Unsecurity Podcast

Evan and Brad Discuss what it’s like to be a security person learning how to take on business objectives like strategic planning, and review some interesting mobile phone security news.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[

[00:00:22] Evan Francen: Hello, Unsecurity podcast listeners. This is Evan Francen. This is episode 50 of the insecurity podcast. 50 episodes. It’s a lot, Yeah, Brad say, hi

[00:00:34] Brad Nigh: Hi I’m here.

[00:00:35] Evan Francen: and uh what is it? It’s October 21, you know, Uh 2019

[00:00:41] Brad Nigh: crazy years since we almost a year.

[00:00:45] Evan Francen: So we were, we uh we were talking a little bit before the podcast and just talking about how busy, you know, we all get uh 4th quarter for us and you know, as information security consulting people is always crazy. But I think just security people in general, right. We’re always busy, busy, busy. Everybody I talked to, you know, I’ll tell you, you know, in today’s podcast about the roadshow, what we’ve been doing, what we did this last week. But one of the things I ask people, you know, just in talking is how are things going? Uh always busy. I’m like, oh, are you short staffed? Almost always yes, or short staff. So uh you’re busy. I’m busy. Uh so busy where things just won’t get done. There’s certain things that I won’t get to

[00:01:41] Brad Nigh: feeling or showing on this last week and you covered for and then this week. Yeah.

[00:01:46] Evan Francen: Well, yeah, I mean, he just gets so busy. So I figured so we’re winging it today. We’re winging it on the podcast. We’re going to talk about. What I’d like to talk about is talk about uh I’d like to give you know some shoutouts maybe for you know last week it was fr secures and security studios quarterly kind of get together. We brought everybody in. I can talk about the road show. You know what we did we learn things every time we go out. It’s super cool. Uh Also I could talk about what you’ve been working on. You know you mentioned a new tool that you just started kind of playing with for the I. R. Team so we can talk about that too. But let’s start off with how you doing?

[00:02:26] Brad Nigh: I don’t know good good. Uh earlier today I was I had the same thing that happened to you last week. I woke up at like 4 30 was just like all right, I’m ready to go. So I kind of laid in bed for you know like a half hour like alright I’d like to go, nope alright, time to go. So I just came in. I was like 5 30.

[00:02:48] Evan Francen: Yeah. You

[00:02:50] Brad Nigh: know here you are not a lack of like you said not a lack of things to do so

[00:02:56] Evan Francen: but we should do. Maybe a podcast where we talk about you know prioritization techniques maybe um organization techniques because I have an admin who even with my admin I’m I’m inundated. I mean I’m missing things there’s things that I’m just not getting too,

[00:03:17] Brad Nigh: it’s uh, it gets to feel a little overwhelming at times. But I think once you we’ve talked about it right, you can only do one thing at a time. What’s the right order to put things in? And If somebody requests something else say, Okay, we’re on the list. You want these 50 things done? Where do you want to add this one in? Because I can only get to him as I get to him. I think when to you. Yeah, once you get kind of come to that realization and are a little bit at peace with it and just work hard and keep moving forward. It’s freeing I guess. Yeah,

[00:03:55] Evan Francen: I suppose

[00:03:55] Brad Nigh: I won’t lie. I’m I hate looking at my inbox knowing the amount of unready, but honestly I look through most of them. I do see them come in. I just don’t if I don’t need to do anything with it and just move on.

[00:04:12] Evan Francen: Yeah, I don’t get tired of telling people my apologies for the delayed response. You know, I mean, I should just let’s just make that an email response template. You know, every email is just going to have my apologies for the delayed response or I don’t know, maybe maybe some of our listeners have a better opening to not sound apology because, you know, you really can’t, you shouldn’t apologize because I’m just really busy. You

[00:04:36] Brad Nigh: know, I read something about. Like I’ll have to see if I can find out, you know how to make yourself feel a little bit better. Like things you shouldn’t apologize for. You shouldn’t apologize for being busy.

[00:04:46] Evan Francen: And I’m sorry. I apologize that I look like this

[00:04:49] Brad Nigh: now, but I, I fall into that a lot. Right. I was, it’s like, hey, sorry this took me a week to get back to you or took three days or, and the, so what

[00:05:01] Evan Francen: Yeah, I suppose

[00:05:02] Brad Nigh: it doesn’t really, you know, just get the information back and

[00:05:06] Evan Francen: I’m gonna try really hard. I think this week to not apologize for delayed responses because I have emails from, you know, really important emails from monday of last week that I just saw this morning when I came in. I got a bit too early. I got up at like three, I was in the office by four uh, and I’m trying to catch up nice emails like, oh son of a gonna, you know, that was an email that I really wanted to respond to on like monday, whatever

[00:05:37] Brad Nigh: I will say. I’ve noticed that unless I’m, there is something to actually apologise for, hey, sorry, I forgot this last time or something like that. Nobody has really pushed back or I’ve been reading.

[00:05:50] Evan Francen: So I shouldn’t say sorry for looking like this. I mean sort of maybe

[00:05:55] Brad Nigh: sorry if you really

[00:05:56] Evan Francen: want to, sorry for sounding like this smelling

[00:06:00] Brad Nigh: maybe. I

[00:06:01] Evan Francen: don’t know. All right. So we had a good week last week, super busy, started monday off with once a quarter, we fly everybody in from all over the country. We have people in Tennessee Kentucky, Missouri, Nevada,

[00:06:16] Brad Nigh: florida, north Carolina,

[00:06:20] Evan Francen: okay, that’s it. And they all fly in here and we meet up to go over what we accomplished last quarter. We call out, you know, some really cool things. We tell people where we’re at. You know, financially, we, we try to be as transparent as possible and then get everybody kind of juiced up for, you know, the next quarter, I thought the meeting went really, really well. I think it was one of our best ones. Renee rudder, our chief operating officer, I think just knocks it out the park with, she kind of keeps everybody, She’s

[00:06:51] Brad Nigh: so, she’s so good at wrangling us right. It’s like wrangling cats and I’m

[00:06:58] Evan Francen: comfortable doing that. Right? Even john harmon, you know, president myself, you know, she’ll, she’ll tell me what she thinks, which is

[00:07:08] Brad Nigh: great. Yeah.

