Evan leads the discussion this week from Louisiana as some of his travel plans were foiled. Him and Brad chat about cruise ship internet, RSA, the importance of mental health as a security professional, even more incident response topics for their incident response team, and the big Boening news. Give it a listen and (as always) let us know what you think at unsecurity@protonmail.com!

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Evan Francen: Good morning. This is episode 19 of the Un Security Podcast brad went. So last week uh yeah, you didn’t even know

[00:00:40] Brad Nigh: that was under threat from your lovely wife.

[00:00:45] Evan Francen: Oh she’s the cost. Okay. We have a nice podcast a couple of weeks ago. We have some of these things out but I guess not

[00:00:53] Brad Nigh: just wanted to make sure you spend some time with the family, that balance thing,

[00:00:58] Evan Francen: balance, what do I know about balance? Right. I All right. Well anyway, I’m back. It’s uh this is 19 so the odd weeks or my weeks which you know I think is also fitting when you’ve got me and odd used in the same sentence. What was the sentence you just used in an email Wonky you send me an email prior to this podcast with my name and I think and Wonky in the same sentence that also fits I think. But anyway, it wasn’t a lot last week. I’m back from vacation and sort of back from vacation. For those of you who understand audio quality stuff will probably notice that I’m not in the same room as brad because I’m delayed an extra day. So I’m actually in kenner a town called kenner Louisiana. Have you ever been to kenner Grant? I have not even at least uh new Orleans.

[00:01:58] Brad Nigh: Actually I have not been to new Orleans. That’s one of my places I want to get to.

[00:02:03] Evan Francen: I think you’ll be disappointed. Really. Yeah.

[00:02:08] Brad Nigh: See I grew up with some some of my friends uh one of my best friend’s mom was from there so I had a lot of like legit Cajun cooking growing up with. So I’m hoping to try some food down

[00:02:21] Evan Francen: there. I think the food is good. I’ve been here before and those who don’t know I was on vacation last week we took a cruise which is cool. Um And we reported out of new Orleans. I’ve been to new Orleans before. This is my my wife’s first time ever been. So she was really excited. And uh I was I was trying to temper her a little bit you know? Yeah it’s cool. I mean there’s a lot of character there and uh but it’s dirty and you know it’s no it’s dirty. Yeah she she likes clean so she she does not like it here at all. I don’t know she’s like I don’t want to go back. We don’t have to. That’s funny you saw it but I like barbecue you know I like barbecue so I did research before I came down here trying to find the best barbecue joint and new Orleans. And I found this place called Central City barbecue and totally worth it. Very good. There you go. That’s good. Yeah. Well I’m not nearly as picky about dirty so you know it didn’t, it didn’t matter as much as it bothers her. Oh

[00:03:43] Brad Nigh: man

[00:03:43] Evan Francen: we went to a cafe mom which is, you’ve got to come, you know, you gotta get the videos,

[00:03:51] Brad Nigh: right?

[00:03:52] Evan Francen: So whatever I’m stuck here in Canada will be flying out. This happened this morning. Um And we’ll get sort of a little bit of the reason why for that case you’ve heard the FAA. He’s grounded a bunch of planes to 737 max airplanes to the two recent crashes. Um I think I’m somehow part of that grounding. Uh So anyway, I’ll be back this afternoon and then I leave tomorrow. Where

[00:04:27] Brad Nigh: you going tomorrow? Uh New Jersey. Okay.

[00:04:31] Evan Francen: Yeah. And then it’s a crazy couple weeks. You’ve got a vacation coming up. Right?

[00:04:36] Brad Nigh: I do just

[00:04:37] Evan Francen: 1st. Just a Quick one. But next week.

[00:04:41] Brad Nigh: Yeah. Leave you actually even this week and just for the little bit of like an extended weekend, I’ll actually be out next monday. So you get to do your

[00:04:51] Evan Francen: guest

[00:04:52] Brad Nigh: host.

[00:04:53] Evan Francen: Yeah. You’re not allowed.

[00:04:54] Brad Nigh: Right. I was the deal I think are whites have been talking. I’m not allowed to take my laptop with me. I’ve been told that, nope. No work.

[00:05:06] Evan Francen: It’s a conspiracy.

[00:05:07] Brad Nigh: Alright.

[00:05:08] Evan Francen: Alright. Well next week I’ll be in Aberdeen. Uh South Dakota. Have you ever been to Aberdeen?

[00:05:19] Brad Nigh: I don’t think I’ve been to

[00:05:20] Evan Francen: Aberdeen we’re gonna have to do then.

[00:05:26] Brad Nigh: I know. Well I well last week I was supposed to go to Fargo who have been my first trip to Fargo to speak at the nds use cybersecurity conference and they had a, like, they were calling an epic blizzard. They’re getting like, think they got a quarter inch of ice and like 6 to 10 inches of snow with 50 mile an hour sustained winds. So they canceled it.

[00:05:47] Evan Francen: They canceled, rescheduled

[00:05:50] Brad Nigh: outright, canceled it done.

[00:05:53] Evan Francen: Hey, you were supposed to speak in front of like five, people or something? Right.

