we call her
[00:01:23] John Harmon: soon to be.
[00:01:24] Evan Francen: Okay. So
[00:01:26] John Harmon: I jumped the gun a little bit there. She’s been on the podcast before,
[00:01:29] Evan Francen: hasn’t she has with brad. That was the time I was kicked out. That’s right. So we kicked out brad today and I was kicked out before.
[00:01:38] John Harmon: Yeah. Funny story about us. So we used to not track time off around here. Remember that? It was just like, no, we just don’t have a thing. It was unlimited, right? But now we have to track it because people don’t take off. So we got to know when they’re there. It’s been a little bit so we can kick them out of here. They can get a rest.
[00:01:55] Evan Francen: Yeah. So brad’s getting rest. I suppose it’s probably good for him. I don’t know. I don’t do that, do you? No. When we arrested from, I don’t know. I don’t time for us. All right. So, uh, quick couple of updates, uh, quick update on the civic ransomware awareness project. Even though I haven’t written anything about that in the last couple of weeks and the news has been sort of quiet. We haven’t seen any cities recently paying ransoms. Uh, that doesn’t mean it’s dead. You know, as soon as you take the eye off the ball, these things, uh, rear their ugly heads again. So if you haven’t seen, uh, on Evan francine dot com on my blog. If you look around a little bit, you’ll find the civic ransomware awareness project stuff where really it’s a call to action. It’s uh, you know, reach out email. Your city mayor, I guess. That’s who runs cities in most places here in this country. And uh, and reach out to your county officials and just ask them, uh, there’s a template email there. So if you don’t feel comfortable writing your own email, just take the template, put your information in it and send it on its way. Uh, in the last couple of weeks we’ve gotten a couple more updates. It sounds like people are still doing that, which is awesome. Yeah. And if you want to share us share with us the responses you get back. You can email those to us at un security at proton mail dot com. Uh, some of the responses we get, you know, you get back, they don’t really give you much information in some cases, they don’t even know what you’re talking about. So, but keep, keep your eye on the ball there. The cities are still under attack. Municipalities are still under attack. They will continue to be under attack. Uh, and it, uh, it really does kind of talked me, I was gonna say pissed me off. Well, I just said pissed me off. It does piss me off when cities have to pay ransoms or when they do
[00:03:56] John Harmon: your funding the bad guys. Right.
[00:03:59] Evan Francen: Exactly. And if I’m a taxpayer, I mean, I don’t want my money going towards that. I’d rather you speaking of taxes, they’re putting in a new, I don’t know what I’m talking about this, but they’re putting in a new, um, Alley behind my house. Yeah. And so they sent out an email on July 12 saying, Hey, you know, don’t park in the alley. We’re gonna be putting in a new blacktop, what’s the date now? It’s like the 29th and all they’ve done is just tear everything up so I can’t use anything in the back anymore surprise, you know, maybe they’ll get to it this week. But I think I’d rather our tax dollars go to
[00:04:36] John Harmon: that efficient
[00:04:38] Evan Francen: type work
[00:04:39] John Harmon: when it puts people to work a little bit, you know, it’s good infrastructure stuff last a little while. And, but I think he had jim on last week. We did, I don’t know if you touched on this. So jim nash state representative who understand a lot of the inner workings of that kind of thing and we’re taxed when he goes why and all that. But you know, if your if for no other reason just the inquiry just sending that kind of thing to your elected officials in your city managers and that kind of thing, we’ll put it on the radar for, you know, it’ll make sure that they start paying attention right? So, you know, even if you’re not getting the best response, even if you get no response, you know, tell your friends tell your neighbors to your coworkers. Hey, this is worthwhile. Just template. Just plug in the name really easy to look up to send that to. Um, I’ve prompted a bunch of people and some of them are like, yeah, you know, I gotta gotta, gotta canned response. Another one, you know, invited me over, you know, agreed to come to uh, city hall meeting with some, uh, some fo others haven’t received a response at all. You know, I mean, what, what can you do? But it’s, it’s worth the inquiry if it’s something that you really, you know, you really care about. You should.
[00:05:44] Evan Francen: Absolutely. And, and the fact of the matter is we were all in this together, You know, to expect, I live in a small town, 10,000 people to expect them to have state of the art, information security across the board. No, but do I expect them to back up their data and not pay a ransom? Yes. So you know, basically it is, it’s basic stuff that really any city or county can do. Uh, so this is our 38th episode of the podcast. And uh, it’s hard to believe as I was writing the show, the show notes, I was like john harmon right, This is my friend and a guy who I’ve worked with now. How many years is it?
[00:06:25] John Harmon: I will coming up on seven
[00:06:26] Evan Francen: Years. So seven years we’ve been running this information security consulting company. And this is the first time you’ve been on the show, 38. This is number 38.
[00:06:37] John Harmon: Hopefully it’s not the last time. But I
[00:06:39] Evan Francen: mean it’s, yeah, I just didn’t expect that.
[00:06:43] John Harmon: But you guys are doing a bang up job. I mean, I, I personally from a, you know, information security expertise standpoint, I’d pick brad and I over me every day of the week. But uh, I think some of the stuff we’re gonna talk about today is certainly, you know, good stuff and stuff that I can
[00:06:59] Evan Francen: contribute to. Yeah, for sure. So,
[00:07:00] John Harmon: thanks for having me on.
[00:07:02] Evan Francen: Yeah, absolutely. So tell me, tell me a little bit about you for people who don’t know you.
[00:07:06] John Harmon: Oh, sure. So, um, I came into being, um, you know, many years ago, I don’t know what, I don’t know what you want me to stay in the backwards. So my family name is derivative of you. Um, no, so I, uh, my name is john harmon, I live in the Minneapolis area. I have a wife, the lovely and long suffering mrs Harmon and and two wonderful boys who are, you know, getting up there, they’re 15 and 18 now. Um, my uh, my hobbies include working mostly. I really like to be here like, do you
[00:07:40] Evan Francen: enjoy long walks on the
[00:07:41] John Harmon: beach? No, I’m not really too much sand, you know, bugs. I don’t, I don’t get it, you know, I, I started out at fr secure in our sales department and ultimately kind of got the call from you and kevin who’s our other owner to help the sales team as a whole and be more like a sales engineer. And uh, that was very rewarding. It was a lot of fun. It was a lot of work, you know, building that up that capability because I think you and Kevin were doing most of it at the time, all of it at the time, uh, and then went more on the operational side of the ball. That’s kind of my, my first career was kind of in more operations type stuff. And I really enjoyed that. And then I’ve, uh, you know, the last six months been president of fr secure and now security studio and really enjoying it. So that’s a little bit about me, I
[00:08:26] Evan Francen: guess. Yeah, Well, it’s cool because, you know, I wonder how many people, you didn’t start your career in information security. Right? I mean, it’s uh, seven years ago, I remember, I still remember the day when you interviewed, I think at the time you were, were you in investments? Were you selling investments? And uh, you know, I think we were just impressed with, you know, sort of, uh, the, those intangibles, right? And you’re just another, There’s so much proof that, you know, just in our own practice of if you come with the right intangibles, we can make you a security person. I mean, there’s a place for you in this industry and to see how in seven years you’ve gone from, where you started to leading the company 80 plus employees. I think it’s really impressive, but it just shows how important, I think intangibles are.
