Unsecurity Podcast

The topic of selling cybersecurity stems around a recent meeting Evan sat in on where the salespeople pushed a solution before even getting a real understanding of what the problem actually was. Join the guys for a discussion on “sales vs. solutions,” and let us know what you think at unsecurity@protonmail.com.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Evan Francen: Hey, good morning. This is episode 31 of the un security podcast. Today is monday june 10th 2019. And joining me as always is Mr Brad Nigh. Brad. So what’s going on man? You had an incident response this weekend. Did how’d that go?

[00:00:45] Brad Nigh: Uh I mean it’s an incident response. Um you know, they they were really good and they caught the, you know, phishing email and did an enterprise wide passwords reset within In 24 28 hours of the initial email coming in, which is really impressive. But they didn’t have all the right logging turned on. So it kind of, you know limited what we could do.

[00:01:16] Evan Francen: So we jumped right into it uh this morning. It’s because I have two computers sitting in front of me today, I have the one that we’re recording on and I think I have all the notifications but I heard one just pop up while we were just talking and then I got the ipad over to the right of me um because you’re

[00:01:33] Brad Nigh: a security guy, you need lots of gadgets. Yeah,

[00:01:36] Evan Francen: pretty much an expert. Yeah. You know that’s what people,

[00:01:39] Brad Nigh: I heard people say that about you.

[00:01:41] Evan Francen: What does it take to be an expert? Is it just if you get paid that makes you professional?

[00:01:48] Brad Nigh: Yeah, That makes you an expert, isn’t it? Uh is it the 10,000 hours? It’s kind of the

[00:01:54] Evan Francen: Mhm.

[00:01:55] Brad Nigh: Which is what five years

[00:01:57] Evan Francen: All depends. You know, roughly if you go by my wife Smith an episode 16?

[00:02:02] Brad Nigh: Yes. You might have sped up that timeline, but

[00:02:07] Evan Francen: Just like two years or something. All right. So, uh lots of things going on around here. Uh you know, I don’t know if you saw my you did see my uh show notes for this week. Last week was crazy man for me. I don’t I didn’t even have a chance to talk to you. Much know. How was your week?

[00:02:27] Brad Nigh: It’s good busy, but yeah, good. Yeah,

[00:02:30] Evan Francen: I’m in a lot of good people. We finished up our mentor program uh this week. If if you’re a mentor program listener or even if you’re somebody who likes barbecue stop by the office on Wednesday. Uh this Wednesday, two days from now at 6:00. You and I will be cooking up some smoking some meat. Yeah. What are we going to smoke?

[00:02:52] Brad Nigh: I don’t know. Just do wings. Wings, things are good. All right. We do a lot of wings

[00:02:57] Evan Francen: doings. Are we going to bring uh like pot lucky

[00:03:02] Brad Nigh: stuff? Probably good for people who may be bringing some ciders on

[00:03:06] Evan Francen: the, potato salad. People like potato salad. Do you like put yourself? Okay, let’s do that. All right. So that’s uh Wednesday? And then um our next half, tax and hops event is on the calendar September nine. Thank you. Okay, there’s a lot of nines in that one. September 19th

[00:03:29] Brad Nigh: 9, 1919.

[00:03:31] Evan Francen: Yeah, september oh my gosh, is there something with that? I don’t know. All right, so September 19 2019 is our next tax and hops event. And we’re gonna be talking about incident response. Man, that’s a popular topic right now is everybody’s uh kind of interested, which is good. Uh I think what’s being exposed a lot, you know, sort of in our industry is just a lack of planning and maybe the lack of effective planning and unfortunately some people find that out when the bad thing happens. Right. Yeah, but that’ll be good. I’m excited for that one. Uh I think it’s going to be are Biggest one for sure. It’s at the U. S. Bank Stadium can be pretty cool. Right? Not the whole stadium. Can you imagine that soon? How many people sit in that thing?

