Information Security Impact on State Governments
In this week’s episode of the UNSECURITY podcast, the guys are joined by Jim Nash who serves as both a state representative for Minnesota, as well as FRSecure’s Information Security Evangelist. Together, the three talk primarily about what’s going on in Minnesota, other state governments, what Jim’s doing in the community, as well as the information security impact on state governments —all relating to COVID-19. Give episode 74 a listen and let us know what you think at unsecurity@protonmail.com.
Protect Your Organization from Cybersecurity Threats
SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.
Podcast Transcription:
[00:00:22] Evan Francen: All right, Good afternoon everyone. This is the 74th episode of the Unsecurity podcast. The date is April 6th 2020 and I’m Evan Francen joining me as my calls Brad Nigh along with our special guests. Jim Nash. Good morning afternoon brad. Jim. I’m all out of sorts.
[00:00:45] Brad Nigh: They’re good.
[00:00:46] Evan Francen: Are you not too bad? Good day so far.
[00:00:49] Brad Nigh: Mondays are always just so busy. So yeah,
[00:00:53] Evan Francen: so welcome to the show again. Jim. How you doing?
[00:00:55] Jim Nash: Thanks for having me back.
[00:00:57] Evan Francen: How you doing today?
[00:00:59] Jim Nash: You know, it’s, it’s not too bad. Been a little crazy and busy and but we’re good. Okay.
[00:01:05] Evan Francen: Now, do you remember the last time you were on the show? It was a while back?
[00:01:09] Jim Nash: I think it was close to the beginning of the year or maybe towards the tail end of last year. We talked about things and stuff.
[00:01:16] Evan Francen: But lots have changed since then.
[00:01:19] Jim Nash: Just a minute. Just a bit.
[00:01:21] Evan Francen: We’ll catch up on all that good stuff. Uh it’s customer that we start the show kind of checking in and we’ve already started that a little bit uh brad this weekend. Jim. What’s going on? What you guys been doing?
[00:01:35] Jim Nash: I’ll let you go first.
[00:01:37] Brad Nigh: I’m just trying to get some time outside outside of the house. We did a bunch of you know constantly escaping pulling weeds things that have been uh nobody really wants to do. So they get pushed off and I was like all right let’s just do it and let the kids got to play outside. So getting some fresh air.
[00:01:56] Evan Francen: Yeah the weather was nice this weekend. Yeah a lot of motorcycles on the road
[00:02:01] Brad Nigh: and it feels great.
[00:02:04] Evan Francen: Yeah. Jim What have you been all over town?
[00:02:08] Jim Nash: I have. So for the listeners they may not remember. I’m also a state representative which I believe is what we’re gonna be talking about some of today. But I’ve been trying to spend time driving around the community doing takeout and I post videos to facebook and twitter and elsewhere because I’m trying to help people understand that they can have some semblance of normalcy that they can still do things like restaurant takeout and support those local businesses. I’ve been helping a couple of small businesses that are responding to the P. P. E. Crisis. There was a company in the city of Carver which is in my district and have been helping them go from Never having made PPE before to now they’re producing 2.5 million plastic face shields a week and I helped them clear the way with red tape and then also introduced them to a bunch of people that I know across the country and they’re getting orders every single day for millions of these things. So it’s been busy, but it’s been a lot of fun.
[00:03:15] Evan Francen: Okay. Yeah. I’ve seen your videos all over the place. What, what restaurants or retail establishments did you visit this weekend? Did you?
[00:03:25] Jim Nash: Uh, this weekend? I went to Da Vinci’s here locally in Laconia. Um, I was also at a place called et cetera, which is in Laconia. I’ve been to coffee shops in victoria in brad’s neck of the woods. Um, and I try to do something every day and um, you know, the weekends I typically tend to take off just because I can’t eat that much. Take out. So, um, so we’ve taken a couple of days off here and there.
[00:03:58] Evan Francen: That’s correct. So I bought the chicken coop. Have you have seen it?
[00:04:04] Jim Nash: I bumped into your wife as you were getting chickens and she was laughing. I actually posted a video about that too.
[00:04:10] Evan Francen: Yeah, you did, yeah. So she, yeah, she brought chickens and this weekend, you know, you do it. You’re sort of told and I was told to build a chicken coop. So I did. There you go. Yeah, you should come over and see it sometime. No,
[00:04:26] Jim Nash: come over and eat your chickens.
[00:04:28] Evan Francen: No, no, no. It’s kind of chickens and my wife would get really mad about that. All right, well, let’s get in. So jim, we did invite you to the show a couple for a couple of reasons. Number one. Uh, we do like you. I voted for you brad. He’s new to your district. He’ll vote for you. We’ve already talked about this, right? Yeah.
[00:04:48] Jim Nash: Yeah. I think he might have last time
[00:04:50] Evan Francen: because I’m
[00:04:52] Brad Nigh: going to keep him guessing. You don’t, I’m not easy going to earn my vote.
[00:04:57] Evan Francen: All right. We’ll keep working at that. But the second thing we wanted to talk to you about is uh Get your perspectives on COVID 19. You have a different perspective than us. You work in government, your state representative. So you’re dealing with kind of everything, right? I mean, I can’t even imagine how many questions you get and everything like that. So I wanted to get uh, you know, first, let’s just talk about what’s going on in the Minnesota state government around Covid.
[00:05:25] Jim Nash: Sure. So this I was just on a bunch of calls over the weekend and we’re meeting remotely for some of the committee work. But I think one of the things that this has been a great lesson for is understanding what it means to have a remote workforce. And how does that relate to security. I was on the phone call with our state. See I o terek tones and he and I had a private column and we had a group call with a bunch of other legislative leaders. And and I will say that this was a wake up call for a lot of people. Most folks think that just working from home. You know, you bring your laptop home and you jump on your network and everything’s gonna be just fine and we all know that’s not the case. But for a lot of state workers, that’s been a huge wake up call. And there’s a lot of the, oh, I didn’t know that moments going on. You know, the, the state is the largest employer of people in the state of Minnesota. So most of those people are now working at home and that brings with it, uh, at the very lowest level equipment. Most of these people don’t have a laptop issued. So they’re trying to figure out how to how to make that work. And uh, he told me very honestly that some folks just took their, their desktop home with him. They put it in a box and off they go. And uh, security is, is if not secondary, possibly tertiary in some of these people’s minds. So I think that folks like us sort of preaching out into the end of the world, the need to understand that possibly at the flick of a switch, people may all have to go home and work from home. And what are the security implications of that. And that’s what he and I talked about and I will tell you that they’re doing a nice job. I will say, I think somebody who’s maybe doing it better Evan you and I met with the state C. I. O from north Dakota. He and I had a phone call about a week and a half ago And in the literally in the flick of a switch, they stood up thousands of VPNS and they just did it seamlessly. I was very, very impressed after I left that call.
[00:07:50] Evan Francen: That’s cool. That’s cool. So are all the government offices shut down now?