[00:09:20] John Harmon: Yeah, you did. It was a pretty early episode, I can’t remember one, but if you heard the story about the guy that we hired, you know, we struggle in this first year and you know, I think the decision was made, you were going to let that person go and then changed your mind because of the intangibles and because of the, the belief that, you know that person could get over the hump, that was me guys, you know, so I was nine months into the job here and just not getting it done for many, many reasons and you got to take accountability for that, you got to work with the team and you got to, you know, kind of pull yourself up and and get the job done and that’s what we did together and I needed you guys as much as I needed my own, you know, get out of my own head and get get over it and yeah, and all that stuff and you know, very thankful that we went through that experience because it just validates what we all believe. You hire the right people first and then everything else comes later.
[00:10:08] Evan Francen: Yeah, yeah, and we’ll keep doing that. It’s just served us so well, you know, a couple of weeks ago, we had our quarterly meeting here, uh and you look across the, okay, the population of employees who work here. And um and I turned to somebody and I’ve said it before. I mean we have no dickheads here.
[00:10:27] John Harmon: No we do not. And when when they show up when they slip past our fingers man they’re rooted out very quickly this team self places very very well. Yeah
[00:10:36] Evan Francen: I mean I hate to call them dickheads. The ones who don’t make it here but you know whatever. Uh So we got this thing coming up, me and you uh we’re sort of embarking on this new project. We called it Project Bacon. You came up with the name Project Bacon. I did yeah. For people who who can’t see us. You’re
[00:10:59] John Harmon: looking at me like I did I did I did you remember? Okay now I get it.
[00:11:02] Evan Francen: Yeah. And you know we all like bacon. I mean you and I
[00:11:06] John Harmon: yeah I dig bacon. It’s like we got something really awesome here and it’s going to be irresistible. Where the tooth, what’s the one thing in the world we know that it’s absolutely awesome and irresistible Bacon.
[00:11:17] Evan Francen: Bacon got it. So we got this thing called Project Bacon. Now we’ve what is it? Let’s talk about what it is when it starts what we’re planning on doing, how we’re going to measure success. Um I think many of the listeners don’t know that we have to cos here actually we have fr secure which is an information security consulting practice. Uh I’d like to think it’s best in class because they are. I mean they’re just awesome. Uh that company’s product agnostic. And that’s the one thing that really helps our customers partner with us because they know that our advice is not biased on the other side. So we developed a bunch of tools and methodologies as we did our practice at fr secure and we felt our mission. We have this huge mission right? Which is to fix a broken industry. We can’t do that alone. So we took our methodologies and our tools and we put it into another company called Security Studio. Now security studio is a software as a service company completely different than a consulting company. And the point there is to get people working off the same page to get people collaborating more. We don’t, you know myself as you know the Ceo I don’t view us as having any competitors uh us is having a bunch of collaborators. Uh you know, I think our customers clients, people who don’t speak security are confused enough. So if we work together we should get past, you know, many of the hurdles I think that we fight in this in this industry. So those are the two companies, right? Security studio which is really about getting people using the same tools and methodologies and then you have, you know fr secure. So project Bacon is a security studio thing. Yeah. So let’s talk about it. Tell me what you think it is. Actually you do know what it is not what you think because you helped design it.
[00:13:25] John Harmon: Well, it’s one of those um, you know, it covers a great many uh objectives, right? It’s something that we’ve been trying to do for a long time and as lofty as it may seem. And if you haven’t heard it, you know, ad nauseam on this podcast or just being around those two companies, our mission is to fix a broken industry and things that are very broken. And if you’re not sure what you got to pick up on security, you got to pick up Evan’s book and learn about that. You
[00:13:47] Evan Francen: don’t wait for the movie. It’s it’s got terrible. I think they kind of make one. Should we do that? We should try.
[00:13:54] John Harmon: Yeah, we should. Who would play you?
[00:13:56] Evan Francen: Who would play
[00:13:57] John Harmon: me would play you.
[00:13:58] Evan Francen: I’m still alive. I can play me.
[00:13:59] John Harmon: I mean, it’s gotta be Jeff bridges. Right? The
[00:14:02] Evan Francen: dude that’d be swell would be sort of
[00:14:04] John Harmon: sweet. Kind of awesome. Yeah. Sweet. I’ve been told I kind of look like Jason Biggs in a certain light. So if you grew a beard, maybe you could pull that off. Maybe we’re about the same age.
[00:14:13] Evan Francen: Yeah. All right.
[00:14:15] John Harmon: So, it’s only a movie because people don’t read. Yeah, we’ll call it project making nice. Nice. So, so as Evans said, you know, we started developing the software tools that really were started as like an automation of of of our processes to help our internal, you know, we could drive the cost of our security risk assessments down and help the consultants be a little more consistent and you know really really fuel our growth there for a long time. Our ability to do things you know quicker and faster and cheaper and you know um have more consistent output and all that kind of stuff. So we developed these tools and then we started making it available to other people via security studio but we still have to fix this industry right? We can’t do that. You know, signing people up one at a time and you know go on client to client to client or partner to partner. Partner and trying to do this. We have to do we have to think bigger. Right. So we identified one of the things that is a barrier to this mission which is cost. So how do we remove cost as a barrier for people getting a good articulation of of what risks they have in their own organizations or in their vendor pool or in their their even their user group. Right. How do we just either reduce that cost where it’s pretty, you know, nominal even or even just make it free. And that’s what project bacon is. We’ve taken our our flagship software platform, our our security risk assessment that we built an entire company on and really, you know accelerated our growth on and we’re building it now for the end user. So if you’re you know if you’re in an organization you’re looking to assess yourself using the same tools and get the awesome reporting and the the measurements of risk and getting the fights of score and and all of those things very, very soon you will be able to just go to our website security studio dot com and create a log in. You don’t get that two factor authentication set up. You have a choice in that. Sorry.
