Podcast

The Guide to Understanding Information Security

A candid discussion about understanding information security and how important it is to understand world events and applying that to our jobs as security professionals.

In this epsiode of the UNSECURITY Podcast, Evan and Brad have a candid discussion about understanding information security and how important it is to understand world events and apply the understanding to our jobs as security professionals. Everyone’s perspective is valid, so all perspectives (especially ones differing from our own) should be considered in our view of both society and our jobs. Give episode 127 a listen, and send comments, questions, or feedback to unsecurity@protonmail.com.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Evan Francen: All right. Welcome listeners. Thanks for tuning in to this episode of the unsecurity podcast. This is episode 127. And the date is April 14, 2021 We had to push back recording again one more the, like the last few weeks man, just push it back a day because uh, I mean there’s a lot of stuff going on. Uh, so joining me is my good friend, great guy, awesome overall, awesome person Brad Nigh. welcome Brad

[00:00:55] Brad Nigh: Morning. I mean, I’m here

[00:00:57] Evan Francen: mm hmm.

[00:00:58] Brad Nigh: I’m not going anywhere. I mean quarantine until May five is the day I get to get set free. So that’s awesome.

[00:01:07] Evan Francen: That’s awesome. That’s actually, that’s coincidentally the day after I get my second shot.

[00:01:13] Brad Nigh: Um, so I’m not, I’m a little bit, I’m not gonna lie.

[00:01:17] Evan Francen: Better than maybe just overwhelmed man. I mean, I’ve been and that’s, and that’s a good segue actually to the whole, this whole episode is just talking about all the things going on. Uh, we’re busy as hell you’re busy as hell. Uh,

[00:01:32] Brad Nigh: yeah, yeah. Yesterday. Uh, kind of gosh, when was that? Late morning. Uh, oh, hey, by the way, we have a project that has to be done tomorrow? That’s like four hours of work and nobody else is available. Can you cover that? Yeah, Yeah. But it’s going to push other things. Right? Good Lord.

[00:01:58] Evan Francen: Well there’s that. And then it’s one thing if like work was life, right? But you’ve got family and then you’ve got everything going on in the outside world, you know, meaning outside of your office. Uh, in terms of, you know, the social justice stuff that’s going on, you know, we had another shooting this in the past week. That’s, you know, we’re, and we’re going to talk to all that stuff because I think as a security person, it helps to put things, you know, into some perspective so I can focus on the things that are right in front of me. Um, because you know, there are times and I think it feels like now is kind of one of those times where it’s just chaos ma’am.

[00:02:41] Brad Nigh: Yeah. And I think it sometimes we get lost in our work and don’t realize what is going on and how that affects the users, right? Because yeah, it’s easy to get television and focusing, you know, a lot of us do that. But hey, wait, we need to take a step back because our, we’re right. It’s about people and what are the threats and that they’re facing from what’s going on in the world,

[00:03:12] Evan Francen: Right? Yeah. So I mean you got the work stuff, which, you know, our work has always been what it is and you know, there, there’s never a shortage. It always seems like you’re getting bombarded. I kind of get used to that but then you know what happens when you have chaos at home and I know that you in the last you know few months I’ve really had to endure a lot of chaos. I mean you’re in quarantine now because you found out what last friday that chicken has tested positive for covid and it’s like oh God

[00:03:44] Brad Nigh: yeah luckily well yeah it was our youngest which is crazy. He’s like a dull oboist risk of getting it. But um yeah we think he actually got it earlier than when he was he got tested positive on saturday but The week of like the 13th he was having headaches and Nausea and all kinds of stuff for about 10 days and then it went away been tested positive and so we think he got it probably from from school. I don’t know, we don’t know. Yeah so now yeah he gets he’s quarantined for 10 days after the test and then my daughters and I are quarantined for 14 days after that 10 day period expires even if we test negative at any point it doesn’t matter like so they’re the schools obviously now and so they can’t go back into the fifth. Yeah and then you know people go well others aren’t doing you know following, its that’s not the right thing to do. Why not put people at risk. I mean

[00:04:51] Evan Francen: well and I mean and then and that’s going to lead to, you know, I think some of the other stuff we’re gonna talk about today is just the rush to judgment, you know, when you have so many things going on, you only have so much time that you can devote to any one thing before you’re going to make a judgment and either move on or you know something. So I think, you know, some of the some of the byproducts are, some of the cause for us as human beings in today’s society is we rush to judgment because we’re just bombarded with information all the time and we don’t a lot of times he’s only the next a chance to vet that information.

[00:05:37] Brad Nigh: Yeah, that’s it, 24/7 cycle, that’s just constantly like you said, bombarding

[00:05:43] Evan Francen: you, right? Because I’ve been just in the last week, you know, because I’m I’m a guy who I like to use reason as much as possible, you know, I want to reason through things I want to, I’m not because there’s also this misconception that there’s either you’re highly emotional or your highly logical. And so if you’re highly logical you must not have emotion and if you’re highly emotional, you must not use the logic, but there’s like this whole thing in the middle of those uh and you know, just sharing personally, you know, yesterday I got up in the morning and I was reading through the news and I was just looking through things trying to get caught up with what’s going on. And I see reactions of people to events, whether they be world events or they be security events and it just hit me. It’s like none of this stuff is making any sense to me. Yeah. And so it’s not making if at that point, if everybody, if you look at the world and you think that everybody is crazy, you know, it’s just like if you think everybody’s a jerk, uh it might be time to get the mirror out and take a look at yourself because maybe I’m the one who’s crazy. So I was like crap, am I crazy? So I spent honestly, yesterday I probably got nothing functionally done other than going through this exercise myself like okay let’s really dig in and figure this out uh just for myself because I don’t want to speak to it if I haven’t like I don’t feel like I have a basis for it, right?

[00:07:25] Brad Nigh: Yeah. I think it’s your discrediting yourself and you say you didn’t get anything done. I mean there’s a lot to say about, you know, we’ve been through that mental health training, you know, leadership about self care and being introspective. So you know it that allows you to, you know, deal with it and now be more productive rather than just always had a nagging and I think that that’s a very productive day.

[00:07:54] Evan Francen: Yeah, well let me, let me, right, So this is what I learned and say this make sense to you. So I think about like how I I guess how I make decisions a lot, you know, how I get to conclusions, you know? So this is kind of how it worked for me. An event happens, right? Whether it be a a death in the family, whether it be a breach, whether it be, you know, whatever, it’s a significant event and it causes an emotional response in me, whether it be anger, fear, grief, um whatever it is, that it seems to be that that emotional response is what gets my attention, okay. You know, so otherwise I’m kind of on cruise control, I’m doing my things getting worked on. Boom, something happens, emotions go like what let’s say, uh

[00:08:52] Brad Nigh: um

[00:08:55] Evan Francen: I mean to take something street just off the top of my head, let’s say that somebody, somebody slaps my wife, that’s going to create an emotional response in me almost instantly. Right? Anger boom. What the hell? Well, then it seems like at some point there’s a reason thing that happens now. If if the if the emotion is mhm. You know, on a scale of 1-10, if it’s like a 10, it seems like it takes a little longer for the response or the reason to come. Whereas if it’s like a three reason kind of comes in and sometimes I don’t even notice that it happens,

[00:09:38] Brad Nigh: you know what I mean? That makes

[00:09:39] Evan Francen: sense. And so it kind of goes like this like somebody slaps my wife at some point, reason comes in and I’m like why am I, you know I’m angry as hell first, right? That’s the emotional response. And that’s like why am I angry? Well because somebody slapped my wife. Yeah, what am I going to do about it? Those are all reason type responses, you know what I mean? Still influenced by the emotion, but I’m reasoning through it and then you know, you get to this like okay how would I solve that problem? Yeah. You know I mean how am I going to deal with this anger now?

