Rapid7 vs Qualys and Their Petty War

Unsecurity Podcast

Evan and Brad are joined this week Serge Suponitskiy from Flight Centre. Together, the three guys will catch up on what’s been going on in Serge’s world, and then break down a petty war between Rapid7 vs Qualys from last week.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Evan Francen: All right. Good morning everyone. This is episode 76 of the Unsecurity Podcast. The date is 20 April 2020 and I’m Evan Francen joining me is my co-host Brad Nigh. Good morning Brad.

[00:00:35] Brad Nigh: Hi, the note’s high. High are you

[00:00:41] Evan Francen: so much enthusiasm

[00:00:43] Brad Nigh: It was nice out this weekend actually. Got some fresh air not stuck in the house. There you go.

[00:00:49] Evan Francen: It’s monday morning. A little too much enthusiasm I think from monday morning, but we’ll get to that.

[00:00:54] Brad Nigh: I put it down. Yeah.

[00:00:56] Evan Francen: Right. We have a special guest. Let me give you a little background about this guy. I’m pretty excited that he’s here. He’s a global business and technology leader with more than 20 years experience building enterprise, innovative solutions. He’s guided many organizations through successful transformations, But arguably arguably none more difficult than the one he’s currently facing with COVID-19. He’s currently working at Flight center, a global travel company. And as you know, the travel industry has been decimated by the pandemic. His name. His name is serge Supinit Ski. And he’s the Ceo. See so for those of you who don’t know what, See so is that chief information security officer and now the interim Ceo at flight center Americas region. Welcome surge.

[00:01:46] Serge Suponitski: Uh thank you. Evan. Glad to be here today.

[00:01:49] Evan Francen: Did I get that? All right. You got it.

[00:01:51] Serge Suponitski: All right.

[00:01:52] Evan Francen: You’re actually uh three chiefs right now.

[00:01:57] Serge Suponitski: Mhm. I I say two chiefs the third one. Listen, I’m not to uh you know I’m not thinking about that but it’s really the CTO and the season. So um you know, the history goes that I was actually just the CTO and uh you know, a little bit of a background. So my previous uh boss, we’ve been talking about finding cesar for a long time for more than a year. And then we started that process probably sometime in september of last year. And uh we were looking everywhere. You know, we you know, we had our own recruiting teams, we had you know, recruiters from outside. We’ve seen so many resumes, we’ve seen people coming to our office and then sometime in december we sit down and we said listen, security is becoming extremely important for this organization. Um and we made a strategic decision that I will be moving to that role full time somewhere in january. And uh and that was the decision, you know that I was going to be working with a global team setting up a regional security program, best best in class security program. And and then things have changed. Things have changed. Then a little bit we’ll have my C. T. R. O. Uh you now have the sees a role and uh you know I’m just working with a lot of people handling this covid 19 situation, just like everyone else. You know, everyone’s got different, different scenario, different uh different ways of dealing a different everyone’s got different situation, you know, when it comes to work was so uh yeah, anyway, I’m glad to be here.

[00:04:00] Evan Francen: Yeah, I’m happy you’re here, man. Now, have you seen my slide decks from the talks that I give?

[00:04:06] Serge Suponitski: I did, I did.

[00:04:09] Evan Francen: Um I thank you.

[00:04:10] Serge Suponitski: And you’re taking me on your wall. You used to take you still do.

[00:04:19] Evan Francen: All right, great. And I tell everybody and every talk that I give, if you want to be insecurity, you need to have a Russian friend

[00:04:27] Serge Suponitski: and maybe chinese, which

[00:04:31] Evan Francen: I have that to Leslie’s pictures on there.

[00:04:34] Serge Suponitski: Yeah, I have Leslie Leslie

[00:04:36] Evan Francen: still there. I thank God I’m gonna show you, I’ll show you the slides later on, wow. But again, welcome. We’re gonna get to talk to you more about, you know, kind of what you’re going through and all that good stuff. What we normally do in the podcast and it’s customary is for justice us to catch up. Right? So before we jump into the meat of the show, let’s catch up. Uh if you’re a new listener, you might not know the first motivator for us starting this podcast At the beginning. So that was 70 six ish weeks ago. I wanted to do this so I could spend an hour every monday morning with brad catching up. So that’s what we do at first. So brad tell me about your weekend,

[00:05:21] Brad Nigh: it was good. Got outside. Yeah. Fresh air is nice out. It was kind of nice to get some stuff done and get out of the house.

[00:05:33] Evan Francen: Yeah. Yeah. We uh I was working on a garage, my garage making a man cave. Women are allowed in it too. It’s just, you know, we called him and give

[00:05:46] Brad Nigh: Yeah, that’s cool. Uh our youngest, you know, he’s in kindergarten. He’s been struggling with this transition, right? He’s five and they need that that routine I think at that point. So school has been a little bit of a tough thing for him. His t direction lives in the neighborhood and walked by and a little bit like a social distancing visit that was to check on him and his attitude was, it went from like just kind of cranky and you know, a five year old to like you can just immediately see and get happy and so it was really cool over to to do that. So it’s amazing what what this is doing just to everyone.