[00:07:56] Jim Nash: Well, you know, not everything is shut down. There are some people who are working in their office. These are usually people who are um commissioners or other, but for the most part, yes, everybody who is a state employee is working from home tomorrow. We’re having floor session to move a bill and there will be some people who will be at the capitol and the House of Representatives will be socially distance. But because I’m intrigued by it, I’m going to be one of the people who is voting from home and I want to, I want to give that a test run and see kind of how it works out. You know, the problem from a constitutional perspective is one that we talk about all the time. How do you know that Jim nash is actually the one voting or acting on whatever it is I’m supposed to act on. So that’ll be interesting. And the questions that I’ve been bringing up our around security one, how do I log in securely? We’re going to be doing zoom meetings just like we’re on right now. But you know, how do you make sure that one, I’m the person who’s on the line and how do I prove that? Is it? Uh, face facial recognition plus a token plus a secure log on. Uh, you know, it’s, it’s gonna be interesting to see how it all plays out.
[00:09:21] Brad Nigh: The plus is, you know, there are systems out there to handle that type of thing. If you look in health care for um, you know, prescribing controlled substances, right? The doctors do have tokens and they had some ways to ensure that that’s done. Now. The downside is nobody thought of doing any of that stuff for these things because this is unprecedented. So
[00:09:46] Jim Nash: yeah, well you’re exactly right Brandon and the thing that I’m curious about is how do we, There’s 201 legislators, how do you make sure that you’ve got the proper system and the right backbone and all the proper credentials and the tokens and all that. And then I think one of the simple nuts and bolts things is you’ve got people who are in the seven county metro and that’s great because the connectivity here is good. But you’ve also got people out in Roseau County practically in Canada and that’s a different backbone up there and you know, we talk about broadband all the time. It’s not very good up there and if you’ve ever been on vacation up in Northern Minnesota, you know that if you get onto a network, it’s pretty clunky
[00:10:36] Brad Nigh: I think almost you must, I think that the internet becomes a almost like a utility at this point. It’s a it’s a requirement. Yeah,
[00:10:47] Evan Francen: yeah, for sure. So not just that, but in times like this, I suppose you have an increased number of meetings and communications have to be, I mean there’s more communications and they’re more critical, right? So this is the wrong time for things to go down.
[00:11:04] Jim Nash: Oh, completely. And you know, I was just on a public safety virtual committee hearing and it was to say it was clunky was being generous tom and if we are supposed to move meaningful legislation um again, the security aspect of it for me is a concern because we have to make sure that the person who holds the election certificate is the one that’s voting and you know from the public, we also have to make sure that the transactions that you’re doing are secure. Um you know, there are thousands of people who are filing for unemployment insurance as we speak. Um that’s being overwhelmed right now. And one of the things that they’re looking at doing is creating sort of a chat experience for people who are trying to get into the system. And I have concerns about that too. How do you make sure that that’s a secure connection and that somebody who is honestly trying to get some help from the unemployment part of the state doesn’t wind up getting screwed right.
[00:12:22] Evan Francen: Yeah, I mean, and so there are they actually doing that, are they coding that now or is that something they’re still discussing?
[00:12:29] Jim Nash: No, they’re working on it right now. Okay.
[00:12:33] Evan Francen: Now, where do you get daily briefs from the state on kind of what’s going on the covid and any new current issues?
[00:12:43] Jim Nash: I do. I get a couple of daily briefings. We get a huge amount of email um, from the state and from other folks and lots of conference calls. And on top of that, I’m doing a lot of constituent email and stuff. So I’m getting about, Well yesterday alone, I got 400 emails and that was a Sunday On a daily basis during the work week and probably getting about 900 emails a day.
[00:13:09] Evan Francen: And that’s what was it before.
[00:13:12] Jim Nash: Um,
[00:13:13] Evan Francen: is a double tripled.
[00:13:15] Jim Nash: Its probably tripled. I probably get about 300 emails a day, many of which were from people who are saying, hey, I like this bill, please vote for it. I don’t get those now. But right now I’m getting my business is circling the drain, what can you do to help? And it’s been my commitment to make sure I answer all of those and it’s been a lot, but you know, you take a lot of conference calls from people and you know, we’ve all been there, You’re listening to people who are at their all time, worst you go from this flourishing economy and you’re a small business and you’re working away. And next thing, you know, you hit a brick wall because everybody is at home and a lot of folks are having some mental health issues. And I know that’s a huge issue for you have, is just the notion of being cooped up, but also for a business owner who is now, uh, they can’t operate. You know, I have a lot of, a lot of folks who are People who are not on the essential list. And keep in mind that roughly 76% of people in jobs are considered essential. All right. Yeah. There’s a plus or minus. But the number of people who are not considered essential. Uh, those folks are just, they don’t know what to do. So they turn to to folks like myself and we’re trying to help them out.
[00:14:37] Evan Francen: Yeah. Well, so now I’ve sort of like the way Minnesota has handled things. You know, I’m a resident here. I like the clear communications that come from, from government. Um, you know, I think Governor Wallace is doing a pretty good job of communicating and getting out there. Um, is there any prediction on or you know, what, what, what sort of timeline are you guys operating on? If any, Do you expect this to last months a year more.
[00:15:10] Jim Nash: Yeah. Well, you know, I’m not an epidemiologist and there’s a lot of good reasons for that, but
[00:15:16] Evan Francen: I
[00:15:19] Jim Nash: wish that we could say. But right now there is, there’s an executive order that’s in existence to shelter in place. It lasts for a little while longer. My expectation is that it will be extended. Mhm. And that for the specific reason of trying to, as as we all heard the overused term flatten the curve, we’re trying to make sure that the peak doesn’t hit our hospitals. And Minnesota has been very fortunate as it relates to the spread of this virus. Our neighbor to the east has not. Wisconsin has had a huge number of cases and I think, and mind you, the governor and I are not in the same party, but I will say governor walZ has done a pretty good job that there are some things that have been, as I call it ham handed, but they are open to our input, they listen to us when we call and an email. Uh I’ve got a great relationship with our lieutenant governor and again, we agree on very few things, but we take each other’s calls and she has been and Governor walz has been pretty good to work with. And um for example, they had not allowed funerals to move forward and I had a couple of constituents that said, hey Representative Ashley, I need your help. And what I did was called into the administration, I said, look, you’ve got people who are experiencing a very bad time in their family and they need our help if we can provide a way to let family mourn as we all do in a funeral, Then that’s something that’s important. So they changed the executive order to allow for a funeral party of 10 people and usually funerals are bigger than that. But um, there was at least a step in the right direction to allow people to do that. Yeah.
[00:17:20] Evan Francen: Mm. So other states, So you mentioned Wisconsin, Wisconsin, I think it seems like, you know, Milwaukee in that whole area over by lake Michigan is kind of the area that seems to be the hottest spot in Wisconsin. What are you hearing from other states? Are you hearing anything that seems to be working really well and you know, kind of, uh, you know, really creative approaches or is everybody pretty much kind of doing the same thing?
[00:17:48] Jim Nash: I think people are our States are typically doing the same thing. Um, we’re having a hard time obviously being from a very free society where you can go out and pretty much do whatever the heck you want to now being told that unless you’re an essential employee, you’re not going to work or you’re working from home, like all of us that have far secure doing. But it’s causing, I think a couple of things that will be challenged afterwards, like the ability to, or the inability to, to go and travel freely. And there have been a couple of examples in other states where folks are, um, getting arrested for, for being not in their home. And you know, none of us have, uh, would, would volunteer to live in a Communist state. And I’ve been to Communist states back in the day when I was going to school over in europe and it’s, it’s not a basket of fruit. It’s not good. So we got to make sure that we don’t deal with folks very heavy handed and make sure that we’re, we’re respecting. So for example, if if you and your wives and kids decided I can’t take this house anymore, I need to hop in the vehicle and I just want to go take a pleasure dr well, there are some places that, that may get called into question and that’s, that’s difficult. Um, it’s a fine balance that we have to achieve.