[00:07:09] Evan Francen: So it was good. It was a good meeting. We had another good quarter. Third quarter is always a challenge because third quarter has july in it in july is always just

[00:07:20] Brad Nigh: july and, and august because yet everyone’s going on vacation and then both those months, right? It’s school’s out. So nobody’s around

[00:07:29] Evan Francen: July, you lose essentially an entire week because especially when July four lines in the middle of the week that we pretty much dead in terms of delivery in terms of meetings, in terms of

[00:07:40] Brad Nigh: Customers don’t want to do things during the holidays, which is really crazy when you think of Q4, you lose two or three weeks, do the holidays depending on how it falls and it’s still traditionally, Gosh, 30, 37 to 37%.

[00:08:01] Evan Francen: Yeah, it’s the biggest border of

[00:08:03] Brad Nigh: our work comes in every week. You four and it’s got the fewest number of weeks in it. Yeah,

[00:08:08] Evan Francen: it’s always the busiest. So it’s, you know, it’s really important to kind of go through because we’re also, we also drive ourselves really hard here, you know, so everybody sets really ambitious goals in sometimes. Um, it’s hard, you know, it’s just hard to reach those goals and you need to get together and sort of recoup and, and uh, recharge. It was cool because I stayed, most of those guys don’t, they all stay for the entire week too.

[00:08:35] Brad Nigh: For the most part, a couple people had to leave due to other obligations, but for the most part of the

[00:08:41] Evan Francen: family. Yeah,

[00:08:42] Brad Nigh: no weird, but no, for the most part, they were here all week, which is great to see them all. Uh, you know, it does change the dynamic a little bit just because you socialize more, right? You don’t see them, you know, we do events after work. Uh, you know, there was a trivia night and then a team outing and so it’s uh barbecue. Yeah, we did a rib cook off. I got cheated.

[00:09:11] Evan Francen: Peter. Yeah. So peter Vigne gee if you know who Peter Vigne gee is, he used to be a chart here. But now what is his director of operations or director of something? Something. He directs something. He

[00:09:21] Brad Nigh: does something I always wanted. Peter what did you say you do here? Because I get asked that all the time. So I figure I got to turn it

[00:09:28] Evan Francen: around, steal his stapler. Right? All right. So that was a good week.

[00:09:35] Brad Nigh: Yeah, it was yeah, it was tough because we were talking about before a lot of business type stuff last week for me for the world, the senior management team. And it was funny on friday. I want the sales people because what were you guys doing and like you know strategic planning, you know, Q4 2020 staffing and all the all the things to make the business run, they’re like it looks like you guys just come out of there just drug through the ringer and exhausted like. Yeah, it’s not what security is easy for me like I get that this is a very different way of thinking. And it it definitely uh grinds you down a little bit. But it’s fun because it is

[00:10:21] Evan Francen: very different. So the security guy learning business e I know that’s what happened to me man and I still don’t. Great right? But I get where

[00:10:32] Brad Nigh: your future looks like, I get where you’re, where you’re coming from though. It’s uh it’s good though. I wouldn’t change it for anything, it’s fantastic, but it’s just yeah, it’s

[00:10:42] Evan Francen: exhausting. Well, it’s a good segue because, you know, I’m a I’ll talk about the road show a little bit now uh the security, I’m a security guy that found himself somehow, a business guy, right? And then, I guess, I don’t know, I enjoy torture. So then I’m a business guy, times to write, and then it’s like, and then I yeah, I don’t know, it’s just weird, but we were in Chicago john Herman and I uh this was week three of the security studio roadshow, hashtag s two roadshow on twitter due to it. You twit very often

[00:11:23] Brad Nigh: I more read. Yeah,

[00:11:27] Evan Francen: but it’s kind of cool to follow. I think some of the things we’re learning every, every time I talk to you, so you learn things from everybody, you know, you learn security things from people who are just starting out in the industry, you learn business things from people who are just starting their first, you know, security business, right? So, you know, I think um sometimes we have a tendency to sort of discount what maybe new people we’re talking about insecurity, like, oh yeah, you know, new person, they always have something though, their questions always, you know evoke some sort of yeah, they’re coming

[00:12:04] Brad Nigh: from a very different kind of background.

[00:12:07] Evan Francen: Yeah, exactly. And so we go on the security studio roadshow and the point of the whole road show. Right? So I think some people might still be confused about what we’re actually doing. Um we’re going out and we’re meeting people, we’re understanding their business and then we’re helping them grow, essentially helping them grow their business. So their information security consulting business or their information security product business or whatever, but we want you to do it the right way. Right? So we don’t want to use selling snake oil, we don’t want you um you know, consulting on some super proprietary thing that everybody should know. Right? So we took our products, we took s to order, we took s to score, we took s to vendor as to me as to team all these products and put them on a platform and we’re getting people to use them. Right? So rather than you doing your own proprietary information security assessment with spreadsheets and whatever else you’re doing, Why don’t you get on a platform with 20 other partners who are using the same thing. So they’re speaking the same language so that customers aren’t confused and we’re focusing on the fundamental security things that everybody should have. Yeah. Right. And so that’s what we do on the road. So this week we were in Chicago, I have a I have uh I can’t use the word, I call Chicago a different name thing, I can use that. I

[00:13:37] Brad Nigh: guessing I can yeah,

[00:13:39] Evan Francen: I also have one for Detroit. Yeah. And ask them to have one for philadelphia

[00:13:44] Brad Nigh: Philly and Pittsburgh for me. Yeah,

[00:13:48] Evan Francen: but we were in Chicago. Yeah, we were in Chicago and we were in um Dallas texas. Yeah, there’s always stories for me, you know, I always have stories were just dumb stories. Mhm. So while we’re on the road show, we also do barbecue reviews. So while you were you guys were having this competition here with barbecue, john and I were out eating barbecue, some good, some not so good. Um but we started in Chicago and we were there we were invited by HsBc, you know the Big Bang people uh every year. They do uh this week or actually that week they do something for cyber security awareness month, National cyber security awareness month and this week was cyber security in our personal lives cybersecurity on the move. So what we did was we took the s to me which is free, always going to be free and we sent it to their employees. Uh and then had them, you know do their own assessments, their own personal information security assessments and then we Arrange them in AS two team right, meaning that all we see is the average is

[00:15:03] Brad Nigh: aggregated and anonymized.