[00:06:28] Evan Francen: Yeah, it’s wearing on people for sure. Surgeon. What about you? What do you do this weekend? You’ve been out riding the bike?

[00:06:35] Serge Suponitski: You know, I wanted to ride my bike yesterday, but it was a little bit chilly. You know, my friends always laughing on me, You know, they say, hey, listen search can only right if the temperature goes above 50 50 degrees that I’m out, it was above 50 but I didn’t have it. So instead I actually watched a really great documentary but Marco Pantani who is a really good italian writer In the late 80s 90s and it’s a sad story. I mean really, really great writer who was one of the best writers of all times. And then he was caught up with this era of doping and And yeah, he, it was the the the name of the movie, it’s an accidental death of cyclist. So he got 34 from drug overdose. But uh you know, he was uh you know, he wanted to join professional cycling and you know, his mom was so happy about him and he said now I want to quit and she goes why? Because it’s like a mafia and in the whole documentary about you know, the the money, the so it was an interesting movie. That’s what I saw. So I didn’t go biking but I did instead. Which that which the interesting documentary market painting. Uh huh That’s

[00:08:07] Evan Francen: okay. And it was that on netflix?

[00:08:12] Serge Suponitski: Uh it’s actually it’s on netflix and it’s on you can find it on Youtube as violence Free documentary. Very good. And then I uh walked with my family did a couple of circles here. You know, my son refuses to go with me. I mean he’s 17 so So definitely I can hear him playing with his friends, you know, they do different gaming’s, but my daughter, she’s 14. And my wife, I mean, we do regular walks around the area. So yeah, and then my wife was cooking, I was watching that I was Trying different things. I mean, that’s one of those things that she started picking up during this COVID-19. You know, we were so always busy running around. But now, I mean, you know, you’re reading, you’re listening. So you need to learn one of those hobbies. So my wife picked up, I mean, I always knew that she knows how to cook and she wants to cook, but now she really is cooking, you know, it’s amazing. Amazing.

[00:09:19] Evan Francen: So there’s, there’s a joke, We’re not really a joke. We always call you the mayor of Montreal, Montreal, New Jersey. Well, New Jersey has been hit really hard with. Mhm. Right, What do you like? What’s it like in Montreal,

[00:09:34] Serge Suponitski: City of Montreal, we have 67 cases of, you know, people that got coronavirus 66, we have five fatalities and we have 100 20 negative cases. So every, every week and at the end of the week, our mayor Mike Gonzalez, who is writing for Congress, He is, uh, he’s posting on facebook that those stats, we also have regular phone calls, meetings. I mean, so, um, I’m trying to help as much as I can. But you know, there’s a lot of other people that can actually help this community and there is a lot of communication and you know. Yeah. So I’m not a mayor, but I do know mayor, you know.

[00:10:26] Evan Francen: Yeah, that’s the that’s the running joke that he always called you the mayor because you know everybody in that town. So how many how many how many cases?

[00:10:35] Serge Suponitski: So 67 cases, positive cases and five fatalities. And but the next city next city to Montreal. I mean, it’s like one town to another town. Right? So we have park ridge, which is right next to it. Remember you and I, we used to go to uh, Italian place and Bellissimo right between that bellissima. I mean, it’s probably a minute away from police in the town called called Partridge. So they have old early uh senior citizen place. So they just posted the 33 people died in that place. You know? It’s uh crazy. Yeah,

[00:11:15] Evan Francen: that’s sad. Yeah, I’ve been spending more time at Home Depot. All right. So the good thing about Home Depot is it’s the aisles are wide and it’s not much of a social place anyway, so it’s easier to kind of stay away from people.

[00:11:32] Brad Nigh: Are you are you wearing a mask? It Evan? No,

[00:11:36] Evan Francen: I don’t get a mask over this beer to my

[00:11:40] Brad Nigh: uh no, I was looking for that. I’m gonna use the uh fishing gator, like the band X, Right? Sunblock. And then you put like some strips of like a T shirt or something in over your nose and mouth. It’s supposed to be good. And that’s instead of actually doing a mask. Well, it’s cool because then I can have my

[00:12:01] Evan Francen: think my wife’s like one of her cups of her bra and strap that around. Yeah,

[00:12:07] Brad Nigh: I’m not sure that’s gonna work, but all right,

[00:12:09] Serge Suponitski: whatever. But in New Jersey, New Jersey, I think in new york for sure. You know, thursday, I think as well it’s a must, you must wear uh bandana or something, a mask when you go to any store. I think it’s a must.

[00:12:26] Brad Nigh: Uh, there’s a couple in California, maybe san Francisco or something as well. I think it’s going to become more, more common. Yeah.