[00:10:17] Brad Nigh: Yeah, I mean that’s a pretty you’re right, that’s an extreme example. But I mean it’s a good good way to put it in perspective because yeah all these things happen. Like I just I just sent you right right before we recorded that there’s another exchange flaw that’s out there. It’s like, oh my God,

[00:10:40] Evan Francen: right, yeah there’s your emotional response you like seriously? Maybe it’s anger. Maybe it’s frustration.

[00:10:46] Brad Nigh: Yeah. So yeah and then probably reason through it and you know, you know what’s the uh we’ll talk through it in a mentor program and it’s like you know what is the number of errors per X. Number of lines of code and how big is exchanged. Yeah there’s it’s going to happen? We know we’re human it just seems like you’re just like, did we just do this? What the hell?

[00:11:14] Evan Francen: Yeah, I’m getting tired of recruiting my damn operating system. I know that.

[00:11:18] Brad Nigh: So yeah, I think you can definitely tie that exact type of, you know, reaction and we all know that what happens in your personal life affects your work life. I mean, there’s just no two ways about it. How you respond at home is how you’re gonna respond at work so that it is relevant.

[00:11:38] Evan Francen: Yeah. Well, and the reason why I go through this too is because I’m not a person who so you know what motivates me in life. Like let’s just take it back even a step further, right? Because this is like who I am. Um And people think it’s like corny or whatever, but I generally love people. Yeah. I love people. It hurts. It doesn’t matter what color I am. It doesn’t matter what walk of life it is. I I want to be part of the solution. I want to help people. I don’t like seeing people suffer. I don’t like seeing people getting taken advantage of it. Uh It’s heartbreaking to see uh anybody, you know, get killed. But you know, the events of the last week where, you know, this young man, Mhm. You know, loses his life, right? And that affects his family, it affects his community, it affects the world, you know? Um So why? You know? So love is kind of what drives all of this, right? And then I thought, well, it’s love and emotion. No, love is not an emotion actually. It’s a decision, right? So it started with reason, right? This is the reason why I do what I do. This is the reason why I get up every morning. This is the reason why I’m so passionate about information security and helping people and loving people. This is why I’m so passionate about training people for the CSP mentor program. And the same thing goes with you whether you know it or not, you don’t do this just because I mean there’s a reason behind doing that,

[00:13:11] Brad Nigh: right? Yeah. I mean, I agree. You know, and my, you know, for for me, my daughters are like, don’t you wish you would have had something like that when you were doing setting because they were old enough to remember like coming home from work and just opening up that the Sean Harris book and just taking notes and reading every night and don’t you wish Yeah, that’s why I’m doing it. You know, I don’t know if I can get back and make it easier for someone else and you know, it’s not an easy thing to go through. So it’s let’s help someone. Yeah.

[00:13:53] Evan Francen: Yeah, absolutely. So you know what I’m looking at like the riots that are happening uh, in in our neck of the woods, right? I mean, we’re from Minnesota. Yeah. You know, if I do a knee jerk reaction to that meaning, I don’t take into account? I don’t use reason. I don’t take into account other people’s perspectives and all this other stuff. You may look at the rioting and go, well, that’s just stupid. Yeah, well, it’s not stupid and I’ll tell you why it’s not stupid because that’s an emotional reaction, right? They, it takes a little while before you’re like the emotions to subside. Like taking to take the the death of my dog last year.

[00:14:36] Brad Nigh: Yeah.

[00:14:37] Evan Francen: That hurt, right? There was nothing I could do about it. They say time heals all wounds. So that emotion over time eventually subsided. And then reason could enter into the equation and we don’t know, I don’t know what it’s like to walk in a black man’s shoes. I don’t know what it’s like to live in that community. I don’t know the level of rage and emotional response that they’re going through right now,

[00:15:01] Brad Nigh: right? It was. And just to dismiss that feeling and that emotion is, I mean, to me, it’s just as bad as write anything else. Like how, how do you, like you just said, I don’t know what that’s like, how am I gonna be like, well why are you doing this? I don’t know. I’m not gonna, I’m gonna if they’re feeling that way? There’s a reason, like you said, how can we figure that out and respect that?

[00:15:32] Evan Francen: Oh, exactly. And because I think the wrong thing to do because I’ve had you know I have disagreements a lot with a lot of different people and that’s okay to have disagreements. Yeah. The thing you don’t want to do is like everybody’s got a perspective perspective, you know form sort of your reality. Mhm. Right. Where I live the people I hang out with, the things I do uh all these experiences, you know kind of come into me and I’m like okay this creates my world. The last thing you want to do is when you talk to somebody else who has a different perspective is tell them that their perspective is in balance

[00:16:11] Brad Nigh: right? I’m just saying I agree,

[00:16:14] Evan Francen: right? Because what you’re telling them is that their reality isn’t valid, You’re making them insignificant, right? And that’s the wrong thing to do and I’m saying this because this isn’t a black or white thing, this is a person thing, that’s a human thing, We do this stuff all the time. Just on saturday. Somebody was uh somebody was talking about social justice warriors on twitter and one of the people, one of these are security people, right? Because we live life to its not all security all the time. Uh I was talking about social justice and he had replied that essentially conservatives don’t give two craps about social justice. And so I was like come on. So I replied I’m like this comment, I’m not saying you and I’m not saying your perspective. I’m saying your comment is bullshit, it’s divisive, it’s not helping.

[00:17:12] Brad Nigh: It’s the same as the other way when you lump everybody under, it’s under that one stereotype. Exactly. That’s not the reality. I mean, there’s always going to be, uh, like layers or degrees of things right now. It’s like, yeah, especially when it’s that broadest stroke.

[00:17:38] Evan Francen: Well, and so I replied, I said, you know, I’m a conservative and you have no idea how much I care about social justice stuff. You have no idea how much I pour my heart into helping other people and loving other people, regardless of your skin color, regardless of your background. You have no idea that I’m trying to work on building a non profit organization where we can open up training centers in inner cities, you know, to help right? People build careers because I think that’s the solution. If you give people something, no one goes back to the biblical things to write, teach a man to fish versus giving them fish. Let’s teach them. This is all these are life skills. So don’t tell me because I’m a conservative meaning that I believe in, I don’t know whatever I believe in for the conservative values that I don’t give a shit about social justice. That’s wrong. It’s not true. Well, just like me saying the same thing about people on the other side of the aisle, right? It goes both ways. Not all I mean, when you talk about our political stuff, it’s not all democrats are, you know, baby killers and you know, you know what I mean? Come on. No.