[00:15:05] Evan Francen: Yeah, we don’t know who answered what? Uh so we went to their Arlington heights headquarters in uh you know are right outside of Chicago and gave this talk and then they piped it all over the world. They telecast. Yeah, it was really neat. Um, and so we went through this talk and I shared my slides, you know, online and everything afterwards so that anybody who wants to steal and use them whatever as long as you’re fixing the broken industry and not right, making it your own worst hitch thing that you’re not going to share with anybody. Um The talk went awesome. Um, we had the the sea, so was in the room, uh, and we have a follow up meeting, you know, to talk more. Yeah. So that was where we started on uh, Tuesday last week. So the things that we discussed were limitations in traditional training and awareness programs motivating people by making information security personal. We talked about if security won’t motivate you, meaning, you know, you’ve become breach numb or breach fatigue if that’s got you maybe privacy, well, resonate interview and motivate you if privacy won’t. God, I hope safety. Well, you know what I mean, where your kids are being uh, there’s just all kinds of stuff there. But we talked about that and then we talked about getting, you know, your for those who hadn’t taken the free as to me assessment to go do it and then share and then have your wife do it and then have your neighbor do it right. And have these conversations with people that you’re not having today? It’s not my problem? You’re secure? Well, it is, but my security at your home is not my responsibility, but it affects me, right? Because your crappy security, I mean there’s all kinds of things that could potentially be used by an attacker with your crappy security, right? They could turn you into a boat and now you’re going to attack me or does something, um, you lose your financial information. Well, yeah, that’s great that you get all your money back, but the bank isn’t in business to lose money. So they’re going to raise rates. You know what I mean? There’s just all kinds of different ways and it may seem insignificant, but Attackers are hitting people and mass. So I’m paying more because of your crappy security. And I’m looking at you, I’m not saying you brad because you know, I know you actually have a really good security at home. So let’s talk about that. Let’s talk about, you know, first, the limitations and training and awareness program.

[00:17:51] Brad Nigh: It’s funny because we actually got an email on friday from someone saying exactly that, hey, yeah, the pre can stuff is what it is, but it’s not super effective. People don’t really pay attention. What do you guys, can you help us

[00:18:08] Evan Francen: And

[00:18:09] Brad Nigh: uh, yes, we can.

[00:18:10] Evan Francen: Yes, absolutely. Uh, well that’s the thing, right. In training and awareness programs. I’m telling you how to protect me? How do you, how do you protect my assets and our customers instead of, How do you protect you?

[00:18:22] Brad Nigh: Right, well, and that’s kind of our whole approach is protecting personal and corporate right or organization or whatever you want to say. But it’s been that way for the, you know, a couple of years, three years plus that I’ve been here bad security at home, bad hygiene at home, bad hygiene at work from a security standpoint. I mean, it just is the reality. Uh so how do we personalize it for people to have it resonate and stick? So, you know, we’ve got training and we’ll do go on site, but the s to me and team really I think is going to take that to the next level, uh, and be able to like really truly personalized it for organizations to say, okay, yeah, we know these are the kind of things we need to talk about, but we know that people are struggling with this. Let’s add right, and give them the tools to do better.

[00:19:24] Evan Francen: Absolutely. So I think, and you hit on it right. I mean people are creatures of habit, you know, and as I’m giving this talk, it’s funny because there’s always this head nodding right? I don’t think I say too many things that are just outrageous. I mean I do occasionally and then you just get that like look in their eyes, like did you just say that I didn’t get any of that in this talk, But people understand that people are creatures of habit, they understand that the same habits I have at home are the same habits on bringing into the workplace and vice versa. Uh people want to do the right thing, they just don’t know how to do the right thing in many cases. Um and the one thing that I’m looking forward to and I still don’t have, you know, anywhere near enough of it and or us as a team as a company, it’s just feedback. Right? I mean that’s, to me is free And, but I know that it’s also version one, right? Right. So it’s not gonna be, wow, asked the perfect questions and just the right way.

[00:20:26] Brad Nigh: Yeah, version one is version one. It is what it is, but it’s, I mean, yeah, so the feedback that I’ve gotten from non security people that have done it were, was really positive and you know, I never would have thought of this stuff, um I had to go, I was going to go buy a dishwasher and realized like how hard it was to find one that wasn’t, we’re going to talk to the internet and

[00:20:53] Evan Francen: like now LG’s LG is going to be pissed at us now, whatever.

[00:20:58] Brad Nigh: It’s not just, it’s all, it’s all of them have. But yeah, it’s pretty funny that uh I think it’s being well received. I know the people that I’ve talked to and you know, talked about teams and what that does and and all that are really receptive and going, oh yeah, now I know where is my, where the weaknesses, How can I get my employees to a better place?

[00:21:30] Evan Francen: Well that’s good. Yeah, because I I we need to, you know, just continue to keep our eye on the ball, right? So I know version two is already being, you know, in the works. Um I’m excited for like some some how to tie in, you know, kind of an S2 teen piece, you know, because I mentioned that also, you know, and people, their eyes perked up and then, you know, because they want to know what their kids are doing, right? And if their kids are safe, right? I mean there’s nobody may, it’s like one of my most important jobs in this world is to keep my Children safe, right? So yeah, we’ll see how the S two team comes about and

[00:22:10] Brad Nigh: how do you communicate with them and have them not roll their eyes and tune you out,

[00:22:16] Evan Francen: right? So yeah, that’s a good point. I mean uh The way I talk to my daughter, my 14 year old daughter about, you know, her devices is, you know, you talk to them about it. It’s not that why don’t you come with a heavy fist and crash down, you know, let’s talk about healthy behaviors because it’s communicate, right? It’s my job to love you, It’s my job to to make sure you have a healthy environment to grow up in and, you know, so it’s, it’s interesting, but I think the feedback was great. Yeah. And then, uh, what we do after that, uh, we met a partner in Chicago, a company called Spectre Security, S P E C T O R. Put them up and all this stuff too will be recapped in my week three security sure roadshow recap on Evan francine dot com. So, if you ever want to see this stuff, because I also included the slides, you know, linked to the slides on that every cap. Uh, the aspect of security, two guys that I don’t know if they have any other employees with two guys that are trying to start their own security consulting company. Um, they’re trying to start off as pen testers, you know, a pen testing company. Um, if you’re going to start your own consulting company, it’s the same thing that happens in a larger consulting companies. Just harder. So I’ve always said it takes three things to get a new customer right? And these aren’t earth shedding. They have to trust you, you have to be credible and they have to like you, uh, these guys were both likable guys, uh Zach and kevin were their names. Uh super likable in my mind, they’re both trustworthy and they’re both credible if I, you know, as a security person. But their credibility is going to be hard to establish in the marketplace because it’s so crowded, right? There are so many companies that do penetration testing that are well known that can site, you know, here’s our 100 customers and you know 100 fortune, 500 customers. And it’s just, it’s not an easy place now,