[00:05:57] Brad Nigh: Yeah, yeah. I don’t know. Well, I don’t know how many we’ve actually showed up for mine, but it was a bit fine being good. But I have an opportunity here. The, one of the organizers reached out to have another speaking uh opportunity in october

[00:06:18] Evan Francen: so october

[00:06:21] Brad Nigh: I know,

[00:06:23] Evan Francen: I can’t even, that’s like something so far away,

[00:06:26] Brad Nigh: but he’s smart though. He’s getting it on the calendar

[00:06:28] Evan Francen: now. That’s true and is smart. So okay, so, um, yeah, so this week I’m here, you’re there next week you’re out healthy Aberdeen. So I’ll be doing this show from Aberdeen South Dakota and then the week after that you and I are both together actually one of our first times I think ever traveling together on a project a Rochester new york. Yes, it would be

[00:06:59] Brad Nigh: fun. We’ll be doing the show from a, from Manchester,

[00:07:05] Evan Francen: another hotel man, you know, it’s one of the things that happens when you do the weekly shows because it’s like there’s not enough space in between two, like okay let’s play this out a little bit more, right? It recorded on our thursday and just make it seem like we’re recording it on on monday. I mean you can’t really do that.

[00:07:27] Brad Nigh: No, no, it’s okay. It’s more fun this

[00:07:30] Evan Francen: way. It is fun. I like anybody who knows me and you know, and you’re going to to anybody who knows you knows that winning. It’s kind of you know, how do things a lot? Alright, well that’s good. Um So I was on a boat that’s a big boat uh on that cruise. It was fun. Internet. Really good sock. I don’t know if you’ve ever been on a cruise before brad but oh my gosh, it’s so frustrating. So even if I wanted to work, I mean I promised my wife I wouldn’t work. Uh but you know I tried to sneak in a couple of times, I was like, oh my God, forget about it. So everything is kind of working against that. It’s funny. Yeah.

[00:08:20] Brad Nigh: I said she paid to make sure your connection didn’t work.

[00:08:25] Evan Francen: No. Yeah, well you pay 100 and I paid $119 for the premium internet, you know for the week you and you think, okay, well I understand the wait and see issues because you have to go all the way to a satellite and back, but that doesn’t latency and bandwidth are two different things. So I wouldn’t have expected anything with issues. I just would have expected leads. Right. I wouldn’t have expected to live stream much or you know, stuff like that. But uh, they were clearly bandwidth issues. So they haven’t, they didn’t build their wireless network or he supported to, I mean it was just interested crappy design really. Yeah, but only possibly had an 18 bucks. I’ll never see him. Yeah. Live and learn. Yeah. You’re thinking of working on a cruise ship. Uh, doing our, our line of work. Uh, probably not a good idea. Oh, I did have a call on friday with some lawyers and read a few emails. I did, I did sort of get some things done. But you know, it’s been a long time when you do a vacation. It seems like forever ago. I was at Rs A a day. Uh

[00:09:52] Brad Nigh: How’d that go? Was that a good experience or to sales? He or I know you were in and out pretty quick.

[00:10:00] Evan Francen: That’s yeah. Yeah. We’ll cover that a little bit more to, I am in and out look like with our say uh for a number of reasons, but it was a super awesome trip. And I’ll tell you about that. Uh So how about you tell me about your, we think of that before we get too far into the weeds.

[00:10:20] Brad Nigh: That’s good. I’m working on the, this then are too small business version of our assessment. So just mapping everything across from the R. One to the R. Two and all the new controls and picking and choosing, figuring all that out. Which is it? I was like wow this won’t be too hard.

[00:10:44] Evan Francen: It’s

[00:10:47] Brad Nigh: definitely it’s taking me a little bit longer than I expected but I’m making good progress.

[00:10:53] Evan Francen: Good, well thank you for doing that. And that’s a you’re right, it’s not hard, it’s just tedious. It’s very time consuming. It’s not something you can just knock out over an afternoon, it’s going to take some time. Yeah.

[00:11:08] Brad Nigh: Well and I was like oh we’ve already got the you know, you did the first small business version. So I was like okay but it’ll be easy. I just need to matt that and then mm pick you know whatever the new ones are that have been added the new controls. But it’s a I mean you’re mapping what 700 control statements in the main too about what? 3 50 400 and the small business.

[00:11:36] Evan Francen: Yeah.

[00:11:36] Brad Nigh: So it’s just yeah it’s like and and then obviously I keep getting interrupted which when you’re working on that is that’s just a killer.

[00:11:47] Evan Francen: Oh for sure. Yeah I mean it takes a good I mean for me anyway it takes about 1520 minutes just to get back into it. Yeah hold out you just let me set that clock,

[00:11:59] Brad Nigh: yep. Yeah so I get like a half hour in and then somebody would stop in and open the door. Yeah I have a question and it’s fine I get it. But it was it was just uh slogging through it but we’ll get there.

[00:12:18] Evan Francen: Yeah. You know one of the things I try to do myself which is easier said than done is I try not to put too much pressure on myself. I mean it will get done when it gets done. The fact of the matter is is neither you nor I nor anybody that works that are secure as a slacker. We get things up as quickly as we can and that’s just where it is.