[00:19:16] Brad Nigh: I think the biggest issue that people are struggling with is if we didn’t do anything, the numbers, we’re going to be like catastrophic in terms of deaths. But by when you lock down and prevent the spread, the numbers don’t look as bad as they would have been. So, people are going, well, see it’s not as bad. Well, this because you’re locking down, you’re not doing it. You know, if you look at that, uh, infection rate in the death rate, If we hadn’t done it, it would have been, I mean, that’s going to be way worse on the economy to lose, You know, 5-7 million people than to be closed down for five months or five weeks. It’s five months. Yeah,
[00:20:00] Jim Nash: no, I can’t take five months of working from home brad man.
[00:20:04] Brad Nigh: That was yeah, no, five weeks, sorry. Yeah, no, I think you’re exactly
[00:20:08] Jim Nash: right. You’re exactly right. And this is one of those things where science is science and you have to say, okay, if I eliminate the opportunity to be in close proximity with people, then the transmission rates gonna go down. I mean, it’s just math
[00:20:30] Brad Nigh: right in Minnesota.
[00:20:33] Jim Nash: Yeah. And I liken this to the cyber security issues that we all talk about is if you want to or shrink your probability of compromise, what do you do? You shrink the surface of attack,
[00:20:45] Brad Nigh: yep.
[00:20:46] Jim Nash: And that’s what we’re doing is we’re shrinking the attack surface by sending people home and having them work from home and you know, gain £15 because they’re eating a lot of takeout and stuff. But yeah, I think the thing that we have to remember is that the state of wherever you might happen to be is trying to prevent longer term negative repercussions. So none of us like to be told, well, Evan you gotta you gotta stay at home. You know, Evans kind of a free spirited guy, right? I’ve known you for a long time and you’re pretty free spirited guy. You don’t like being told you gotta hunker down and go nowhere.
[00:21:29] Evan Francen: I don’t like being told anything.
[00:21:30] Jim Nash: Well that’s true. That is true. Uh but when you consider that this is bigger than than one person, that’s where this becomes really important. You know, I think of the fact that I love going to our office because it’s, you know, pretty much for the first half hour of a day in the last half hour a day. Everyone is just sort of wandering around chit, chatting and talking to one another and we all care for each other a lot at fr secure. Yeah. We haven’t been able to do that and that’s kind of a drag. Yeah, because we are we are social animals. That’s where this this problem becomes very profound. But yeah.
[00:22:15] Evan Francen: Well that’s the big thing that, you know, for me, you know, you’re right mental health is a there’s a thing for me because well, numerous reasons I’ve lost very close friends. Uh and I think, you know, we don’t really know if we made the right call and a lot of things until this is all over. You know, the data that we’ve seen has been so variable. It’s been all over the place. Um It’s hard to know which data is good data in which data is bad data, you know, so you make a lot of decisions and some of the things that we don’t know yet is how does this affect, you know, chemical uh you know abuse. How does it affect um you know suicide rates or depression or anxiety or any number of other things because those are also of facts writing I understand locking down the virus could kill you or your mind could kill you. Yeah. Yeah.
[00:23:13] Brad Nigh: It’s definitely been tough and uh, you know, Jimmy got a bunch of kids running around two and it’s hard on them and it’s just stressful for everyone. So
[00:23:24] Evan Francen: yeah, it gets over soon.
[00:23:27] Jim Nash: Well, you know, and I’m an eternal optimist and I like to look for the things that are good. What I have seen is more people out for walks on my street than I’ve ever seen before. Uh, you know, I took a bicycle ride a couple days ago and evidence where I bumped into your wife. Uh, and I did a bunch of on the spot videos of people saying look just because we’re practicing social distancing doesn’t mean we need to practice social alienation. Sure. That’s the important thing is we are told, hey, go huddle up in your cave and some people do just that and they, they go inside the cave and they sit in their barca lounger or their recliner with a, with a huge tub of cheese balls and they don’t go anywhere. Well that’s not helpful under the executive order. You can still go out and walk around. In fact you’re encouraged to do. So I’ll tell you my dog hazel here is laying next to me. She’s been on more walks then she’s been on in months. So those are the sort of things that we have to do. Yeah. You know, and I know that we’ve done virtual happy hours at work here and those are those are great. But that’s that’s what’s going to get us through. This is taking care of one another. And you know, I think well everything you’re about to do this uh this podcast or a webinar for people, you know, I think things like that too, there’s so many questions from a security perspective to bring this all back to security. Uh You know, there’s so many questions about, well is my employee set up to be a secure remote worker, uh Are we doing this right? Are we putting our company at risk and you know at the state and in conversations I’ve had with other C. I. O. S. And other people on like I serve on the cyber security task force for a national group of state legislators. Uh This is a frequent topic of conversation is what our state employees doing. I mean if if fishing and uh skirmishing were a big deal before they’re becoming way bigger now. Uh You know, we’ve heard that there are thousands now more thousands of attacks through phishing emails and what they’re doing is they’re doing it two state employees and all employees but they’re doing it to employees who are naturally curious about what’s going on with Covid. I mean either one of you might want to talk about the, the map, the interactive map that it was infected with malware, right? That’s what’s been on people’s minds.
[00:26:11] Evan Francen: Yeah. Oh yeah, for sure when it happens, I mean even this is a much larger scale, but even the smaller scale, you know, catastrophes and incidents always raise the, the frequency of attack, right? And they leverage current news events, right? It’s sensationalized, people panicked. Uh you know, people are seem to be panicking less, they seem to be settling in a little bit more. Um, but yeah, the attacks will still keep coming, keep coming, hard to Yeah, so, but you know, there are no, there is no silver bullet. We get asked this a lot too, we get asked. Well what’s the one thing I can do, you know, to really protect myself at home and you know, through all this, the attacks are not any more ingenious than they’ve ever been write a phishing attack. The phishing attack, right? There’s different variants of phishing attacks, but it still requires you to do something as a user using single factor authentication. That’s still a problem. Just like it always was. It’s just the problem is exacerbated because so many more people are doing it and I’m not paying attention.
[00:27:20] Brad Nigh: Yeah, the kids are bugging you for lunch and you’re trying to get stuff done and somebody clicks something, they shouldn’t have, right,
[00:27:29] Evan Francen: because I haven’t seen a single, well I’ve seen, I haven’t seen any attack that I’m like, wow, that was innovative. Never seen that one before. They’re the same. They’re just different flavors now.
[00:27:41] Jim Nash: Yeah. Well you did see the attack that has malware embedded in the interactive map, right?
[00:27:47] Brad Nigh: Yeah. Yeah. If you do a malicious uh android app and grips, ransoms your your phone,
[00:27:55] Evan Francen: that’s what you get for using an android.