[00:18:50] Brad Nigh: Right. Well, and I think that goes back to and you cut it, bringing this around. It goes back to the 24 7 news cycle. We’re constantly bombarded. And you know, that’s where you see, Yeah, the those big stereotypes of her and then we all know like you don’t think that there’s Attackers taking advantage of this back fishing and all that. We see it with every single natural disaster. We see it with this. So I mean, yeah, or security people, but you how you can’t not be aware of what’s going on and not take that into consideration because It’s one has users.

[00:19:34] Evan Francen: And I think one of the things that makes a security person a good security person is their ability to use logic and reason to work through problems. Right? So I think there’s an opportunity to, to take those same skills and apply them to life, right? Like take and we take the most recent event. Let’s not because I don’t also, I’m not one of those guys where I want to shy away from, I don’t want to ignore it. It doesn’t go away. There’s, there’s not some magical like thing that happens where it’s like, hey, Yeah, no problems anymore. No, you, we have to work towards a solution. And the second thing is we all have to be or at least a huge majority of us need to be part of the solution right now. Otherwise what do you do? You kill off the other half. I mean you have to work together. So that means you have to respect each other. You have to take the time to understand different perspectives and the way this applies to my day to day work. The ceo doesn’t understand crap about information security. Why? Rather than getting angry and frustrated and beating my head against the wall. Why? Well, I am not speaking the right language and I’m not putting it into a you know, am I not packaging it? Right? I mean,

[00:20:51] Brad Nigh: yeah, instead of jumping to cut, he’s an idiot. Well, I think you can get dangerous, right? Absolutely. Well, I think you hit on it with the respecting and it goes to our internal kind of mantra of of give grace like, hey, somebody’s pissing you off or somebody does something, take a step back. They didn’t, you know, try and figure it out. Don’t immediately be like, why is he even doing that? Well, think about it and go, I bet he had no idea. I know personally I did something and I got called out and it was not intentional by any means. And I was like, oh my gosh, I am so sorry, right, right? Like get and the person gave grace and they’re like, hey, did you know? I was like, you know, did not my bad.

[00:21:46] Evan Francen: You know? Right? Yeah. Well that’s, we can, what we, what we witnessed. So like, let’s, let’s say that, you know, you and I, right, we have good relationship. You know, I mean lot of respect for each other, A lot of love for each other. Um, I see, uh, I see you do something, right? What I saw was the thing you did what I didn’t see. And I can’t tell is the motivation or the intent behind it. And so that’s where we, you know, you need to engage. I’m like, hey brother, you know, did you know you did this thing, you know, you know, Oh no, I didn’t realize that did that. And here’s, you know, here’s why it might have happened. We don’t do that. We just go like, oh, I saw this event happened, burn it down or do whatever. And, and that’s an emotional response. But where does the reason come in? Where does like, okay, let’s solve this together.

[00:22:41] Brad Nigh: Right. Well, and we see that from secure people about users all the time. And you know, they’re like, I can’t believe the user did this. Well, time out, isn’t it? Your job to train them and make them aware. So they know not to do that. So instead of jumping to immediately, that guy’s an idiot, take a step back and figure out, you know what’s going on and not immediately throw blaming everyone else?

[00:23:11] Evan Francen: Well, how often do we? Yeah, exactly man, and how often do we uh ask a user what they think versus tell them what they think.

[00:23:23] Brad Nigh: Oh, and I think that’s a, well that’s a big part of the communication gap and something that you know you’ve been vocal on and I think you’re dressed very well in the first book. And I know we’ve we try and it will preach that and any time we do is the phishing campaigns or whatever, Hey, use this as a learning opportunity. Do not punish people. They should not be punished for this. This is like eight. This is why we’re doing it. Let’s use it to educate and explain. Not be like, I cannot believe you clicked on it, You’re the only one. How is that productive?

[00:24:06] Evan Francen: Right? Right. Yeah. So going through that process, I think of, you know, here’s the emotion, here’s why do I feel this way? Why do I, why am I you know here and then how would I solve it? Right. What are some good reasonable things on how to solve it? Now, if the solution seems, I think outside of your with the house meaning it’s like this is a, this is an elephant. You know what I mean? You they have a saying, right? You eat an elephant one bite at a time, get other people involved, get other perspectives involved, you know, in if you if you have it in you get other perspectives that, you know, you’re going to disagree with.

[00:24:51] Brad Nigh: Oh, I mean, that’s why I was like, having that diverse team. You don’t want bunch of the Yes men, right? Right? Not gonna usually end well, but you know, and I think according to get back to that uh mental health training, we did have a really good, I guess, approach monster or whatever you wanna call it. It’s, you know, it’s our job to recognize and understand if somebody’s having an issue, but it’s not our job to fix it. Bring in the right people, right? You cannot fix everything. You cannot be. It’s just not reality. So don’t be afraid to like, be like, all right, I need to bring in, you know, whoever because I don’t understand this or I know it’s above, you know, above my head. I don’t I’ve never dealt with this, and I think, you know, going back, a lot of people don’t do that because of ego, pride, whatever. But okay, I don’t know if I don’t think I’ve ever judge someone for asking for help.

[00:25:57] Evan Francen: Why would you why don’t you bring up a good point? Because I didn’t understand uh one I think so through all this because I’m learning, right? I’m me, we all should be learning. So when it was somebody was talking about systemic racism and I was like, help me understand what that is. And give me, give me an example. Yeah. And the first person I’d asked, you know about that essentially attacked me, Oh, you’re so ignorant. I was like, yes, that’s why I’m asking, you know, ignorance is means, I don’t know something, you know, calling me ignorant doesn’t hurt my feelings. You’re calling it out. I got to help.

[00:26:44] Brad Nigh: Right? Well, and that’s the problem. You know, people jump to that conclusion. I don’t know if he saw that there was Hankers area who does all those voices for the Simpsons uh came out and I guess a couple years ago, so he’s no longer going to do the voice of the blue of the uh the in store clerk. And then he came out yesterday and it was a polish guy. The article came out, I saw um it was apologizing and it was I mean I was it’s very similar to what you were saying. He’s like, I didn’t understand that. I was, what I was doing was so offensive. I thought I was just playing a funny character, I didn’t realize. And

[00:27:28] Evan Francen: but I question that too, it’s like is it offensive? Because well when you talk to that community, because I’ve talked to people in that in that community about things like this and they don’t find it as offensive. At least some don’t find it as offensive as we think it is, because I think a lot of times we’ll just jump to conclusions, like I’m gonna change this thing. It’s like, well I get where your heart’s at that. It’s a good place to come from. But are we changing things? Just jumping to conclusions that we need to change those things?

[00:28:06] Brad Nigh: Yeah. Well and where it’s going is that he did a lot of that self reflection and talking to people and educating himself and, and you know, it was a good process, right regard. Obviously when you look at that, a lot of that is a very personal decision and understanding that. And so it was just kind of resonated with what you were saying, Hey, let’s, instead of just immediately going and saying whatever, giving it lip service, learn about it, educate yourself and make a good educated decision based on, you know, reason and in fact not that immediate emotional knee jerk reaction.