[00:04:26] Brad Nigh: What, 60,070,000

[00:04:30] Evan Francen: 60,000 people talking about security? That’d be sweet. Mm. I’ll dream. But anyway, yeah, so we’re not in the whole U. S. Bank Stadium, but that is where it’s located. I think we have 300 maybe tickets that will go on sale at some point and I’m sure that that will sell out because

[00:04:53] Brad Nigh: you know, we’ve sold out the last two and that was

[00:04:56] Evan Francen: I think we’ve sold out every one of them haven’t

[00:04:58] Brad Nigh: We? 3, 3 of them? That’s right, we have done three.

[00:05:00] Evan Francen: So this will be the 4th and I’m trying to get some really good panelists. We’ve always had good panelists but on this one uh talked to chris roberts on friday. That was another thing that happened last week. Um I’ve been emailing back and forth. I think you’d be sweet to have him there because he’s just he’s a tell it like it is kind of guy and you know he’s got some chops

[00:05:25] Brad Nigh: it would be very cool.

[00:05:26] Evan Francen: I haven’t talked to Mark Landerman yet to either but I’m going to ask him

[00:05:31] Brad Nigh: maybe

[00:05:31] Evan Francen: it would be good.

[00:05:33] Brad Nigh: I got to talk to him actually the first time I’d ever actually talked to him in person while on the phone it communicated electronically but I got to talk to them on friday,

[00:05:43] Evan Francen: we gotta get some guy we’re gonna yeah it reminds me that I kind of dropped the ball and getting some guests. I was yeah I was going to get a few and then uh I just kind of forget until like show notes time on friday and I’m like oh crap I didn’t reach out to

[00:06:00] Brad Nigh: anybody. That’s that’s the problem. It’s we’re so busy during the week. It’s like I do the same thing like I haven’t done that yet.

[00:06:08] Evan Francen: So your show is next week. You think you got a guest maybe

[00:06:13] Brad Nigh: I’ll see if I can remember to uh

[00:06:16] Evan Francen: Yeah we should get somebody anyway, hacks and hops what else do we have going on? We’re hiring. So we have six open positions right now at fr secure. Uh And they’re all pretty cool positions. We’ve got some analyst positions. Got some I. R. So if you have some incident response chops um yeah apply and uh we’re pretty cool people here.

[00:06:43] Brad Nigh: Yeah. Are we? I think so yeah. I feel like I’m pretty cool. We keep getting told by people to come in nick. Okay so when’s the other shoe to drop? Like what’s the downside? When

[00:06:55] Evan Francen: when do we start wearing shoes?

[00:06:57] Brad Nigh: Well that’s how we keep the other shoe from dropping. It’s

[00:06:59] Evan Francen: true. There are no shoes. Shoes. All right. But seriously go online check out fr secure dot com. It’s somewhere there about career careers

[00:07:10] Brad Nigh: or something. Uh We are professional zucchini to,

[00:07:13] Evan Francen: well I haven’t applied for a job here. It’s true. I didn’t even have to apply for a job here. It was weird. Right?

[00:07:21] Brad Nigh: It’s the first time you’ve ever had to never had to apply for the job.

[00:07:25] Evan Francen: That’s true. I didn’t have anybody to impress. Right. God. All right. So anyway apply what else? Oh I had last week I had a great meeting with Matt steckelmacher if you’re if you’re in Minnesota. Um And you’ve been in information security. You know you you’ve either heard his name or you’ve met him before. Matt is just a maybe that would be a great guest,

[00:07:48] Brad Nigh: He’s a good guy, he

[00:07:49] Evan Francen: really is. Um and he’s a partner over at White Oak Security which you know on the surface might seem like a comp competitor, but we do believe that there’s plenty of business for everybody would rather work together with those guys and they’re doing fine

[00:08:06] Brad Nigh: work. Yeah, it’s complementary to what we do as well. You know, they do things we don’t they we do things they don’t so