[00:16:01] Evan Francen: Where security people
[00:16:03] John Harmon: and start doing an assessment for free and it is the same assessment that we do for our clients and have been doing for our clients are constantly making it better and all that. But you know, let’s start spending less money on measuring what the problem is and start spending more money on actually fixing things and as a result will start to really move the needle on fixing industry because the more and more people are doing this, the more and more people are speaking the same language. You’ll be able to go to conferences and and start talking about your scores in the same way and sharing reporting with people and you know, really starting to collaborate and I can’t wait for that day. I’m super excited. You can’t tell
[00:16:37] Evan Francen: Yeah, me too Because there’s so much confusion in our industry and this is much of this is written in Chapter one of the book of the insecurity book. The there’s so much confusion like just assessment itself, right? Assessments are not sexy. People I think for years have been doing assessments for the wrong reason. They’ve been doing assessments to be compliant to check a box what an assessment is used for. And this is uh, you know, speaking as somebody who has been a C. So at numerous companies or Benny VC. So at numerous companies, the very first thing that I do as a as a C. So as somebody who is responsible for a security program is assessed the security program, right? Would be the same thing as if I took a car to the mechanic. He’s going to assess the problem first before he’s going to start digging in and turn out wires and you
[00:17:34] John Harmon: know, overhauling the making performance upgrades when you have like serious thing. Things wrong and fix your brakes are going out. But let’s put a turbo in like that, you know, too much of that going on our industry. Well,
[00:17:44] Evan Francen: exactly. So assessments are actually, I mean, I love assessments. A good solid assessment is so informative. It will tell me where my most significant risk is where I should spend my next information security dollar. It will help me budget. It’ll help me road map, it will help me communicate. Um, so an assessment shouldn’t be overlooked. It’s not it is a basic but we’ve been effing up the basics for years. So let’s get a basic assessment that communicates risk, right? Because information security is about managing risk, take that assessment. Uh and like like you and I, you know like you kind of alluded to, I mean we’ve made millions and millions of dollars doing this assessment over the years and then building security programs for clients using that methodology and it’s proved itself very successful, clients are happy, satisfaction is up, risk is reduced. It’s rare that our clients have a breach that they can’t respond to. I can’t say that it’s rare to have a breach because it’s not risk elimination happens. Right? Right. So it’s this assessment and then you look at other assessments that are out in the market and some are good, some are not good, some are too good. Right? I mean you look at some risk assessments and it’s like um you talk about cost. I mean,
[00:19:10] John Harmon: wow right there, I’ve seen some really impressive reports just unbelievably, you know, comprehensive and just like, wow man, they really went to the next level here. If you got a few 100,000 bucks, you just, I really highly encourage you to do that. But you know, it’s just not feasible for everybody. It’s unfortunate. But you know, we’ve, I was at a conference in um South Dakota with one of our really good partners out there and they’re really helping drive this, this, you know, this mission and uh you know, I was I was given a presentation on on whatever it was and somebody asked me like well hey, you know, I’m just not sure what I’m supposed to be doing next and trying to build my budget, what do you recommend? You know, one of the four or five things that could really be working on and I’m like well you should do an assessment, should do a security risk assessment. Like I really get the math behind this stuff and he’s like yeah I can’t afford it. Like I would I would spend my whole budget on doing the assessment. I can’t then I can’t fix anything, I can’t work on anything and you know, I I don’t I can’t do that. So for people like that project, bacon is going to be a godsend because they really wouldn’t want to make things better there. How many, you know, how many security professionals inside of organizations whether you’re wearing 15 hats as the you know the see so and the C. I. O. And the I. T. Director and user support and all that kind of stuff who are also you know, just trying on a shoestring budget to make this thing better to just you know, raise the bar just two inch it along and have a tool set, you can count on that doesn’t break your budget but still gives you that like you know enterprise level information, you know, it’s not gate at 1000 ways from a payment standpoint and that you can really just kind of rely on and that has precedent, you know, like you said, we’ve we’ve been using this for years and years. This isn’t something we just came up with yesterday. It’s a few 1000 in the kind of ecosystem, somewhere, somewhere another. So we don’t works works very well.
[00:20:54] Evan Francen: Yeah. It stands up to scrutiny and made it for checking the boxes. You know, if that’s your initial sort of entry into the security thing, which I think, you know, 80 85% of all information security investments are probably made because of compliance. If that’s the goal out of the gate. Well, it serves that right. I mean, it stood up with ocr scrutiny. It stood up, you know, with zero cc F D I C. I mean, whoever your regulator is, it serves that purpose, but it’s meant to what now? Yeah, I mean, doing an assessment, having sit on the shelf like most disaster recovery plans isn’t what it’s used for. It’s used to build a security program. If you’ve done an assessment and it didn’t do that for you, you did the wrong assessment. And if you paid a lot of money for it, you just pissed away a lot of money and every dollar that you piss away on an ineffective security control is a dollar you can’t spend on your mission, so you’re not serving your company well, do an assessment, uh like the we call it s to score? So we also rebranded, that was part of sort of Project Bacon. Uh And like you said now, if costs, so you when you look at getting everybody to speak the same language, so if everybody, if we were to try to get everybody to do the same assessment, play on a level playing field. Um you know, and having the assessment be flexible enough to play in different types of scenarios so that it accounts for most one offs. One of the things that I’ve seen is people take so much pride in their work that they want the perfect risk assessment. That’s dangerous though, that’s not the point, right? You won’t ever create a perfect risk assessment.
[00:22:38] John Harmon: I think if we claim to, if we claimed it was perfect, that would ruin our credibility. It’s just not like let’s be let’s be realistic here, um and it’s it’s not a perfect one, but it’s a very, very good one who will get a great feedback on it and it really does work. And I’ll tell you speaking as the, like the business guy, you know, you’re like the person who’s, you know, kinda gotta be responsible, approves budgets for these things, even our own company, right?