[00:12:36] Evan Francen: All right. Well, I invited search to the show for a couple of reasons. 1st. Uh, I really do like, like the guy, we spent some good quality time together. I got to know him really well. It’s one of the people I admire and respect. The second reason that I invited him was Uh, to get his perspective on dealing with COVID-19. We’re here in Minnesota where things are different. We work in a different industry. You and I brad versus, you know, we’re surge work surge works in the travel industry and it seems like everything in the travel industry is just turned upside down. There’s hardly any travel if any. Uh, so he works for a company called flight center. Uh, and I did some consulting for flight center uh as your virtual see so in the Americas region for about a year and a half maybe. Um Love, I grew such a love for the company and the people there. Ah so I wanted to you know flights and it really is a is a great company and it’s just you know crazy what’s happening. So wanted to get your perspective surgeon kind of what you’re going through. I mean think back to you know just prior to kind of things flipping upside down, you know, what were you doing then? I mean you guys planning on you know 2020 it’s going to be a good year and I mean what

[00:14:04] Serge Suponitski: 2020 2025? Yes planning. Uh The company was you know we were the largest were the largest travel management company in the world with five lines of businesses. Uh destination management, corporate leisure, all sales and students with 20,000 people globally. Uh in Americas region, I mean I mean and we traded on the public Australian exchange In America’s region. Um we had about 37, 800 employees Globally. We have 35 brands in Americas region which is Canada us and Mexico we have that 15 different brands. You know um everything has changed I would say in my kind of world in our world after March 13. Uh This is uh the data and I remember very clearly that was friday the March March 13 business as usual, you know everybody is like looking at the news and reading the news and we’re talking about it and Um but March 13 Friday, I was sitting in the uh the World Conference room. I mean you probably remember when you walked in on the left, like it’s one of our kind of like a boardroom. So I was sitting there and it was 1225, we just finished a meeting, I was sitting there by myself and all of a sudden the uh my CFO peter stone comes in and said search in five minutes, let’s meet at the lido deck, lido deck. This is where we’re making the kind of a company announcements and stuff like that. And our people work. State troopers and Vice president of HR Su su Brandon, she uh she uh you know picks up the mike tells everybody and I see everybody’s coming from left and right and there is a tv on and trunk is on tv. So I’m like oh we’re just gonna watch the president’s life addressing something. So no no no they turn off Tv and Sue Brennan got up on the chair And said we’ve just been notified that one of our employees got COVID-19 uh coronavirus. Um and everyone as of right now everyone goes home. So that was Friday the 13. So the person actually that was you know was diagnosed positive was not In the building for at least a week. So the person the last day of that person in the building was Thursday March five. Um So but what happened since it was like a panic, I’ve seen people you know you’ve been there for a week but now all of a sudden people just started grabbing things and running away. I mean it was a scene. So anyway um I had to have an emergency meeting with our executive kind of a team uh to talk about okay who will have access to the building because we still have mail coming in from the post, you know kind of a male coming in. Uh There’s still few things that you know, some people that were not in the office but had computers but need to pick up computers. So there is a lot of logistical things that we needed to kind of work through. uh so we did that, so since then since March 13, since March 16 in Montreal and Montreal Office is about 350 people, but we have 300 offices across America. So we have about 150 offices in the U. S. 150 in Canada. So fine since March 16th, we are in Montreal, you know the the headquarters for us, everybody’s working from home and you know we’ll talk about it but we had no issues for people working from home because we moved to everyone to the cloud three years ago strategically we’ve tested a lot of different things, so we have tax stop and people able to work from home and do their work. That’s not an issue. But we started thinking about all the other offices, other people. So it was all started Getting very coordinated and I say that by the end of that week, which was the March 20, pretty much everyone in the organization started working remotely just fine. Uh and our first, you know, our first kind of uh response or the thinking was listen, it’s all about our customers and safety of our customers as well as the safety of our employees. That was kind of number one priority. So we immediately, you know, kind of since then made a decision that all offices will be shut down and people will work from home. But at the same time we had situation where for example, one of the line of business, the student universe, for example, All of a sudden we had students, you know, and we’re dealing with all the universities, you know, with the government shutdown and university shut down all of a sudden they needed to get home from all over the United States from different parts. So we had 5000 at one point we had 5000 uh students on hold in q Waiting for our agents to help them out. 5000. So what we did immediately. So any agents throughout the organization, even if they were not familiar with the particular line of business student divers for example. But they were with liberty travel and they’ve used different technology but they all uh we’re able to help and we we made some changes but it was all about our customers and safety of our customers. And we were just helping everyone and everyone worked as one team for the next 23 weeks helping people to get home to get from different countries. Uh you know or cancel different things, different events. You know, we had grouping. We have people groups that uh you know that book travel to go to europe or Asia. And so I say for a month or so our people were working just taking care of all customers from different lines of businesses just to help them to get home to get safe. And we also have other um, you know, kind of information sources like security sources and stuff like that. So we’re pushing a lot of information to our customers, making sure that they save secure that they find a place to either stay or move. So that was kind of the priority of uh since the they marched the 13, that’s when the world kind of uh changed upside down for our organization at the same time. While we uh we were helping. I mean we knew that our revenues, our cash liquidity, everything will be going down. Right? So uh since then the liquidity management or cash management is probably became Number one priority right now, especially right now um because you know, we shifted immediately from a strategy where it was all about winning to all about surviving. So when we talk about strategy, you know, strategy to me is one, it’s always to win. Uh now the strategy is all about to survive at the same time, you know, survive but when, when things will turn around right,

[00:22:31] Evan Francen: it was crazy because flights are such a high growth company.

