Mental Health in the Security Industry

Unsecurity Podcast

We discuss the importance of mental health in the security industry, our Hacks & Hops event series, the upcoming speaking engagements Evan and Brad are preparing for (including the big SecurityStudio roadshow), and some recent infosec news stories.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

@

[

[00:00:22] Brad Nigh: All right, good morning J is episode 46 of the Unsecurity podcast. It’s September 23rd. I’m Brad Nigh joining me in studio is Evan. This is two weeks in a row. We’ve been here together. Evan.

[00:00:34] Evan Francen: I know. How did you remember the date?

[00:00:36] Brad Nigh: I looked at my computer. Mhm.

[00:00:39] Evan Francen: At September 23.

[00:00:40] Brad Nigh: Yes, it’s a little trick. Uh yeah, so as you put it that we record this pretty early on monday, so it’s a little punchy

[00:00:51] Evan Francen: were always punching out lisa, it’s not friday afternoon. I’m broken on friday afternoons.

[00:00:56] Brad Nigh: It’s very true. Yeah. By the time we get to friday’s it’s uh it’s been a long,

[00:01:02] Evan Francen: I don’t believe meeting on friday afternoon last week. It was a really good meeting, but I have no idea what I talked about.

[00:01:10] Brad Nigh: I’m so glad I’m not the only one gets through that. Uh man. Alright, so we have another jam packed show, so it’s

[00:01:18] Evan Francen: funny. Well, it’s tried like Wednesday afternoon, thursday is a good day and then friday were broken

[00:01:25] Brad Nigh: it Monday is just catching up Tuesday kind of

[00:01:28] Evan Francen: when I was younger. The spread was wider. So like monday through friday. I was pretty much on game. The older you get that window folk. The window gets shorter

[00:01:41] Brad Nigh: and shorter. I kind of feel like Tuesday through thursday. Maybe friday morning, you’re

[00:01:47] Evan Francen: younger than me though by

[00:01:48] Brad Nigh: friday afternoon. I’m, I’m usually pretty much done.

[00:01:52] Evan Francen: You’re younger than me.

[00:01:55] Brad Nigh: Oh boy. So thank you again for writing the show notes. It was my week, last week was a little bit crazy and I think about 3 30 friday afternoon on, Oh no, I’ve haven’t done anything cover for each other. But thank you. The downside of this is that, you know, I’m kind of stuck with what you came up with so we’ll see how it goes. That is true. It’s not a big deal. I think we’re pretty much on the same, same path here. So, uh, great week last week. I think the big one was hacks and hops, uh, last week. That was a lot of fun. Yeah, it was good. We had, well you emceed it, forgot jokes, no EMC or no, you, you moderated. I’m sorry.

[00:02:39] Evan Francen: Well I did the keynote, the uh, rene.

[00:02:42] Brad Nigh: Emceed because she’s going to yell at me for getting it

[00:02:45] Evan Francen: wrong because she totally, she did a great job. Did you see her at the end when she sat up in the front row and then was given me this, you know, the cut it off sign? I was like, well we had time for another question.

[00:02:58] Brad Nigh: Yeah, she was court and get that microphone. They’re not using it, Go get it for you. She sent me up to go get the microphone so that she could do that. So I was as part of the yeah part of that.

[00:03:12] Evan Francen: So we were at the U. S. Bank Stadium, right? We had, I don’t know how many people do you think for their,

[00:03:18] Brad Nigh: I think what I heard was there were 200 registered plus employees plus partners and sponsors. I

[00:03:26] Evan Francen: think 2 50

[00:03:27] Brad Nigh: To 25 – 50. It was a lot of people

[00:03:31] Evan Francen: I know. I know. And and it uh like I was just trying to like get some of that bacon,

[00:03:38] Brad Nigh: right? Did you see they get on the stick? It was so

[00:03:41] Evan Francen: good. Yeah, it took me like 30 minutes to get there because people would be like, hey, they start talking, you know,

[00:03:47] Brad Nigh: trying

[00:03:49] Evan Francen: to be polite here. But you’re kind of in the way

[00:03:52] Brad Nigh: you don’t move. There’s some bacon don’t get between me and bacon.

[00:03:55] Evan Francen: So then towards the end I just, you know, as I was getting closer, I just kept telling, I started telling people, you see that bacon over there, they’re like, oh yeah like that’s where I’m going, do you want to come with me? There you go. And then we we finally made it the bacon was crazy.

[00:04:12] Brad Nigh: The I mean it was a lot of fun seeing a lot of people that you don’t see on a regular basis. Uh you know, either clients are employees or past employees. But yeah so kind of it was weird how many people came up or like I listened every week and uh but so thank you to those everyone is listening. Uh you know it is good to hear that people enjoy it. I’m not just sitting here talking to ourselves for an hour

[00:04:43] Evan Francen: but you know that’s what we started with. I just wanted to sit here and talk for an hour and if people want to listen in because that’s what it is right? It’s me and you yep two security guys that work together and we just talk right and people get to listen in on what we’re talking about. They like it great if you don’t I guess it’s okay to you know I mean something wrong with you. Probably I agree. Yeah. Right so yeah Jackson Hops was cool. We have this thursday that was a crazy week because you know monday I was in Washington D. C. Tuesday was um a panel at the Minnesota I. T. Symposium Wednesday was back to the office and that was the first day in the office in like two weeks. And then thursday. What’s hacks and hops And it was really good. We had like so a bunch of people there. It was interesting when you first got down so that the U. S. Bank stadium and nobody could figure out how to get into that place. It’s huge. So finally we found the door all this door and then he got upstairs and it didn’t take long for that place to fill up. I mean that the whole U. S. Bank statements but crazy

[00:05:55] Brad Nigh: the like lounge or whatever. Yeah area that was it was a good play. It was a good spot.

[00:06:01] Evan Francen: It was it was a good venue um You know it was cool to uh you know, JD Hansen who’s the sea so for code 42 bill from uh locked in our insurance expert and a very own Oscar minks was the panel

[00:06:19] Brad Nigh: is a sweet accent.

[00:06:20] Evan Francen: I know right people like did a great job. I thought he

[00:06:23] Brad Nigh: did too. And I told him when I found out he was stepping in I told him the 11 rule, you’re not allowed to go to a stuff question hey brad. Right other than that anything goes.

[00:06:34] Evan Francen: But I thought it went really well. You know it was it was the right amount of networking time before you know everybody kind of got to their seats. I thought the seats looked comfortable from where I was.

[00:06:46] Brad Nigh: Yeah they were fine. Yeah. I think the only thing we learned is that the projection with the way we had replied. Yeah there was some stuff that was kind of hidden behind the chairs just because of the way that was. But

[00:07:00] Evan Francen: that’s right. I mean that’s how that’s how I roll anyway.

[00:07:04] Brad Nigh: It didn’t take anything away from it. No

[00:07:07] Evan Francen: And I thought uh you know code 40 with Renee emceeing and then doing that kind of that first introduction and then code 42 being the presenting sponsor. You know, gave their there are little bit of pitch there

[00:07:23] Brad Nigh: and it was good to they did a good job of hey here’s some value but not like oh yeah it was a hard sale. Yeah, there’s always that you see that sometimes and you’re like oh they seem to be pretty on top of things.