[00:08:14] Evan Francen: especially when you’re talking like Red teaming and penetration testimony, it comes down to skills and different skills, different skill levels. Um So you know, if you did a White Oak security penetration test and then did an fr secure penetration test, you get value out of both. Absolutely. So that was fun. What else I read team security had a lunch with the ceo of Red Team security Ryan man ship. That was kind of fun. I didn’t, you know, red team is a company that started about the same time as fr secure. So 2008 ah good people, I’ve seen some of their work before. Uh you know, always been, you know impressed, We’re just talking business just talking about um you know how we can help Red Team security and how Red Team security can help, you know fr secure and how together, you know the end of the day that our customers benefit. So that was that was cool. What else? Uh top dog. So I gave a talk uh at Summit Brewery last week on thursday. Uh it was that was, it was fun, but I’ve never given a talk before, we had more technical difficulties, so you know, you’re getting, you’re giving your talk and that’s like, okay, screens out, okay, microphones out, okay, screens back. Yeah, I know, because you couldn’t get into a flow, you know, you’re starting to, because I think, you know, you and I I think a lot of like where we think very logically, so I’m going through a logical flow and then yeah,

[00:09:56] Brad Nigh: yeah, it stops well, I think, you know, if you mean everybody’s seen our show notes, they’re not, here’s what we do is kind of talking points, so we just go and it’s the same thing and once that that thought process and everything gets interrupted, it just, it throws everything off. Yeah,

[00:10:15] Evan Francen: it was fun though. Uh and then uh was that friday was really cool man. It was, it was just a great way to end the week burke um was at the Minneapolis Convention Center, uh got my Fanboy uh selfie with Dave Kennedy, you know, you know, the man needs a cool dude, one of the most positive guys I think I’ve ever talk to in this industry uh for those of, you don’t know, dave Kennedy, dave Kennedy has been around for a long time, hacking dave at, on twitter and owner of principle that trusted sec in outside of Cleveland? Just small. They’re awesome. Yeah, they really are. So it was cool to, to see him. I ran into a bunch of people ran into Jordan waxman, you know, one of our former employees, uh just, it was cool to catch up with him. He was speaking there, ran into three of our own guys. I didn’t even know we’re gonna be there, ran into uh Ryan clue, tear cloudy, you know, who was a guest a few podcasts ago. That was fun to hang out with him. I ran into somebody from medtronic uh spent a few minutes with chris roberts after his talk. I mean, it was just super cool way to finish the week. That’s very cool. You know, next year you’re you and I have to go together, we can, we can hang out there. Mm And then uh Social Security studio, other things, you know, for those of, you don’t know, there’s two companies here, there’s fr secure in their security studio. So security Studio, lots of cool things putting together board of directors. I’m excited to announce that soon. I’ve never done that before. You know, that’s, I have no idea what a board of directors even does other than I’ve talked to them a lot, But I’ve never like put one together and had to run one

[00:12:12] Brad Nigh: kind of nice to flip it around, like, so what do you do you think of the board asking you that?

[00:12:17] Evan Francen: Right? And so I’ve been recruiting for the board for the last, you know, month maybe, and get some great people, man, I’m excited to learn. That’s what it is. I mean, that’s what for me is the exciting, most exciting thing about that is just learning people. Oh, stay tuned for that. There’ll be some excitements. We had a meeting, you set up a meeting last week with this company called Quill.

[00:12:43] Brad Nigh: That was cool. It was very cool. Yeah, we met them at secure 360 actually chatted with them and yeah, they’ve got a really good physical security assessment methodology and product, so figure out how we can integrate that a little bit.

[00:12:58] Evan Francen: Yeah, and they were really impressive with their their mission really was an alignment with ours. Just really good guys. Uh and they went out with the owners of the company. That was cool to have to, you know, work through a bunch of red tape to make something work.

[00:13:17] Brad Nigh: Yeah, that’s good. We have, yeah, we have a follow up with them in a couple of

[00:13:20] Evan Francen: weeks, I think you already got that going,

[00:13:22] Brad Nigh: Yeah, thank you were working on that, so cool.

[00:13:25] Evan Francen: And then uh probably the biggest news of the whole week is I got a new Harley on

[00:13:29] Brad Nigh: Tuesday, love, that was, that was so at you, like, it was like mid morning, you’re like, I’m gonna go get a Harley today and then, yep.

[00:13:40] Evan Francen: Oh, man. Yeah, well it was three years, almost three years to the day uh that I crashed the last one into

[00:13:47] Brad Nigh: the, yeah, it’s been a while. I know you’ve wanted one but it’s still pretty, it was funny.