[00:28:51] Evan Francen: Right? I think it’s okay to, to, to embrace the fact that other people are just different, right? It’s okay? Like because I think, uh, you know, comedians, a lot of comedians have been coming out about, you know, the, the cancel culture stuff or whatever. Uh, because it’s like, what’s off limits and what Yeah, I mean, it can get really confusing and I think what I’ve always told people just be yourself, if people find it offensive, they don’t have to listen anymore. They don’t have to, you know, I mean it’s okay for not everybody to like me to not be in this. Like everything I do is politically correct. Everything I do is no, that’s not how we were created. We were created as unique individuals. We need to figure out ways to live together to love each other. You know, it’s not beat each other up.

[00:29:48] Brad Nigh: Yeah. Well, and I think that last piece does the important part is, yeah, you can have a different opinion but be respectful respect. Other people respect that. They have their own opinions. You don’t have to agree with them, right? It doesn’t mean you get to, you know, integrate them, put them down opinions

[00:30:09] Evan Francen: well. And even like offending people, write it if somebody offends you. Yeah. So be it right? You don’t go and try to change them. I mean there’s different levels of offense to, but I mean, man, you go through life, you go through life and go through like every day where I’m going to be offended probably five times today. Okay. Big deal. They have their opinions. It’s, they’re valid, right? I don’t think that’s accurate and I don’t think it’s enough to make me want to change who I am as a person or change my behaviors validated. You know, but I’m not, I’m not gonna attack them for it. You know what I mean? It’s just this were dynamic and this stuff is really important in information security because it reflects. It’s the same. There’s so many parallels between what happens in society and what happens in security because the people sitting next to you have an opinion on things. The people next to you have an opinion on, you know, and go right at what’s happening right today, right? You have people that have an opinion that uh, we should abolish the police. We have an opinion had. That doesn’t make any sense, Right? So, and they’re in your workplace, all these opinions are in your workplace. So when you’re doing your security stuff, you have to accommodate, you have to account for and then you don’t come right out and say, hey, what do you think about this? You just have to recognize that those things are existing so that when you’re doing your work, you need to get their perspectives on the work you’re doing. You can’t just do this in a bubble.

[00:31:51] Brad Nigh: Well, yeah, exactly. It’s when when security becomes a hindrance to the business, that’s when you lose your voice, right? Your your impact. So yeah, you got to understand that everybody is going to be different, have different opinions. Alright, well, here’s what we got to do. Let me get some input on what people think and then figure out what’s the best way that I can secure things and still accommodate as much as I can,

[00:32:24] Evan Francen: right? Because you’ve seen, like it’s cool to see because we’ve been preaching for a while that the best Csos are people, people the best Csos our business. They understand the business the best csos aren’t hackers. No, there’s a place for hackers for sure. You need them. They’re awesome. But they don’t necessarily make good see selves.

[00:32:49] Brad Nigh: Right? Right. And I mean we’ve seen in a lot where you have a good C says that maybe are super technical, if you don’t have what you would consider, you know, the best security chops is we’re already you want to define that but they understand it and they can yeah, deal with the business and translate and communicate with both sides. They understand enough of the big picture to be effective because you have to be able to communicate with all the different people, all the different opinions, all the different viewpoints, right? And then get the business to buy and hey, we gotta lock things down

[00:33:32] Evan Francen: well right. Or at least make sure that the business is well equipped to make good decisions so they decided not to lock things down. They understand the risks in not doing so the uh because we’ve been preaching that for a long time and you’re starting to see that more and more. I see more and more articles about A C. So it’s need to be people, people absolutely 100% agree. The best t cells are good leaders, the bestsellers lead from love or the care of whoever that is that they’re protecting whether you’re protecting your own company’s data. Therefore the employees and their livelihoods or you’re protecting your customers data meaning the people that come and visit you. The people that come and trust you with their business. You’ve got to feel that weight because those things need to be integrated into your decision making. You need to get perspective. So if you don’t, if you just assume that everybody who does business with you wants these controls maybe, I mean that might be true. We may think, well, we have to do multifactor authentication. Yeah, probably. But talk to your customers. Talk to your customers. Do you not? I don’t know if I’d asked necessarily say do you want multifactor? But how is your experience with multi factor authentication? How can we make it more uh usable for you more? Seamless.

[00:34:58] Brad Nigh: Well, I think also, Yeah, exactly, asking and understanding what you’re protecting, you know, that’s what do I care if my uh, you know, walking for Washington post or whatever has multi factor. Not really like what are they gonna do? We read the news. Okay. My bank. Yeah. Right. Right. So I understanding, you know that as well and I understand what you’re users think what’s their tolerance, Right?

[00:35:38] Evan Francen: Yeah. I think so. When you look at what’s happening in the world, I think using those same skills, taking them into the workplace makes everything better. And it blends it it it makes it makes sense more when the time is right, you mean we have to let the emotions play out because they’re deep, they’re strong their legitimate about what’s going on in um, you know, with relation to, you know, police killing, you know, black people or people in the, you know, in those communities, you have to let that sort of simmer a little bit or you know, at least work itself out so that you can them insert some reason what I don’t want and what frustrates me. And I think we need to stand up against it is making these rash decisions before you let that stuff play out. You know what I mean? Like you’ve seen you’re seeing people calling for leaders right to leave from, uh, michigan uh, oh, see, right. Uh, coming for the abolishment of police. Well, is that let’s talk, Okay, that’s a perspective. And I think you got to talk through it rather than just discount it too. Right? You don’t want to be like, well, that’s just stupid. Well, no, I mean maybe, but let’s walk through that. Let’s talk through what are the pros and cons? What, you know, what’s the reason why, first of all, what’s the reasoning behind it? Why would you suggest such a thing And what would be the outcomes of such things? You know, you know, you just have to take these things into

[00:37:16] Brad Nigh: account? Well, it’s like you just said, what is there, what shape that respect for them, Right? Like how can you make a decision without understanding where they’re coming from regardless. I don’t care what side it’s on? I want to. Yeah. Okay. Okay. So why, why are you saying this? Like, why did you do the thing you did? Okay. And Exactly. I don’t necessarily have to agree with it, but you have to acknowledge it.

[00:37:49] Evan Francen: Okay. Well, that’s that’s how you function as a society, right? You’ve got different views, different people, different motivations. It’s like, okay, on the surface, to me, it seems crazy. But yeah, that’s your perspective. Somebody’s I’m telling you is I’m telling you crazy. Mhm. I don’t think you are. So let’s why did you, why do you, why would you suggest this? I mean, we just need more of that. We need more because that stuff plays at the sea. So to write in my job, somebody a user might have some suggestion or they might, they might do something that just seems absolutely crazy. Yeah. Rather than just reacting out of emotion or without thinking what you don’t ask. Why do you do that? Why do you feel that way? Why does that? What does this hurt? You know what I mean?

[00:38:42] Brad Nigh: Well, yes, I mean, you know, personally thinking about it, it’s his shadow. I’d right. I thought it were the business goes and I software and then it’s like, hey, we’re going to use this. We already paid for it. And you know what, what are you what is wrong with you? Did you do anything? Like, did you vet this? Did you do follow any of the processes? But that was my initial response? And that was not to them, right? It wasn’t like to their face. But yeah, you have that emotional response then it’s like, okay, so what is what is your goal with this? Why did you do this? You know, and trying to understand it? And yeah, in this case they bought software that needed additional, you know, simple licensing we didn’t have in service. It was, you know, it was it was a bad decision in terms of that. But helping understand and say like, okay, so take these things into consideration and educating and and and understanding where they’re coming from because if I if I know their thought process, I can be more effective because then I know what to say and how to say it and how to connect with them better. Right?