[00:07:37] Evan Francen: Yeah called 42. You know they make a good software product Minnesota based company. And yeah it was really cool. And then uh the keynote went all right. And then uh it was funny because um I couldn’t remember my joke, I suck at that.

[00:07:55] Brad Nigh: But what happens when you try new ones? Well, so I’m sure we’ll get asked you want to tell your joke? Do you remember it? I’ll deliver the punch line for you. Um

[00:08:06] Evan Francen: Who is the patron saint of surveillance cameras?

[00:08:11] Brad Nigh: Saint Francis of C. C. T. V. C. Boom. Alright that’s really

[00:08:17] Evan Francen: that’s the drug, I couldn’t remember but I think people laughed more at the fact that I couldn’t remember the

[00:08:21] Brad Nigh: punch line. You made it off really well.

[00:08:23] Evan Francen: And then uh Mark Landerman who was supposed to be a Panelist didn’t show up. Uh We didn’t know why. So that’s why Oscar filled in and just knocked it out of the park. Then I followed up with Mark in an email, you know the next day, mainly concerned, are you okay because I know him and know that he’s not normal. Yeah, and he replied like, oh my God, he was so embarrassed. Um That’s what he said in his email, He had it down for the 29th. Oh, no, right, instead of the 19th. So, you know, he was very apologetic and he says he owes me one, so I have to figure out something really good to cash

[00:09:06] Brad Nigh: in. Let’s get him on the podcast. Yeah, they can get up and come in at 645,

[00:09:12] Evan Francen: let’s payback as I’m sitting here. And now it’s got a text from my wife who’s in china, You know what time it is in China right now, it’s uh 8:00 pm

[00:09:23] Brad Nigh: Ok, Yeah, she’s getting ready for the ship dinner and we’re just

[00:09:28] Evan Francen: starting. Yeah, so yeah, and then the house almost, you know, my wife is gone, I’m not the kind of guy and usually the kind of guy you want to leave his own devices,

[00:09:42] Brad Nigh: she’s going to come back with to go karts.

[00:09:45] Evan Francen: Yeah, I didn’t realize how much work she does. Oh my God, I uh try to keep up with whatever I did laundry. Um Oh, and then my tub upstairs, in the upstairs bathroom started leaking and I didn’t notice until I saw it coming through the ceiling in the dining room.

[00:10:08] Brad Nigh: That’s Yeah, she’s gonna be lucky to have a house when she comes back. I know

[00:10:12] Evan Francen: I shouldn’t build, I should build something a tree house in the living room or something just to distract from

[00:10:17] Brad Nigh: the ceiling. Yeah.

[00:10:19] Evan Francen: Never mind that. Anyway. I went really well. Like the feedback was awesome. I love the questions from people

[00:10:25] Brad Nigh: that was interesting. You know, Kind of where the range of plans were with good 42 saying, you know, two pages, wow.

[00:10:36] Evan Francen: Yeah, two pages. And then, but Bill says this is like 40

[00:10:41] Brad Nigh: 25, And I was looking at our template and our template raw without the procedures is about 45. But when you, it’s because it’s got everything you could need for every industry, right? So you don’t need Pc. I okay, take it out. You don’t need a hip or whatever. You don’t need all these other things. So by the time you take out and customize it, it’s probably in that 20 to 25 page range

[00:11:04] Evan Francen: well. And I think the moral of the story is there is no one, no size fits all plan. Right? Everybody’s got a different plan. Code 42. I’m sure they have a great plan at two

[00:11:15] Brad Nigh: pages. Probably references the other documents that we include. Yeah. You know, it was interesting to hear some of those different takes.

[00:11:23] Evan Francen: Yeah, I thought, you know, also, you know, I’m a big, I’m big on classification in the workflow for in some spots And I don’t think code 42. Really does that? Um, it doesn’t sound like maybe locked in does either. But um, every place I’ve consulted I’ve kind of scared them in that way because I like to in an instant response. I don’t want any decision making as much as possible.

[00:11:50] Brad Nigh: I want to eliminate that. I want to dictate and take the thinking out of. How did that? Here’s your your boundaries right fit into one of these categories

[00:12:00] Evan Francen: because people generally make people in general make questionable decisions. But I think especially when you’re under pressure and in an instant response you have more, you’re I think you’re more likely to make more decisions. So if you can take the decision making

[00:12:16] Brad Nigh: a lot of people. Yeah. They don’t react well under pressure. That stress kicks in and disaster recoveries is another I mean same same thing

[00:12:25] Evan Francen: now. Did you see when it’s interesting too because we had to incident responders. Mhm. I guess I’m kind of a hybrid, you know, an incident responder. Not much anymore. But don’t a lot. They had to security management ish People me and J. D. I’m the hybrid. Right? And then he had insurance. And Did you see the one worthy?

[00:12:52] Brad Nigh: I was laughing. I was telling Christy it’s like watch heaven and Oscar they’re like antsy like you guys were like you could you could see I could see you guys getting like you kept putting the microphone up to talking and kept going and you could just see like you’re just itching to

[00:13:12] Evan Francen: because then the question came up about you know, is her insurance companies

[00:13:16] Brad Nigh: funding rain somewhere funding

[00:13:19] Evan Francen: criminal activity

[00:13:20] Brad Nigh: or fun. Yeah. By paying ransom.

[00:13:22] Evan Francen: Yeah. And I was like, and Bill said, well, and then, and then the question came up our Attackers targeting insurance policy holders because it’s an easier pay off.

[00:13:37] Brad Nigh: And I do think he had a fairly valid point. But I mean obviously there’s clear work around. I don’t, I don’t think they’re necessarily targeting people because they have insurance, right? They’re targeting people and hope I guess, you know, hoping they have insurance or Yeah, that one I would give him credit for but his other comment and I disagreed with, I was, I was with you and Oscar Oscar put it really well, you may not be directly paying them, but indirectly your financing by paying ransom of versus recovery.

[00:14:11] Evan Francen: Oh, for sure. I mean there’s no doubt

[00:14:13] Brad Nigh: about it. And then he was like, yeah,

[00:14:16] Evan Francen: well yeah. And you know, and I love lockdown. I think they’re a great group of people. I think if I were going to do business with an insurance company would be people like them because they’re good people. But you know, you always have a difference of opinion. He’s got his take and he’s a lawyer.

[00:14:35] Brad Nigh: Yeah. Well and that’s what makes a good, You can argue that too, but you don’t always want somebody who’s going to agree with you 100% of the time. It’s good to have kind of that that tension and and those alternate viewpoints

[00:14:51] Evan Francen: right? And it’s interesting when you’re up on stage because you don’t want to like argue you’re like no I totally disagree with you out there and we can’t just leave that hang up. And so it was good that Oscar spoke up because I was debating whether I was just going to let it go because I didn’t want to embarrass a partner or be embarrassed by a partner.

[00:15:13] Brad Nigh: No I think he did a really good job of of broaching that topic without being confrontational. And I think that that sweet accent helps. Oh for sure people that sets people. It is yeah I’m gonna have him break all the bad news from now on.

[00:15:30] Evan Francen: There you go. Yes for sure. Yeah. So how did uh and then after the talk I thought it went pretty well.

[00:15:39] Brad Nigh: Yeah more

[00:15:40] Evan Francen: about another there was no bacon left. No

[00:15:43] Brad Nigh: There’s no reason there’s a couple hours people stayed for till close to six. Really?