[00:12:41] Brad Nigh: Yeah. Yeah. And obviously there’s other things that do you know take priority and you know you have some stuff that always come up comes up. But the nice thing, the nice thing here, this will blow your mind. No new incident response is just the one that we’re still working on. I know

[00:13:03] Evan Francen: we disconnect for some apparently but well you better find some wood man knock on something

[00:13:16] Brad Nigh: come across in the

[00:13:18] Evan Francen: audio. Everyone’s like what? So tell me about that. So speaking of Ir last week you had your podcast and I know you had host X. Who certainly will do that is now but you’re going to talk about Ir stuff, How did that go?

[00:13:34] Brad Nigh: It was good. We just we talked about the I. R. Playing at a high level some kind of what goes into it. What the sections are, what each of those I mean again at a high level you know like okay in preparation, what does that really mean? Who should be involved? And uh it was I thought it was good. Renee had a lot of good points from that business perspective compared to obviously how you and I think from the information security perspective so I thought it went well you know it’s always a little weird at the beginning, a little awkward as you try and you know even though we worked together doing a podcast is

[00:14:17] Evan Francen: different when you’re sitting there looking at each other going uh leaving a system that was I yeah but you know I think it’s great that you brought that business perspective because really when you think about what’s the whole intent of high are the Nixon responses to oh reduce the impact as much as possible to the business. Get the business back up and running or whatever put this away but also protect the business. So you’re not going to lose tons of money and tons of whatever disruption to the business. It’s about the business, it’s always about the business and that’s what we love security and you know wanted to be so pure about just security. It really doesn’t matter if the business. Right?

[

[00:15:12] Brad Nigh: Right. Yeah because it’s that ceased all right we can be super secure and have everything in place but if we can’t actually function as a business in that manner, then that’s that’s no good.

[00:15:22] Evan Francen: Right. Yeah. We’ll come back to my our stuff later. Uh you know, I definitely have a love hate relationship with all things, you know, incident response. Uh we’ll talk about that. Let’s go back to RNC look like uh so for people who for listeners who don’t know what the R. S. A. Conferences and have never been there before. It’s an annual information security conference now, they actually have more than one because well anyway, it’s a big moneymaker thing and whatever. That’s the one part that I hate. Uh but it’s held each year in san Francisco. And truly he’s probably the biggest, what is the biggest most well attended conference in the information security industry. The other one uh would be probably black hat, those are the biggest, you know, most of all attended conferences in our industry. So a couple weeks ago, uh and it runs for an entire week. A couple weeks ago, it was held and it’s always held in san Francisco, but a couple weeks ago was when it was uh and I I don’t know, some have a, not that I’m not gonna talk too much about her. Well, yeah, we’ll talk about our say, but anyway, have you been have you been directly before bread? I have not. Okay. You’ve seen pictures.

[00:16:49] Brad Nigh: Yes. Yeah, I know all about it. I just haven’t actually been able to attend.

[00:16:56] Evan Francen: Okay. I mean,

[00:16:58] Brad Nigh: I think that just told a lot about your thoughts on it there.

[00:17:04] Evan Francen: Yeah. Yeah, sort of, I mean we had, we had a team out there. We had James. Mm Yeah. And uh candy, we’re out there. They got out there. I think Wednesday maybe they were there for, you know, do the end. I was there for one thing I really, one thing only. Um, I went out to see my friend Roger Grimes, cables talk about 12 ways to hack two factor authentication. Uh, Roger uh, is a security evangelist for no before. You know, most people know them. Uh Rogers written like 10 books. The guys brilliant. Uh, you know all things information security. I went out there to see his talk and then have lunch with him and his wife afterwards. And that was, that was pretty much it. That’s all I wanted to do. Uh huh. You know, I like I say, you know, some parts of it, some parts of it just makes me so disgusted with our industry. Um, there’s really two things that I hate in our industry and I probably share this with you before. I hate seeing people take advantage of other people. But I hate it. I don’t hate the people that do it. I hate that. Act that he, somebody, you know, so you know when an attacker steals a bunch of money from somebody, I hate that A salesperson sells you $200,000, million, you know, easy button magic cure. Right? That’s the same kind of thing. It pisses me off, Sorry. So it that’s one thing. And so there’s plenty of that and I say there’s lots of easy ticket, you know, easy buttons, lots of uh snake oil. That’s just makes me so mad. And then the second thing I hate about in our industry is shortcuts or cheating. Okay, right. I get, you know, we’re constantly trying to pursue better ways, more efficient ways of doing things. But there are certain principles, you just don’t compromise as you’re doing those things, right? You don’t like an asset inventory. I don’t I can’t not can’t build a security program without an acid industry to protect. Yeah. So that’s one of the reasons why I can only I’ve been to our essay before, I’ve been to the book happens before and I found you know, Maybe 5, 7 years ago that I would I would like I can’t do it because there’s so much sales. There’s so much like crap being slung uh, drives me crazy. I just, you know, I’m sure it’s a personal problem. Uh anyway,

[00:20:25] Brad Nigh: now I’m with you. I feel like a lot of times, you know, it becomes more about making money on these conferences than actual oh, you know, security and

[00:20:39] Evan Francen: right, then they’re actually helping people mm and there’s so many competing interests where money really rules. So you might have a really good idea and you’re a really good idea. Mike really helped thousands and thousands of people. But if it’s going to prevent somebody over here who is more powerful than you from making the money that they make your idea is not going to make it right? Right. It’s just the way the world works. Uh And I understand that that’s the way the world works and you’re not going to change it, but it doesn’t mean you have to be part of it either. You know what I mean? Yeah. There are really, really good things too about our say it sounds like I’m just ripping on R. S. A. R. S. A. Is a great opportunity for people to come together. There are great discussions that happened. Um There’s good collaboration of certain things. I mean it’s it’s I think the good outweighs the bad. It’s just that the bad is so stinky to me. I can’t.