[00:24:34] Brad Nigh: you know, put your flag. But I think there is room because you’re seeing some of the bigger, you know, we we get a lot of customers that came from the that were customers of the bigger ones that were just like, you know, we had one where they had done a multi year engagement and we found stuff in year one that they hadn’t found in like two or three years. Right. Right. Yeah, because well, that’s when you automate scripts and that’s all you do. It’s not truly a test

[00:25:06] Evan Francen: one. Every pen test, it doesn’t necessarily mean either that the previous pen tester wasn’t any good. Alright. Pen tests have scope to rely on skills of the pen tester. Right. Different perspectives because well, often find, you know, in our own pen testing that we’ll find something in the customer will ask, well, why didn’t our previous pen tester find it? And rather than say, well your previous pen tester sucked, it’s more like, well your previous pen tester was looking at these other things

[00:25:36] Brad Nigh: and what was their methodology? What were they looking for? Because

[00:25:39] Evan Francen: if you have somebody that comes in behind us, you know, next year, they’re probably going to find something that we didn’t find this year? You know what I mean?

[00:25:46] Brad Nigh: Yeah, it depends on how this is pretty

[00:25:51] Evan Francen: glaring. Oh yeah. If it’s obvious, it’s like the front door is open and I didn’t notice

[00:25:56] Brad Nigh: it was it was I think it was pretty, pretty bad. Pretty

[00:26:00] Evan Francen: bad. Eld app was open to the internet. Yeah, jeez we missed that one. Sorry. Yeah,

[00:26:06] Brad Nigh: but either way.

[00:26:08] Evan Francen: Well anyway, so yeah, so Specter security, I think uh I you know, I think there’s an opportunity for, you know, for them to broaden a little bit with, you know, some of our tools on security studio, uh at least at least to put pen testing into context. Right? Because pen test a lot of times people will ask for pen test and I don’t even know what the hell of pen testing.

[00:26:29] Brad Nigh: We got a pen testing as a vulnerability scan. Exactly. Very common.

[00:26:33] Evan Francen: It’s super common. And so if if Specter is going to uh go after this smb probably a little less sophisticated, uh they’re asking for a pen test because they read it somewhere or heard it somewhere or regulator told them they had to do it even then. Right, vulnerability scan. If you haven’t done a vulnerability scan first, then why why are you wasting your time with a pen test, you don’t even know what you have. So start with the basics and then build up from there and then when it’s time to do a pen test, what sort of pen test do you want? Right? There is not just a canned pen test, right? You’ve got different tiers of pen testing. You’ve got different scopes, you’ve got different skill levels, all sorts of different things in pen testing. And then uh yeah. And then you get to the red teaming, Blue teaming sort of

[00:27:27] Brad Nigh: ongoing, continuous.

[00:27:29] Evan Francen: Yeah. So it was just a great conversation with those guys. You know, I’m hoping that we keep, keep the relationship going. I really want to see them succeed. They do a lot of government work to, they’re both x they’re both law enforcement. Okay. Which, you know, they did, let me leave. I guess they didn’t find my warrants. It was some

[00:27:49] Brad Nigh: statute of limitations is up to you. Good. I think. So

[00:27:53] Evan Francen: the statute of limitations still apply for, I’m still doing it.

[00:27:56] Brad Nigh: I have no idea. I don’t want to know plausible deniability.

[00:27:59] Evan Francen: Yeah, I don’t know either. All right. So that was Chicago, Chicago was great. We had some good barbecue. I’ll get to the barbecue stuff in a minute. Then we went down to Dallas. We flew down to Dallas on Wednesday. Uh Dallas is cool. And there’s some, I like Dallas, there’s some good people there, john is originally from Dallas. So that helped my wife and daughter flew down from uh to meet me in Dallas, which made God makes life so much better

[00:28:29] Brad Nigh: with all the travel. You’ve been doing my

[00:28:31] Evan Francen: family there. Yeah. Just coming back to the hotel and like, hey, you know, makes life amazing. Uh and then we were participating in the I. C. Squared cyber aware Dallas conference which was on friday and I was the keynote, which was cool, Very cool. I didn’t really even know that I was, I mean I kind of did, somebody said I was, but sometimes people use that keynote word, they don’t really mean it, you know what I mean? Your keynote, but why am I in this room over here? You know what I mean? So I didn’t really put much stock in. I’m like, well it’s going to be the same talk, whether it’s a keynote in front of 1000 people or if it’s a breakout with 30, yeah, they’re going to get the same version of me.

[00:29:17] Brad Nigh: So it’s

[00:29:18] Evan Francen: great. Yeah. So I didn’t, I wasn’t really sure what that meant, but that was okay. And then uh yeah, we had some more barbecue down there to um, but the squared cyber where Dallas conferences was cool. It’s Dallas fort worth that chapter. Uh they go to the University of texas at Dallas, um, one of the big halls in the, put on a conference every year. I think they do it every october uh well attended. Uh Davidson, Candy, am I making noises, My beard making noises again. I think you’re good. Okay. Sometimes my beard rubs against the microphone.

[00:30:03] Brad Nigh: It’s the wind screen or whatever. Yeah.

[00:30:07] Evan Francen: So I’m going to have a long be right. My wife, side note Moroccan oil. Mm She said to put that in my beard and I sort of liked

[00:30:17] Brad Nigh: it, obtained it a little bit.

[00:30:20] Evan Francen: Yeah, because I was using the other beard oil. But then what happens is your beard, My beard is so long now that it rubs on my shirt so that I get spots on my shirt and I’m like son of a gun so I can’t do that anymore unless I that’s funny coming out or something. I don’t know. Yeah, well I’ve got another four years. You’ve got to deal with that. You

[00:30:39] Brad Nigh: have a bid before long, let’s say it’s my beard. Did my beer, babe.

[00:30:45] Evan Francen: Uh huh. That might be a no, no patented mistake. All right. So the conference was Friday the 18th. We went down Wednesday Thursday, we had uh some meetings um we met a company called Vitek consulting, pretty good consulting company I think relatively new and refocused. Um they had a different sort of focus before on security and I think now they’re probably on the right path a little bit more, but it was cool just to talk to them, right? And it’s another small consulting company and it’s like, well let’s help you grow. Uh the doubt the conference on friday again. I made my look for the recap on my blog and you’ll find the link to the slides there too. Like I said, take them steal them. I mean that’s how we all get better. Right. We still shamelessly from each other. Least stealing, assuming there’s some good stuff and they steal the good stuff.