[00:23:01] Evan Francen: The one that actually looks at those spreadsheets with all that,
[00:23:04] John Harmon: you do the points and the Colours and
[00:23:06] Evan Francen: at least somebody does
[00:23:07] John Harmon: Exactly, but, you know, any, any time I want to, I can go to our security officer internally and say, what’s our fight to score? Right? What’s your score right now? What’s it gonna be in six months? What’s going to cost me to get there? And I have clear, concise bullet pointed, plain english answers to all of those questions and they know them off the top of their head and it takes five minutes. And if it’s something more, you know, a very little bit of preparation that can bring some, some stuff there speaking my language, I’m not a security professional, right? I can understand some of this stuff. But um, when I talked to my peers and other companies and maybe they’re running finance companies or real estate companies, whatever the heck they’re doing, they don’t have an answer. Right? I’m like, okay, maybe maybe it’s because we are a security company or more sensitive these things got to get our own dogs. Of course we have a good security program. Of course we know how to measure and everything else. But any of the clients that we’ve worked on worked with as VC. So those are, you know, done this assessment for have the same ability and they, and they do that. So now I’m telling you, you can do that for free and how mission critical that is as a, as a leader and a company to have that information and to know what’s going on with your program. You would never accept an ambiguous answer from, you know, like Drew our sales director. If I went, hey, what’s the forecast for the quarter? He’s like, well, you know, it’s kind we’re working on this, we’re kind of doing that. And you know, and maybe maybe if we do, we get this or that it’ll, it’ll, will come in on goal. You know, I’m like, that would be so unacceptable. I don’t think I could throw them out of the building fast enough. So why so why do we accept that? Why do we accept that from our, from our security program? Maybe would accept from sales? Wouldn’t accept it from finance? We wouldn’t accept it from operations. It’s so
[00:24:45] Evan Francen: different. Well, exactly. And so you know, our mission. So when you look at um, so part of project Bacon is, you know, rebranding. So Vice has scored s to score another part of our, of our project Bacon is removing barriers. And one of the barriers you mentioned was cost. Right. If you were to engage, if our secure to do directly to do an assessment to do an S to score or used to be called Fisa score, um, it would, it wouldn’t be Out of the realm of possibility for it to cost you 15, 20, even start $50,000. Right?
[00:25:22] John Harmon: Yeah. We’ve done these assessments for very large organizations say like, you know, 50 or more physical locations, that kind of thing. And it’s cost into six figures,
[00:25:32] Evan Francen: right? And so you’re spending all that money to assess security. And like you said, what money do I have left then too? Uh, fix it And then what’s something you’re going to have to do after you fix it?
[00:25:47] John Harmon: You’re going to
[00:25:48] Evan Francen: have to reassess, Right?
[00:25:49] John Harmon: So we were we now we spend all this money spent all this time. How do we measure our success by the money that we spent? That’s meaningless.
[00:25:57] Evan Francen: Oh man. But how often do you see that I was going to actually, that was one of the things last week. I’m gonna take us on a quick segue. Uh Richard e clark, he wrote his book. I know, right. Well, so I was, I ran across another article of interview because you know, he’s out on the book selling tour and he was uh, he doubled down on that same claim that there are companies that are essentially unhappy kable. And I was like, oh my God, who is listening to this? Hopefully
[00:26:26] John Harmon: not the people who had companies because you just gave him a challenge. Well, you need to break that bear. But anyway,
[00:26:31] Evan Francen: continue. Yeah, reminds me of Larry Ellison when he said Oracle was unhappy kable and then move within a month. I think they had 20 because Larry Ellison with patches
[00:26:41] John Harmon: out his whole security team collectively face paul when he said that alone.
[00:26:44] Evan Francen: Yeah, yeah. Well, anyway, so, uh, one of the barriers is cost. So let’s remove. So it’s so it’s so consultant driven, right? You would need, where we started with, you know, this assessment is you would need somebody with some security chops somebody who’s been in the industry for a while to be able to do this assessment for you. So we needed to take that out of the equation. We needed to make it objective. Yes, knows true, false is things like that In plain English. Right? So you don’t have to be, you know, a security expert with 20 years experience to do the assessment. That was one thing that we need to do, but also not lose any of the efficacy of the assessment.
[00:27:28] John Harmon: It’s got a map to the right things actually stand up to scrutiny from regulators. And, you know, if you’re providing diligence to clients and stuff, right? That were shut out and clear from the people that we were doing the assessments for.
[00:27:38] Evan Francen: Absolutely. And then it’s gonna be, uh, uh, free, like you said. So that’s part of project Bacon too, is taking this, uh, this assessment, putting it on a platform where I can do it myself. I can do it in my leisure. I can start and stop whenever I want to. Um, I can create all of the reports that, you know, are the the experts create. Um, and then I can also use it as a platform to build the security program going forward.
[00:28:09] John Harmon: Yeah, that’s that’s kind of the goal and and folks, you’ll you’ll hear a lot more about this as well because we’re, you know, testing it right now. We’re getting in people’s hands where, you know, the people have been with us for a while. Our clients, you know, they’re, they’re getting it and making sure that it really is to the point where you can kind of follow the bouncing ball and get this thing done right? But we’re not kidding. You know, when the like forgive the pun from project bacon, it’s like we’re literally putting our money where our mouth is, right, are the important thing here is adoption, right? We just want people to have something that they can rely on and do this without having cost. Right? So, um, you’ll you’ll see this kind of out in the wild a little bit, um, uh, starting in the next couple of months, but you know, we’re from where we’re starting, which is, you know, we call a minimum viable product, Right? These are the things that really needs to have a lot of, it’s just enabling and user use and we want this to become a community tool, right? So the community can tell us what they want next right? Is the things that need to be built in here integrated other things that need to kind of feed into it need to be enhanced capabilities. Do we need to change the colors. I mean we don’t care tell us what to do and we will go about doing it. We have all the capability, but this we don’t this doesn’t belong to us anymore. It’s time for other people to take the mantle and really, you know, find a home for it as many places as possible. And we’ll just keep fostering it and making it, you know better and better. So that’s kind of the idea ultimately, you know, big picture, big thing kind of stuff is give it to the users. They’ll tell us what to do. We’re not the smartest people in the world. We’ve done really well with it thus far. But we’re consultants were too close to it, right. We need to give it to their people and then they will tell us what to do.