[00:21:46] Brad Nigh: Well, the sales part, I think it’s kind of your big pet peeve. So kind of ruins the, you know, the whole batches that were sour the experience

[00:21:59] Evan Francen: and I’m all about sales, minimum capitalist. I get it sell stuff. Let’s sell stuff under the right premise that’s gonna fix and actually need that somebody has as opposed to selling somebody something because you can cite or something. I love selling things at a fair price. That help people do. I just hate taking advantage of people. You know, a little more time educating, spend a little more time understanding what what the problem actually is you know. Okay I’ve just always had this feeling like if I buy something and I can’t explain to you 60 seconds what this thing actually does then I should have never bought it. Yeah you know so yeah other things about what I said, I had a great great well I did meet up with the team, it was really cool to see them there. I was uh I was only there on friday. So I flew in thursday night I got to my hotel about two a.m. Uh took a lift. First time I’ve ever used lift before. Have you ever used lift? I have not. Yeah that was sure, I feel like an old timer or something. It’s like everybody out there in san Francisco they’re all about either and must. And here I’m from the midwest trying to figure this thing out. It was good, it was inexpensive. I met some interesting people uh and uh I Rogers talk I think it’s up on it is recorded that uh you know I think there’s a link even in the show notes to this slide deck really well attended his talk. There was there was a good size room that was probably I don’t know 400 people may be in that room, Wow. And and there was a waiting, there was still a line to get in and so they kind of spilled over kind of standing room only room somewhere else uh if you’re gonna go to R. S. A. And you want to attend a talk, my recommendation agreed to register for that talk online before you get there. Which believe it or not. I actually did good.

[

[00:24:30] Evan Francen: has I know for the guy who weighs so much. I was like whoa. Yeah because I I I uh had been a while since I’ve been to our essay so I was actually waiting in line you know to get in uh a lady, the usher lady comes up and says oh you’re probably not gonna get into like a former man registered for this one. Oh you registered, you don’t have to wait. I sat down next to a guy named mike from the U. K. And we were just kind of having a discussion. Uh and this is where it got sort of awkward for me sitting in the audience and I was probably like a throwback around the left. You know I mean it wasn’t in any prominent place and and it was probably The room was pretty much full and it was probably five minutes before Roger got up to top in. He noticed me in the audience. I was like you know so I kind of gave him a head nod. They came over and talked. You know it was yeah I was like when everybody was like you know roger and well yeah but I don’t expect it to come talk to me. Uh and so and Roger said that uh you know I read your book kind of plain here and uh I really liked it. So mike next to me, you wrote a book too? I’m like wow! Yeah, he ordered the book while we were sitting there. It was kind of cool. I mean it made me feel important. That’s not the point. Anyway, it was cool.

[00:26:04] Brad Nigh: So on that real quick I was telling some people here, I’m gonna I’m gonna give you the heads up because I don’t know if I’ll get to do it. I said when we fly to new york I’m gonna walk by, especially we’re not sitting next to each other like oh my gosh you’re that insecurity guy, I have your book and make a big deal because I know how uncomfortable it would make you.

[00:26:25] Evan Francen: It totally does. Uh That was I don’t know, it was fun. And then I went to the Tina fey. Tina fey was there doing her uh what was it? It was uh what they call it Aquino there and really it was her and another guy and the other guy was just asking kind of kind of interviewing her uh the big room uh I was you know pretty interesting and then um Roger and I were going to meet up after that you really want to see Tina fey, so we’re reading it back to that for lunch. That’s when I ran into the guy. So standing out in the lobby outside of the big room and you’re covering these, you know our three dopey looking guys know they’re not looking, they’re awesome. So they came and we just talked a little bit and then waited for Roger then I was and I didn’t know Roger was going to be bringing his wife was a lovely life. It was great to meet her. And yeah, we could launch, he’s gonna write some things about the book and write some things about our secure, which is kind of cool. And then uh yeah, there’s more and he almost you almost died but that’s a whole other thing, wow. Yeah, I’ll let him tell that story. He wants to someday from there. I flew to New Orleans with my wife and started vacations. That was kind of friday before the saturday of the vacation,

[00:28:04] Brad Nigh: busy ramp up to your vacation.

[00:28:09] Evan Francen: Yeah, it was a busy wrapped up. Yeah, not a big fan of California that much either. I don’t know. I’m just kissing guy when I have to come back for vacation I think

[00:28:21] Brad Nigh: luckily we don’t have to deal with you very long. You can be in and out so quickly here.