[00:40:06] Evan Francen: So that’s that, right? And you know, bundle that up, you know? But I also don’t want to be naive, right? Because there are people leaders in particular who take advantage of other people, right? There may be times when when you engage with somebody and you determine that either they have no reason or the reason isn’t noble right? There. The reason is harmful or they just haven’t thought at all. Right? And so there are times to where Okay. Mhm. But you won’t know in particular. So take I’ll take that same to leap because it to me on the circus. It seems crazy. But engage. Tell me the reason why this would work why this is a good thing for us, why this is a good thing for society rather than just count it and call you crazy. I might come to the end and come to my own conclusion that after we had this engagement. Yes, you are crazy or that’s a valid point or you’re trying to manipulate me. You know, are I mean you have to just we have to work through these things but I don’t want is people to just be like lemmings, you know, just follow along, you know? No no no no no that’s if you’re following the wrong leader, you’re gonna end up off, you’re gonna end up going off the cliff. Right

[00:41:34] Brad Nigh: right.

[00:41:35] Evan Francen: Uh because you see a lot of that too, you know, it’s just like I believe in this because you know, I’m a republican or I’m a democrat, I’m a trump or I’m or whatever. No, no, no hold up bro. There’s some stuff that you know, I didn’t write, probably think through it. Talk to it. Yeah. I also find that I find when I engage with people and ask them why they feel the way they feel why you do the things you do uh that oftentimes they don’t have a reason. Yeah

[00:42:08] Brad Nigh: wow. Uh well I don’t know if that’s made

[00:42:12] Evan Francen: it. I have

[00:42:14] Brad Nigh: a reason. They may not understand their reason.

[00:42:17] Evan Francen: True. Good point. Yeah.

[00:42:20] Brad Nigh: Yeah well what this goes back to the business, Why are you doing it that way? That’s how we’ve always done it. Okay. Well, what, what, what, that doesn’t that’s not a reason. What’s the reason you’re doing it that way?

[00:42:35] Evan Francen: Yeah. Maybe. What was the reason behind that? Right? When you originally decided to do it this way? What was that? Right?

[00:42:42] Brad Nigh: Exactly. Where did this come from? Because saying, yeah, we’ve we’ve just always done this this way. So, you know, we’re not changing it. Well, why are you doing it this way? We’ve always done this way isn’t the reason, right? There was a reason that you started doing it this way. What is that? And I think a lot of businesses don’t, uh, and people, because, you know, people are running businesses, they don’t do that. They just go with it and don’t understand or know what the reason was.

[00:43:17] Evan Francen: Yeah. I think all these things are learned skills, uh, being able to look at things objectively. Um, being able to try to, you know, take facts in their account, put emotions in check it. You don’t need emotion. So the last thing I wouldn’t want anybody to do is like, I’m just going to suppress all my emotions. You’ll probably end up the mental disorder if you try to go in there. Yeah. And, and the way I know that I still have emotion is because like I cry. You know, I mean, I watch a movie and I’m balling my wife is like, what the hell is wrong with you man? It was crazy movie? I mean and I care deeply about that, you know about any community. I care deeply about the black community, but I’m also not going to just do, what do they call that? Um uh when I oh shoot when you say like I use this for should I can’t remember the word but basically saying I care because it’s you know, I’m going to get points.

[00:44:27] Brad Nigh: Yeah. Yeah. I don’t know. I yeah, I get what you’re saying. It’s not just lip service.

[00:44:35] Evan Francen: No, no. So and if we don’t do something, we’re just gonna repeat this again and again and again. It’s gonna get worse and worse and worse. Just like any other problem you ignore.

[00:44:45] Brad Nigh: Right? Well and yeah, how does this not bleed into the business? Right? Just think about it from a physical security perspective. And I’m not just are you taking these things into consideration because you have to know where you’re at. You have data that you have to protect regardless of? Okay, you know what the threat is. Are you, are you aware of these areas or right downtown? Maybe it’s a higher threat then are you know, a small country city or town? Right, So you know, understanding the big picture, looking at this holistically is really the only way to be successful or you know, go towards being successful. You can’t ignore things you can’t assume, you know? Well it’s political, It’s not gonna be, it’s not relevant to work. Okay. Do you have people working for you? Because do they just check all their everything at the door and they’re robots? Because that’s just not how it happens,

[00:45:55] Evan Francen: Right? Yeah. We had like one of the CSP students, you know, reached out to me. This is somebody that, you know, I already know that she lives in, I don’t South Minneapolis or somewhere in, you know, sort of the the hot zone, right? Where the emotions are running high where people are, you know, they got to work it out, you know? And uh she, you know, messaged me and said, hey, I’m not gonna be able to make class tonight, you know, because you know, I’m just kind of a I think an emotional black maybe and just you know, kind of dealing, working, working through all these things and bring it, don’t worry about it, you know, it’s recorded. Um but you know, maybe even taking inventory of where you’re, you don’t want to violate privacy, but do you have employees who live in places where there are some really significant physical threats and you don’t know, and maybe you can reach out and help, you know, maybe you can ah and I want to be really careful because because I see it happened on both sides, you man, I mean you got to be able to, you know, just respect and incorporate all these opinions because you’ve got, you know this, it’s highly emotional, there’s a lot of uh and call it what it is, right? Writing is writing, but okay, right. We’re not going to rush to judgment. Just say we’re writing a screw you send in the National Guard. They need to, there are people that are deeply, deeply affected, their emotions are running high. You can’t invalidate it. Uh you also don’t you also don’t condone it, but you’re like, when the time is right, we can have a good logical, reasonable discussion on how we can solve the problem. Yeah. Well, and that’s what needs to happen, man.

[00:47:53] Brad Nigh: Yeah. And I think a lot of it, it goes back to mental health is this has been a long simmering. They’ve been this isn’t this didn’t happen overnight, right? A long time of their emotions and building up and not having a release because people were willing to have that open conversation because it is, let’s be honest, it’s uncomfortable. It’s not always a good fun conversation to have.

[00:48:25] Evan Francen: But but I think, I think the more you talk about it, the more it doesn’t become a comfortable conversation, right?

[00:48:30] Brad Nigh: I agree. It’s getting that started right? Because so many times people and just rush to judgment like use it. You’re ignorant. Well, yeah. Help. Help me. But people don’t think that second piece, they don’t want they stop at are you too ignorant? I want to learn. Like I well

[00:48:56] Evan Francen: and really, I mean look at when you look at yourself, right? When I look in the mirror, there are many, many things I’m ignorant about, right? I ask questions about the things that I care about. So I take it that way rather than like, oh, you’re so ignorant, I’m glad you’re asking questions. Because here’s the thing. Another thing that doesn’t help is for us to be guilty about who we are, for us to feel like, you know, you know, take white privilege for instance, that’s one thing that’s been kicked around a lot. White privilege is a bad thing. That’s not true privilege is not a bad thing. It’s how you use privilege. That’s the bad thing. If I use privilege to beat down other people, if I use privilege to hold other people down. If I use privilege to is in a selfish way. Okay, That’s probably bad. If I use privilege as a way to help to give back to solve problems. Well then that’s a good thing, right? But it, you know, itself is not a bad thing. It’s how you use it, right? It’s just a you know, basically it’s just a hammer, right? But big hammer? So let’s use it to break down some walls or whatever. I mean, I don’t know. Yeah, because I don’t feel guilty about being a white, that doesn’t help. It’s not something the problem, write me feeling guilty for who I am. How does that solve problems, what what solves problems is helping you feel good about being who you are trying to build your community up so that we can do this stuff together, right?