[00:29:49] Evan Francen: Yeah. Yeah. That’s that’s the exciting part. And that’s the that’s the second barrier. I mean, that’s the next barrier, right? It’s just acceptance. Why would I accept because we’ve seen this before? Why would I accept your assessment when I do my own right. Well that’s fine then let me participate in yours because there’s certain parts of it. I don’t like. Well, no, it’s proprietary. Well then come participate in mind. Take the things that that you like or don’t like and change them make them yours. And so you know, this community effort, this getting out there talking to other security experts and we’ll be all over the country, you and I doing this. I think we start out in north Carolina, we got California on the plate. We’ve got all kinds
[00:30:34] John Harmon: of couples California trips. Denver, we’re going to phoenix, we’re getting set up for pretty quick. This last december. Yeah, Thanks. So beautiful. And then, uh, I think we’re culminating in our essay, but I think between now and the end of year really targeting october 1 to go kind of kick this off and hit the road you and I, and if we’re, you know, we’ll publish the calendar, you can see where we’re going to be if you want to meet with us, if you want to have coffee, if you want to come in and talk to your organization, whatever. Um, you know, well, we’re certainly willing to do that. But you know, we’re targeting, I mean 20 plus meetings a week, you know, during these, you know, from october to end of february, basically it’s going to be a grind. But the mission is the mission and we got to go convince people that we’re not, yahoos and that this isn’t a trick and to please, you know, just let’s let’s start using this and and tell us how to make it better and we will and we’ll do that. I think we’re pretty good at that kind of thing. And the people are going to go to hopefully, you know, people are your listeners are the security people, people that are in this fight with us trying to make this thing better.
[00:31:35] Evan Francen: Right? And then we can start thinking of innovative solutions together to fix some of these things. You know, this is a base think of it as like a basic language, right? And then, you know, as the community, you know, adopts it and owns it. Uh I mean it would be so cool to see what it looks like 12 months, 24 months from now, uh because there’s just so many opportunities, I think, to make it better. Oh yeah. And it’s already
[00:32:06] John Harmon: great sitting down with the people who work on like the software part of it, and he was like, I can’t do this, and their answer is always yes, yes. It can, it can do whatever you wanted to do. We just got to prioritize these things. So we’re really looking at the community to tell us what what you want from this.
[00:32:20] Evan Francen: Yeah, yeah. So that’s project Bacon. Uh Project Bacon is really just getting out there building a community, building a collaboration. Uh and you know, we’ll get all sorts of things along the way and will provide an update on, you know, occasionally on the podcast. Uh but you know, I think one of the big things will have to confront is just people saying, well, what’s the catch?
[00:32:44] John Harmon: You know, can I address that right up front though? Yeah, there there is a catch. There’s always a catch. I mean, nothing’s free, right? And there is, you know, to be fair, there, there are some things in the platform that are going to be paid content. Right? But we’re talking hundreds, not thousands and thousands right now. Certainly not tens of thousands. It’s really just to help us kind of cover our costs for storage and for servers and all the data and stuff and Yeah, yeah, all of that. So it’s not um it’s certainly very affordable but the base functionality is absolutely free. It’s nothing nothing to um the majority of it is. But what’s the catch? Um The catch is number one, I get to keep the data right. If I need if I am claiming to know what goes next on this platform, whether it’s a pc I compliance workflow, whether it’s enhanced integration with F F. I. C. Controls or whether it’s a live feed into your logging alerting system, your manage sock, you know, to give you, you know live information inside the tool about your technical, security, whatever it is, like I’m not going to know that until people start using the tool and they start telling us that as a result of their their risk profile. Right? So that that’s the interest there. That’s the catch is to do that. And also to to enable, you know, from an fr secure perspective from because consulting perspective we want to move on to the next thing. We don’t want to these these assessments to the rate that we are we do hundreds of these year. We’d rather move to a model where you’ve already done all the work. We’ll just kind of invalidate if you need, you know to show that it’s a quote unquote third party assessment. Well you know coming invalidated for you but let’s spend the money on you know writing better policies and training people and you know building better capabilities and you know helping you choose the right remediation. So you know it fuels from an fr secure consulting practice standpoint um a really focused next step for us because right now we’re doing a lot. This will help us home that in. So those are the two you don’t catch is is basically you know I get to keep the data and then I get to use it to dr what we’re doing next.
[00:34:44] Evan Francen: Yeah. For me the and even you know collecting the data isn’t really a catch because we’ll give it away. I mean a lot of it will sell we’ll sell access to it, you know, very inexpensively so everybody can make better decisions about what to do about information security risk. So I don’t even see that so much as a catch because it’s that data is our data right? As a community. Let’s uh let’s mine it let’s get predictive with it. Let’s do all kinds of cool things with it. And the other my catches I want to put um there are certain organizations in this industry that I would love to see. God of business. Mm, I’m not going to say what those are. But there are assessments that don’t serve the community well at all. That are an obvious money grab, uh, that, uh, almost racketeering really. Uh, where I think if you were to do the same kinds of practices in any other industry, you probably would be charged with racketeering. Yeah. We got to put those companies out of business.
[00:35:52] John Harmon: It’s war profiteering, worst kind. They’re creating an undue burden and undue costs on so many organizations. And, and this isn’t even one or there’s a lot of them are efforting this right now, right? And making it prohibitively expensive to even do business, right to achieve your mission as organizations, you spend all your money on this stupid process. And you know, can we just make that irrelevant as soon as humanly possible. Anybody who’s been through a process like this, I think, you know who I’m talking about. You know, the couple that are out there are a few. And
[00:36:21] Evan Francen: when the time is right, we’ll tell, we’ll say names. Yeah, absolutely. Because you need to call out the Bs where you see the Bs right for me to sit here and witness things that happened in our industry and not do anything about it. When I have some ability to do something about it is remiss. I mean, I don’t know.
[00:36:43] John Harmon: I have to, there’s a, there’s a moral, what do they call it? A moral imperative you have to do something about it. I mean, we all have to we know things that other people don’t can’t just sit idly by and watch it because you want to make money. Oh
[00:36:55] Evan Francen: yeah, and this this reminds me uh you know, because I got up early this morning after 1512 days left before I retire. Not that I’m counting, but that’s what he should. There’s an app for that. Yeah, there’s an app for that. It’s on my phone. The uh but one of the things that I’m doing now is writing this book, writing, writing this uh the second book, which feeds into a whole nother thing that’s going on on that security studio platform, which we’ll talk about at another date. Um but it’s information security for common people for everyday common people. Um And, you know, as I’m going through that, I’m thinking, My God, there are so many things, you know, being because we’re professionals, you know, and and I’m not saying just me and you I’m saying there are many of us, there are 800,000 security professionals in our industry who know things that other people don’t know that normal common everyday people don’t know. And for me to sit here and just, you know, bitch about him, complain about them. Point fingers at him uh that’s not helping
[00:38:00] John Harmon: right now. It’s like political rants on facebook, like you’re changing
[00:38:03] Evan Francen: nothing, right? So that’s the in this last the onus of this book is to write a book to try to impart as much as I can about what I know I’m not smarter than they are. I’m not any more skilled than they are. I just know security stuff. Um So it’s it is it’s our job I mean and that’s what that’s that’s behind Project Big and it’s getting out there and helping people solve these problems because we know thanks.