[00:28:27] Evan Francen: Yeah, that’s true. So we have vacation. I have just finished and I don’t think I have a schedule for a long time. You’re going on a pretty short one,

[00:28:38] Brad Nigh: yep. Just getting away for leaving out Wednesday evening and coming back on monday. So it’s like a four day, five Day I guess from work. But four day trip surprises are kids with tickets to Disney World.

[00:28:57] Evan Francen: Dude that’s so cool. Yeah, I have good memories that. Well, that’s cool. You have to tell us all about it when we get back to work.

[00:29:07] Brad Nigh: Yeah. Yeah, it’ll be fun. We’ve been once with our daughters well and our son was too big under a year old so he didn’t know whatever he didn’t. He was just a lump in the stroller, but it’ll be exciting. They lost their minds

[00:29:24] Evan Francen: lump in his stroller. I loved that.

[

[00:29:28] Brad Nigh: He was like 10 months old, nine months old. So it’s not like you could do a lot there.

[00:29:34] Evan Francen: there. Love it. All right, Well, you know how important now. Well actually be, let me ask you this how important our vacations for us.

[00:29:51] Brad Nigh: I think it’s important. You know, we talked a little bit with the lives about the amount of work and you know that we do and it’s never really off. So you do get to a point where you kind of go all right. I do need to reset and get away. So I think it is important. I think the problem is a lot of times you feel like you can’t because you’re never off. Your always, there’s always something going on.

[

[00:30:24] Evan Francen: Yeah. Yeah, that’s true. Yeah. I think, I think the older I get to, the more vacations, the more importance they have, uh, because you’re right, I mean when, when we’re working and we’re working, we’re working hard and sometimes it’s hard to get out. It’s hard to keep balance. Certainly for me and then, uh, it feels like a vacation, it’s like taking a shower, you know, where I just get to get clean. Um, my mind gets, can get clean. There are certain things that you wash off that before the vacation, it seems super important. And then now that you took the shower there, you wash it off, right? I mean it’s not, there’s just certain things that fell off my plate. I think this last week, that probably should have been on my plate to begin with anyway. Right? So from that perspective that often is good. There is a little bit for me, a little bit of, uh, what’s the word? Um, a little bit of anxiety. I think certainly the first couple of days would help. I feel like I’m dropping the ball on a bunch of stuff, but really I’m not that it feels like I am,

[00:31:48] Brad Nigh: I would think for you, it’s even, you know, a little bit more, a little different in that, you know, for a long time and if I scared you were, you were it right? So if you weren’t here, things weren’t getting done. So it’s gonna be a little bit different now realizing that maybe wait a minute I can relax and actually enjoy us.

[00:32:16] Evan Francen: You’re right, you’re totally right. And that’s a good perspective because I think it was only two years ago, it was two years ago, it was the first vacation that I was able to take. Where nothing that nothing I dropped. Mhm. And it was because of our management team is because people like you that um nothing did get dropped, you know, and it felt like so cool to come back and be like what everything’s taken care of. Uh Yeah, that was that was an interesting transition. It was only two years ago. Yeah.

[00:32:58] Brad Nigh: Well, I mean, you’re

[00:32:59] Evan Francen: still involved

[00:33:01] Brad Nigh: a lot of things.

[00:33:06] Evan Francen: Yeah. Well, and I like, it will be interesting to know like over the course of the next 12 months, but things should I not be involved in? I mean, you know me, I mean, I I love being involved with everything, but there’s certain things I just shouldn’t be right. That’s always a constant learning experience growing businesses. It’s there’s certain things, it’s healthy to be involved in and there’s certain things that are not healthy for me to be involved in and I want to be involved in everything. I’ll trust people because I love it. I enjoy it. I like working with, I told you, you know, So, yeah,

[00:33:51] Brad Nigh: Yeah, I think, I think you and I are like in that way that it’s not that we don’t trust people too. Yeah. How can I help? Right? It’s not,

[00:34:02] Evan Francen: yeah, totally,

[00:34:04] Brad Nigh: it’s not a control thing by any means. It’s a well, oh, you need help with that, sure I can help with that no matter what we’re already, it’s already on the plate, that’s not always the most successful long term strategy.

[00:34:17] Evan Francen: Oh no, for sure. It’s not like take for instance, one of the things we were already talking about this podcast was, you know, they are to uh if you wouldn’t have taken that your team wouldn’t have taken that, I would have gladly taken that there wouldn’t have been any hard feelings who has been okay, we’ll get it done because I know busy you guys are anyway, wait a minute, we’re all busy, nobody’s just sitting around, which I guess is kind of a good thing to, you know, just trying to keep it all and checked because we are a big family, if you can’t do something, do something because of time constraints or something else. You know, there’s a half dozen of us who can help out,

[00:35:03] Brad Nigh: yep. And I totally got help from, you know, Ryan in this case for that to pull some of the all the controls and get that started and Mapping the R 1 to R to a first pass on that was that was hugely helpful.

[

[00:35:22] Evan Francen: So it’s nice. It is nice. And for next week, I was thinking being that I’ll be in Aberdeen, I’ll be in a Hampton inn somewhere in Aberdeen. I might just have Sean power because he’ll be out there with me. There you go. That’s good.