[00:27:57] Jim Nash: Yeah,
[00:28:00] Evan Francen: you should be running uh I want to put any of the V for for android. Did any of the tv for android catch that,
[00:28:08] Brad Nigh: you know, I haven’t seen, I don’t know. Mm.
[00:28:11] Evan Francen: All right, well let’s get on, let’s talk. So one of the security things that’s sort of new or top of mind, I guess it’s zoom. Have you ever seen a company in the news so much with false information? Just crazy stuff As in the last two weeks, have you ever seen anything like
[00:28:31] Brad Nigh: it? Oh no, no, not at all. This is. I mean, and for what they’re having it, it they’re not mhm. Critical or high risk when you when you actually look at what all their vulnerabilities are
[00:28:50] Evan Francen: right to assume, you know, during the, you know, it would be at the early stages of the pandemic. The Ceo, you know, made it known that he was going to make zoom available for free to all education. Right. And that was a big piece of it just blowing up in popularity plus the fact that people needed something, you know, there’s still a free version of zoom, right? Or even the paid version isn’t very expensive. So now I can go get a good teleconferencing service that’s stable. And they did a great job at architect ng because I haven’t had any outages. I’ve heard of people having outages or issues with stability, but I haven’t witnessed any that myself, if you So he had this huge rise. He went from, I don’t know how many users users,
[00:29:42] Brad Nigh: They said December, they were at 10 million users a day and in March there were 200 million users
[00:29:48] Evan Francen: Today and I’ve heard that they’ve peaked over 300 million. Yeah Users a day. So to go from 10 to 300 users a day, you’ve got to have a pretty elastic architecture to be able to support that. I don’t know. There’s no way they would have load tested that for 300 million users. How could you? Right. So, good job to them. And then there was a bug, Right? Who’s a zero day sort of bug, you know, allegedly an ex N S a hacker? Well, at least that’s what the article tells us. Right, um NSA air quotes um, with the U N. C vulnerability. Right? That would allow you potentially in the right conditions to steal credentials,
[00:30:33] Brad Nigh: right? Still required user interaction. It’s not like, you know, they could post this and suddenly everybody’s credentials went right to the attacker, you actually to click the link, Then they follow it and they fixed it. What? 36 hours maybe?
[00:30:50] Evan Francen: Yeah, within 36 hours. And then the message was really crystal clear to, right? There wasn’t any uh it was very transparent the way they handled
[00:30:59] Brad Nigh: it. You know, I think uh Dave Kennedy had a really good point in that they are now dropping these exploits without giving any notification to companies. Right? That’s not that’s not how security researchers have worked in the past. You know, it’s usually you report it, let him fix it and if they don’t respond in a certain amount of time then you can, you know, you’ll see him go public but just be like, hey, there’s this problem and make it public before you alert the company is that’s borderline irresponsible,
[00:31:33] Evan Francen: right? He claimed that he did try, didn’t he claimed that he did try to contact zoom and zoom didn’t return his message or something like that. But then he thought it was he thought he was doing the public good, right. You know, so, you know, so many people are vulnerable to this thing. We should make it public. The zoo has been around for quite a while and even with the 10 million users or whatever it was, it was going just fine. I don’t know if it needed the urgency that it got, but it was, you know, did get their attention
[00:32:08] Brad Nigh: well and, and I want to be clear, I’m not there’s not not saying Zuma’s infallible here. Right. They definitely had some issues but they corrected it. You know the indian encryption piece. It was misleading I would say. Uh But from what the response to it looks like it doesn’t look like it was it was intentionally misleading and they’re fixing it right. Changing the language. So I mean if people you know you see like the new york public schools are saying we’re not going to use this but they’ll use google or they’ll use facebook or they’ll use right. These other companies that have a history of doing it. If you’re going to say that these are security issues you’re not going to go with you just shut down. Don’t use any technology because these aren’t as bad as a lot of the ones we see.
[00:32:59] Evan Francen: And then we’ll go workarounds right? Except for the end to end encryption
[00:33:02] Brad Nigh: but which but at the end of the day really the indian encryption is if you’re using a zoom ap like the browser whatever it’s encrypted if you call in it’s not encrypted like the bigger issue on that one is they consider their servers and endpoint in that. So it’s not hey our connection is encrypted just for the three of us. It does go through their servers and so yeah there is some concern around that but he even addressed it and said we don’t decrypt it we can’t decrypt it. Right.
[00:33:34] Evan Francen: Well what’s the likelihood of somebody, you know, getting that information anyway, it’s not a trivial attack. It’s not something that’s going to be easier for easy for, it’s like these things that are conceptually it could happen but practically it doesn’t.
[00:33:53] Brad Nigh: Yeah.
[00:33:56] Evan Francen: I think little districts have a much bigger fish to fry than this.
[00:34:00] Brad Nigh: Yes.
[00:34:02] Jim Nash: I think school districts right now are I have been hearing from and reached out to some friends to help but the school g application is bogging down and very very twitchy. What I did learn is that it is um Yeah, it is on a popular cloud app or platform, I can’t say which but that that the cloud folks are trying to help school g build out their tech better. So it’s not a resource issue, it’s not the platform issue. It’s it’s that the the app itself was not built to handle this many kids on it all at one time. So it’s it’s going toes up pretty regularly and you get the blue screen of death. Um But that it’s not it’s not the platform that it’s not it’s it’s the actual architecture of of school age itself.
[00:35:02] Brad Nigh: Yeah. So my daughters went back today officially and they’ve done a couple of the teachers did school g meetups and a couple of them did the google meetups and already this morning. They said the school of the ones are they hate them then. We were so much easier. Yeah, I mean cola even, you know, Ryan uh, mention, it was talking about this last week. You know, it’s just, there’s not a lot of money going around so people will just make do it works. Why fix it? Yeah,
[00:35:36] Evan Francen: very true. And then there was the zoom bombing.
[00:35:38] Brad Nigh: Yeah, that’s really unfortunate.
[00:35:42] Evan Francen: Yeah. Well, yeah, especially seeing, you know how it affected Children, right? With, you know, a lot of anti Semitic and racist common where Attackers would just bomb get into zoom meetings that were unprotected, um, pornography, you know, displayed it. You know, the Children, uh, it got so bad that the FBI actually, you know, issued a warning about june bombing, but this isn’t a vulnerability. No. All right. I mean, it’s a vulnerability, but this configuration, you’re mis configuration, right? It’s not a bug.
[00:36:18] Brad Nigh: Well, it’s like, so the one in your article there, the Alpine school district in Utah, They posted their zoom link on facebook. I mean, how was
[00:36:30] Evan Francen: it? Like, come on. I like seeing you get fired up man.
[00:36:36] Brad Nigh: I don’t usually tweet a lot. And even you caught me over the weekend. I was like, oh, why should the Washington post misled? And they’ve been really good on their, their coverage and it was like 15,000 Zoom Meeting Recordings are available online and protected because people took him off the Zoom servers and store them in unprotected buckets.
[00:36:59] Evan Francen: Right. What
[00:37:01] Brad Nigh: are you, what are you going to do? This is just, that’s bad. I don’t, there’s so much uncertainty. We don’t need more fun out there. Right.