[00:15:49] Evan Francen: Yes. Well that’s how you can tell. It’s good that’s how you can tell. It’s a good event. People stick around the bad events. They’re just itching to

[00:15:56] Brad Nigh: Write you know. Yeah clear it started clearing out around you know five By 5:30 I’d say it’s like 75% cleared out but there’s still a decent number that stuck around for quite a while that’s cool. So talk to some people we had somebody come up to me and ask about the V. C. Cell. Been listening to the podcast and was thinking to do his own thing. And so we had a good conversation. She

[00:16:20] Evan Francen: going to do his own thing.

[00:16:22] Brad Nigh: He’s debating what he wants to do. So

[00:16:25] Evan Francen: that’s going to help him do his own thing too. That’s what wants to.

[00:16:28] Brad Nigh: So we had that conversation and he’s you know going to make make a decision on what he wants to do.

[00:16:35] Evan Francen: Yeah The more the merrier I have great conversations with partners. Um And some customers about you know the S tuareg free and security studio. Uh Generally. Well it was very positive across the border like. Oh really? Yeah. Yeah so you don’t have to pay for just an assessment.

[00:17:03] Brad Nigh: Especially if you don’t have a kind of regulatory or any sort of.

[00:17:07] Evan Francen: Well yeah you can have it validated. You can have a cheaper, right? I mean if you had to have me just come and double check your work it’s cheaper than me having to do your work.

[00:17:17] Brad Nigh: Yeah it should be. Yeah we’ll find out.

[00:17:22] Evan Francen: So yeah that was good. Then I left because there was no bacon. Yeah. Well I would have stayed as long as there was still

[00:17:29] Brad Nigh: bacon. A bunch of us went to dinner afterwards and we were eating. They had like a patient fire something the whole bacon there. No it was it was pretty

[00:17:40] Evan Francen: exciting. Isn’t there a bacon restaurant in Minneapolis. Like all they do is bacon.

[00:17:45] Brad Nigh: Oh, I have not heard of this. Mm No. Now I have a new mission for the day. My entire day has been ruined.

[00:17:52] Evan Francen: You keep talking about

[00:17:54] Brad Nigh: speaking going on that. We’ve got a bunch of speaking coming up. So I’ll start with where what I’m doing. So over the next month this, I’m sure this week I’m going to be doing our management.

[00:18:08] Evan Francen: Uh, it’s true. It’s called Bacon Social House.

[00:18:13] Brad Nigh: That’s awesome.

[00:18:15] Evan Francen: Okay, sorry, go ahead,

[00:18:18] Brad Nigh: totally derails. So this week I have our senior management Planning session for 2020. So that’s, those are always, oh, that looks awesome. See, okay, security just getting in the way of, you know, so that’ll be good. Um, plans for next year. I know we have a big growth plans and it’s exciting. And

[00:18:40] Evan Francen: so what do you, okay, so where are you going to talk? You have a big one coming

[00:18:44] Brad Nigh: up. Well, so this week I’ve got the Off site for 2020 and then next week I’m in Kentucky for a couple of days for some meeting with some potential clients. Then I’m going to where am I going to san Diego to speak to a board. Right. And then the end of october I’m speaking at the A. S. P. O. International. So Association of school business officials like Cfos and administrators and stuff and it was good. I met with the two other panelists that are here from here locally uh last week. I don’t even remember what day that that’s how you can tell. It was a Wednesday. It was Wednesday. Yeah, so we met for about two hours and have a really good plan for presentation. They were

[00:19:34] Evan Francen: you made the mistake of introducing them to me and

[00:19:37] Brad Nigh: I, what was funny So everything you were saying is like I had already heard very close to it. So it was good to hear like, like this is a the mission and everybody’s on board. That’s cool. But they’re looking at getting the s to me for out to all of the or as many of the attendees and being able to discuss results as part of our panels. Cool. Put some stuff out and looking at submitting to do an article for them as well for like the, well like january newsletter and then speak again in the spring at their next conference. So, so it’s a S P O S

[00:20:20] Evan Francen: P O. And that’s pretty well tended right? I mean that’s

[00:20:23] Brad Nigh: 3-4000 people total. But they said there’s quite a few breakout sessions and our panel is like two hours

[00:20:30] Evan Francen: you have a two hour power and a half. Oh my gosh,

[00:20:34] Brad Nigh: come on, we can talk security for that

[00:20:36] Evan Francen: long. I know totally but who’s going to listen to it that long.

[00:20:40] Brad Nigh: So I basically went through our slides here within and they were like that’s the one guy goes, well this is perfect. So I’m going to introduce you to bride, you’ll talk for an hour and 45 minutes and then amy you can finish it up with like like five minutes or so and we’ll be done like this works okay. I can talk. But yeah, that’s the big one. So it’ll be interesting and hopefully we get a big ah oh yeah, a lot of attendees into our session.

[00:21:09] Evan Francen: I’m sure you will man. So that’ll be getting two hours. That’ll scare him

[00:21:12] Brad Nigh: away. Hour and a half. They’re all the same other all two hours. I think it’s like school. People talk a lot but we’ll talk security. Okay. Get him, we’ll get him, we’ll get him straightened out. True

[00:21:24] Evan Francen: true. I like

[00:21:24] Brad Nigh: it. How about you? I don’t know. Last week you had a busy week but are you a little bit calmer now?

[00:21:31] Evan Francen: Just this week? Um, next week I’m sure some roadshow stuff them and B. B sides and besides in Harrisburg pennsylvania. I have 123456789 talks in october Yeah, but it’s all around uh just getting building a community really, you know, commoditize ng, you know, information, security assessment, Risk assessments. Getting people to speak the same language and then spend your money on making your security better. So it’s a lot of just meeting great collaboration type meetings. I’ve got, I mean I’m all over the place man. You’re

[00:22:18] Brad Nigh: so that’s what you’re talking about is Project Bacon, which is in the notes, so um

[00:22:24] Evan Francen: yeah, it’s all over the place

[00:22:27] Brad Nigh: just going out and you and preach it.

[00:22:30] Evan Francen: Yeah, me and

[00:22:31] Brad Nigh: john are going to be like the next four months or so, yep, true. The road

[00:22:38] Evan Francen: Warriors, yeah, we’re going to go in, you know, let’s say half of it is talking and half its listening, you know, trying to get uh you know, we live in this little part of the world here in Minnesota and we get out and we get to talk to a lot of people and to learn a lot of things, but this is really a an opportunity purposefully go out.

[00:23:02] Brad Nigh: Right, right. I think there’s a lot of, we think we know because we, you know, just from our conversations, but we haven’t maybe ask as directly as what you guys are going to be doing.

[00:23:12] Evan Francen: Yeah, I think one of the what just um get the women are too this week with the lawful er law for one of the security studio partners, talking about vendor risk management, third party and again, yeah, hsbc is coming up cyber security awareness month and so being, oh hi Chicago, okay, they put on a big event and I’ll be talking about s to me

[00:23:42] Brad Nigh: that’s cool. Yeah, it’s a so uh friday night I did a parent. Yeah PTO thing for the safe and secure online and you know, it was okay. It was good. I mean as many people as I was hoping for, but it was the first time they’ve done anything like this. So I think the principal of the school elementary school was all in and really excited. And they’re looking at trying to spread the word and get that. That? S to me for the PTO and it’s it’s amazing how people are responding to that and going. Yeah. Yeah. There’s nothing like this, right? And they want that like one of the good things were gonna go off topic here. But one of the things that one of the parents said was do you guys offer any training for parents? Mhm. So I got this goes at a uh nurse practitioner. I think the point. Yeah, I think that’s what it was anyway. Uh And he’s like I’m not technical at all. I don’t know. Mhm. Like how do I set up wifi? How do I do these things? Like there’s really not anything out there just

[00:25:02] Evan Francen: have Comcast do it and then Yeah. Thanks. Works, who cares?