[

[00:35:37] Evan Francen: Yeah. You know, I’m just sitting around and talk about something. He’ll give very just what I know about Sean very cut and dry. You know, response to a lot of things that should be interesting for people to hear I think. Yeah, yeah. I love that about it.

[00:35:57] Brad Nigh: Very different than you and I just kind of going on whatever.

[00:36:03] Evan Francen: Right. So anyway, I did write an article about this before about just the importance of health for us. His information security people. I wrote a series of yeah blog post, you know, sort of trying to take us from and take somebody from. I have nothing. I have no, I’ve never had a job in information security all the way to sort of, you know when you have a job in information treaty, how do you do it healthy healthfully. Uh and that last started called really this kind of hypocritical for me because I don’t live a lot of those things. But you know, it is really important for us to be healthy. I mean I we talked about retirement someday we’re going to be retired someday. We’re not going to be doing security anymore. Not like you do today. It would really suck to be at retirement and have my health be so deteriorated that I’m useless anyway. Right. Right.

[00:37:06] Brad Nigh: And then that’s yeah,

[00:37:10] Evan Francen: Yeah, that’s not good.

[

[00:37:12] Evan Francen: So that’d be the wrong way to run this race. And uh and even and I think, you know, just writing, it helps need to be less hypocritical because it starts convicting me of things that I need to change in my life. But I’m also hoping that it’s something that you everybody at fr secure, everybody had security studio and other people in the industry well, Learn to adopt two so that, you know, you don’t get so ingrained and maybe bad habits. Well, because there’s more to life than earlier.

[00:37:48] Brad Nigh: Yeah. I think one of the biggest things that that I’ve I’ve struggled with is is what kind of what we’re talking about is leaving it there and being being able to not worry about what’s going on and then you come back and you’re like, okay, everything’s still up and running and once you get through that and kind of understand it a couple of times, it definitely helps. At least it’s helped me to to go all right. You know what I’m checking out? I’ll I’m not checking my email this trip. This will be the first time I’m not going to actually like bring my work computer with me on a vacation. So it’s a little bit of anxiety there. But

[00:38:32] Evan Francen: um

[

[00:38:35] Brad Nigh: I think it would be good.

[00:38:37] Evan Francen: It will be good, man because that would be you’d be going through the same. I mean, at least the feelings are the same. You’ll be going through the same types of feelings that I went through a couple of years ago. Mhm. Where it’s like all right, here we are. You know, I’m going to kind of jump off, jump into the deep end here and not bring network or not bring my laptop or you know, see how things

[00:39:00] Brad Nigh: I’m going to turn off the sink on email on my phone. Like if it’s an emergency, you know, certain people know how to get a hold of me if something happens. But I don’t I trust the team we put together.

[00:39:16] Evan Francen: All right. And any emergency isn’t going to be an emergency with work anyway.

[00:39:20] Brad Nigh: Right. You know what I mean? Well, there’s people there could be an emergency but there’s people here that should be able to handle it. Right? That’s where you put them in place and train them and

[00:39:33] Evan Francen: but I mean like what kind of an emergency? Like let’s say the project was completely like some is that really an emergency? I mean? Compared to like what an emergency really is like but you’re not your son or daughter gets injured in a that’s it. That’s right. You know what I mean? This other stuff. Yeah, it’s important. I’ll get it when I get back but it’s not an emergency. Right.

[00:39:57] Brad Nigh: Right. Well, and it’s also different now being on the more of the consulting side versus you know an I. T. Operations where if things go down in the business is non functional. You know that is that’s that’s a problem

[00:40:13] Evan Francen: versus right. Right.

[00:40:16] Brad Nigh: Yeah. But yeah so I’m excited that you know, I was one of the things that we told this is this is how you can tell it was do was we told my kids that I wasn’t going to bring my work computer with me and they were like are you serious? Really? I couldn’t believe it.

[00:40:38] Evan Francen: So what daddy, did you get fired?

[00:40:44] Brad Nigh: No, no vacation. I’m going to actually enjoy this and be in the moment.

[00:40:47] Evan Francen: That’s awesome. New. So uh good to be healthy. That’s the advice. Take vacations, be healthy. Get imbalance. Uh Yeah. Do you don’t do what happened? Does that will help to so consider response. So last week we talked about incident response. Um you didn’t listen so well.

[00:41:15] Brad Nigh: Did we lose Evan? I think we lost Evan. Mhm. That’s fun. This is the exciting part of doing a podcast from a business center and or wherever he is in in Louisiana. Are you back even?

[00:41:34] Evan Francen: Did you lose me?

[00:41:35] Brad Nigh: I did. There we go.

[00:41:38] Evan Francen: Well that’s

[00:41:40] Brad Nigh: yes that’s what sort of saying it’s more exciting live and winging it to you’re making sure I was paying attention.

[00:41:51] Evan Francen: Well I can I can hear you.

[00:41:52] Brad Nigh: Oh really?

[00:41:54] Evan Francen: Yeah I don’t know what what happened here. All right. So I was saying last week uh we had talked about instant response. That was episode 18. Unfortunately I haven’t had a chance to listen to a I don’t want to

[00:42:09] Brad Nigh: it’s okay. Apparently the marketing group is uh not intimidated by Buy Me as they are by you because if something happened and it did not get blasted out on like linked in or anything. So I was giving him a little bit of grief about that.