[00:22:36] Serge Suponitski: Yeah,

[00:22:37] Evan Francen: from acquisition. Uh I mean just the time I was there in America as you had acquired, you know, half a dozen companies.

[00:22:46] Serge Suponitski: We we I mean we were growing, you know, we were growing organically as well as through mergers and acquisitions. So the acquisitions, yes, we acquired some companies, we made some strategic investments upside was the recent one that was the owner is jake walkers, the the guy who started Priceline dot com. So we have 25% of investment there in partnership. So we were on the high growth, you know, our corporate line of business is booming. You know, we have rants like corporate traveler or fc m you know where we compete with american Express and other big names and travel industry and you know, I mean we have very solid good kind of a customer base, large customers, medium sized customers and small customers and uh we were doing well, we’re still doing good um you know on the corporate traveler, you know, on the corporate line of the corporate line of business, there’s still some work that is happening, especially, you know, listen every company they have travel department. Yes, the travelers stopped but they’re planning for things to turn around and they are still, you know, sending us security question areas right at different times. Uh so uh things still happening, but not definitely not to the same extent that we used to be. So um we’ve done some definitely uh you know, kind of, we put some controls in place. We’ve been uh you know, the message in the communication during this times were so important and it’s still so important and we’re doing different videos and postings and communication all the way from from our Ceo to that kind of a regional management and so forth. So we we’ve done, we put some uh controls in place um and we think that we could potentially survive. I mean we’re really looking and thinking about surviving right now in this kind of situation and coming out possibly in the kind of a in a different way, but that’s what we’re doing

[00:25:11] Evan Francen: well, unless it’s like you said, it’s, you know, winning, I mean can you come out on the other side of this better off than your your competitors, you know, and you know, the stock price for flight center on the Australian stock exchange towards the Beginning of the year, right? In January was $40, Yep. Today, you know this morning, it’s at 10

[00:25:37] Serge Suponitski: oh seven and we stopped, we kind of hold on the whole trading thing, I mean now it’s stand it was 40 but two years ago it was 70 72 75. Yeah, so it is a big Australian Australian dollars but the big difference huge difference. So again, as I said right now we’re just dealing with cash, you know, liquidity management on a daily basis. I wouldn’t say the homeless daily basis, we’re looking at everything, right? So uh two of the biggest expense, like you know your expenses, your cash, it’s the payroll and your leases, right? Your occasions. So we made strategic decisions on the allocations and we’re still working through that. But we will, I mean it’s it’s publicly announced, we’re going to be closing close to 580 stores globally. Uh So it’s announced uh and in terms of people, I mean we reduced globally by 30, 30 to 40 globally. Uh so furlough permanent, all that kind of different traditions different, you know, but at the same time, I mean we’re working very hard. We have a task force that kind of dealing with different uh petitions and government subsidies. I mean we have like a task force that really working and following every single news, every single paper that we need to fill out so that we can help our employees in different regions, different countries. So because Canada making decisions that are totally, you know, not the same that in the U. S. Or Mexico or Australia and so forth. So we’re trying to work very hard with kind of uh, in following the government news. Uh, and adjusting our positions based on that.

[00:27:51] Brad Nigh: I’m going to be such a fine line to walk between, you know, surviving and then win this light, you know, when travel starts resuming being able to actually handle the demand because there’s onboarding and ramp up time for staff and yeah,

[00:28:08] Serge Suponitski: yeah, we’re looking at competitors. I mean, you know, if I if I, you know, I mean uh we’re reading same news, we’re reading the same reports, Same economical advisers were looking at the IATA which is the regulation of kind of our industry and looking at all the possible reports and data and hoping everybody’s waiting for one thing when right, when things will start changing. So on the weekly basis, different reports based on, you know what our president says, what the local governors are saying, how they cooperating the data. So, uh, so it’s changing on the daily basis. Right? So we just it’s a new way of working new way of kind of living. Um so but at the same time at the same time, you know, in my world right now I’m trying to provide a firm kind of a direction and and normality to employees that’s still within the company in my department uh, you know, basic things like, you know, it’s almost like I’m going back to basics, which is okay guys in the morning, nine o’clock in the morning. Let’s have problem management. You know, Hey, every monday Wednesday, let’s have change management. Let’s follow up our incident management process. As a matter of fact, yesterday there was an incident. So we follow the, our usual process. So it doesn’t matter you in the office or remote or virtually trying to bring that normality through, uh, following the same process, same methodologies that we put in place before. Um, you know, but with less people, we have, you know, less people people actually working longer hours, more more work because you have to pick up some of the work that the people that are not there. Um, but I think communication, communication, uh, pretty much on the daily basis to all employees is right now essential. It’s really communicating the short term goals. Midterm goals, I wouldn’t say long term goals, but I would say short term and midterm goals is very, very important right now, uh, and communicating them through, you know, a virtual happy hours or, you know, virtually all hands or we’re utilizing tools such as workplace. It’s uh, it’s facebook product. Um, so we’re utilizing and communicating, communicating through that channel, uh, on the pretty much on a daily basis.