[00:25:07] Brad Nigh: Yeah, so that was good.

[00:25:10] Evan Francen: That is good. So friday

[00:25:11] Brad Nigh: Night, it was Friday night. It was like 6-7:30 cash.

[00:25:17] Evan Francen: Yeah. I wouldn’t think that they’d have great attendance on a friday night.

[00:25:20] Brad Nigh: No, but I think they’ve done other things on Fridays, but it was with kids, so this one was not so they’re going to learn from it. And

[00:25:30] Evan Francen: a date night and information security date night. Right

[00:25:33] Brad Nigh: come listen to me talk

[00:25:35] Evan Francen: it’s got to be something good there some All right so starting october 3rd so nothing this week. Webinar this week and then starting october 3rd I’ll be at B sides in Harrisburg pennsylvania. That’s kind of what kicks this thing

[00:25:48] Brad Nigh: off anchor our podcasting. We may be doing more friday afternoon recordings here over the next couple of months.

[00:25:57] Evan Francen: Yeah something we’ll figure it. I always wing it.

[00:26:01] Brad Nigh: No. Yeah it was make it work. Somebody asked. I was telling you before those were really the show notes that we worked off of that you post or there was more. No no no we’re just winging it.

[00:26:11] Evan Francen: Right. Oh yeah for sure. All right. Like we said just a discussion.

[00:26:16] Brad Nigh: So one thing that I agree with you on it you want to talk about was mental health and that was part of the your keynote. So I would agree this is a topic isn’t discussed nearly as much as it should. I know Ryan Cloutier, lot cloudier. Whatever. I’ll get it. I’ll just say enough of them and I’ll get it right.

[00:26:39] Evan Francen: Just call

[00:26:40] Brad Nigh: Marcy. He’s been pretty public about you know some of the stuff he’s going through and with a D. H. D. And you know you just don’t see people talking about that. Um Do you have your statistics? Oh

[00:26:59] Evan Francen: yeah talk about there in my brain. Let’s talk about them. Well this was so yeah. Before the keynote at hacks and hops it, uh, was getting ready and it just kind of hit me that this is something I need to talk about. I need to talk about it a lot more often than so every, so have the mental health hackers t shirt, right? And that’s a great organization. So if you go to, if you just google mental health hackers, you’ll, you’ll find them, um, they’re relatively new, but they’re doing great work in our industry and just making it safe for people to get help with mental health issues.

[00:27:36] Brad Nigh: There’s such a stigma around it, right?

[00:27:39] Evan Francen: Totally. So I, I wanted a t shirt um, for the keynote and then, uh, yeah, just kind of called out on the crowd, you know, look Statistically 5% of us are dealing with mental health issues at any given time. Right? So if you look out in the audience and there’s 250 people here say 200 because the mass easier. That means 10 of you right now. I’m looking at you, you’re looking at me, 10 of you were struggling, right? And 50% of adult Americans deal with mental health issues at some point in their life. So half of us. So, you know, 125 of us are 100 of us have dealt with this before. The sad thing is only 44% of people actually get help for it. Yeah. So it means that the five people that are struggling with it right now. If those statistics are true, that means that two of them won’t seek help and there is help. And so that’s the that’s the lie. Right? I mean, you tell yourself lies. We all have the voice. We have a voice, right? That’s telling us things. And some of those things that it tells us are healthy things. Some of those things that it tells us are not healthy things and some of those non healthy things are it’s helpless. You’re hopeless. Nobody understands your alone. Nobody gives a shit. Excuse my language, nobody cares. Then all those are lies. Right? I mean, I don’t people I don’t even know if somebody comes up to me and ask for help. Don’t drop everything to help him. Right? I mean, that’s what people do. We love each other. So that’s the thing. So going out on the road being that I’ll be talking at, you know five billion different places. I’m going to wear that shirt on every talk and I’m going to open up every one of my talks with this issue. I think it’s just a good way to kind of break the assassin for people to feel comfortable and you never know. You know, sometimes that one person is sitting out in the audience, it’s like I

[00:29:45] Brad Nigh: needed to just make the difference for one at work is worth it to

[00:29:49] Evan Francen: Keep one person, you know from suffering or you know, God forbid killed themselves. Right? It’s totally worth it, man. I

[00:29:58] Brad Nigh: mean, I think we’ve talked about it a little bit with burnout and kind of someone, I think it goes hand in hand. I know in the past when it’s been been in jobs where it’s just you feel like who? Yeah, I don’t know, I’m not drowning just but strapped unhappy. And I’ve turned, I’ll be turned to alcohol in the past for that. It’s really easy to do because you go home and have a couple of drinks and now you don’t worry about your day. Is that healthy? Oh no. But

[00:30:31] Evan Francen: yeah, too slippery

[00:30:32] Brad Nigh: slope. Yeah. So, I mean, it’s easy to kind of fall down that hole and and then the worst part is it just compounds itself at that point. So you’re, you’re kind of in this spiral of, well, I’m unhappy, so I’ll have a couple drinks, then I’m unhappy. Yeah. So,

[00:30:52] Evan Francen: well, that’s the thing. I mean, you may not be struggling now, But if the statistics hold true, there’s a 5050 chance that you will struggle at some point with a mental health issue. So if you’re not struggling now or either way, start working on a support group, start opening up to people start establishing relationships with people be intentional about it. Um because I have certain friends in my circle who would call me out if they see me off, right? You know, not being maybe normally, you know, kind of this positivity baseline and last couple times they’ve seen me, I just haven’t been cheery, you know what I mean? The officials little things that and then you asked the question, you know, if you have friends around you, they’ll ask the question, hey man, what’s up? You

[00:31:42] Brad Nigh: okay?

[00:31:42] Evan Francen: Yeah, if you’re good enough friends be persistent about it, they won’t give up. And so yeah, and you know, and this hits home to write, you know, I I uh I always think about robert I think weren’t we out? You and me? We’re out at dinner. Was it me and my wife? I was out with dinner with somebody when I got the news, peter told me and told me that robert had taken his

[00:32:06] Brad Nigh: life, right? Yeah, I was,

[00:32:09] Evan Francen: I was like, what? I didn’t know where I know. And so and then you come to find out that robert had this a whole other life about him and nobody knew we were all surprised. None of us had, he he hadn’t opened up and shared who he really was with anybody and nobody knew that he was struggling like he was until it was too late,

[00:32:33] Brad Nigh: You know? Yeah, it was, it was a very tough

[00:32:36] Evan Francen: time when I want to keep that memory alive too because it’s been what a year for. Almost two years ago. About a year and a half.

[00:32:45] Brad Nigh: Yeah.