[00:38:32] John Harmon: So if I can close project bacon with uh with the story something that motivates me and you know is indicative of the problem that we’re trying to solve right at the very rare and wonderful opportunity to meet have dinner with a guy who you know has been in the technology business for many many years but he’s he’s the business and he’s not a technologist by any means. He’s built one of the most successful I. T. Companies in the in the world and has now taken his you know winnings from that enterprise and and opened up a fund with his brother and they go around and they just acquire companies that they like some of them are doing like really big think like machine learning ai stuff for manufacturing others are build motorcycles like whatever. You know they have just kind of a little fun with it sometimes. But these are serious companies doing serious things and they all kind of have this unified mission and having dinner with this guy and you know really just kinda chatting and seeing what’s up, you know, and he’s asking us about our business and being very nice and gracious, super awesome dude, very regular down to earth kind of guy. Like it’s like a blue collar guy, you know, and he just like stops himself midsentence, he’s like, you know what, he’s like, I don’t even know what you guys do, I wouldn’t even know where to begin. He’s like I have these 20 companies, I have no idea where we are with this stuff. We can be absolutely, this is like show stopping stuff, right? He’s looking at me like like if something really awful happened, this could cost me a lot of money to put a lot of people out of work or you know really inhibit our ability to uh even make payroll or you know, something like that
[00:39:59] Evan Francen: I mean.
[00:40:00] John Harmon: And and I was like, oh yeah, I was like but there’s a way to go about this, you can, you know, just follow this process and have this information kind of your fingertips and he was like, I don’t even know where to begin on that. Like how do we, So here’s a guy who is sitting at the head of a lot of tables that’s all the money in the world, all the influence in the world. He can will this and end up being we just need to provide him with the tool with the tools and the ability to just go out and get that information in a way that you can understand and I can’t wait until we’re like ready for prime time in, in october and when we go back to where I had dinner with this guy, I’m gonna look him up and say, hey, I think I solve your problem. Right? I got I got something for you, right? And we’re going to sit down with him and say, this is how you do it. Just send everybody an email having created account log in and then you’ll have a dashboard with every one of your companies where they are, where they’re going how much it’s gonna cost, how long it’s gonna take to get there.
[00:40:52] Evan Francen: That’s beautiful.
[00:40:53] John Harmon: And that if we, if we can solve that problem for any number of people, We’ve
[00:40:59] Evan Francen: done our jobs. Yeah man. I mean, that’s why we exist. Right?
[00:41:02] John Harmon: It becomes the Wikipedia of security. I’ll sleep just fine. We never make a dime
[00:41:06] Evan Francen: off of this. Who cares? We didn’t start this business too be part of the problem. We started this business to be part of the solution. Uh If we were part of the problem, you would have seen us make a whole bunch of different decisions. You know, we would not be product agnostic. We’d be selling Cisco stuff ordinates
[00:41:22] John Harmon: how your firewall sucks. Here’s a firewall,
[00:41:24] Evan Francen: right? I mean, there’s nothing wrong with that, but it’s are you a partner? Are you a vendor? You know, they’re different things. And so we always trust. Clear. Yeah. All right. Well, good stuff. Stay tuned for more project. Bacon stuff will be um, you know, we’ll be providing updates as we get on the road. It officially kicks off on October one. Uh, and you know, john and I’ll be in a plane together doing this, doing this whole thing up. All right. So now into some industry news, the first one I’ve got, which I thought was sort of interesting. Uh, you don’t see this often. The Louisiana governor declares state of emergency or state emergency after local ransomware outbreak. So we started started off the show about this, you know, reaching out to municipalities and uh, you know, getting them or helping them, um, do better with ransomware. And I focused, you know, we focused, you know, initially on mayors and counties, but here we’ve got three school districts that were hit by ransomware in north Louisiana. That’s also a public
[00:42:34] John Harmon: domain. Absolutely.
[00:42:36] Evan Francen: Uh, so the the governor of, of Louisiana. So this comes from zd net and the title is Louisiana. Governor declares state emergency after a local ransomware outbreak. Um, so john bel Edwards activated the state wide state of emergency in response to a wave of ransomware infections that have hit multiple school districts Sabine Morehouse in some, uh, what Cheeto, I would cheat on? I don’t know, whatever. Another school district. Uh, interesting. So you and I were talking about this before the show. Uh, and you were in, I think we’re used to just say phoenix.
[00:43:18] John Harmon: No, it’s uh denver colorado because they went through a similar thing I think. Well it says further down the reserve Department of Transportation. Um they got it and meeting with other, you know, agencies of the state county cities, that kind of thing. Had no idea that that even happened.
[00:43:34] Evan Francen: They didn’t even know that there was a state of emergency declared.
[00:43:37] John Harmon: Yeah, they’re like what now? And to put this in perspective to like the state of it
[00:43:41] Evan Francen: sometimes, you know when I, sorry, sometimes when I drive by and I see a flag at half mast and I don’t know why. Right? It’s kind of like did I miss something, Was there some kind of announcement that
[00:43:50] John Harmon: it’s kind of what you want to know right catches your eye? You shouldn’t if you know about those things. But I think what I was thinking about here too is you know, I used to live in Louisiana and live there shortly after hurricane Katrina hit. And we lived there for about a year and a half. And you learned pretty quickly that the state of Louisiana has a really high tolerance for emergencies, right? Because they get it with hurricanes all the time. Whatever. They’re tough, tough, tough people are very capable and very self reliant. These are not people who are people down there too. They were great. Yeah, absolutely. It was fantastic down there is a wonderful, wonderful group of people. So for the state of Louisiana, you know, to declare an emergency. This is the thing. They know what an emergency is. They know what, what needs to happen before they would declare this. So it definitely is serious. This isn’t a reaction that I would take lightly.
[00:44:40] Evan Francen: So by signing. So one of the things I always question is because I don’t, I’m not aware of these things. I don’t participate. I haven’t worked in municipalities either. So when something is when the state declares or makes an emergency declaration, I don’t even know what happens.
[00:44:59] John Harmon: It’s essentially a mechanism that green light state resources to be made available to solve local problems.