[00:31:44] Brad Nigh: Right? Don’t reinvent the wheel.

[00:31:47] Evan Francen: Right. Right. So the talk was awesome. I met a bunch of great people, met a guy from, uh, whole college, don’t know what they call that. Like a college. Mhm. Nicole what he called on a group of colleges gets together association. No, I’m not sure you call that. Well anyway, it’s like four or five colleges coalition

[00:32:11] Brad Nigh: or something. Yeah.

[00:32:13] Evan Francen: Yeah. If you’re a listener listener, let us know what that’s called. But he’s overworked. He had a security a team of basically just him a few years ago now they’ve got eight, they should probably have 80. But whatever it’s, you know, making progress. He came up afterwards and he’s a longtime security person. So, um, you know, when you have those wise security people, you sort of listen a little bit more.

[00:32:43] Brad Nigh: It’s all, well, I think it’s hit or miss. It’s either they’re like nutty, well or so like stuck in their ways and refuse. And like this is how it is cause or

[00:32:54] Evan Francen: if it’s great man line, it’s

[00:32:55] Brad Nigh: right. Or or you get the ones that are

[00:32:59] Evan Francen: still arguing the Lennox Windows

[00:33:01] Brad Nigh: or the ones like you were still learning. No, no, no. I’m saying you’re the opposite if you’re not stuck in the way your

[00:33:09] Evan Francen: friends enough right? So I would tell you good kick me on the table but we had a great discussion and you know, I think he’s going to use the S to score the S. Two R. G. You know, in his own organization, He asked a great question during the keynote, there were some questions, I always like to leave about 10 minutes, you know, towards the end for questions and then they can, you know, somebody run down the aisle with a microphone and you know, you can hear the have um he had a great question um during the keynote or in that time, but then you know, he became such an advocate for us at the rest of the conference. He kept bringing people to a booth. That’s awesome. Yeah, he was like, hey, I got something else for you guys to talk to, which is really neat because it was like I said, he was kind of an old timer but he’s not, you know, probably not excited about much really insecurity anymore, seen enough kind of jaded a little bit but it was neat to see him sort of excited. Yeah, so it was cool. It was really, really cool. And then there was another guy uh down there who had participated in our CSS p mentor program and prior to my talk, you know, I was just kind of walking around just saying hi to people and asking them about you know their business and whatever and he was at this uh yeah well crap now Yata yeah something Y. O. T. T a crap. I can’t remember the whole name of the company but anyway he was at this booth and I just kind of introduce myself and I didn’t I didn’t really I don’t know even know if I say my name when I introduced him just like hey how you doing whatever and then it was time to go give the keynote and I gave the keynote and then afterwards he came up to me he’s like I didn’t know that you were this guy and I’m like well I have a beard now you know and look a little different uh he’s like oh my God you know and so I was so thankful that you know for the C. S. Sp mentor program, thankful to you, thankful to me that the company um so that that made my whole day right there. I mean if I if there wasn’t anything else to that day that was just great. Um It was just kind of weird running into somebody in Dallas on the mentor program. Um That’s good and for all the listeners it’ll be starting up again in april april hopefully we’ll recruit some more people so you and I don’t have to they don’t have to listen and do us for How many weeks is at 74

[00:35:42] Brad Nigh: it’s like yes it is 77 weeks. Well I think we think we went actually to eight but we have three breaks built in

[00:35:51] Evan Francen: right and we had a barbecue

[00:35:53] Brad Nigh: and a barbecue at the end. But yeah I get asked that all the time. Hey when’s it starting? Was it starting april just

[00:36:01] Evan Francen: wait. So if you want to um get on that list really Everybody’s invited. The only ones that we restrict are the ones who come here in person. Uh So if you know if you’re in the Minnesota area there’ll be a limited number of people that can come here in person because more now it’s true we have a bigger space now. Uh but for the people who want to attend online. Yeah there’s no limit that we had. We did have a limit last year we hit 500

[00:36:33] Brad Nigh: and 50 or something and

[00:36:35] Evan Francen: I think we hit it but then you know there’s always attrition the rest of the class. But um yeah so april reach out to the show, reach out to brad me.

[00:36:45] Brad Nigh: It is on the website fr security. The under resources I think. Yeah I think its resources and C. S sp mentor be information there. That’s where you can, as soon as marketing pins us down we’ll put dates out there

[00:37:01] Evan Francen: So that was cool and then we then there was somebody from Dallas who had a who works at a Fortune 500 company. He’s a security like a senior security analyst kind of person. Um He’s kind of tired of the corporate thing. He wants to start his own consulting business but he’s got kids and you know he’s like nervous and you know all these things I’m like well you know I can share with you the things I learned, I mean when we started fr secure there was actually I actually lost my house Right? Because we didn’t have customers. Uh it was around that housing crisis time which was a great time to start a business, you know, 2008. Um But you know I said let’s talk let’s collaborate. Uh You can use the cool thing about our platform to about the security of platforms. It’s free. So if you go talk to customers you can walk them through an assessment for free, right? So there’s no cost and if you can answer yes, no questions about simple, basic fundamental security things. Well then awesome

[00:38:07] Brad Nigh: you’re gonna have a pretty good idea of where you stand,

[00:38:11] Evan Francen: right? So that was, it was cool to talk to him. It brought back memories, spent some time with J. P. Hill the third. He’s the president of the I see Dallas Fort Worth chapter. That guy’s cool. Yeah he’s he’s he put together that kind of put together at the conference. I think he was the lead anyway. Um Yeah high energy all over the you know not all over the place but just physically all over the place is probably because he was trying to run the conference. Um, but he’s, he invited us to come down for four more vehicle meetings down in Dallas, so we’ll be going there. It doesn’t have to be security studio either. So you know, if our secure folks, I’m sure because he sees the value, I think in the partnership, what else do we do? Oh, we had a couple of partner meetings that were remote that week or last week. Uh, north Carolina, some company out there and then a company in the UK, we already have a company and to Africa

[00:39:19] Brad Nigh: and that’s cool. Yeah.

[00:39:21] Evan Francen: So the partner network is growing I think for companies that do information security consulting. Uh, I think not now sort of the time. I mean, I’m not selling you anything, but I think you do want to, uh, we probably don’t want to miss out. So now.