[00:37:09] Evan Francen: Well, that’s, you know, and when you look at, I mean you and I have been in security long enough to to have seen many breaches and things like that. And so far everything that I’ve seen, you know, related to zoom isn’t enough to make me move from zoom all of this. Yes, they’re not, nobody’s ever infallible. No, they had a bug, they fixed it. The other things were configuration problems. So configure your stuff better. Was going to say a bad word, we’ll use the technology.
[00:37:43] Brad Nigh: I mean, it’s Yeah, yeah, exactly. Right.
[00:37:48] Evan Francen: So, you know, so then from the zoom bombing and they were almost endless stories about zoom bombing and sure, yeah, it’s easier to point your fingers at zoom, right?
[00:37:58] Brad Nigh: No accountability. It wasn’t my fault. I didn’t configure it
[00:38:02] Evan Francen: properly. Right? So you had all that. And then you had, you know, the mistaken routing through china, that was probably not good. That was probably not good.
[00:38:13] Brad Nigh: That’s not idea. Like I said, they’re not without fault here. Right?
[00:38:17] Evan Francen: Uh, you know, so that in that one, the Ceo, you know, came right out and said I made, we made a mistake, try to brush it under the rug or anything like that. It was legitimate mistake. So you have two things now. None of these things would have really been called out if zoom would have been just kind of chugging along at 10 million users, you know, at a time, But the fact we got up to 300 million now, everybody seems to be focusing on on zoom, then we have the overreaction. So we have people calling for you shouldn’t use them at all. Right, insecure. Okay, well then get rid of word, get rid of Excel, get rid of SharePoint. Get rid of every web technology you’ve ever used before. Right? Uh new york schools, you know, like you alluded to earlier claim that, you know, they’re not using zoom anymore. They’re not permitting the use of zoom anymore. So it’s in which technology you’re going to use that’s going to compensate for your crappy configuration
[00:39:22] Jim Nash: carrier pigeon?
[00:39:24] Evan Francen: Yeah. Okay. We can intercept one of those though with a shotgun. Right.
[00:39:30] Brad Nigh: Clay tablet. Yeah, I don’t know What what’s interesting on the so going to the New York one, you know, they don’t have a contract with it. So they’re using the free version, Which doesn’t have some of the management, but they’re they’re saying they’re going to go to Microsoft teams, which indicates there are no 365 uh platform. Why wouldn’t you use that to start with? Right. Mhm. You know, I think that’s very um yeah, question some of their decisions on that.
[00:40:03] Jim Nash: I think it’s funny how people generally want to use a free technology and then when the free technology that doesn’t come on board with this, a pay for the same technology, but at a higher level of security, they throw their arms up and they say, oh, this is awful. Now, what happened here? Well, there’s a greater level of service when you subscribe to something and you pay a little bit of money and brad. As you said, the free version doesn’t come with all the things that you would you would like it to have. Right? So don’t don’t be a moron, sorry, but don’t be a moron and say, well this is bad. And we should bash these people when you yourself didn’t set it up. Right. And you yourself chose not to subscribe to the full features of uh what’s available in particular zoom.
[00:40:54] Brad Nigh: Just even things like central central administration to enforce the password requirement. You don’t get that in the free one. Because there’s no it’s essentially managed. It’s kind of the whole point.
[00:41:08] Evan Francen: That was was the education version made free by I mean, I know that the zoom Ceo or zoom made uh zoom for free to education. Does that include the the paid for version? I assume it would because otherwise, what’s the Well
[00:41:28] Brad Nigh: that would be interesting. No, I think they were just saying it was the basic account, they just got rid of the time limit.
[00:41:34] Evan Francen: All right,
[00:41:35] Brad Nigh: you still have just that very limited amount, but they don’t have a they didn’t have a contract with them, a central contract and that’s more kind of the big issue. I mean, I’ve been very happy with, like I said with zoom with what they provided and and their responses, you got to take some accountability to, you know, make sure you’re doing the right things. These are the fundamentals we talked about all the time. That’s what’s pissing me
[00:42:03] Evan Francen: off. Good for you, man. I like giving you kind of pissed off because in the morning you notice that I’m tired, right? So, I’m here rubbing my eyes trying to get through the rest of the day. You seem to be getting fired up as the day goes on. Um, I’m a morning guy. You must be more of an afternoon guy.
[00:42:21] Brad Nigh: Uh Yeah, I’ve always been a night also getting up in the morning. It’s been a requirement with kids and getting stuff done, but I definitely get more more done in the evenings.
[00:42:33] Jim Nash: Good for you. If we could shift all of our work to the hours of 11 p.m. To four in the morning. I would get a lot done with people. I I like to be up late.
[00:42:44] Evan Francen: Yeah, you’re late guy too. All right. So then we had, you know, somebody, you know, people were claiming that zoom is unsuitable for government secrets as are most commercial technologies anyway, depending what you call is a secret. All right. Uh the FTC. Uh you know, a senator, Which senator wasn’t as the FTC to investigate zoomed deceptive security practices or claims. Which question it was. I gonna
[00:43:13] Brad Nigh: find, I don’t know what uh a politician looking for headlines jim that never happens.
[00:43:21] Evan Francen: Uh
[00:43:23] Jim Nash: Yeah, you know, that is some politicians just need to do a little bit of research before they decided to have a press conference. Yeah,
[00:43:33] Evan Francen: yeah. Sherrod Brown of Ohio.
[00:43:37] Jim Nash: No idea.
[00:43:38] Evan Francen: Democratic Ohio uh senate powerful senate democrats. Yes.
[00:43:44] Jim Nash: Well, I don’t know how powerful they are. They’re in the minority. So
[00:43:48] Evan Francen: well, let’s not go there right now, I’m scaring. All right. So the they have to So Sherrod Brown sent a letter to the FTC asking for an investigation. We seem to like doing investigations. Uh zooms deceptive security claims. And then, you know, sort of around the same time. So if you read kind of what’s going on, you know, if you take a I think a wider gaze at all of this around the same times facebook, you know, there’s an article that comes up that’s his facebook wants to take a bite out of zoom zoom videos growth
[00:44:25] Brad Nigh: because they’ve got a great track record on privacy and security.
[00:44:29] Evan Francen: Right? And then ring central gets into the video chat game. Cisco, there’s an article that says is Cisco I see for remote work play and then zoom. Uh and then you’ve got Skype, you know article this one this article is forget zoom Skype unveils free meat now video calls
[00:44:52] Brad Nigh: except Microsoft just announced tall business that the Skype is going away to quit using it, go to team. So now what are they supporting it? What, what’s going on from that side of it?
[00:45:03] Evan Francen: Whatever it takes to make more money, you know, so, you know, and I wonder if all of this, you know, kind of or what percentage of all the crap that zoom is catching for seemingly insignificant things that should be fixed, but not things to cause panic. How many of these things come Because there’s influences from some of these big, bigger at the time, maybe still bigger companies who want a piece of that pie. Yeah. You know, connections with the press, you know, there’s money that exchanges hands, I’m sure under the table for all sorts of things. Yeah,
[00:45:42] Brad Nigh: Yes. We’ll just keep fighting the good fight calling people out.