[00:42:27] Evan Francen: Uh

[00:42:29] Brad Nigh: there’s data schedule er that was supposed to run and they I guess there was a bunch of

[00:42:35] Evan Francen: issues

[00:42:36] Brad Nigh: but that’s okay.

[00:42:39] Evan Francen: Issues. I don’t know. Well maybe that’s it and I

[00:42:45] Brad Nigh: just was giving him a rough time about it so

[

[00:42:48] Evan Francen: I got your back on that.

[00:42:52] Brad Nigh: But yeah so we talked with Renee

[00:42:57] Evan Francen: just high level good and and uh did you go through sort of any of be able to go through like any sort of market incidents you know ones that you had I worked on recently?

[00:43:10] Brad Nigh: Um No it was more around the uh the theory behind it. So what does each phase kind of entail? What’s the importance of naming the incident response commander? They insist response team, executive management’s responsibility around it. Why do we do it? Um So and just kind of just very high level on each of those phases around you know a preparation and uh the containment and remediation and you know lessons learned and all that.

[

[00:43:47] Evan Francen: stuff. Okay cool. Yeah one of the things that so yeah incident response. My very first sort of when my first job really uh in information security, incident response is cleaning boot sector viruses off of Windows three machines, you know, so sort of eradication. I mean I guess containment too, but what had happened it was uh floppy somehow an attacker or it was, I don’t know, an attacker had gotten uh into the distribution of floppies that we’re going out to 10s of thousands of okay investment people. Uh and lots of lots of systems were infected. That was kind of my first job in information. Uh and then uh then I became a networking guy but then uh US Bank early 2000’s uh working on there and see a response team which they didn’t really have a formal and so response to you then now, certainly nowhere near what they have today. Uh So that was really good experience to build sort of an incident response capability, an information security and some shots capability sort of from the ground up. I mean it was really good experience. And then since then came with you, I mean you’ve built your own into response team before and led many incidents here.

[00:45:34] Brad Nigh: It’s funny how, you know, when I was doing it, it didn’t I didn’t even think about that so much. Especially early on with, you know, go gosh in early 2000, was it?

[00:45:47] Evan Francen: Uh

[00:45:48] Brad Nigh: Oh was it that I love you or Nimda or it was like I don’t remember which one. It was absolutely took down an email server and luckily I wasn’t directly responsible for it at the time, but uh you know, going and cleaning those up and cleaning up machines and doing all that is just part of the job without realizing this is specific to insert response and you know, documenting what you found on each one and all that that you should be doing. I was just doing because it felt like the right thing.

[00:46:24] Evan Francen: Oh yeah, when I was at Jasper’s software, you know, we made paint shop boat and paint shop Pro uh Mhm On all the installs had an html help file. And in that issue mail help file was an email address for support at Jazz Spectrum. And we had but I don’t know, 45 million installs at at at the time of the same virus that you’re talking about. And the way it would propagate would be through looking through html files through text files for other email addresses that it could send itself to. And so when that the virus you’re talking about plus we were on every Dell computer at that time had a trial version of paint shop pro factory.

[

[00:47:23] Evan Francen: in Stone. So we went from, you know, an average or maybe, I don’t know, maybe mhm 10,000 ish emails That’s saved 20,000 emails a day. Two Yeah, 20 million emails that will cripple things. Oh my God, that was yeah, that was sleep in the data center time for a while uh at the same time as hell was the uh messagelabs. Remember messagelabs? They were bought by somebody, I can’t remember who they were bought by. But

[00:48:05] Brad Nigh: yeah, that sounds familiar.

[00:48:07] Evan Francen: Messagelabs just kind of became the thing. They were new and the way they handled email was, you know, they were yeah, anti spam and uh anti virus and all the stuff that email. And then when they would process the emails, they process them in like pods, right? So they have a part of like 30 mail servers, you know? And then another pot of 30. So they have pods spaced out all over the internet, and then they just turned around that’s records to them did the emails and then they go through all the pods and then it would, the cleaning house will come to you. Mhm. I didn’t even know about message lives at the time we were trying to fight it with. I think I had at the time like 32 mail servers stood up. Oh my gosh, that’s just front and mail servers to try to take the load off the exchange server. Uh So we’re just fighting and fighting and get a few trickles of emails here and there. You know? This is a good thing about males that is storing forward. So whatever, but the message is called while we were in the middle of this firefight. They’re like yeah, it’s only like okay Chemical that was, it was only like $16 per user per year. And I’m like find me up.

[

[00:49:35] Evan Francen: Yeah. Like I’m like, well, let me tell you what we’re currently going through right now. So we’re gonna about X million, you know, number of emails a day and we can’t keep up. And uh, you you think your service is going to be able to take this now. Yeah. And if not, it’s a great test. And I’m like, I can’t even worse than what I’m doing right now. So it turned it on. We take down two of their time to get their bonds. But they loved it. They use this as a case study was such a cool thing. But anyway, yeah, that was an incident. So many students. Uh, yeah. One of the things an incident response that country I’ve gotten into. I like the first four steps of an incident response. Do these first four things before you ever contact to someone, right? First determine whether this is actually incident or if this is an event, this is a series of events. You know, what is an actual incident to find it. If it’s an incident, do some initial quick classification of the incident based on whatever criteria you want to use. You know, my default sort of criteria is, you know, the sensitivity of the data that’s involved. The criticality of the system that’s involved. And the type of insulin that’s actually occurring, classify those incidents and then let that dry is who you’re going to contact you. You’re going to assemble. You’re going to get it all.