[00:39:39] Brad Nigh: Yeah. This is kind of that, what is it the, we passed the earlier, what is it? The initial, yeah.

[00:39:48] Evan Francen: We’re starting to get more and more adoption

[00:39:49] Brad Nigh: the mainstream and the adoption of security, not just driven by regulatory or compliance requirements. Right? We’re starting to see people actually want to do it.

[00:40:00] Evan Francen: Yeah. Which is cool because if you’re competitive to everybody, you know, you kind of want us to, your score, you like, where do I rate? Yeah. Uh, that was good barbecue reviews Chicago. We went to blackwood barbecue Given an overall rating of 7.5 which is kind of feels pretty good. Big heads overall rating of 8.25 if your urine Walkinshaw I think it’s Walkinshaw Waukegan. There’s a lot of walk things over there. Waukegan. Big heads is the place to go. It was really good. It’s gone by a bunch of uh owned by a family. It’s a family son was chopping meat. Mom was at the register. Dad was probably you know, probably it cooked the meat we want to smoke barbecue in in Chicago. S. M. O. U. S. M. O. Q. U. E. Somebody told us that was because we’re beginning a lot of recommendations to write. Somebody told us that that was the best barbecue in Chicago.

[00:41:02] Brad Nigh: Well that impressed.

[00:41:04] Evan Francen: Well I don’t know we best is relative And we have different views that end rated very good 6.75. That’s me. That’s a meeting coming up Dallas uh become large. You ever heard of pecan lodge? And I’ve been there. Holy buckets were good. Yeah. Yeah. Yeah. Yeah I was

[00:41:30] Brad Nigh: I’ve been salivating right now man. I went to was it uh salt lick out of bite near Austin. It was really good.

[00:41:39] Evan Francen: Yeah this is good. Barbecue, wow, become large. Overall rated it a nine. You know it was good. The best brisket I think I’ve ever had the uh huh. Just the right amount of smoke. The fat cap was just like just melted right into the meat and then the the rub.

[00:42:04] Brad Nigh: Really good. Oh

[00:42:05] Evan Francen: my God. Yeah so you and I are going to have to make a trip to Deep Ellum is the is the neighborhood in Dallas texas to get some. Uh

[00:42:14] Brad Nigh: So I didn’t get to do that. So we had the one here, the rib cook off and my daughters saw me making the ribs the night before and rubbing and they were mad like

[00:42:25] Evan Francen: they’re managing

[00:42:26] Brad Nigh: previous that they weren’t there was for work, they were going to get any. So I promised them if they did a bunch of chores of you know the two days. So there we go. I’ll send that out.

[00:42:37] Evan Francen: That’s very nice. Did you bring us here? I have three wrecks. You didn’t finish through rex. Did

[00:42:42] Brad Nigh: you know did that saturday? We did have it for dinner again last night but nice. You’re gonna be gone this week. I should have brought it in today.

[00:42:50] Evan Francen: Alright, I’ll be gone. I leave for san Diego on Wednesday.

[00:42:58] Brad Nigh: All right, I’ll bring you some tomorrow

[00:43:00] Evan Francen: and I’ll come back thursday talking to I. S. S. A. Okay in san Diego?

[00:43:05] Brad Nigh: Yeah I was

[00:43:07] Evan Francen: just out there. Yeah, you were absolutely gorgeous to stop by and say hi to those guys too. All right. And then what else? Oh ok so then my wife stayed so my flight originally was to come back on friday. Okay this is this story, this is the last part then we can talk about other security things. Uh I was supposed to leave flight was on friday. Um My wife and daughter were staying, we figured we’re having so much fun with stay until sunday. Okay, so they flew southwest. You can change southwest airline tickets without any fee. I flew american nutso doesn’t work the same way. So I’m like, well some of a gun and I don’t want to spend like, So I look up, you know, how much is it for another flight? five the cheapest flight I can find was like Remember what it was, 575, bucks, something like that. And I was like, well I don’t want to pay that. I just don’t. And so uh and and so I canceled my flight with american and then you got to pay the cancellation fee, whatever. So I got some money back on that. And then I thought, well I’m going to drive home. All right. So I had points, you know, with enterprise cost me $6.09 to rent a car in Dallas and drive back to Minnesota to drive. It’s about 14 hours. So I did that yesterday. So I left at three a.m. I got here and actually took me less than it took me probably like 13 hours. And my wife and daughter flew from Dallas at, they let their flight left at two p.m. They got home at 605 PM. So I left Dallas at three a.m. And I got to the airport uh in enough time to meet them at the battle that’s going to clean. Right? So yeah it was yeah there was an interesting drive for sure. There’s um there’s a lot of things you see on the road,

[00:45:10] Brad Nigh: a lot of open field

[00:45:13] Evan Francen: not open fields. Yes. I came up through Oklahoma Kansas Missouri Iowa Minnesota. Yeah so there you go. That was my story. I don’t know how many people actually do that.

[00:45:30] Brad Nigh: Kind of nice to get some probably quiet time to reset and thinking

[00:45:36] Evan Francen: yeah but I just kind of zone out, You know it’s 13 hours just zoning time anyway so that was the that was the road show. It was a great week. I’m looking forward to san Diego this week. Oh while I’m in san Diego, john harmon is at B sides in somewhere in Virginia.

[00:45:58] Brad Nigh: Oh yeah done like in Charlottesville or something. You? Ve a

[00:46:02] Evan Francen: yeah so we’ll be splitting the country again this week and then I think next week is um I don’t remember. I mean uh we started off the podcast with like you know we’re just super busy. Who knows? We’ll take next week when it gets here

[00:46:18] Brad Nigh: one. So I’m gonna be just missing john because I’m flying into the D. C. Area saturday to speak sunday and then fly back on monday. I was excited. I was gonna you know where I’m from. And uh I was looking up tickets for the nationals. They’re you know they’re in the world series first time and The standing room only tickets are like $650. It’s like well nope

[00:46:42] Evan Francen: everything on the on the east coast is super expensive both coasts.

[00:46:45] Brad Nigh: But I think it’s because it’s their first world series and everybody’s Jacked up like the cheapest seat ticket was like $750. I was like, hey

[00:46:55] Evan Francen: so who do you think’s going to win the World Series? I hope the nationals well and say hope. What do you think? Um

[00:47:04] Brad Nigh: you know I really have no idea.