[00:45:48] Evan Francen: Well, just, just use logic. So, you know, the last part of this court sort of zoom talk is just using logic and reason. And it was nice to see you, you mentioned dave Kennedy, dave Kennedy I think was part of an article that went into the medium uh in the title of the article. Zoom isn’t malware. Yeah. You know, and public publicly, you know, indeed Kennedy is very well respected in our industry is somebody that I look up to. Somebody that I I’ve always admired his research. Um, a smart guy. Uh and he claimed publicly that his companies it was. Um, so if he’s using zoom, if it’s good enough for him. Yeah. Not for most of us.
[00:46:32] Brad Nigh: Right. Well, it’s like in the next one you have rapid seven, some of these bigger company. If you take the those basic steps, the odds are, I mean you can never eliminate risk, right? But you’re mitigated, it’s down. So that’s probably not gonna be your biggest concern at this point. Is somebody getting in uh through your zoom meeting. They’re going to come in through somebody clicking an email, not two years in. Mm.
[00:47:02] Evan Francen: And there’s some good guidance out there. So the things that you want to do is obviously patch, if you have an updated zoom, I think it pushed automatically. So it was when you closed out of a meeting, it popped up and said, hey, you want to update your zoom. So if you’re using the zoom client, you would have gotten that uh if you haven’t, you know, it’s simple, click on your little profile icon and check for updates. Right? Mhm. So patch number one, number two, there’s all articles all over the place and how you can stop zoom bombing. Right? And how to configure your zoom meetings securely. Now a lot of this stuff didn’t affect at all, webinars. Right. So in zoom you have meetings and you have webinars. Webinars was a different thing. Webinars wasn’t affected by. Right, Mommy because it’s it meetings are more collaborative where everybody sort of gets rights, you can share screens, things like that. Whereas webinars in zoom, you have to request that or have to be given them, you know, from the administrator after weather. So there you go. It’s, you know, I wouldn’t move from zoom. Uh nothing is significant enough to make me want to move from zoom. I
[00:48:13] Brad Nigh: mean realistically at this point, if these are the worst vulnerabilities that have been found after all the scrutiny they’ve been under, it’s pretty good track record.
[00:48:24] Evan Francen: Right. Can you imagine no company in the last two weeks has been pen tested more than jury
[00:48:31] Brad Nigh: and they found some minor thing. Well, I don’t want to say mine, I don’t want to play it down too much, but I mean medium at best.
[00:48:39] Evan Francen: Right. Yeah. And I would certainly be a lot more concerned if, you know, if the response wasn’t transparent wasn’t prompt, if they were still dragging their feet or you know, sometimes, you know, talk about teams how many times we’ve seen Microsoft sit on vulnerabilities for years. Mhm. That they have known about that have been in the wild. Right, right. Where is the outrage for that? Right. Oh, all right. So anyway, it’s crazy the plot I don’t know what to expect this week in terms, you know, with what’s going on with zoom, but it will probably keep
[00:49:14] Brad Nigh: up because it’s probably some new story that’s come out while we’re talking about it.
[00:49:18] Evan Francen: Right. Right. For sure. So switch gears and talk about something else that’s related. Uh there is no shortage. I don’t know if you’ve noticed but everybody’s going after, hey you’re working from home, you’re some security guidance for you. Uh Most of it is good, right? I don’t know if people really realize that all these all these great articles that we write and that we were writing with the home or the normal person being the audience. They never read it. Do you think any any of the home workers are reading all this guidance on how to secure your secure your home office?
[00:50:00] Brad Nigh: No no
[00:50:01] Jim Nash: no. I think they generally assume that it’s an I. T. Problem that I. T. Will just quote unquote, fix it before them. Um But I mean and we what we talk about this all the time, you gotta you gotta take some ownership of this and you’ve got to make sure that you’re doing what you can for your personal responsibility perspective and you know not to speak in overly broad generalized terms. Most people don’t want to take personal responsibility for anything. So um let alone security. They’re like oh well I thought that was brad’s issue brad isn’t gonna take care of security for all of us. Well what the heck.
[00:50:40] Evan Francen: Well you see it with the zoom. Right. I mean when something bad happens it’s like they’re pointing fingers. Right
[00:50:47] Jim Nash: Well yeah and and the part that frost my lemons on the zoom thing is you’re using a free app. It’s free. And now you’re complaining about it because you weren’t impacted. But now you’re all paranoid, bad things probably happened. Someone stole all my information ball. No, they
[00:51:06] Brad Nigh: didn’t. How many apps on your phone have you downloaded that? Give Everything about your contacts and microphone. Yeah. zero.
[00:51:14] Jim Nash: Yeah. Well look at, look at some of the numbers on social distancing that they’ve been accessing, right? So they say, oh well we can tell they were sheltering at home really well because of cell phone data. Well, where are they getting that data from? Just to brad’s point because you downloaded a bunch of apps and you didn’t read the Eula and you just clicked. Sure I want to play candy crush. Let me in. And they’re tracking you dude. They’re tracking you. So you get, you give away more in candy crush and other games then you are in zoom. And yet you’re now outraged over something that happened to a guy that you knew who told you that his best friend’s sister’s brother in law might have been or heard about being compromised with zoom. Really? Come
[00:52:03] Evan Francen: on. See that’s awesome. You get both of you guys fired up. It’s not working for me, but I’m not fired up yet. Anyway, there’s no shortage. I’ll
[00:52:12] Jim Nash: come steal your chickens later tonight and get you fired up.
[00:52:15] Evan Francen: Oh no, they don’t get me killed, my wife,
[00:52:17] Brad Nigh: I
[00:52:20] Evan Francen: want to be part of that. So yes. So all kinds of guidance and like I said, most of it’s good if you, if you’re into reading things, uh, read it, there’s no shortage. And it’s like I said, most of it’s good. It’s funny how these people, you know, a lot of these articles weren’t there prior to any of this stuff happening, but you know, you would expect that. I think everybody right now is trying to get their piece of the pie. You know, what was, you know, healthy economy now is contracted so much that everybody’s kind of fighting for every dollar that they can get. So, you know, I don’t, I don’t fault that. Um, but one of the things that we did, we did this in 2019, beginning of 2019. We created this as to me assessment. Um, it’s a simple assessment. It’s yes knows or not sure. There’s a lot of things you may not even know right if you change the default password on your router, I don’t know. Right? So you go through the assessment. Um, and the reason why we built it is we built it before the this whole covid thing happened. We built it because one, we understand that information, security isn’t about information or security as much as it is about people. Uh, and the people at home, we’re just sitting ducks, you know sheep being led to the slaughter. Right? They just keep you already mentioned. How many apps do we just install all the time. I’m thinking about the privacy ramifications. How many IOT devices do we plug into our, you know, living rooms? Um, we have some of the most intimate conversations ever. We don’t, and we don’t complain and bitch about that, but we do about zoom something potentially eavesdropping on one of my phone calls, which probably isn’t that intimate. Right? So anyway, we built this for that and we also built it because we know that people are creatures of habit. Right? So the good habits or bad habits that I have at home are going to be the good habits or bad habits I’m gonna bring to the office probably. Right. So that’s why we built it. Um, and then since then, uh, you know, it’s gaining in popularity, which, you know, you would expect as we go through all this stuff. Um, but it was really good and, and jim it was due to your efforts, uh, to help us make it more known when we put, when it was put on Nasa’s website. So thank you for that.
[00:54:51] Jim Nash: You bet has been generating much traffic.