[00:32:47] Evan Francen: And so a year and a half, You know, we uh it’s one thing, yeah, I just want to keep the memory of life, let’s not let let’s not let another robert happen on our watch at least not as much as we can help it, you know? No matter. And that’s another thing. That’s a lie on the other side. Because we’re talking with jim nash whose neighbor mm committed suicide just like last week and he was kind of beating himself up like, you know, what could I have done? And that’s all crap too right? I mean it’s like there’s some things you just you can’t do, You know in hindsight is always 2020. It’s like if I just would have made that one more call. But that’s not the point, right? The point is this person was struggling. The point is that it just it didn’t get noticed that it didn’t get addressed. It wasn’t a conversation topic. So just making a conversation topic.

[00:33:44] Brad Nigh: Yeah. You know, I think agreed one of the things with like the parent talk is cyber bullying and mental health around that. Yeah. But there it’s like understand what’s going on with your kids. If you see something, if you see abnormal behavior, ask let them know you’re there for them. All right? You just got to be it’s and it’s the same thing here. Just be aware of what’s going on oh yeah be present if you notice, right? If you came in and we’re just like mo P and I’d be like, well, Evan what’s going on, right? Like, don’t be afraid to ask. Exactly. You know, I can’t speak for other people. But sometimes all it takes is somebody just asking,

[00:34:30] Evan Francen: Yeah. And don’t beat yourself up if you missed it. No,

[00:34:33] Brad Nigh: no, no.

[00:34:34] Evan Francen: Mental health issues of mental health issue. It’s not my fault that somebody has a mental health issue. But I need to do what I can, you

[00:34:42] Brad Nigh: know, to be helpful for helping as much as possible, but

[00:34:46] Evan Francen: right. Yeah, I can’t control someone else. One of my make sure my pastor said something wise to me once he said Uh huh, guilt comes from the devil, conviction comes from God. Mhm. And I think what his point was is uh guilt is something that you just every time, you know, you remind yourself of it, you can’t let go of it. You know? It’s like I did this one. Yeah, I did this one mistake and now I’m just, you know, I’m just not good and I disqualified. You know, that’s guilt. And where his conviction is, you admit it, you acknowledge it and you turn turn from it, you know what I mean? You you become a better person right? Once healthy ones now,

[00:35:31] Brad Nigh: right? Yeah. I

[00:35:32] Evan Francen: mean, mental health isn’t that simple, but it’s that’s one thing that helps get me through when I’m start feeling on the negative voices come right? And they tell me, you know, you can’t do it, you’re not good enough. Remember that one time you screwed up. Yeah man. You know, that’s when, you know, remind myself that doesn’t come from God and that’s that’s who I follow. So it’s easier for me to put it to bed and turn from it and sometimes I actually have to do it verbally and if you’ve ever had to do this before, but like the negative voices are gone, I’ll verbally say no, go away.

[00:36:08] Brad Nigh: Yeah, it’s yeah, just these little corporate yeah mechanisms to help. Just Yeah,

[00:36:16] Evan Francen: we should have somebody from the mental health actors come join us sometime and tell us another mission I should should reach out to be good.

[00:36:25] Brad Nigh: Really good. It’s definitely an issue like in the industry I you do see a lot of isolation and just because of

[00:36:33] Evan Francen: private industry

[00:36:34] Brad Nigh: because of the type of work, you know, the nights are for the pin tests or you know, they’re just and it does happen and doesn’t get talked about very much

[00:36:45] Evan Francen: and it’s hard because we’re also kind of this clan of I mean not misfits, but what we do every day for a living, it’s hard for other people to relate to it. You know, like when I share with my wife, you know, this is what I did today. She’s like, you know, and she wants so badly to understand what I do, but sometimes you just can’t cops, you know what I mean? They say the police officers, they’re best friends are police officers,

[00:37:09] Brad Nigh: right? And where there’s, it’s a fairly small clan for what we do. Yeah, I was just telling my wife something that was going on for like 20 minutes and she stops, and goes, I don’t understand anything you’re saying. Okay, fair enough. Yeah. But yeah. So yeah, we could definitely, uh, talk a lot more. But I think, uh, thank you. Having somebody on from, from the mental health hackers would be good. Be interesting conversation.

[00:37:40] Evan Francen: Yeah. And if and if and what do we get? Like? Yeah, we get hundreds of 5, 6, 700 listeners a week. If you use the math, there’s there’s a good number that are struggling. Yeah. And so I would just encourage anybody who feels isolated, feels alone, feels, you know, depressed whatever anxiety paranoia reach out and get help. You know, they can email the show if you want and we can help you try to find something. I mean, there’s always somebody,

[00:38:17] Brad Nigh: there’s some really good, you know, you know, suicide. There’s really good suicide hotlines that are, people are just there to listen. So

[00:38:25] Evan Francen: yeah, it’s funny because I grew up like a, My dad was a 20 year marine, you know, and it was always pick yourself up by your bootstraps and not look up, rub some dirt in it. But you know, that doesn’t work all the time. No,

[00:38:40] Brad Nigh: that’s okay having somebody to talk to. There’s like that stigma around around therapy? Right? And there shouldn’t be

[00:38:50] Evan Francen: When you’ll find two. I think that if you when you admit your weakness, the people that generally do care about you, your bond with them becomes much stronger than it was because they now know the real you. Yeah,

[00:39:05] Brad Nigh: I mean the beautiful you. Yeah, I’m a bit and it’s kind of like, I feel like the same with like bones, right? They mend stronger. Same thing. Once you kind of get that out there and start working on it, you become a stronger person. It’s not easy. It’s not fun. No, but it does make you their slight Yeah,

[00:39:27] Evan Francen: it’s good stuff. Mm

[00:39:28] Brad Nigh: wow, this is the heavy episode of

[00:39:32] Evan Francen: Yeah. Right. Well that was that was interesting too because when you when I led the led off my keynote with this issue, it was kind of somber in the crowd and I was like, all right, well now that you guys are all pumped up and excited, but hopefully you know what that means. That means that people are thinking right? They’re internalizing it. They’re like,

[00:39:54] Brad Nigh: yes, this is an issue. Start the conversation. It’s not something that should be hidden in the shadows. I don’t think there’s anything to be ashamed of If you have any like you said half the people are going to deal with it,

[00:40:05] Evan Francen: right? And who says that? Because talking about mental health, who who says that that means that I have to be somber. Why can’t it be excited about it. Yeah man, you know what I mean? Just I don’t know, it’s that’s another thing about, you know mental health is like I think of myself, I’m like, am I normal? Actually? My wife asked me that because she was struggling with uh yeah she doesn’t listen. So she were okay but she was she was struggling with this decision to go to china and it was really tearing her up and it got to the point where she’s like, am I normal? That was what she had asked me, we’re on our way, we’re at a date night on on friday. I was like I don’t know what the hell is normal. Yeah, I mean who am I to say what normal is? I work 70 hours a week, is that normal? It’s more maybe. I know, but you

[00:41:02] Brad Nigh: know what I mean? But I’m with you there is no I think everyone has their own normal. Right? And then you have what I’ll do the air quotes society says is normal, right? What’s the right one for you?

[00:41:17] Evan Francen: Well I think and that’s the thing, I mean we we focus so much on trying to please other people and be somebody that we’re

[00:41:23] Brad Nigh: not Yeah be stressful,

[00:41:26] Evan Francen: right If you just be you and so my wife was just being her and she’s struggling with a very difficult decision. That doesn’t mean you’re not normal, right? We all struggle with decisions.