[00:50:31] Brad Nigh: Yeah. Like take advantage of what you have to help someone else not take advantage of them.

[00:50:38] Evan Francen: Exactly. It’s like George Clooney. I saw George Clooney and I’m not um, kind of like him kind of dumb, but I think I saw something like he called or emailed or something, The attorney for the in the shop in trial and all that stuff, uh, and gave some tips and I’m like, yeah, Okay, here’s a guy with a net worth of $500 million dollars lives in a place that you and I I have never seen, you know what I mean? Talk about perspective and I he does that thing. That virtue virtual signaling. Is that what it’s called? Virtue signalling? Virtual virtue signaling. Okay. It’s where you know, I’m signaling that I’ve got these virtues, but really do you put some action to it right? If you care so much about certain things, certain communities, you would give more to it. Yeah. You participate more rather than lip service rather than, you know, an email here or you know, I’m not, I don’t know what else George Clooney does. So I’m rushing to judgment myself on that. There’s probably a ton of things I don’t know. But on the surface it’s like, okay, do more, You know when you have like, uh, you know, Jeff Bezos for instance, I mean you’ve got billions and billions and billions of dollars if you want to truly wanted to make an impact in inner city communities, I think you could. I don’t think it would be, I don’t think he’d set you back much in terms of your lifestyle or quality of life.

[00:52:15] Brad Nigh: Yeah. Well, and I’ll jumping to do, I don’t know what he

[00:52:20] Evan Francen: does. It’s

[00:52:22] Brad Nigh: like, hey, you got all this money. Well, you know, Bill Gates is a good example. Hey, he’s the richest man in the world. What the hell? Well, if you look at what he did and I just happen to know what he’s done. You know, he’s working spending millions of dollars in malaria to fund all these humanitarian emissions. So okay, take a step back. Why does he need that much money? Because that’s your initial emotional response of like really does anybody need that much?

[00:52:52] Evan Francen: But when I don’t even feel, I don’t even feel like that, I’m just feeling like if you’re going to talk about things and stand up for a cost and give more to the cost, you know what I mean? Without, I’m not big on forcing people to do anything, you want to have a trillion dollars, you will have a trillion dollars. I’m not going to judge you on that either, but to have a trillion dollars and then point fingers and say, you need to change this, You need to change that and vote for this person blah blah blah. It’s like do more. Yeah, we can all do that. I can do that myself. Right? I mean, I I live in a suburban house. Got a Harley. You know, I’m doing all right. I don’t feel guilty either because I feel like I am giving where I can where I should, right? So,

[00:53:32] Brad Nigh: I mean, you know, part of it worked really hard to get where you’re at. It’s not like it was just given to you and you’re doing it right? You you’ve worked hard and you were too an insane amount of hours now even. Yeah. So yeah, I wouldn’t feel guilty about that. But you do give a lot back. I mean this is what you’re When did you leave? It was the mentor program started this the 11th year of

[00:54:02] Evan Francen: it was 12

[00:54:03] Brad Nigh: 12. Yeah. I mean that’s a lot of time because it’s not I think people don’t necessarily understand. It’s not just showing up for that two hours, right? Like hours of prep to update things and make changes and you know, it’s I spent an hour and a half yesterday getting the slides ready for today, right? You know, it’s because you got to go through it and remember it and you know the way I look at it from that side of it is Uh we’ve got what, 6000 people there counting on us to provide them good information. I better know what I’m talking about. Right. So you, yeah, that, that, that, that also doesn’t mean you can’t understand and respect the other side of it. Right? Right. So I think it’s just a, yeah, I think we’ve just gotten so polarized overall

[00:55:02] Evan Francen: that we have man. And it’s sad because it’s going, it affects everything. It affects people at work. It affects our ability to do our jobs and protecting people. It affects uh, to so many parts of society. And at some point you got to like, hey, let’s repair, let’s build systems that, that work and repair the systems, you know that are broken. Yeah. So I think that I really appreciate the conversation because what’s your option? You know, if you don’t talk about it, if you don’t deal with it, you just ignore it

[00:55:46] Brad Nigh: well and and get you back to emphasize how many businesses, but how have you heard we are we haven’t had a breach yet. So I don’t need to do that. We haven’t been happy. Right? It’s the, it’s that mindset that’s the problem, right? You can’t the ostrich sticking their head in the sand. You can’t do that. Nothing productive is going to come from ignoring a problem.

[00:56:13] Evan Francen: Right? If any, you do more damage. Right?

[00:56:15] Brad Nigh: Mm potentially do a lot more damage. Yeah, I mean, again to get to incident response, how many companies could have I can think of off the top of my head at least three that said, no, we don’t need to do a risk assessment because it’s not going to happen to us. And then they come back and spend 456 times what they would have spent on that risk assessment on incident because they got ransomed. And if they’ve done this simple thing, it wouldn’t have happened because you would have said, hey, did you know this is open to the internet or you know, it’s just these simple things that could that yeah.

[00:57:01] Evan Francen: On And and you’re right man. And those things are so rooted and logic in reason, in wisdom and experience. So I don’t, if you’re running a business, you can’t say you have an information security program. If you aren’t doing these fundamental things right. If you if you don’t, if you haven’t done a risk assessment because information security is risk management period. I mean, it’s nice to see that you’re seeing that written more and more to because it’s always been that always right. You’re going to have to live with some risk, ideally you’ve identified that risk you’re living with. So you’ve got some mitigation some controls around it. Or maybe this would be our response if somebody did this thing. But it’s, you can’t say you have an information security program. One without defining what information security is and what information security is. If you haven’t defined it is risk management. You can’t manage risk unless you’ve done a risk assessment. What is my risk and made risk decisions and then start, you know, I mean, these are fundamental basic things. They’re all rooted in logic. They’re all rooted in experience. Uh and if you’re not doing it, you almost have a basis to judge. But there must be a reason why you’re not doing it. Let’s talk about that. You know, I mean, do you not know what information security is? That’s okay. I mean, a lot of times we attack people because you don’t know what this means.

[00:58:36] Brad Nigh: Well, I think that goes back to exactly what you’re saying of the, you know what you’re ignorant. Yeah. But the flip of that is a lot of people don’t want to admit it because so many people have that response, right? Hey, I need help here. Really? What is wrong with you? And I think honestly it’s very, it’s probably more common for that response in information security towards users than in the general public. Like the percentage of in for a sec, you know, people. But I mean, I think you look at it, they talked down and looked down on the regular regular people. And how is that benefiting or being if you’re being dismissive of them, do you think they’re going to buy into what you’re trying to do? No.