[00:54:55] Evan Francen: I’m not sure. I don’t, I’m not, I’m not the market actually go talk with Andy and find out. Um, but it’s good. It’s good that it’s a resource that, you know, it’s been made available to all the states. See IOS now they know about it. Um, and they can certainly use it. Right. It’s free. It will always be free. I just feel cool because I don’t like being part of the money ground, right? I don’t like that.
[00:55:20] Jim Nash: I’ve spoken to a couple of C. I. O. Friends and made them aware of it, and also some folks in the business sector that are using it as well now that there are folks are working from home. So it’s been it’s been a great tool and we’ve gained a lot of positive feedback from those people. So yeah, it’s been good,
[00:55:41] Evan Francen: good. And we’re looking for feedback to, I mean, we’re looking for, hey, this this part stinks, you know, I disagree with this, you know, one of the things that we know is we don’t ask enough questions about uh child safety, I think in the assessment, that’s the one motivator that really seems to resonate with almost all parents universally is protecting your Children. Do you know what apps their kids are using? I do and brad, I know you do, but how many of the people, you know, just normal people have no idea. Yeah. What about their kids are using and some of those apps are pretty nasty. Yeah. So uh the thing that we’re kicking off today, it’s and it’s every day, this it’s every day this week at five p.m. It’s 30 minutes. So people just, you know, and if you can’t make it, we’re recording it if you didn’t make it into the webinar because it is sold out now um you can live streaming your live stream it to youtube and to facebook no never live stream at a zoom before but we’re giving it a shot if it doesn’t work I’m blaming Zune. Yeah
[00:56:57] Jim Nash: I know that we also made this available to a lot of the Minnesota municipalities through the my contact at the League of Minnesota cities I believe that they’re pretty excited about it. Uh Evan I know that you’ve been talking with my contact there. How’s that going?
[00:57:12] Evan Francen: Awesome. Super nice guy. Uh Yeah he’s we’ve had good communications back and forth and so we’re talking about you know this current issue of you know as to me in helping people be more secure at home. But then I think there’s a bigger play with how do you help cities without charge them a boatload of money? You know I mean a lot of cities either have No it department at all or it’s 12 people
[00:57:42] Jim Nash: yeah insert new politician joke here but before I became a state rep I was the mayor here in Laconia and uh the I. T. Sophistication level really doesn’t exist past keeping lights blinking and some rudimentary backup stuff. So yeah the information security is not usually a budget line item. And a lot of folks will look at their MSP if they’re using that as a city and as we all know that’s that’s not something that MSP s put a tremendous amount of time into doing, right. So uh true.
[00:58:22] Evan Francen: But you know, due to your, you know, I think your work, you know, that’s one of the things that I’m not blowing smoke. I mean truly as I’ve seen, you operate as our state representative when I see you out on the street talking to people, when I see, you know, patronizing businesses when nobody else is, everybody else is scared because you can still do take out, you can still have a discussion from a distance, right? You mentioned, you know, instead it’s not social distancing its physical distancing, right? Right. Still be social. We have to stay social. We need each other. Yeah. But to see you do that. And then the senior advocacy on information security at Minnesota, you mentioned North Dakota in the context you’ve established with Sean Riley the Ceo there, the work you’re doing with Nasa. Just all that stuff, man. I I personally appreciate it because I think it’s all the right thing to do. So
[00:59:18] Jim Nash: Well, I’m having fun doing it.
[00:59:20] Evan Francen: Yeah, it’s cool, man. But then you got to get some rest, which you did last night.
[00:59:25] Jim Nash: I did quickly, yep, I did. That’s why we’re recording in the afternoon because I I had to take a little bit of a sleeping pill to finally get some rest after days of not sleeping.
[00:59:37] Evan Francen: Yeah, good for you man. You got to take care of yourself. So anyway, we’re doing this safety and cyber security at home Webinar series and the reason why we label that safety and I think we have ways to go to make s to me truly a better safety tool um, is because that’s what resonates with people. I don’t know how to get people’s attention at home. Yeah, I mean it really does come down to and I’m not, you know, using fear. But if you love your kids, if you love your family, you would love some security how to drink. Not like lock it down like fort Knox, but by doing the right things. Uh, you know, should I segment my wifi networks? Should I change the default password? How do I patch my router? Blah, blah, blah. Right. I mean,
[01:00:31] Brad Nigh: yeah. Well every parent I’ve talked to is all about it saying where do I go to find out how to do these things? So I could, I’m right track.
[01:00:41] Evan Francen: Yeah, I think so too. So I’m hoping the webinar series will go, well it will be recorded. It will live streaming, but like I said to, I’m also looking for feedback. I think sometimes people are intimidated by security. People, Do you ever feel that like people aren’t telling you stuff? It’s like, why wouldn’t you tell me stuff
[01:01:01] Jim Nash: brad scares me generally?
[01:01:04] Evan Francen: Yeah. And people are scared of this beard. I mean look at this thing.
[01:01:07] Brad Nigh: Yeah. You know, I think part of it is is the, you know, historically there’s been a lot of people Security has kind of my way or the highway or talk down to people and you’re seeing that approach from the corporate side to us trying to change that mentality and, you know, change the message will get through.
[01:01:31] Jim Nash: That’s what I love about fr secure is that we understand that a lot of the people that we talked to, our other security professionals, but then there are a lot of people we talked to you that that they don’t have any real knowledge about it. And they’re looking to us to help them understand how this applies to my home. How does this apply to my kids? Uh, you know, and I was I was describing it to somebody when they were looking at our speakers bureau page on on the fr secure page. You know, they said, well, jim, what are the things that you would come out and speak to? And I’m I’m not a C. I S S. P. And uh you guys are, there are people that you guys can talk to and you will connect and I couldn’t. And then there are people that I can talk to that you won’t or can’t because um you would tell what’s that
[01:02:27] Evan Francen: other politicians? Are you kidding me? Hell no.
[01:02:30] Jim Nash: Well, but also just people who are uh non technical people that uh, you know, like I I resonate really well with Cfos and and other managers and people that I go to talk to and uh just the difference between what the two of you would say to a group and what I would say to a group are very different, but the message is still the same. Security is important. Security is um you know, we talked about it being a business issue, but also we should be talking about it. Security is a family issue, and that message comes from everybody at fr secure in one way or another. But I think one of the things that that this s to anything has been able to do is to say this is important to you, a person in your home, this is important to your kids and to brad’s point, you know, traditionally security folks have been a little legalistic and they walk into a room and they may be carrying a stick that they beat you with, and that’s not a way to get people to be motivated. We have to say, look, this is important for the following reasons. And you give them some of those reasons, you know, in my presentations, I tell everybody if you have an Alexa, hit it with a hammer and burn it with fire because it’s just it’s just a huge exposure and they’re like, oh, but it does so many things for me, uh you know, from a security perspective, I think their internet of things is pretty sketchy. Um other people, if you have a high level of risk tolerance, then great smoke up johnny. But um, I try to help people understand that security is something that you’ve got to take seriously at home and that our tool is, is going to help you understand what your exposures are.