[00:13:53] Evan Francen: Yeah, I felt like half my life was missing in. Yeah, so I put on 500 miles

[00:14:01] Brad Nigh: just you

[00:14:03] Evan Francen: know now, so if you want to see a picture of picture the bike, Betty is her name, uh it’s online to at Evan francine dot com and really all these things we’ve been talking about so far and this is still sort of the opening, right? I do have a couple of topics that I’d like to talk to you about. Um That’s that’s that so really cool week. I think this week will be a little less busy for me. What does your week look like?

[00:14:33] Brad Nigh: So I don’t, you know, I’ve got I’ve got some new creation stuff coming up so I’ve got, you know, I are finishing that up and so yeah, some customer sad issues where just going back and standardizing year over year, over year type of reporting. So exciting stuff. It’s the day to day.

[00:14:57] Evan Francen: Yeah. Yeah, I know we talked about yesterday about the ira that you’re working right now. It sounds like that’s pretty, I mean it sounds like the company did a pretty good job of its initial response.

[00:15:10] Brad Nigh: Oh, absolutely. I think so. You know, I think it’s just the kind of loosens and then doing the worst part of it, the report writing. Yeah. But no, I think yeah, they dead. I felt bad for the uh the guy I was talking to, he’s like, well, we have we’ve got a trial of this going and we started putting this in place and just hadn’t rolled it out. Like all these things that would have potentially stopped it, they have in progress, they’re just not quite there. If this had been a month later, it wouldn’t have happened.

[00:15:47] Evan Francen: Yeah, that’s that’s so classic. Right? Right.

[00:15:50] Brad Nigh: Yeah. It’s just it

[00:15:52] Evan Francen: sucks just bought this tool that would and then you get hacked or something because because we’re missing that tool. Yeah.

[00:16:01] Brad Nigh: Six, what are you gonna do?

[00:16:02] Evan Francen: Right. Well, it’s good though. It’s I mean, I was uh you know, when we talked on yesterday um yeah, it was good to know that things you’re gonna have to spend no other 1000 hours on

[00:16:15] Brad Nigh: this thing. Yeah, I was I was very happy with that.

[00:16:18] Evan Francen: All right. Well, so one of the other things that happened last week is I uh had another meeting and it just kind of dawned on me that sometimes um people have a tendency to sell somebody something without really understanding what the problem is first. And that’s a big irritation for me was talking with somebody and I spent like the first I would I didn’t say much and then a whole meeting really, the first half an hour, I just sort of sat there and just listened and but I was because I was trying to figure out what the problem is and I was there with a couple of other people and they were salespeople in the sales people. We’re already pushing a solution before we even knew what the problem was.

[00:17:08] Brad Nigh: I hate

[00:17:09] Evan Francen: that. Yeah. And so it it’s going to lead to eventual another blog post where we really do need to sell more solutions, not just sell more. Um, and I know that’s easier, you know, maybe said than done. I I don’t operate with a quota.

[00:17:31] Brad Nigh: Yeah, but I mean I’m gonna jump in. I do a lot of the solutions architect in here and I’ll tell people they’ll say, oh well you can do these things and yeah, but we’re going to start with do the risk assessment and then let’s figure out when is the right time to do it. What do you need our help with make the right call? I’m not going to tell you something because I think you might need it at some point. That doesn’t help anyone. I don’t care if I don’t make that sale. Yeah.

[00:18:02] Evan Francen: Well that’s yeah, that’s right. When I do know notice that, you know, okay, so in a sales process, you know, a salesperson will call somebody uh maybe it’s a c so and try to get a meeting, you know, and that’s really what their objective is. Just to try to get a meeting and let’s say they get one and then you bring you know something like you or me. You know, some of you can talk security. Then the customer really seems to open up or the potential customer because I think they know that you know, if I’m at the meeting, I’m not there to sell you

[00:18:37] Brad Nigh: anything. No, I’m there to get you. The right well, what’s the right thing for you? Right. Maybe it’s not us.