[00:59:33] Evan Francen: Right. Right. And well. And it’s it’s uh, it’s about that perspective to write, I can judge on the so you’ve never done a risk assessment or you’re not doing risk assessments on a regular basis? You’re not treating information like its risk management. Okay. The next thing is why, you know, I understand the reason why they’re not. Is it too complicated? Have you done one before and it was a poor experience. Have you done one before? And the report just sat on the shelf and you saw no value in it? There’s a reason why you’re not doing this, Is it too expensive? Do we need to drop price so that it can be a more affordable for you? Is it operationally cumbersome? Do we need to figure out a way to make it more operational for you? I mean instead of just saying whatever or just ah you know, moving on. I mean I think a lot of times just have a conversation about it. How are you doing information security, all you’re doing these things, you know, as a friend or as a you know whatever. I once you’ve built that report, I’d like to point out some things I think you’re not doing right?

[01:00:47] Brad Nigh: Uh or Yeah and it’s a lot about it, how you have approached you, hey tell me what are you doing this? You know what, tell me why, where how did you come to the decision, why are you doing it this way? Right? And I know I’ve made that mistake where I’m like, oh my God, what are you, what is what are you doing? And thinking that. But then going to them and they’re like, oh look and they have a valid reason. You’re like, oh okay, fair enough. They’re aware of that. They understand it and okay, cool. Because my immediate emotional response was are you kidding me? What do you do it this way? And it’s taking that step back and not being judgmental and letting that emotional response going to play out and then going, okay, why exactly I need to understand is that are

[01:01:44] Evan Francen: yeah, well in reaching out to, you know, we did that survey about, you know, where we ask users, you know, a whole bunch of questions and yes, no, you know, kind of objective questions and these were normal users and we knew they were normal because we filtered them out. Right? We certainly surveyed, I don’t know, thousands of people. And the one question that was open ended was what, what can we do to make information security more I think usable or valuable for you? Yeah. And made a word map out of it. And the one thing that stood out out of everything else was simple. Mhm. Make it simple. And the type. And I was like an epiphany right? They told us that essentially what’s the opposite of simple, confusing and information security is too confusing. Too complex. Okay, well then let’s simplify it. And that went into, you know, really? All of our things that simplify it, right? Simplify doesn’t mean easy? Those are different words simplify, it doesn’t mean you take shortcuts, it doesn’t mean less comprehensive. Simple. Just means Instead of a 15 step process for something, why don’t we do a three

[01:03:00] Brad Nigh: or Yeah, or screenshots, pictures that anybody understands right there. They’re going to be in an application. Words don’t necessarily help. You can have five pages of instructions. Maybe it only takes five pictures and they’re like, oh ok, click here, do this, I get it.

[01:03:19] Evan Francen: Yeah. And you never would have learned that you may have originally you may have gotten to that conclusion at some point unless you ask for their perspective, why essentially you said you told me that this is the number one thing that I can do to make your life easier with security. Well then let’s make your life easier. Let’s break down that barrier.

[01:03:43] Brad Nigh: Yeah, well and it comes back to knowing the business and understanding the best, you know, what’s the best way to communicate with them. That’s going to resonate. And it’s come back to being like you said, being a people person, you can’t do that if you don’t understand people

[01:04:00] Evan Francen: right? And I also don’t want to discount some people aren’t people people right? There’s there’s a place for you to say, don’t you know, don’t freak out about that were all built kind of differently. So how can we use those skills, you know, to further this? Uh because I also don’t want people to feel guilty because you know, I’m just an introvert. I don’t want to go and talk to people. I don’t want to understand people. But you can still I think take some time and not rush to judgment. Maybe, you know, spend some time understanding problems a little bit more before maybe rushing to a solution. Uh huh. It’s always what I’ve said to like I’ve been enough times in board meetings where it’s like I want to go with facts because I can defend facts if something’s an opinion, I better have a really strong basis for my opinion because that’s going to be challenged and I don’t have you know, that it starts getting fuzzy there. So yeah. All right, let’s get some news, man. Good discussion.

[01:05:03] Brad Nigh: Did you like it? Yeah. And you know, it puts hopefully a human aspect on security, like you said, you can’t you can’t dismiss anything. Like it is all relevant at the end of the day. And I think a lot of people miss that.

[01:05:23] Evan Francen: For sure. Absolutely. There’s no perspective anywhere that’s not relevant even in crazy people because their perspective makes their reality. Yeah. Right. So as you explore their perspective, you may come to the conclusion that there is no basis in reason which then does make it crazy because that’s what crazy is when there’s no logical reason for the behavior, you know, are the thoughts right? Yeah. Alright. So I got some new stuff. We don’t have to go through it all these all that quickly. I think it was interesting that your Opole. So this is a story from info security magazine. The title is you’re a poll colon. Virtually all crime now has a digital element. Uh Yes that’s true.

[01:06:23] Brad Nigh: Well I think if you I have I’ll be honest I haven’t read the article but immediately my thought is well do criminals carry around smartphones is you know are the pains and location. Yeah that that’s digital guys a 1st our digital element

[01:06:45] Evan Francen: right on one of the quotes from Europol is criminals are digital natives. Yeah, virtually all criminal activities now features some online component and many crimes have fully migrated online. So we knew this was coming. We knew I mean we’ve been warning it for a while it’s nice to have some I think validation from somebody who I think can be trusted. Um Yeah but it’s real you know and and the thing is you can’t you can’t separate anymore. And we’ve been preaching this and I hope it resonates with people. You can no longer separate the digital from the physical. They are integrated right? Unless you live out in the woods somewhere where there’s no but even their satellites. There’s other things that man I mean there’s there’s something there. So if that’s true then my ability or inability to protect information has a direct correlation to my ability or inability to protect physically to protect safety to keep my family alive. And that that integration and that correlation is just going to get tighter and tighter and tighter. I think his cars will drive themselves. Uh, you know, your phone that goes everywhere with you. Uh you’ve got smart homes now the heating is controlled. I mean, if you have a flaw, people are gonna die more. I mean, I’m sorry, that’s just the reality. And the sooner you learn that, as soon as you start applying that, the better you’re going to be. Right. Yeah. All right. So that’s uh that’s that article. What else do I have? I have? Um I thought these were interesting because you don’t hear the Federal Reserve speak too much about cyber risk.

[01:08:42] Brad Nigh: Yeah, I read that the other day. I was like, I’m thrilled to see that it’s getting that attention.

[01:08:49] Evan Francen: Yeah. And let’s hope it’s not too late.

[01:08:51] Brad Nigh: As I say, it’s a little scary, but it’s great. That is at least on their radar.

[01:08:57] Evan Francen: Well, it’s nice to see that you’ve been, you know, we’ve been screaming, screaming, screaming and then like, okay, they now at least they you have to identify the problem first before you can. I mean, if they’re definitely that a problem exists before you’re going to do anything, right.

[01:09:12] Brad Nigh: Mhm, wow.

[01:09:14] Evan Francen: So the first one is from dark reading the title is Federal Reserve Chairman says cyber risk a top threat to national economy. And there’s a follow up to that from security week. Not to follow up, but a a supporting article from Security week that says Fed Chair says cyberattacks. Main risk to U. S. Economy. So there you go. And you hope that we’d uh you know, from a government perspective from a federal government perspective, identifying that these things are true, looking at what happened with solar winds and everything else that we would maybe create some relevant boss relevant and effective.