[01:04:23] Evan Francen: Yeah, very good point. And so one of the words that I keyed in on was motivation, you know, um, you motivate people through, you know, I think making, it’s like Pavlov, right? I mean we’re giving her award or beat him with a stick, right? One is going to give you, you know, one set of results, one way one is going to give you, you know, So we’re trying to think through like, you know, as to me, version one isn’t you know, it’s good, but it’s not all that enjoyable.
[01:04:54] Brad Nigh: It’s a version one, right?
[01:04:57] Evan Francen: But the version two, you know, we’re trying to take the feedback. How do we make it more enjoyable? You know, badges achievements, people do anything for a badge.
[01:05:08] Jim Nash: And I just think of the line from blazing saddles, badges. We don’t need those stinking badges.
[01:05:14] Evan Francen: Exactly.
[01:05:15] Jim Nash: Just because it makes me laugh.
[01:05:17] Evan Francen: Yeah, yeah. one, version 2 to version 2000 April the end of this month. Very cool. We’ll play with that some more. Yeah, other news. The daily insanity check in. Uh, those have been fun man. And I expected, um, every day we have 15-20 ISH people who show up and it’s always different groups, You know, it’s never the same exact 15-20 people sometimes. You know like Rod was you know, wasn’t there the last couple times he was back again today and you know people come and go. Which I love it. Yeah. Um And we really got into to know each other better for me. It’s good because um it just feels like I’m out and about a little bit more, you know what I mean? Trying to cut that social distancing and you know, even though we’re physically distance, you know. Yeah. What have you thought brad? Because you’ve been in. Some of them
[01:06:16] Brad Nigh: have been in the only ones I’ve missed her the monday because I have another meeting. But uh No, I like him. It’s it’s different. It’s a change of pace. That’s the biggest thing. It’s the office banter type. Yeah. Conversation that you you miss totally. So
[01:06:38] Evan Francen: yeah, it was good. Um
[01:06:39] Jim Nash: Yeah. I miss like having brad. Tell me why barbecue sucks and that is better. Which is a degree. I’m just saying it’s not accurate.
[01:06:48] Evan Francen: Uh huh. You uh Yeah. Stop by. Bring me some both of you.
[01:06:55] Brad Nigh: Uh
[01:06:56] Evan Francen: Yes. The uh Yeah, those are good. Um And if you’re not, you know anybody can come and go any time you want. It’s daily insanity. The uh what was I gonna say about that we learned about ducks. Mhm. Lot about ducks. That was troubling quince. So you remember that I actually get that piece. So that’s going well. Uh the fr secure CSP mentor program. What was the last count that you had?
[01:07:25] Brad Nigh: 11, I believe. Yeah, that was last week.
[01:07:30] Evan Francen: That’s kind of crazy. 1,124 people um registered this year for the CSP mentor program, insane. Yeah. Yeah. I wonder how big that thing can get. You know what I mean? I wonder how many and it’s not big B for ego’s sake. It’s big because that’s how many people you’re helping, right? Yeah. Yeah. Excuse me. Some people, you know, take it all the way through and go and pass their exam and some people don’t, but either way it’s fun to meet people. We won’t meet anybody in person this year because we’ve closed that portion. uh so all remote. 1100 people were streaming that to YouTube as well as YouTube
[01:08:15] Brad Nigh: live. Yeah.
[01:08:16] Evan Francen: Okay cool, registration is still open. So if anybody is interested or you know somebody who’s interested or maybe you lost your job and you just want to learn more about information security. We don’t make it intimidating. It’s a lot of stuff, right? But it’s not, I think we explain it in a way that it’s not overly complex. It’ll be dry for some people. I think that’s why most people leave is just dry. Yeah. I mean you can talk about Bella Padula Biba and read book? Orange book so much when I fall asleep. Yeah. So what is it monday Wednesday nights or Tuesday thursday
[01:08:53] Brad Nigh: monday Mondays and Wednesdays,
[01:08:55] Evan Francen: Mondays and Wednesdays six p.m. to eight p.m. central time registration is fr secure dot com slash ci SSP dash mentor dash program. So go out there sign up. All right, well that pretty much our show. Um, you guys got any shout outs? You want to give, where is that a couple, didn’t we? We shout it out to you shout out to Devaney’s and two mhm etcetera in Laconia earlier. You’re muted gym so I cannot hear you’re saying the mute button jim. No, he’s not going to need himself.
[01:09:40] Jim Nash: There we go. Sorry. Okay. I have kids talking in the background so
[01:09:44] Evan Francen: I was just wondering what I was wondering how long you were going to talk before you were gonna
[01:09:47] Brad Nigh: get and it’s anything. I can’t just let him go and be like, what what
[01:09:51] Jim Nash: well done jim good job. No, I’ll give a shout out to a lot of the, all the retailers who are trying to make this work in a very weird time. You know, I and not to be overly sentimental or emotional, but you know when I talk to those folks, uh, Evan and and brad when you see the videos a lot of times. That’s a second take because I talked to them and some of the business owners just break down. They can’t understand really how they went from. Uh, just an amazing economy for them and they hit a brick wall. A friend of mine went out and had to get a job. He’s a business owner, he owns a restaurant. He went out and got another job because the money is not coming in the door. But yet they’re still working their butts off to make sure that their employees are somehow I’ll get it helped and they deserve some kudos and you know, everybody, everybody wants to help. I think one of the things that you can do is to, if you have the means buy some gifts from places that depend on that daily turn and who’s to them if you can also just by them and not use them and let them utilize that cash. But beauty salons are shut down. Um, restaurants are trying to figure it out in. A lot of places are just experiencing and hey, my shot, I would go to the, we’re here for you. And as, as the state rep, not the information security evangelist. But as a state rep, if I can help, please let me know my phone number 076 It’s always been published and always will be published. So if I can help out somehow let me know
[01:11:47] Evan Francen: awesome brad again and shout out.
[01:11:49] Brad Nigh: Uh, just you know life send a nurse and so all the health care nurses and doctors and everyone else supporting the, you know, the cleaners coming in. Everybody that’s um just putting themselves out there and doing this and yeah, we’re just trying to stay safe.
[01:12:11] Evan Francen: Yeah, yeah, I agree, shout outs to all the kind of the unsung heroes, right? The ones that are putting their lives in danger every day for us. Um we take it for granted a lot, I think, especially in our culture where we have this sort of tendency to be um uh privileged, you know, we kind of this uh, this attitude like you deserve it. Um and you see that, you know, from the zoom, you know, we we alluded to it when I have a free version of zoom and I’m complaining, right? Um so we take a we take for granted a lot of people. I mean, even the people at the, at the gas station, you know, behind the counter, um they don’t get paid a lot of money and they’re having to meet people and and touch money, you know, every day and any one of those things and they, you know, they did, it’s just an extra layer of anxiety. Um, you know, for for really serving us. So yeah, speak shout out to all those, those folks. Thanks for listening. Uh we’re a couple of guys who do actually care about you and in this case were three people who do care stay healthy, stay saying we love hearing from you if you’ve got anything to tell us or anything you’d like to share, do so please insecurity at proton mail dot com. And that reminds me I’ve got an email that I’m supposed to do tend to their uh, if you’d rather just do the whole social thing. I’m @EvanFrancen on twitter and Brad is @BradNigh first tweet I’ve seen from you in a heck of a long time Brad uh, is all over the place. Jim is @JimNashMN.