[00:18:44] Evan Francen: Well, yeah, and you and you you make a good point. It’s maybe there’s no sale here at all. Maybe there’s just a discussion. Maybe there’s some just free advice. You know, do a couple of these things first. And then maybe, yeah, there’s something to

[00:19:00] Brad Nigh: do. I’ve done that where they come in and you know, it’s not we can’t really help you with that. I mean, here’s a better option. Right?

[00:19:09] Evan Francen: Yeah. Like a we need a pen test. Well, why why do you need a pen test? Well, because whatever may be I don’t know. Last examiner said I need a pen test. All right. Have you done any vulnerability scanning before? Do you have an asset?

[00:19:25] Brad Nigh: How would we started in texas? I mean, what are we pin testing my stuff. What’s what is that? Uh I mean everything we have. Right, well, how many external ideas do you have? Uh All right, let’s start at the beginning

[00:19:43] Evan Francen: here. Right. When one of the things that that uh you know in this one particular meeting that we were talking about was just business accountability. Right? So you know as especially as a business gets larger it gets I think more difficult to hold the business accountable for you know what they do insecurity. Right? So let’s take I’m just gonna take a hypothetical take Wells Fargo or

[00:20:19] Brad Nigh: U. H. G. Big banks, big

[00:20:21] Evan Francen: enterprise big organization where you’ve got to see, so who sits on top of it? Right. And you know the c so is the one who’s in charge of kind of running the whole security program. But he or she can’t do that without the business involvement, Right? Because it’s not uncommon in a big company to uh you know find a vulnerability somewhere and then try to and then you can’t figure out who actually owns that application or who owns that system, that router, that switch that whatever. Right? Especially when you throw them like shadow I. T. Right. Uh And so that was kind of the thing that I was trying to figure out was what’s the problem here and then how would you potentially solve for that problem? There’s nothing to sell. You know, I mean I could sell you just so that was that was the challenge last week is I’m trying to figure out what the problem is and what are some potential solutions for it and you have sales people who are there to push

[00:21:26] Brad Nigh: whatever. Yeah. Yeah. And I think for what I’ve just how I approach it, I’d rather, like he said, what do we need to sell or to work with someone? Right, I’d rather build that trust and say, hey right now, no, here’s what you can do. You don’t, I mean if you want us to help, we can help. But realistically if you do these three things, do you have the staff to do it? Do you have the knowledge to do it? Yeah, go do that. And building that that trust with people, they’ll come back when they actually do need help because you’ve proven that you’re not just pushing sales, you’re not just doing right, whatever to to get a buck in the door.

[00:22:13] Evan Francen: Yeah. And so it was, you know, in a big, you know, going down the same routes, you have this big big organization and um business accountability, is it is an issue, right? Or just accountability in general? So I’m more of a top down kind of thinker on this thing. So I was I was trying to figure out, well, is it possible to define entities within the business? Uh and in some businesses you might call it a business unit and other businesses, you might call it a division, whatever, to try to figure out what are my entities and then assign them as an entity type. Mhm. You know, and and this is where we’re going also with Fisa score. Yeah, because there’s different entity types to write, I know that they’re in large organizations in my own experience, there’s been some that have their own sets of policies, their own training and awareness, their own governance. Uh So that would be in my mind and administrative entity, that’s what I would call it, just based on, you know, kind of the nomenclature used for Fisa score. And then you’ve got other entities where they’ve got shadow it, right. They might have they might say, are there supposed to follow your governance that sent maybe at the enterprise level, but they use their own technologies, they have their own suppliers, they may be their own vendors who do you know? Right. I. T. Stuff for them, Maybe they have their own cloud services, so that’s a technical entity, you know, what is a second type of entity? And then I thought well maybe there’s a third type of, well and then there’s a third type of entity which is like a physical entity, right? Where it’s a different physical location, different facilities management, different maybe security staff, you know, physical security staff. So it’s a physical entity. So you and then you’ve got combinations of of the three, right? You might have one that’s got its own that’s got its own governance and its own technology, but it’s in the same building as you. So it would be an administrative and technical entity but not not a different physical entity, you know what I’m saying? Yeah. So you have these combinations and then I was thinking well and then when you can figure out kind of those boundaries, then you can put somebody in charge of you are you are responsible for this physical entity, this physical location. Right From a security standpoint, you’re in charge of this, you know administrative or technical, right? So that way you can enable within the organization, I can enable different technology stuff. I can enable actually shadow I. T. You just have to be responsible for your shadow, right? For the security. Somebody shadow. So you you sort of set up this construct and then do your assessments right? But now you’re doing assessments of entities as opposed to the organization as a whole. And then they roll up to