[00:51:14] Brad Nigh: I know it’s just too logical.

[00:51:18] Evan Francen: Yeah. But responsible that people who haven’t done it before, they don’t know logic.

[00:51:29] Brad Nigh: Yeah. Well it’s everything off to post it. They’re the favorite. Like

[00:51:35] Evan Francen: uh

[00:51:36] Brad Nigh: if I have this little stick people with like everybody panic and it’s the two people running back and forth going, oh no, but that it is it’s or the, you know the dog with the room on fire. Everything is fine

[00:51:50] Evan Francen: here. Well that’s the thing. It’s uh there’s a difference in them. There’s panic and yeah, the right response is somewhere between uh you know, I have the saying you have the same thing uh uh if I’m going too fast to document everything that you asked.

[00:52:16] Brad Nigh: Yeah. Yeah. So the two, everybody’s panicking versus the complete indifference of whatever. Yeah. We deal with both. I have one of those that I find to be far more frustrated but I don’t know what you uh you know, which which type of client would you rather work with on an incident. The one that’s like panicking and trying to figure it out or the one who’s like and whatever is not that big a deal.

[

[00:52:44] Evan Francen: I don’t have to take the panicking one. Yeah.

[00:52:49] Brad Nigh: Yeah, I’m with you. The indifference absolutely is just want to say infuriating. But man, it’s just like, are you kidding me?

[00:53:03] Evan Francen: Really? They get what they get because they asked what you know I mean. It is sad. But yeah. And then if only you could make people make people see things you know sometimes All right. We got a couple of news stories and then we’ll wrap this thing up like and I’ll talk about the news stories quickly because one is the FAA uh grounded the Boeing 7 37 max. Uh turns out that there’s some you know, issues with the software now. I don’t know. I think it’s a stretch to say that this is the actual cause for the two plane crashes. The one named Ethiopia and the other one the Lion Air crash. Uh But the fact the fact that you’re in the same News, you’ve got two plane crashes. It got more than 300 people killed. You’ve got the F. S. B. The F. A. Action the ground. All these planes and a software fix all in the same thing. Yeah. There’s a correlation here that it’s pretty scary. Well, uh huh. And I don’t know if you remember last year one of the predictions that I made uh that somebody was going to die because physical security. Now I’m not saying I don’t know all the details. I know only the things that people read that are publicly available. But if there is the software while they’re a glitch that contributed. It may not have been the sole Collins too. Okay. Going down. That’s a scary thing man, Everything is running. But with my software now. Okay.

[

[00:54:58] Brad Nigh: yeah, and we’ve seen it where the maybe the there’s not a real good S. T. L. C. In place, which just increases the risk of bugs and the millions and millions of lines of code. You know, there’s gonna be something

[00:55:15] Evan Francen: guaranteed. Yeah. So that, I don’t know that’s scary. We, you know, there’ll be more to say they’re probably in the coming weeks. But that’s that’s on the other news thing that I picked up was uh We have to kind of big news, the news things. I think that happened this week. One was certainly is 737 crashes and then we have the new Zealand mosque shooting stuff and Attackers are going after both of those which are just they’re just jerks.

[

[00:55:46] Brad Nigh: I hate that kind of like you can count on that at this point, right? Every time there’s a big tragedy or something immediately the fakes scams for fundraisers and all that stuff coming out.

[00:56:00] Evan Francen: Right? So you know people that are be on alert and alert your users that you know, you’re going to see an increase in these types of things. Newsworthy events create more spam. And uh and also we’re I mean we’re only like a month away from uh the tax deadline April 15 is coming up quick and we already know that there’s been a ton of tax scams going on. They will only increase between now and April 15. So correct. Pay attention. Yeah. All right. Well, that’s all this week. I gotta catch a plane now. My wife is getting mad at me because I’m supposed to be packed or something.

[00:56:48] Brad Nigh: I guess we’ll let you go.

[00:56:49] Evan Francen: Yeah. Any parting words?

[00:56:54] Brad Nigh: No, I’ll let you go. So I don’t get in trouble with your

[00:56:56] Evan Francen: wife. I get that. So Alright, good episode, awesome to be back that I love talking to you. We have a chance to talk. Uh Yeah, that’s this is episode 19. Follow me on twitter at at every francine. Follow brad at at brad nine. It’s N I G H uh email us and insecurity at proton mail dot com. We’d love to hear from you. Tell us what you like what you don’t like. Whatever One more thing. Because the american people will get mad. Probably we have a hacks and hops. Events coming up. We’re not going to talk about the most exciting topic ever, but we have really good experts. Talking about information security risk. Just because it’s not excited. It doesn’t mean it’s not super duper important. So get there and learn something. That’s it, man. All right. All right, thank you. All right. Side chapels. No, I won’t. All right, man bye.

[

How an Incident Response Team Handles Threats

About

Work with Us

Resources

Contact