[00:47:08] Evan Francen: I’d like to see the Nationals win too. But I do think it’s gonna be really hard to get past that. Well that pitching staff both both

[00:47:15] Brad Nigh: pitching staff. So. Yeah I know but five of the top 10 strikeouts and six of the top 10 in the R. A. Across both. I mean

[00:47:24] Evan Francen: if I had money and I had to place the bet I would place it on Houston. But I’d love to see the Nationals

[00:47:29] Brad Nigh: win. I mean got to feel like you know they’ve got nothing to lose at this point they’ve already you know one the playing game knocked off the Dodgers knocked off the Cardinals in four. Like

[00:47:41] Evan Francen: anybody knocks off the Dodgers as a friend of mine right

[00:47:43] Brad Nigh: when they’re playing with the Yankees

[00:47:46] Evan Francen: but you know Houston beat the Yankees. So I love I love both teams right

[00:47:49] Brad Nigh: now. I think there’s more pressure on Houston. So the Nationals are playing a little bit more when you play with how it’s funny you’re free, you’re a little looser and it’s hopefully it’s good for them. We’ll see I’ll definitely be able to catch both the games there saturday sunday. So I’ll be I’ll make sure I go out and nice at least trying what are

[00:48:13] Evan Francen: you and what are you doing out there?

[00:48:14] Brad Nigh: It’s uh speaking at the Association of School Business officials national conference so it’ll be a to our bank breakout session

[00:48:24] Evan Francen: two hours. So it must be for CBSBS

[00:48:27] Brad Nigh: I’m assuming

[00:48:28] Evan Francen: it seems like that’s the thing. I didn’t really know that until I went out to talk to I Sacha Orange County. They’re like yeah you uh you know you talk from this time to this time I’m like that’s like two hours like well yeah it’s for Cps and like can I talk for like an hour and you just give you credit for this second? Yeah. No no so it’s like okay well

[00:48:52] Brad Nigh: I think we’re we’ve tried to talk slower we’ve got so many Cps it’s actually like not an issue but right it’s a lot harder for people not in consulting and not teaching classes and

[00:49:06] Evan Francen: that’s true. Very true. Right? So uh so you’ll be in D. C. Next week. Big conference. Good stuff. Um I’ll be in san Diego this week johnson Virginia whatever. It’s a big big world I guess. Uh So tell me about this week. So this week you we were talking about some instant response stuff. You’re still working on that big instant response that we were talking about two months ago. We finally

[00:49:35] Brad Nigh: got contained. We called we’re pretty much calling it with we’re not seeing any more indicators which is good

[00:49:42] Evan Francen: right now you’ve got some validation to a a big consulting company. Yes that does a lot of incident response high profile ones

[00:49:52] Brad Nigh: brought in by the insurance company to validate you know that they should pay it and that we were doing the right thing and you know and it was good that they basically came back and said yeah they’re they’re all over it.

[00:50:06] Evan Francen: They were impressed. Yeah that’s good. Yeah that’s always nice because you know we talked about That imposter syndrome thing right now. I mean there’s lots of times I feel like man, I think I’m doing this right? I think I’m doing you know even 27 years in. I’m like am I as good as I I don’t know and as

[00:50:23] Brad Nigh: complex as that is and somebody

[00:50:25] Evan Francen: tells you it’s nice.

[00:50:26] Brad Nigh: Yeah. Yeah it was very nice. It was good. I think some of the guys on the team were really like holy cow I can’t believe they said I’m like no I’m not surprised they got kicked

[00:50:39] Evan Francen: butt in this one consulting company we’re talking about the other one is, uh, I’ve seen some of their instant response plans before and been totally unimpressed. So I guess it kind of depends, you know, when you have a big consulting company, um, you really don’t know which end of the spectrum you’re dealing with. I would assume an insurance one. You’re dealing with a pretty high end in, in that spectrum. But you know, maybe it writing incident response plans. Maybe you get like the college kid.

[00:51:09] Brad Nigh: Yeah, the intern. Yeah. Yeah. No, it was good and it’s kind of the second validation we’ve gotten from insurance that we’re on top of things. So uh, you know, the guys were able to, we have the other active one right now where they were able to actually pull some evidence and find the source of the riot infection, pull some logs and show when it started and which is, yeah, that’s pretty cool stuff. Um, So it’s always good to validate to make it makes them feel good. three more potential incidents apparently we’re waiting to hear. Uh,

[00:51:55] Evan Francen: and whether they want to

[00:51:56] Brad Nigh: move forward or not, it’s like not cheap hey. Well, and it’s like the longer you wait, the less likely like things are getting overwritten and logs are going away. It’s like

[00:52:09] Evan Francen: the house is burning down. Yeah, but the fire department costs money.

[00:52:14] Brad Nigh: Yeah. And so now we’re, you know, is what it is. We’re here to help them if they want it, but

[00:52:20] Evan Francen: Well that’s good. Now you were telling me about a tool and I’ve never used it before that you are you and the team are using now and kind of getting familiar with called Hive. Right. Tell me about Hive.

[00:52:31] Brad Nigh: So it’s basically it’s an instant response management tool. Upload artifacts, upload evidence. Um, does a lot of the reporting and management of instead of using spreadsheets and one note or whatever you might be using just a little bit more easier to use. Um got some add ons and stuff around cortex with where you can upload um different pieces artifacts. Right? And run against multiple sandboxes or known threat feeds and stuff like that. So just automates a lot of that manual process that we’ve been doing. So it’s a, I’ve been impressed so far. We’re gonna be looking at some commercial tools as well as free open source one, which is kind of double edged sword because you have to manage it and maintain and updates and stuff, but it has a lot of functionality and you can’t beat the price right?

[00:53:30] Evan Francen: When I like open source things more because it forces me to learn it or you know what I mean? Uh open source commercial, I mean I know that there’s cases to be made for both. So it’s not one or the other necessarily or or one is better than the other. I prefer open source because it forces me to learn.

[00:53:52] Brad Nigh: Right? Yeah, yeah, I think it’s been, it was good. I did the initial install and reminded me how long it’s been since I’ve really got deep into Lennox had to turn the sound off on the computer because I was like, ping wrong shoot, that’s wrong. Wrong.

[00:54:11] Evan Francen: Wrong man. Yeah. So the Hive, it’s called

[00:54:17] Brad Nigh: the Hive

[00:54:18] Evan Francen: project. The Hive project. Okay. And I’m sure if you’re an instant response, many people probably already know what that is. I I’ve never used it, so I’ll be interested to hear more about it.