[00:31:12] Evan Francen: Yeah. So everything, I mean, everything has changed, right? I mean, uh, he furloughed, there’s lots of things that you covered right there. So one is, you know, in any incident, it’s so important to control the message. Right. So you talked about controlling the message, that same thing needs to happen in just an incident response. Right? I mean, this is obviously a much higher, bigger impact, but also you have to let go large numbers of people and then the brads point, you’re probably going to need to bring back in large numbers of people when you’re through the other side of this. And security still needs to be taken into account. Right? I mean, you still have to keep things secure, Attackers are still attacking. You mentioned you’re still getting security questionnaires on a regular basis from your customers. It’s a tough, you mean you’re in a tough spot man.

[00:32:12] Serge Suponitski: It’s a tough one. You know, uh, two months ago. Just two months ago, Exactly two months ago. You know, when still things were going well and fine. I’ve visited our two partners, uh, Saber, which is a global distribution center. It’s one of the largest global distribution center. Uh, you know that we’re utilizing and I’ve met with their and concur that’s another our strategic partner and I met with their CSOS and we talked a little bit about the departments of structures, the incident management, the different things, the tools that they use and how can we work closely and better together. So on the security questionnaire is what was interesting. So I asked them how do they what’s their process and what I was surprised is that the large company, well maybe not surprised large companies they can afford to do things manually. So in other words um to me right now I’m looking at things and the things that we’ve invested and did for the past 23 years Um you know and we were really driven by cloud first automation second. Those were like really ingrained with all my guys with all my leadership and we were looking at every single possible opportunity to invest more in the cloud and invest more in automation and everything. Every process to automate in this right now situation. The COVID-19 is automation is key the reason for that because bread you mentioned. Yes we have much less people But because of the automation while security question aires here is a perfect example. We invested in a two and it has a I component, it has ordered fill component. We’ve built a library of 1500 answers. So every time we get questionnaire ease it’s loaded automatically. Well I mean we have somebody who’s loading, who’s supporting B. D. M. S. Uh and then we just click order fill and we do the spot ship that’s to me automation. Where would I spend some time with some of the larger our larger partners and was kind of surprised that um you know that they do these processes manually uh and again because they can probably afford it. We on the other hand, you know we had a very even though in the Americas region and before Evan join us, I mean our maturity was very poor so Evan helped us dramatically bring us to a totally different world, you know, and we’ve utilized the methodologies and the tools that Evan brought in. So uh we’re on a totally different level and the team was happened we were building a programming team. Um so now that team is drastically reduced So we kind of moved into a maintenance mode where where we’re building where we’re investing, where we’re thinking 2022, Uh now it’s really maintenance uh really maintain not to lose but maintain what we’ve built with limited resources. And I think automation is key automation when it comes to you know, not just security but everything on boarding of you know uh you know just on boarding process, it was so manual. I mean now if we automated like for example everything is in the cloud for us today, we invested in certain tools that automatically shutting down machines is like the whole orchestration is happening. So we would be drowning right now uh if we did not invest for the past 23 years in those technologies we would be drowning right now we wouldn’t I didn’t even know how it would be able to function. So last 23 years we’ve invested strategically into those things, but again, we wanted to uh said we wanted to win, we wanted to invest and do more things. So for example, one of those things our clients started asking more and more about socks to ISA 20 27,001. They’ve been asking us all the time. Well, we had plans, we had plans, we uh we’ve had several conversations with different vendors, consultants, so it was an hour roadmap 2022 2025. uh now everything stopped. We had about 79 projects in the pipeline, everything is on hold. There are only strategic projects, strategic investment that we’ve made. I mean we’re going to keep me and move forward for now. But yes, it’s uh you know, I would say yes when the switch or not to switch because that transition of going again, restarting that business, uh we’ll take some time, it’s not going to be a switch, you turn it on and all of a sudden tomorrow everybody is going to start traveling. Um So I think we’re going to be ready. I mean, this kind of automation and right now every meeting that I have a team, I’m talking about automation even more, I’m telling them to think and look around uh things that we’ve done for years uh and what are the things that we should change? Things that we’re doing today and that just doesn’t work or it doesn’t make any sense. What do we need to change. So those are kind of discussions that we have and right now on a daily basis. Yeah.

[00:38:17] Brad Nigh: Excellent. Plus the other place of automation is, you know, it’s done the same way every time you don’t have five different people doing it five different ways. As long as it’s set up correctly, you’re you’re set.

[00:38:29] Evan Francen: Yeah, absolutely. All right, well, thank you, sir. I it’s awesome, man. I love the yeah, the perspective you bring, you know, and I think our listeners will certainly get some tips and tricks out of what you said. Um the story, you know, from, the 13th, you know, never forgetting that day. That’s that’s interesting. Mhm.

[00:38:55] Serge Suponitski: Right, thank you. Thank you for having me on this show.

[00:38:59] Evan Francen: Absolutely. And we’re going to talk some more, so I want to say it point out hell of a guy, I’m glad you’re my friend and I’m glad we had the opportunity to do what we did together. Uh and I’m sure, you know, at the end of the day, everything is gonna work out

[00:39:14] Serge Suponitski: that everything will work out.