[00:41:37] Brad Nigh: And this is a that’s a big

[00:41:40] Evan Francen: decision. So as she was going down this path because she was struggling with the decision so much, she started to question herself in her just her very

[00:41:50] Brad Nigh: being, you know, it’s so easy to go down that rabbit hole and just start exactly, nit picking it yourself and right.

[00:41:57] Evan Francen: Hell yeah. Your normal Well, I know you’re abnormal, but beautifully abnormal. But yeah,

[00:42:03] Brad Nigh: who says that’s a bad thing,

[00:42:04] Evan Francen: right? I mean, you married this

[00:42:05] Brad Nigh: guy so I can tell my wife all the time. You have no excuses. You we knew each other for, you know, like 4.5, 5 years before we started dating you knew what you were getting in town. I’ll give you plenty about, right, you know, no excuses anymore. Yeah. Good, good discussion. I think it’s a hopefully well received and not terribly security focus, but just a huge issue in the industry. So,

[00:42:33] Evan Francen: but I think there are some things specifically in our industry that are more difficult.

[00:42:39] Brad Nigh: I agree. I think it’s a big issue within information security and I t to some of the same, you know, but that’s a bigger community. Uh

[00:42:49] Evan Francen: I think in the 27 years I’ve been in this industry, I think Maybe 3, 4 times has somebody come up to me and told me you know that they’re they were struggling.

[00:43:02] Brad Nigh: I mean, I know when I was just yeah, you do you feel like what am I doing? And that younger trapped and it’s it’s not fun. I didn’t I didn’t tell anyone. I couldn’t go to my boss and be like, I’m miserable. I hate my job. I’m doing the same thing and fighting the same thing day after day. Not getting anywhere. Not getting support. No, you it’s tough. So it would have been having somebody to talk to us is huge. And like we talked about spouses don’t they don’t but we had a bond, right? They said my wife is a nurse. She doesn’t she’s like, I don’t get it when I go home I go home. I leave my work at work. I don’t mm That’s it. She’s like that that’s not how we are, right? That’s not what our job is. And

[00:43:58] Evan Francen: yeah, I found myself it’s tough like this weekend because my wife was gone. So I had, you know, some time alone with my daughter and we were driving to the company picnic. And she was telling me about I can’t remember exactly what it was. But she was sharing her stay with me basically sharing thoughts and how she feels. And and I I had drifted off into thinking about work stuff seriously. And then I was but thankfully I was I mean present enough to like hold up. Oh, I looked over to my daughter in the car and I’m like, honey, I’m sorry I missed the last, you know, five minutes. What you told me. Can you start? This is the last thing I remember. Can you start again? I’m sorry.

[00:44:46] Brad Nigh: I’ve done the same thing, especially on the way home. Like when I would pick up, you know, my middle daughter from school last year, I’ll be driving and just like she’s going and telling me about her day. And I’m like, sorry, I’m sorry. I have no idea what you

[00:45:04] Evan Francen: just said. But you know, sometimes you have to do that reset button. Right? Right.

[00:45:09] Brad Nigh: So

[00:45:09] Evan Francen: anyway, and that’s normal too. So I didn’t feel guilty, but I would have felt probably worse about it. Had I we’ll just let it keep going.

[00:45:18] Brad Nigh: They think the kids, the kids for sure. Get it. Like they appreciate that. You’re like, wait, I do want to hear this. Tell me again. Get to my rules.

[00:45:28] Evan Francen: Yeah, sure.

[00:45:29] Brad Nigh: That’s how you know you’re raising them, Right?

[00:45:31] Evan Francen: And you’re getting older. Probably too.

[00:45:33] Brad Nigh: Yeah. All right. Well, should we talk some news? Let’s do it. All right. So, the first one you had, is that a duo was Not doing the company duo meaning to people indicted as part of a $10 million Info Security magazine. Ah Yeah, wire fraud and conspiracy to commit wire fraud. 40 years behind jail and jail, uh, you know the that classic pop up scam targeting elderly and we we still hear about that a lot. Um you know, you’ve got a problem on your computer and we’ll fix it for you personally when I get those calls. I like to just keep him on the phone as long as possible and see how mad I can make them think my record is just over an hour. Oh yeah, it was glorious added on speakerphone and my daughter’s thought it was the funniest thing they’ve ever heard because I was like sitting in the kitchen. Yeah. And he’s living a meal or something. Yeah, we’re just Yeah, exactly. And he’s like, okay now you need to okay, okay. Okay. So if I had what cnd? No C. O. C. M. D. All right. Just just being then yeah. Yeah. He got it was fun, but that’s, you know, you hate to see this. I’m glad that they are starting to crack down on this and catch some people because it is a big issue.

[00:47:06] Evan Francen: Well, and I originally chose this news story because when you read the article, when you read the title, you do think duo, right? Because I read it, I was like, what duo was indicted? Right? How the hell, what? But yeah, it’s two people romana leyva an air rifle, high Hegg charged with one count of wire fraud and one count of conspiracy to commit wire fraud, Land them a maximum of 40 years behind bars. I wonder what they’ll really get. I don’t know. I wonder if they’ll be, I mean I’m so they’ve been charged?

[00:47:45] Brad Nigh: They’re indicted I guess is they plead guilty to one of those to get some and take the lesser of the two with some community service. I think I’m going to guess for the you know $10 million dollars that they will probably get some jail time

[00:48:00] Evan Francen: and probably some restitution.

[00:48:01] Brad Nigh: Yeah. You know they would have them charged the fee and then they would go back and do a refund and claim they refunded somebody too much and demand payment, which is insane.

[00:48:17] Evan Francen: So 7500 North American victims were scammed in this way. It seems low

[00:48:25] Brad Nigh: it’s just two people though.

[00:48:27] Evan Francen: Oh there was these two people are said, well

[00:48:31] Brad Nigh: I don’t know I’ve been saying is well I don’t know.

[00:48:34] Evan Francen: Yeah the article is not clear.

[00:48:36] Brad Nigh: I don’t know how many people were in the ring but

[00:48:40] Evan Francen: So during the refund process they claim to have reimbursed the victim too much money by accidentally adding an extra zero under the amount they then demanded the victim reimbursed them to the tune of thousands of dollars via gift cards according to the indictment. So I’m sorry we paid you too much. Can you please can you please send

[00:49:00] Brad Nigh: us money back?

[00:49:01] Evan Francen: Send us the money back but do it in gift cards. Right.

[00:49:05] Brad Nigh: God. Yeah. So what March 2015 to December of 2018. So Just over three years. Right? And which is a pretty good number of people a day. And

[00:49:17] Evan Francen: which company, which company would ever legitimate company would ever ask for you to give them back the money that they accidentally gave you in the form of gift cards?

[00:49:28] Brad Nigh: Well, that’s why they’re targeting the elderly, that are right, not, not bad, technically savvy.

[00:49:36] Evan Francen: I read an article uh just a couple of months ago about an elderly person that fell for a victory, was it? I got to find it, but he fell for his grandfather, kind of, you know, literally person, I think his wife had passed away already, so he’s a widow, uh and he had fallen for this Nigerian scam, I think to the extent where essentially it cost him everything. And so he committed suicide.