[00:45:06] Evan Francen: But if the state sucks to its security, that’s very true,
[00:45:09] John Harmon: right? But it’s like, hey, if these schools got hit and there’s nobody in the school district that can do anything about it and there’s really no funds to hire outside consultants or there’s, you know, whatever it is. And I’m speculating maybe these schools are exactly on top of it. They just needed some help with some of the restoration heavy lifting, who knows? But um, this is the governor’s way of saying, yeah, we’ll, we’ll allocate funds and resources from, from our pool to help local communities.
[00:45:33] Evan Francen: Okay. I suppose it also raises awareness, which is, you know, in in some cases, that’s half the battle, right? Just people being aware, you know,
[00:45:45] John Harmon: One school gets hit. Okay. 2, 3. Okay. Now we have a trend better than everybody. No.
[00:45:50] Evan Francen: Yeah. Okay. It’ll be interesting to see kind of what happens there. I don’t know how we would get an update. I mean, do you, so when you declare an emergency, do you undeclared it when it’s over or is it just going to just die out?
[00:46:04] John Harmon: I don’t know the answer to that question. I’m assuming that when the funds are done being allocated somehow it gets, you know, officially closed. You can’t just have a never ending stream of money coming from one part to another. But that might be a question for jim, we should ask him and see if we can get an update on that and how we would get an update? Like when is this over?
[00:46:22] Evan Francen: Right, interesting. Hm Well, that was interesting. You don’t see it happen often. I think Colorado and Louisiana may be the only two states that have ever done that. Uh, be interesting to see if other states follow suit at some point. It’s just for me, it’s always, um, I’m always skeptical. Maybe part of it just because I’m a security guy, but you know, in this, in this case, is it, is it just a political ploy? I mean, are they truly going to do something for these school districts to make their security better. Will it reduce the risk of ransomware attacks in these school districts, which I think is ultimately what they’re trying to do, I hope, uh, just all those things, you know, kind of float through my head is because it’s not a function of just talking, you actually have to do something. It’s not a function of money. I mean, it is somewhat a function of money, but it really has to be spent. Well, so yeah,
[00:47:20] John Harmon: I wonder too, you know, it would be interesting to understand more about the little levers to get pulled on this, but the Department of Homeland Security is involved, which is, you know, this isn’t just about a school being out of out of commission, something, you know, prompts. Dhs to get involved. That’s, that’s a big thing. Uh, in in my opinion, maybe not as much as it used to be. But when I see Homeland Security pop up and these things, there’s usually more than meets the eye that comes out of these things. Someone, if they’re driving some of the detection, maybe they brought this to the state’s attention, Maybe they’re helping them manage it. Maybe there are specific departments and resources that Homeland Security has to help. Um, you know, it says there’s help from the Louisiana, National Guard, Louisiana, State police, opposite technology services, the Governor’s Office of Homeland Security and emergency preparedness and what
[00:48:08] Evan Francen: would the National Guard deal, What’s that with the National Guard?
[00:48:11] John Harmon: Well, I mean, if they say they’re transportation systems were now in the National Guard is, you know, incredibly adaptive logistics. They would be in there helping like route buses and make sure that things are staying up and up there. Um, or maybe it’s just, you know, makes available that resource. Maybe they’re not using it. I don’t know.
[00:48:27] Evan Francen: Cool. All right. We’ll see what happens there. Uh, whatever updates we get the next one. So last week Equifax uh, settled and uh, made uh, made it actually pretty easy to go and get your, Your money that’s owed to you. I think the dollar amount, I can’t remember. And I did it myself 100
[00:48:51] John Harmon: And 25 unless you’re claiming to claim more. Okay, that’s what I did. So my wife says, thanks for the new shoes because you, you told me about this. I told her, she told her co workers and everything else. And she’s like, Hey, I’m getting new shoes
[00:49:03] Evan Francen: because chances are, you’re not gonna get anything else out of this. I mean, nothing else is gonna change. So get what get while the getting’s good. It’s $125 each. And like you said, unless you want to claim that you had additional losses, uh, you know, I think you could claim an offset of those
[00:49:22] John Harmon: costs, especially if you know that you incurred some kind of recovery cost for lots of money or something like that as a result of this. You have to go run around and undo a bunch of things or hire a service, you should absolutely claim to be prepared to like producing documentation of some kind, but if you’re just looking for the quick counter, if you’re on the list You get on the $25 just for asking for it, that’s kind of a just here.
[00:49:43] Evan Francen: Yeah. Yeah so uh and it’s all over the internet, so if you just look for Equifax settlement, you’re bound to find it. The article that I linked to on the show notes is from Vice dot com uh which is motherboard. Um the Equifax owes you money for failing to protect your privacy. Here’s how to get it Quick Link. I think it took me three minutes maybe.
[00:50:12] John Harmon: Yeah, there’s like a little thing where you go check to see if you’re on the list, like an eligibility thing um and it’s not uh not difficult to find or do. The one I went through is actually directly from the federal trade to the FTC dot com or FDC dot gov website and then you just follow the bouncing ball and you know, say yeah give it to me. You can also select a year of free identity protection monitoring. I would highly encourage you to take the $125 and go get your own. Don’t take there’s uh and then um Yeah I think uh
[00:50:46] Evan Francen: breaches with all the breaches that have happened, you know over the years. I think I’ve got eight credit monitoring services now watching my grades. So
[00:50:56] John Harmon: which is hilarious because you just freeze all your credit accounts and not really that much can happen anyway.
[00:51:00] Evan Francen: Exactly. Well that was before freezing was free after the Equifax breach. You know I think it uh things went free on freezing your credit reports. Have you done a
[00:51:12] John Harmon: blog post about their link to any content about how to do that As I tell people to do that all the time and I’m like well it’s pretty easy you just gotta go log in and kind of you know stop it and then when you apply for a loan or you know your credit it does need to be checked for a legitimate reason. You just kind of unlock it for a temporary period of time. They made it pretty easy but people are just befuddled by the steps to do this. It seems very intimidating.
[00:51:33] Evan Francen: Alright. Something should I’ll put it in the book to also. All right so anyway yeah go and get your money. I was on it. My wife was on it. We got $250 coming. Hey it’s $250 I didn’t have yesterday. So it’s good. I got the gift card.
[00:51:48] John Harmon: Which one did you get the check of the gift card? I got the gift card. Yeah me too. The prepaid card I guess they can. I think that’s the way to go.
[00:51:55] Evan Francen: All right so yeah, go and get your if you haven’t heard it about it, go out and get your money. It’s owed to you and I did the math. You know, you did well, they say 147 million Americans. Were our people uh were affected by that breach. So if you do 147 million times 125, that comes out to be a lot more than $700 million dollars settlement.