[00:39:16] Evan Francen: It’s hard to see it sometimes when your head down and all this crap that you’re dealing with. Yeah. All right, so, switching gears, uh one of the things I, you know, I noticed last week, I got this email uh I got this email from Quarless And it caught my attention was cuales response to rapid seven false campaign against V MDRV MDR is one of the qualities products. And so as I read through this stuff, it reminded me of a middle school fight. It’s like these are adults, these are like kids fighting each other. It’s just so stupid for our industry. So on the, on the, the show notes web page at Evan francine dot com, I’ve got the screenshots of these, this email that I got and this is from the chairman and ceo of qualities inviting me to a webinar to rebut Rapid Sevens Article that they had written. That said it’s time to quit qualities 10 reasons. My rapid seven is worth the switch. Right? So she’s this crappy, you know, stupid marketing thing. Um, so, but these things get under my skin because who really suffers at the end of the day is the people who, who are supposed to be served by us in our industry, our job is to serve and protect people and we’re supposed to be a lot better than this. So what I did is I wrote this kind of short post for, you know, I’m linked in, but you know, chris roberts is a guy who’s, I think he’s got more, uh, I don’t say, I don’t know,

[00:41:12] Brad Nigh: maybe more exposure maybe

[00:41:14] Evan Francen: well and he’s got more gumption, you know, more like I don’t give a shit with me. I don’t give a crap what you think about me. So I ran it past him first and most of it and then he posted, shared my post and added his words to it too, but it’s an interesting story. I don’t know if you guys had seen this at all.

[00:41:37] Brad Nigh: I hadn’t, but just it’s like I’m with you. Come on. Really. And it’s not just them. It’s, I mean, look at all the stuff that’s going on. Like we’ve talked about zoom in the last couple of weeks, like everybody has lost their minds about like what responsible and how to act like an adult.

[00:42:00] Evan Francen: And are you that insecure with yourself or your product or your service? Did you really feel like you need to respond to this?

[00:42:10] Brad Nigh: Yeah. When a better response to be like, we’re not gonna take the time to justify this or whatever. Like Feels like they’re, they’re escalating the situation. It’s like, it’s like doing my daughters are 12 and 14 right? A concept quit escalating. Just walk away his Yeah, Right. Yeah. Come on.

[00:42:34] Evan Francen: Yeah. So rapid seven threw that first punch it was and then there, you know, and I got a link to it, you know, on the, On the show notes where they’ve got it’s time to quit qualities. 10 reasons why rapid seven is worth the switch. So if somebody had written this about me or about our company, what I really feel like I needed to respond, would you? No, it talks about risk based provocation is one reason research at the core is a second reason. All right.

[00:43:08] Brad Nigh: I mean, look, it’s like, really neither of you have any flaws. You’re gonna start throwing stones and throwing accusations, right? Just opening yourself up and why? Why do Yeah, I don’t get it.

[00:43:24] Evan Francen: Well. So then qualities responded, you know what there? And their title is, you know, so they put out this thing on Eventbrite and everything. It was gonna be a webinar call us response to rapid seven false campaign against the MDR. And then the linkedin post. I think it’s it’s kind of it’s funny to see what people’s responses were. I think chris is, you know, chris roberts, linkedin post alone has like, I don’t know how many comments right now. We’ll probably over 50 comments. And you read some of the comments that people make. And it’s like, it’s just funny.

[00:44:00] Brad Nigh: Yeah, I think like I said, everybody’s just lost their mind maybe being stuck at home and isolated. I don’t know. But it’s it’s crazy. Yeah.

[00:44:12] Evan Francen: So anyway, it’s it’s what not to do. I think in our industry to help people, right? It’s not to in fight because you have to think about, you know, us in the industry, we know call us we know rapid Seven. We know what’s good, You know about what’s good and what’s not good about either product, you know? But what do people outside of our industry think about us when they see stuff like this behavior like this. Yeah. The people that were actually trying to help. Right. I mean, we’ve got about a million people now in our industry. Million security people who Probably have heard of quality and rapid seven. And then you’ve got, you know, just in the United States, 320. Some odd million people who probably never heard of these companies before. Right. And if they catch wind of this kind of infighting and this stupid crap, does that help?

[00:45:06] Brad Nigh: Yeah, Yeah. I mean, well, and you don’t hear other companies, you don’t, you don’t do this to imagine like Microsoft and Apple, like construct competitors doing something this petty.

[00:45:22] Evan Francen: Right? And that’s that’s a perfect word for it. It’s petty. And you actually used to see this back. Microsoft and Novell. Remember

[00:45:31] Brad Nigh: those things. Yeah,

[00:45:33] Evan Francen: surged. Remember Microsoft and novell and the in fighting they had back then with the filing print,

[00:45:39] Serge Suponitski: uh, what year was that? I don’t

[00:45:42] Evan Francen: know. I would have been

[00:45:43] Brad Nigh: late, late nineties,

[00:45:45] Evan Francen: 90s, late 90s. Yeah. It got so weird that Microsoft would actually send limousines over to Novell’s headquarters to try to recruit their developers to come work for Microsoft. At least. That’s a that’s a story. Don’t know if it was actually true.