[00:50:06] Brad Nigh: I know my my mom has fallen for it, but she realized it quick enough that you would like within minutes of getting off the phone, she went, oh, I should not have done that. We called brad. And she did. And I was like, it was literally me going, no go to the bank right now, like, just don’t get off the phone with me and go and luckily she was able to stop everything before anything bad happened. But you know, she’s also heard, listen to me preach about this stuff, but it’s easy to have happen, it’s like we talked about with the parents saying we’re digital immigrants and kids are digital natives and then grandparents are Mhm. Not they’re struggling.

[00:50:55] Evan Francen: All right. So, microphone Microsoft says according to their report, 63% of consumers globally experienced a tech support scam down from 68% in 2015 16. Mhm.

[00:51:07] Brad Nigh: It’s so common. Yeah,

[00:51:11] Evan Francen: interesting. All right. Well, here’s so my rule of thumb must never give out any sensitive information on any communication that I

[00:51:19] Brad Nigh: I don’t initiate.

[00:51:21] Evan Francen: Exactly. So, would that be a phone call and email in person if I didn’t initiate this conversation that we’re having? All right. I won’t give you anything.

[00:51:33] Brad Nigh: Right. Right. I was telling talk that uh when I was going through the whole mortgage process, my bank called and I knew they were calling and that they would be calling and they called and they’re like, I just need to verify this as you like, what’s your extension? How can I call you back? Right. Like if I call into the main bank number, how do I get it? And they told me I was like, okay, I’ll call you right back. And I called and they’re like, it’s very rare that people actually do that. It’s like I get it, but Mhm. Anyway. Anyway, uh next one threat post smart TVs leaked data, which is why my you can’t buy a non smart tv anymore. Right?

[00:52:13] Evan Francen: No, I don’t think you can.

[00:52:16] Brad Nigh: Anyone I don’t have my tv. They’ve all got to do the

[00:52:18] Evan Francen: interactivity. They’ve all got youtube. They’ve all got

[00:52:22] Brad Nigh: I don’t I don’t mean that I just want a good picture. It’s all I care about. That’s what

[00:52:27] Evan Francen: I bought the tv for. Right. Right. I didn’t buy the T. V. To surf the internet

[00:52:30] Brad Nigh: right now. I’ve got other things for that. Um but yeah so they were quote unquote spying on users and leaking sensitive data to companies such as facebook, amazon, google and netflix. Um uh Not surprised at all.

[00:52:48] Evan Francen: Well see that’s the thing either is either our consumers because consumers don’t seem to care anymore.

[00:52:57] Brad Nigh: I think there’s a uh I guess an acceptance right? All my information is already out there. What’s the point?

[00:53:05] Evan Francen: Like it was such a defeatist attitude and such the wrong attitude. Yeah because you know 10 years ago something like this were to break or you know where hey all your information about what you’re watching tv and conversations potentially you’re having in your living room. Those are all being shared with some company somewhere. Some big

[00:53:28] Brad Nigh: handful company. I will say I am disappointed to see Rocco on that list because I do really like that. I have a Roku and that’s really disappointing

[00:53:39] Evan Francen: and right now I mean according to the article, what can you do other than disconnected from the internet, what can you do to prevent?

[00:53:48] Brad Nigh: I’m going to guess. You know I’m sure there’s ways to do it. Not for the majority of people

[00:53:56] Evan Francen: you’re so crazy thing too. I remember you know you and I have been around a while, you remember when you first, when you first had to start patching Microsoft operating systems, you had to use a command line tools called HF net

[00:54:08] Brad Nigh: check, wow. Yeah. Running from the command line. You don’t have No, no, I haven’t thought of that in, you know, for a long time.

[00:54:15] Evan Francen: Well, I was thinking about this because uh while we were at the the company picnic, uh they had that big tv on the wall and you see, you see that pop up that says, hey, you know, apply your patch and I’m like nowadays we patch TVs, we have to patch cars, we have to patch refrigerators. We have to patch. I mean, it’s just like, my God, this is not getting easier. It’s getting more complicated and screw it. You’re all sheep. So, you know, I can say I can almost see why why you just be inclined to just give up

[00:54:51] Brad Nigh: its I mean, well, and I think it has a good point, right? With a third of households us households estimated To cut the cord and use Internet connected streaming services only by 2020. This is a huge issue. It is, yeah, yeah, we’re gonna have to figure that out.

[00:55:12] Evan Francen: Well, yeah, I mean you’re very gun Sort of past the point of no return. Right. There are people that I mean George Orwell in 1980, you know, wrote the book 1984 predicting things close to this And here we are. We’re still not awake. Mhm. Yeah, it’s just gonna get worse man.

[00:55:34] Brad Nigh: Fine. All right. This is a I do not have this is that to me this is a heavy I have a I do have a smart I mean you have to if you bought a tv but I do not have any of my tv is connected to the internet. I don’t I don’t have my like surround sound receiver has it can be on the internet, nope.

[00:55:53] Evan Francen: My house was built in 1872 and the technologies I try to use in my house are about the same age. No, not that bad. But I’m not cutting edge in my house man. I mean home is the only place I can get away. You know, I don’t want people listening to my conversations at home right now. I don’t have there’s no Alexa. There’s no google home in my house. There never will be. Mhm.

[00:56:19] Brad Nigh: Yeah, I agree. I don’t think I’m with you.

[00:56:22] Evan Francen: And if you look at this body, man, I can use the exercise like getting up off the couch to go get something and do something and turn a tv or radio knob. I can use the exercise

[00:56:33] Brad Nigh: light switches. So you don’t have to just say

[00:56:35] Evan Francen: Thank you. I can do that too. I’ve got a 14 year old daughter. I can say that’s my turn this on

[00:56:42] Brad Nigh: and then you get the eye roll and you have to do it anyway, but I should

[00:56:45] Evan Francen: name my daughter Alexa.

[00:56:46] Brad Nigh: Yeah. Yeah, that wouldn’t cause problems.

[00:56:50] Evan Francen: They take Alexa turn on the light.

[00:56:54] Brad Nigh: You think you are the eye rolls you get now are bad. You

[00:56:56] Evan Francen: know, I have my own

[00:56:57] Brad Nigh: Alexa. I go, all right. Uh story here is security week uh payouts from insurance policies may fuel ransomware attacks. So they said they were

[00:57:08] Evan Francen: changed the word me.

[00:57:10] Brad Nigh: Well, I’m I’m just reading what uh Yeah, so they’re saying that that experts are worrying that the way the policies are designed might actually be encouraging Attackers. So, Right, they’re basically what they’re saying is that the ransom is slightly less than cost of recovery. Right? So they’re setting these ransoms and and doing that until now insurance pays.

[00:57:47] Evan Francen: How long have you been in it

[00:57:49] Brad Nigh: Since like 98?

[00:57:52] Evan Francen: They teach you how to do backups in 1919.

[00:57:55] Brad Nigh: Yeah. They

[00:57:56] Evan Francen: Teach How to Protect Your Backups in the 98.

[00:57:59] Brad Nigh: Yeah, we we have one incident right now that got ransomed and they had tape backup that they’re very slowly recovering from. But they’re recovering, right? I mean, that’s that’s huge. But we’re looking at yeah, Probably 50-75 hours of support to get them back up and running and using than forensics.

[00:58:28] Evan Francen: Use your insurance to pay for recovery. Use your insurance to pay the ransom

[00:58:33] Brad Nigh: and that’s what they’re doing in their insurance company was very they said we’d rather pay a little more for recovery than pay any ransom. And I was like, well I like working with you. Exactly. That’s exactly what I told him.