[01:10:04] Brad Nigh: Yeah, we get home,

[01:10:07] Evan Francen: oh my gosh, and if you’re going to do that, you know, just like we’ve been preaching them here. You have to get a lot and I mean, you have to get a lot of perspectives when you talk about like that Senate Intelligence committee meeting, we have, you know, kind of the 44 of the biggest companies in our industry who just were involved in the breach. If that’s all the perspectives you’re going to get, it’s not that’s not gonna work not well, talk to the small business, what’s their perspective on information security? Talk to some small businesses that have been put out of business because of a breach? Talk to schools, what are they struggling with with information security? You need to get all these different perspectives. Talk to the black community, what do they think about information security? Are they effective in what concerns do they have? I mean, you just have to get a boatload of perspectives before hopefully before you draft a bill.

[01:11:02] Brad Nigh: Yeah that’s going to affect everyone. Right?

[01:11:07] Evan Francen: So no doubt 100% that it is a main risk to the US economy and has been for some time. So please do it right. Right or writer than wronger. Yeah it’s not gonna be perfect but to other one other thing and then we’ll sort of wrap it up. I just want to point out from health net security Worldwide. IT spending to total $4.1 trillion 2021. Uh It’s a lot of money. Uh That’s I. T. Spending, right? So that’s not information security spending. Most companies do not have an information security budget. They don’t know specifically how much they’re actually spending on information security. We sat with the truth

[01:11:56] Brad Nigh: all the time. How much should we be spending? It’s there is no right answer. You have to look and understand your business.

[01:12:05] Evan Francen: Yeah I mean what will dictate your information security spending will be, what risks are you willing to accept and which risks are you not? And the only way you’re gonna find that out is risk assessment. What? Right that’s not an acceptable risk. And understand. Oh my gosh I’m gonna go down another rabbit hole. I’m not. I promise. So 4.1 trillion will be spent this year on I. T. I’ve seen estimates and I don’t know how good our data is in our industry? I’m always skeptical But wasn’t there an estimate from cybersecurity ventures that we will lose $6.1 trillion dollars this year.

[01:12:49] Brad Nigh: It’s not my God.

[01:12:50] Evan Francen: Yeah. So just to put that $4.1 trillion, because that is a huge number into perspective I think, and somebody can correct me if I’m wrong. I think this year’s were expected to lose 6.1 trillion to cybercrime. So we’re still two trillion short if you wanted to do apples and not apples to apples, but how much we’re investing versus how much we’re losing. Yeah, and that’s why t to right? That’s not information security. So I don’t even know what that is. All right, good show man, good talk. Thank you. Oh, I should mention next week, next show. So we started doing a whole bunch of guests. Right, yep, we have some really cool ones, you know on the on the docket coming up pretty soon. Actually next week Roger grimes will be joining us.

[01:13:45] Brad Nigh: Very cool. I’m excited for that one. Yeah,

[01:13:47] Evan Francen: he’s one of my

[01:13:48] Brad Nigh: credit for all the guests, let’s be honest.

[01:13:50] Evan Francen: Yeah. Right, if you don’t know who Roger grimes is just google him. He’s written a ton of books, a ton of wisdom and that guy, he’s got the heart and in my opinion in the right place for security. He’s kind of the chief evangelist had no before all around awesome dude. So I’m super excited to have him on the show next week then we have Ron Warner coming up on episode 1 29 the week after Ron Warner. If you don’t know who he is, go ahead and google him to It’s W E R N E R. Alright, awesome dude. I mean he’s uh yeah, he’s really good. He’s spoken, I don’t know how many times that are esa and just got a really good perspective on information security that he’ll bring to that the podcast. And then the week after that, we’ve got john Strand uh from Black Hills info sec. Uh these people got some serious jobs.

[01:14:47] Brad Nigh: Why are they coming on our show?

[01:14:51] Evan Francen: But because you know, I think it was Yeah, well I think we’re humble guys. You know, I think, you know in some in some respects were we don’t give ourselves credit for being as good as we are, which is good by the way, I don’t want to be big head guy. Yeah. So I think they’ll come away with some value and certainly we’ll learn a lot from them. I love to hear what they’re doing, what they’re up to. And I think our listeners get to sit in on all that conversation so they’ll get some good perspective to

[01:15:23] Brad Nigh: Yeah, I know it’s gonna be a great conversation. I’m really looking forward to this.

[01:15:29] Evan Francen: Yeah. And then we’re filling up after that too. Right, we’ve got that takes us through episode 1 30 then you know one, I mean everybody that we’ve reached out to, its been very like, yeah, I love to come talk. So we’ll have more Yeah, all right, shout outs and shout out this week.

[01:15:48] Brad Nigh: Uh

[01:15:50] Evan Francen: I get the life for putting up with you and keeping you saying through all this crap on

[01:15:54] Brad Nigh: it. Yeah, that’s what my daughters for having to go through this and my son for being as like good as he’s been like, he’s gonna miss a month of school and he was asking for what can I do, what Kindergartner asks for school work?

[01:16:12] Evan Francen: Yeah, I’ll give a shout out to you man. I may have to give a shout out to you for persevering. Forget for sticking. It’s hard. You’re going through a lot of stuff and I appreciate how you keep things together. I think you set the example for a lot of other people that are watching you. People watch leaders and so people are watching how you’re handling this and I think you’re setting a great example. So

[01:16:35] Brad Nigh: thank you. Yeah, that’s me in three weeks after I have been stuck in the house with a real

[01:16:43] Evan Francen: if you need me to drop something off on your doorstep man, all you gotta do is

[01:16:47] Brad Nigh: ring, luckily Katie is fully vaccinated, so she’s safe. So we’re not you know, it could have been much worse and at least it’s not january, I can get outside and get some fresh air. So I’m not totally stuck in the house, It’s not 20 below out. So looking at the positive. It could have been a way, way worse.

[01:17:07] Evan Francen: Well that’s that’s hope. Right? I mean you got to have that hope. Alright. Closing thank you to our listeners. Send things to us by email if you want. We’re not good at responding but we do get to it eventually. Our email addresses Un security. So at proton mail dot com. You’re the social type socialize with us on twitter. You’re bound to find for me. Anyway. Some controversial weird stuff that I I yesterday I posted the was talking with Jeff ward at the office and like I’m gonna start calling the plural of database, database birth. And so if you have a whole cluster to databases, I’m gonna call the flock of data BCE. Uh So I tweeted that. Well you get some good stuff for me. Uh but I’m @EvanFrancen Brad is @BradNigh other twitter twitter handles if you’re interested are we have the insecurity podcast one which isn’t super active. But that’s @UnsecurityP. Uh Social arm. Sorry social Security studio is @StudioSecurity. A lot of really cool things happening there. If our security @FRSecure. That’s one of my I mean I’m biased but I love following that one because I like the memes that you guys are putting out kind of regularly.

[01:18:37] Brad Nigh: It’s fundamentally there’s right there.

[01:18:41] Evan Francen: Yeah. All right. So that’s it. We’ll talk to you all next week. Roger grimes will be with us. Thanks.

No items found.
Sign up for our newsletter

Receive monthly news and insights in your inbox. Don't miss out!

education
Industry insights
NEWS & EVENTS