[00:46:03] Brad Nigh: Yeah. Well, I mean, it

[00:46:05] Evan Francen: was involved in all that

[00:46:06] Brad Nigh: to, it definitely took some, uh, Some stuff from Novell was put into 80. There’s no question,

[00:46:14] Evan Francen: but what, when one was a better product? What one was not necessarily in a better product at the time when he took, you know, novell directory services and you know, Microsoft Microsoft first entry into directory services. But what one was marketing? You know, strategy, you know, the surgeon’s point, strategy winds, planning winds? Uh Nobel kind of sat I think, and just didn’t do a good job on that.

[00:46:42] Brad Nigh: Mhm. But anyway, yeah, whatever.

[00:46:48] Evan Francen: It’s but it’s petty stuff that makes, you know, I’m a product agnostic guy. You use the best tool for the job, right? And I think stuff like this ends up making my job just a little bit more difficult when I’m talking to normal people, if they hear about stuff like this or know about the pettiness in our industry,

[00:47:08] Brad Nigh: It leaves there’s really only three scanners out there, you know, for the most part. Right? You got 10able rapid seven and um, Wallace? Wallace. Yeah, I mean by default, Temple is going to come out of this looking great. Just keep your mouth shut.

[00:47:27] Evan Francen: Yeah, still standing.

[00:47:30] Brad Nigh: Oh, I don’t get it.

[00:47:33] Evan Francen: It’s uh it’s interesting. I mean, if you want to read along with its listeners want to read along with kind of went went down and I haven’t heard anything after that. Uh but it’s yeah, it’s petty, man,

[00:47:47] Brad Nigh: the damage is already done. Yeah.

[00:47:51] Evan Francen: All right. And uh, it did remind me of a middle school fight. I don’t know if that was probably the last time I actually got into a physical altercation was in when I was the last sober physical altercation, quit drinking you know a while back. But of course middle school. All right. Just one news story this week I. T. Services Giant Cognizant is hit by May’s ransomware. Dream about this.

[00:48:18] Brad Nigh: Yeah that’s uh it’s a bigger that’s gonna be a problem.

[00:48:26] Evan Francen: Yeah so this you know the article that I referenced his G. B. Occurs on security? It’s written april 19th which was yesterday I. T. Services Giant Cognizant hit by May’s ransomware cyberattack. Uh I didn’t realize how big cognizant is. Yeah 300,000 employees.

[00:48:47] Brad Nigh: What’s going to be interesting is what’s going to happen. I mean think about how many customers they have and what happens when those customers get ransomed regardless of if it was their fault or not who is going to be facing all the heat. Right?

[00:49:09] Evan Francen: When there’s a pretty interesting background on this particular attack according to under the breach on twitter. Um april 11th a threat actor offers to sell access to a huge I. T. Company for $200,000 in april 17th. He closes the thread saying it’s not relevant anymore. And then on April 18 cognizant suffers the ransomware attack by Maze. Oh so the one potential like his theory is you know May’s bought the access to Cognizant. Yeah if you put these things together. Is that kind of what happened was Somebody had obtained access to somewhere inside of cognizant for $200,000. And they honor about April 11. You know offered it for sale for $200,000. 6 days later they closed the thread saying it’s just not relevant anymore. You know maybe May’s bought that access and launched the attack.

[00:50:14] Brad Nigh: You know I would be surprised given the size. My guess is they were in there before and then when they saw that come out they went oh trying to execute because somebody else is going to come in which we’ve seen I. R. S. Where there’s competing threat actors because you see completely opposite things. You know this makes no and you figure out it’s two different things. But all right that’s my guess. You don’t there’s no way they dropped it that fast. You just don’t see that happen.

[00:50:51] Evan Francen: Yeah. I don’t know. Yeah it could have been the maze was already there and then saw that somebody else was selling access potentially to the same company. That maze is already inside of like you’re saying. And so like well we better launch now for lose our opportunity.

[00:51:08] Brad Nigh: It just what’s interesting is on they’re cognizant. Yeah. Uh huh. Uh huh public speaking or you know announcement whatever. Yeah tough this early monday. Um They said that based on present information We don’t believe the reaction to the COVID-19 pandemic or they’re cognizant efforts to enable associates work from home facilitated this incident. That leads me to believe that they found something that indicates it’s been in there for a while. Yeah,

[00:51:43] Serge Suponitski: I mentioned uh mentioned about the incident last night. So that was actually regarding cognizant. We’re using uh cognizant for certain things. Um so we started having a communication and doing certain things, shutting down a few things. We started that on friday evening or saturday evening. And since then they’ve been tons of phone calls. So I’m also part of the Society for Information Security, where all the C I O C T O S kind of, we have our network. So I was on the call with a few ceos from different other companies. So an interesting thing is that some C I O S I guess it’s it’s interesting how it when things like this happened large organization like Cognizant, how do they decide what information, who to get on the call with? Like, okay, do they break it down into, Okay, we have these largest customers that pay X amount and let’s get on the call and talk to them. And then these vendors, middle tier or a low tier, we’re just gonna send a, it’s interesting how their communication flows because we, for example, uh we’re getting much less information flight center than some other, some other companies that are larger sized and uh, you know, like we are, but C I O C D s in the back and sees as we share the information behind the scenes and talk to each other and sharing.