[00:52:20] John Harmon: They’re banking on people not participating.
[00:52:22] Evan Francen: We’ll get out there and get your damn money. People.
[00:52:24] John Harmon: It is literally free money. It’s it’s the easiest thing in the world.
[00:52:28] Evan Francen: If your money isn’t that important to you, just give me your social I’ll go file for you. There you go. You can email it at un security of proton
[00:52:38] John Harmon: mail
[00:52:39] Evan Francen: just in the numbers on the back. Please. Actually only need the six and maybe some more information. All right. So the last one, the last news for the week is one that’s bound to spur uh you know, some outrage. Um This is about Attorney General bar his announcement last week that he wants to um insert encryption or insert a backdoor into all encryption algorithms used in the United States. So that law enforcement, it won’t hinder their investigations essentially.
[00:53:15] John Harmon: Right,
[00:53:17] Evan Francen: Well, it’s just plain old stupid. Um So there there was and you can search bar encryption and you’ll find all kinds of stuff about that. The the article that I’m referencing is from bank info security dot com. Uh, the encryption backdoor debate continues, is the title of the uh title of the article. This has been, I mean, this isn’t the first time and it won’t be the last time that you know, somebody who doesn’t understand and doesn’t, I don’t think, I don’t think fully think these things through and or have the best interests of the citizens at heart. We’ll make this claim right. We need to insert a backdoor. It hinders law enforcement. Okay, fine. But the trade off for that is privacy. The trade off for that is communications that I don’t want the government to see, you know, that’s part of, I mean, and some people and I happen to be one of those people that believes that privacy is a right. It’s not a privilege. And uh, I don’t want the government in my crap. Sorry.
[00:54:29] John Harmon: No, they haven’t established a trustworthy enough track record of actually doing the right thing with this kind of responsibility. Um, and for that reason alone until they either a demonstrated or be, you know, don’t uh, you know, keep doing horrible things with our data, like just not inclined to support this at all. And yeah, I mean from even from like a founding father Santana fumble this a little bit. But those, those who would give up liberty for safety deserve neither liberty nor safety, right? That’s uh, see that’s uh yeah, Who’s on the $100 bill it was that, I
[00:55:12] Evan Francen: don’t know like I
[00:55:13] John Harmon: Never carry 100 Benjamin Franklin. That’s the guy, it’s early. Do I look like a $100 bills was a Benjamin Franklin quote.
[00:55:20] Evan Francen: I got tattoos, I got a beard, I drive a pickup truck, I haven’t seen $100 bill and
[00:55:26] John Harmon: no, I’ll do, I’ll use the Washington quote next time. That would be a little bit. Yeah, my my wife
[00:55:32] Evan Francen: And my wife has $100 bills. Go check her purse out.
[00:55:35] John Harmon: Yeah, this is just one of those things, it’s like a slippery slope, All that, you know, whatever it is. I mean I I man, I wish, I wish life are a lot easier for law enforcement, especially in some of these things. I know it’s very important have quick access to information and all of those things. But the
[00:55:50] Evan Francen: but there are other techniques though. That’s what I mean, criminals always make a mistake. It’s just like bank robbers, right? Uh as long as you don’t make mistakes, you will never get caught. But everybody makes a mistake, everybody talks, everybody says something, they’re not supposed to say. So if you want to catch people, you have to use your whole techniques that you’ve always worked and won’t be able to get the encryption,
[00:56:17] John Harmon: the law enforcement community as a whole has a demonstrated history of being unbelievably innovative and you know, finding ways to, you know, really make these things work and to get done the objective, they’re trying to get done. And I believe in their ability to do this and not relying on the judicial and political systems to somehow, you know, supplement that. I think we enable law enforcement to find a way to do this. But that doesn’t, you know, totally trample on everybody’s rights because I think this is another one of those things where, you know, the brass, I’m putting in quotes, you know, like the people really high up in and those organizations who are usually, um, you know, elected officials, Right? So they’re politically motivated are thinking they know what’s best for the, for the guys who were on the ground and really in the middle of it and those guys who were on the ground and in the middle of it, those are the ones I don’t hear from. How would they? Yeah, well, my,
[00:57:11] Evan Francen: so I I commented on, uh, you know, some friends, uh, posts on linked in and twitter and my answer on every one of them was just a simple note. No, not happening.
[00:57:25] John Harmon: This
[00:57:25] Evan Francen: would be a law that I would break intentionally if this became uh, well, there’s just no way. All right. So that’s that, that’s uh, that’s our show. Um that’s how it is. So many cool things going on. Lots of things, cool things to talk about. Actually, too many things to talk about. We can spend an entire day just talking about some of the cool things that are happening. Thank you, john for filling in for brad. I think you did a good job.
[00:57:51] John Harmon: Thank you for having me. Um, hopefully in time this will most certainly be your highest, highest rated episode. So, you
[00:57:57] Evan Francen: know, last week ago, last week’s got the record so far.
[00:57:59] John Harmon: I know they’re gonna go, you know, give the, uh, the apple itunes. I mean, if for no other reason you’re gonna get feedback, they never want to hear from me again. Either way, it will be very excellent. Howard start effect. I’m sorry to say Excellent. Thank you very much. It’s been great.
[00:58:14] Evan Francen: Yeah. Well, and we’ll have you back, we’ll need some updates on project bacon because it is going to be fun special. Thank you to our listeners each week. The number of listeners to our podcast does continue to grow and uh, we don’t take that for granted. So give us your feedback. We get a lot of feedback in a lot of different places. Uh, the, the official place I think where you’ll get the best response to be unsecurity@protonmail.com, email us there
[00:58:40] John Harmon: and you guys are like very diligent about responding and making sure that that’s, that’s curated.
[00:58:43] Evan Francen: Try to man if we haven’t, it’s, it’s not because we don’t want to.
[00:58:49] John Harmon: Brad’s on vacation one.
[00:58:52] Evan Francen: Hello brad. Come on. They don’t have computers on vacation. Um, but you know, some people give us your feedback on linkedin. That’s fine too. Usually takes a little while longer for at least me to respond on linked in one. But keep up the feedback. We, we love hearing it. Um, if you haven’t had a chance to do the ransomware piece, I’ll probably write something new about that fairly soon. If you want to keep up with the most current happenings with myself, john or brad, uh, follow us on twitter. We’re all semi sort of active. Um, I’m @EvanFrancen, brad is @BradNigh and John is @HarmonJohn, email the show and other than have a great week. Thanks.