[00:58:45] Evan Francen: Can you share the name of the insurance company?

[00:58:47] Brad Nigh: Uh If I remembered it, I would often fly off

[00:58:50] Evan Francen: to look it up because I would like people to buy more of their policies. Yeah.

[00:58:54] Brad Nigh: Yeah, it’s it’s a good Well yeah, you don’t even have a guarantee right?

[00:59:01] Evan Francen: one in in Kudos to this client because yes, it’s slow backups. So better than no backups. Right. And but if you don’t have backups or your backups are not adequately protected from catastrophe like a ransomware or you know, back in the physical days a tornado or whatever. At least now you have the option, right? We don’t have the backups. You don’t have an option.

[00:59:26] Brad Nigh: And with this, I mean it’s going to be painful. Their backup server was encrypted so they had to rebuild a backup server, re inventory all their tapes, import them all in and it takes tape is so slow.

[00:59:40] Evan Francen: But one so the next thing, you know because and it goes back to basics, man, it’s always the basics. Right. I would have recovery time objectives. I would have done a business impact analysis. I would have had some form of backup and recovery that would have been adequate to bring us back online faster and less painful, you know? So they got the first part right. You know, I mean at least they got that right. But the other parts about All right, well, this tape going to be, I mean asking the question is tape going to be sufficient to get us recovered in an adequate amount of time.

[01:00:14] Brad Nigh: Right. Well, and you know, if it was one server and their backup server hadn’t been. Yeah, probably would have been fine. They didn’t count on everything. Right? So

[01:00:27] Evan Francen: maybe in after the recovery, maybe having another backup server just offline. All you have to do then is just bring your backups,

[01:00:35] Brad Nigh: you know, spring in a pageant. Do everything. Yeah.

[01:00:41] Evan Francen: All right. Yeah. I cannot stand paying criminals. Sorry man. I know of what to or to law enforcement agencies that have paid ransoms like the cops paying criminals. Are you kidding me?

[01:00:55] Brad Nigh: Yeah, they said the insurance company on this one said the only time they they will pay is if there is no chance of recovery outside of pain, that’s

[01:01:04] Evan Francen: this insurance company you’re

[01:01:05] Brad Nigh: dealing with. I think that’s paraphrasing it. But basically that’s what he was saying is they prefer to Now obviously if it gets to be a costing, they’ll consider it. But in this case they we know they can recover assuming backups are good.

[01:01:21] Evan Francen: Right. Well that’s what, you know, I would maybe that’s the way you know insurance company should write insurance policies is we will cover ransomware but only recovery, we won’t pay ransoms.

[01:01:33] Brad Nigh: Oh, nick that’s an area that insurance companies are really struggling with because yeah, they don’t have a good way to to underwrite this stuff but no.

[01:01:45] Evan Francen: Alright then. Good

[01:01:46] Brad Nigh: data. Last one uh is an update on those pin testers in Iowa they got arrested those pen testers and it appears to be even a a it’s a mess. Mhm. So yeah, I don’t even know where to start with us. So they basically the agreement said that pen tests were to be conducted between seven AM and seven PM. Uh but could be done outside of that if there was a change order while these guys got caught just after midnight and they did have their quote unquote, get out of jail free card when the sheriff called state employee. And the guy was like yeah, we’ve hired him, let him go. Sheriff said no. Which is I mean they didn’t get along. Yeah. Yeah, it was but again, technically they were outside the scope.

[01:02:39] Evan Francen: What’s it? Right. I

[01:02:40] Brad Nigh: mean you got to know this stuff, there’s got to be, there was so many communication failure here.

[01:02:46] Evan Francen: It sort of comes down to right communications.

[01:02:48] Brad Nigh: So it was uh so that’s on the des Moines register dot com uh out there. It’s very interesting read I think yeah, that the sheriff definitely did not like the state doing that. All right. I don’t know if he necessarily had anything towards the pen testers other than then he got them outside of what the scope of work said, which I mean, yeah, you’re in violation of your contract at that point. Yeah. I mean you

[01:03:22] Evan Francen: have a scope of work for a reason, Right?

[01:03:26] Brad Nigh: So yeah, that will be uh

[01:03:28] Evan Francen: in poor communications. And it was interesting because coal fire shared the the scope of work publicly disclosed that not in this article. I didn’t see a different one. It was interesting to see because you know, we have scopes of work here too. And I was like, you know what you think coal fire like big, you know, big. Yeah. So you think man, that’s gonna be some sophisticated like cool looking scope work. It wasn’t, it was just have to go find that it was pretty plain and simple. But

[01:03:58] Brad Nigh: again, complexity is the enemy. All right. So you want to have you just like it wasn’t Yeah, maybe it wasn’t flushed out as as it should have been.

[01:04:07] Evan Francen: Well, certainly, yeah, I mean when you talk about penetration testing and you talk about physical penetration testing and break ins county facility, yeah. You probably want to get

[01:04:20] Brad Nigh: that. You want to have that really well written out exactly what’s in this

[01:04:25] Evan Francen: list of things are allowed. These lists of things are not allowed and anything that’s grey area must be cleared first or something. I mean, it’s just, it has

[01:04:33] Brad Nigh: to be. That’s what I think our guys do such a good job of his art. Our initial statement of work for like, hey, we’re gonna do a physical pain that this pretty high level. But then during the call with a client, they’ll flesh out exactly what’s left and we’ll have it all written out and signed off on. And yeah, we’re on the same page

[01:04:56] Evan Francen: when, you know it, it take away for us, you know, as a security consulting company that does the same type of work. Maybe we make it part of our standard operating procedure that if we’re going to do a physical social engineering attack against a municipal, well, certainly a municipality, maybe we ask, you know, should we include the sheriff in this organization or include the local police department

[01:05:21] Brad Nigh: makes sense. Really should have at least maybe the chief or somebody higher up that, that could be on your get out of jail card.

[01:05:28] Evan Francen: Right? At least when you’re dealing with municipalities, if you’re dealing with a public, uh, private entity, you won’t have that tension that these guys have here.

[01:05:38] Brad Nigh: Yeah. Again, it could have turned out a lot worse. So hopefully, yeah, I mean, you

[01:05:42] Evan Francen: can get shot. Yeah. Yeah. I mean, I wouldn’t be surprised, especially with the police had their guns drawn,

[01:05:48] Brad Nigh: burglar tools and everything with you. So All

[01:05:52] Evan Francen: right, well, hopefully these guys that they’re stuck in the middle, you know, Justin and gary Dema curio get out. I don’t know if they have been there were out on bond right now, but hopefully they don’t have anything on their record and have to deal with this crap because of

[01:06:08] Brad Nigh: Yeah, well it’s interesting you know, how did, how did they get the impression that they could do this at midnight that during normal hours? So, but that will be something down the road. All right, well there you have it. We have talked about a lot. Today is definitely a little more uh intense episode than normal.

[01:06:31] Evan Francen: I’m taking it serious

[01:06:32] Brad Nigh: today. Yeah. So we’re always grateful to our loyal listeners or for loyal listeners and love the feedback and appreciate that you do listen every week and join. So, uh send us your feedback at unsecurity@protonmail.com or you can socialize with us on with us on twitter. I’m @BradNigh and Evan is @EvanFrancen. So thank you and talk to you guys next week.

[

/by