[00:54:15] Evan Francen: Yeah. Well, did you see the announcement on cognizance? Their press release? I think it’s it’s not the way to respond. It’s essentially Mhm. Three statement Cognizant. This is what they said. I’ll read it verbatim. Cognizant can confirm that a security incident involving one or involving our internal systems and causing service disruptions for some of our clients is the result of a maze ransomware attack. Our internal security teams, supplemented by leading cyber defense firms are actively taking steps to contain the incident. Cognizant is also engaged with the appropriate law enforcement authorities. We are in ongoing communication with our clients and have provided them with indicators of compromise and other technical information of an offensive nature. Did you get any of that Serge?

[00:55:09] Brad Nigh: Yeah. That’s a lot of words saying nothing.

[00:55:14] Serge Suponitski: Words. Yeah, yeah.

[00:55:18] Evan Francen: Yeah. It doesn’t make me feel

[00:55:20] Serge Suponitski: as I mentioned before, you know, when you talk to different other companies, different c so c IOS that also affected because a lot of customers now affected, you know, like I had to take do certain things shutting down things, you know, I do see that some companies getting a better information and some companies getting much less information, right? The risk is the same.

[00:55:48] Evan Francen: Well, you should see what the fallout is from from from Cognizant now. They’re located in Teaneck, New Jersey. And so did you gotta leave? Great having you answer? Uh we’ll catch up again later. Okay.

[00:56:01] Serge Suponitski: Thank you very much. Thank you. Thank

[00:56:04] Brad Nigh: you. Yeah.

[00:56:06] Evan Francen: All right, so the other located in New Jersey, which is right next to where surges really it’s not too far their global headquarters.

[00:56:16] Brad Nigh: Yeah, it’s gonna I think you’re going to see fallout from that for a while and be actually kind of interesting to watch and see how many lawsuits are filed against against them after from this because of their customers getting infected.

[00:56:32] Evan Francen: Right, well, in the middle of all this other stuff. Right. All the things that that surgeons has has to deal with right now with just trying to survive and then this, you know, you just pile it on. Right? Yeah.

[00:56:47] Brad Nigh: Yeah, it’s tough.

[00:56:50] Evan Francen: All right, well, we’ll talk I think that one’s gonna linger on for a number of weeks, so we’ll probably have more fodder. Yeah,

[00:57:00] Brad Nigh: that’s still new.

[00:57:01] Evan Francen: It was great to have surge, come on. Yeah, I got injured his perspective. But man, he talks a lot.

[00:57:09] Brad Nigh: It was really interesting to uh to hear that side of it though. I like it was nice. Wasn’t like you said, I didn’t have to talk as much this time.

[00:57:17] Evan Francen: Yeah, it’s really cool. I loved it. Alright well that’s it. Good show. Uh you know, thanks to surge for joining us. Um lots going on this week. We continue our daily insanity check ins. Everyone is welcome to join us. If you want to know how to do that, just go and go to Evan francine dot com. Look at the show notes and you’ll you’ll see how to do that. We also continue the CSP mentor program with classes on monday and Wednesday this week brad. You’re teaching tonight?

[00:57:49] Brad Nigh: Oh yeah,

[00:57:50] Evan Francen: you ready for that?

[00:57:52] Brad Nigh: Sure. So I’m gonna stay awake the whole time.

[00:57:55] Evan Francen: Just think about how many people though that we’re helping man, it’s so cool,

[00:57:58] Brad Nigh: awesome. It is really awesome. I love it. I mean yeah, this will be good.

[00:58:04] Evan Francen: Yeah and then what Wednesday we’ve got Ryan cola clock here. I said it right that time he’s teaching on Wednesday. I get the week off this week.

[00:58:15] Brad Nigh: Yeah uh yeah it’ll be nice for you. Yeah mm you gotta, you gotta like a long break because we are the our first break next monday.

[00:58:25] Evan Francen: I know I’m not complaining, I need it man. Look at this face, I’ve got bags under my eyes man, I can use it. Uh right, not all time brad. Who you wanna give a shout out to.

[00:58:39] Brad Nigh: I just, you know, the team. Uh just keep it going and keeping positive and taking advantage of some of the unexpected free time with customers kind of moving things back as they get resettled and getting some internal projects done and updating some templates and just just staying productive. It would be really easy to just kind of check out. And we’re not saying that it’s awesome to see. That’s

[00:59:06] Evan Francen: cool. You know, I’m gonna shout out to Brandon. I thought, you know, he really stepped up last week. He I don’t know how many emails he had to respond to at the CSP metro program. Uh You know, just getting everything coordinated. That was really cool. Uh And shout out to everybody. You know, all the friends that I had made over at flight center and some of them are still employed at flight center and some of them have been for a load or you know laid off but shout out to all those guys because they were seriously, really, really good. They still are. But a really, really good company and really, really good people. So shout out to those people. Uh all right, well, that’s a wrap huge thank you to our listeners. Uh episode 76 is about to go in the can we love hearing from you. You got something to say email us at insecurity at proton mail dot com. If you’d rather do the whole social thing, feel free to follow us on twitter. You can find me at, @EvanFrancen, you can find brad at @BradNigh uh you can find Serge to he’s @SergeSup. That’s it. So you talk to you again next week.

/by