[00:54:28] Brad Nigh: Yeah, the future. Yeah, it was, it’s pretty nice. It’s all yes, the Hive dash project dot org. Um, but yeah, it’s got a lot of built in things. You can used to hit different analyzers and if you wanted to share, you, you have the ability to share with others using the tool. So if you were to find, you know, something new, it’s kind of crowd sourcing some of that analytics and stuff, so you don’t have to so sensitive stuff. You don’t share it. Cool. So that’s been, yeah, it’s been fun.

[00:55:10] Evan Francen: That’s cool, man. All right. Uh, Okay, let’s get into uh, news. So I only have one this week and it was uh, one that you actually just shared with me prior to, you know, starting the podcast

[00:55:25] Brad Nigh: and I have two more after that. So

[00:55:27] Evan Francen: you have a couple? I do. Excellent

[00:55:29] Brad Nigh: surprise you.

[00:55:31] Evan Francen: So this one is uh last week, was it last week, when is it

[00:55:35] Brad Nigh: 18th,

[00:55:36] Evan Francen: 18th Threat Post? Uh had a A news article Zappos offers users 10% discount in 2012 Breach settlement, Lawyers will get $1.6 million 24 million customers. So the lawyers get 1.6 million, you get a 10% discount

[00:56:00] Brad Nigh: and you have, if you do nothing, You lose out, you actually have to opt in to get your 10% discount. Otherwise you’re you don’t get anything,

[00:56:09] Evan Francen: see who see that lawyers. I have to watch what I’m going to say otherwise get in trouble. Yeah, but does this not seem wrong?

[00:56:21] Brad Nigh: Yeah. Hey your stuff got stolen and we’re going to give you off the people who actually

[00:56:27] Evan Francen: suffered here potentially. I don’t know if you suffered or not but 24 million customers suffered some form of loss otherwise I would assume that there wouldn’t be any liability like this. So you get 10% off, I can get 10% off with a coupon code

[00:56:44] Brad Nigh: at the company that screwed up to begin with and cause me harm. So they are going to benefit

[00:56:50] Evan Francen: The lawyers get 1.6 million and the judge approves this and what’s a judge,

[00:56:55] Brad Nigh: it’s a lawyer. Yeah. Yeah, it’s like I don’t know anyway. Yeah that that kind of pisses me off because

[00:57:03] Evan Francen: it’s so wrong because it’s funny because like it’s it’s within minutes of a breach being announced before lawsuits are already being filed. So it’s like a hurry up first come first serve, file a class action. Try to find somebody so that you can, it’s just ambulance ambulance chasing. It’s not helping.

[00:57:25] Brad Nigh: No. And it said the people impacted get nothing. Like basically if you spend money with a company that harmed you, we’ll give you a little bit off. If

[00:57:36] Evan Francen: anything this is like a sail for Zappos. I mean they’re probably going to it’s better you know better revenue from being things like this seems wrong. Yeah.

[00:57:48] Brad Nigh: Um So the two I had real quick um are both on naked security by so foes uh And you don’t have it. But pixel fours face unlock, works with eyes closed. So if people are asleep or unconscious or deceased dead, you can unlock their phone. So that’s kind of an issue.

[00:58:09] Evan Francen: Especially at home. Like if if you’re doing something on your phone that you shouldn’t be doing your wife can just take your phone while you’re sleeping. And yeah put it on your face and

[00:58:17] Brad Nigh: or even if you’re not doing anything wrong. All right. You have somebody who’s snooping that’s a violation of your privacy. That’s that’s a problem. Um So they’re claiming they’ll have a fix issued within months they’re saying and don’t use it until the fix is issued

[00:58:41] Evan Francen: so and the

[00:58:43] Brad Nigh: other one and I can I’ll send this to you so you can post them. But the Samsung galaxy S 10 fingerprint reader beaten by a $3 gel protector. So

[00:58:55] Evan Francen: it’s just smash your thumb into the gel protector and then put your

[00:58:59] Brad Nigh: put the detector. So after fitting the the screen that gel protector, she could unlock it using any of her fingerprints, not just the one that was enrolled,

[00:59:09] Evan Francen: interesting. So that’s a naked security

[00:59:11] Brad Nigh: also. Yeah, I’ll make sure I send you these so you can posted out. And Samsung admitted it was real and was going to release a software patch. So and I think both of those really kind of go back to my my ranting of biometrics are a great identify. Their not so great authenticator.

[00:59:30] Evan Francen: Right? Yeah. Yeah. There’s another one on threat post to about the ocean wave. Sorry about that. There was an ad uh about voice phishing.

[00:59:43] Brad Nigh: Yeah, I had that one up to

[00:59:44] Evan Francen: Yeah for Alexa and google will have to talk about that next week. Yeah. All right well that’s uh that pretty much wraps up our show. So we talked a lot about the security studio roadshow and talked a little bit about other things uh Next week it’s a short road show this week so I don’t think we’ll spend a ton of time talking about it but we might have to force bread to write this show. No

[01:00:07] Brad Nigh: actually I will I

[01:00:08] Evan Francen: will actually right now I’m just keeping that

[01:00:10] Brad Nigh: Uh Maybe. Yeah. No promises.

[01:00:13] Evan Francen: Yeah, I’m with you on that. Well that wraps up another episode. That was episode 50. We only have two more episodes before. We’ve been doing this for a full year. It’s crazy. And about it was about a year ago when I started growing this beard. Excuse me, my thoughts. Something. Alright. So thank you for our to our loyal listeners. Thank you always for your tips and feedback. We do you know, strive to make these shows kind of valuable even though we originally started this show just so I could spend an hour with bread. We could spend an hour just talking about things catching up because we get so so busy all the time. Uh But send us your wisdom, questions, advice, whatever. Send it to uh to our email insecurity at proton mail dot com. If you are that social type get brad on twitter at brad and I get me at Evan francine also follow security studio at security studio and the S two roadshow

[01:01:12] Brad Nigh: whatever. And of our security out of our secure

[01:01:16] Evan Francen: boom. That’s right. Oh yeah because fr secure is not doing a lot more social media things. Absolutely fr secured. That one’s easy to spell to. Like your name is not easy to spell brad and I mean it is but you can take it it’s @BradNigh.

[01:01:34] Brad Nigh: Not and I E. Yeah.

[01:01:37] Evan Francen: And the mine is @EvanFrancen Anyway. That’s that. Um, Anything else Brad? No. All right. Talk to you next week.

[