[00:25:22] Brad Nigh: the more granular, more I guess, probably more probably more realistic to.

[00:25:29] Evan Francen: Yeah, I think you can manage it. So if I’ve got A large organization, I’ve got 50 different entities of different sorts and types. and those 50 entities have their own uh I guess head or you know, security responsibilities. Right? And those can all be assigned and then they do their assessments but using the same language that we use at the enterprise level. Right? So we use Fisa score, right? They do all their little faces scores and then they all boil up based on and this is where I think there’s a close correlation to vendor risk management. So inventor risk management. We do the second step once you do the inventory. So I’d be determining in this case determining who all my entities are

[00:26:20] Brad Nigh: defining

[00:26:21] Evan Francen: that. The second step then would be inherent risk. Some of your entities don’t touch sensitive information. They don’t deal with pia, they don’t whatever. There’s just not a big impact. If this site goes completely down, it’s not a big deal to the business as a whole right to that entity. Yeah, It’s a big, big but to us,

[00:26:43] Brad Nigh: well, you know, you, you mentioned that and I’m thinking back on my own experience, right? Where we was at a place with healthcare and banking and insurance and pc, but not as, you know, each of those was its own right business under the umbrella. They had similarities from a technical perspective, a lot of them. And we had some that were had no sensitive information, some media type of things. They managed all their own stuff. Right? eight. That be, you know, a really good, there’s no one way to, we couldn’t have done this across the board, we would have had to do it on each individual. Right? And then interpret it

[00:27:25] Evan Francen: right? And then, and then I’ve also, so, you know, if you first, you know, classify your entities just like you classify your vendors, I’m classifying my entities within the larger organization, then I know which entities, you know, have the biggest, biggest, the biggest, biggest the biggest business impact and the biggest security impact. And then I can focus time resources budget and that would also dictate the type of an assessment that I’m going to have them do right. I mean if you’re this business entity that really is insignificant to the organization from a security or a business perspective, you get a real simple, easy. Yes, that is type of assessment, Right? Because it’s just not that big a deal to me.

[00:28:14] Brad Nigh: Yeah, it makes a ton of sense.

[00:28:16] Evan Francen: Yeah. And then I think it also helps with like I can define roles from the enterprise level rules from the enterprise level where if if the entity impact is significant enough, you must have say a disaster recovery plan. Yeah. So instead of having, you know, so then you may have, because this is how an enterprise would do it, I’d have maybe 50 disaster recovery plans and I’ll kind of boil up. So that was the, as I was saying, they’re listening to, I’m thinking this is a potential solution, something like this. And then the discussion went really well, it was about, well, what if this entity today is classified here, but then they their business explodes, right? It doubles in size. And because it wasn’t that impactful before, but now it’s super impactful, how would you manage that? And I’m like, well, reassessments,

[00:29:18] Brad Nigh: right? Yeah. It really is almost like, you know, vendor risk management internally, you have to assess annually to make sure the classification hasn’t changed just as as necessary.

[00:29:31] Evan Francen: Yeah, so that’s where, when it, when it, when it starts sort of started feeling like that was a potential solution. That’s when the sales people just kind of jumped all over it with then defense and I was like cool, hold up, you know what I mean? Think about all the work that has to go into before you even get there, have to define my entities. That means I have to look across the entire enterprise and figure out how am I going to segment this thing

[00:29:58] Brad Nigh: who’s in terms of a lot of work to get to that point?

[00:30:00] Evan Francen: Right? I mean that’s hours and hours and hours of work to try to just figure that out. But then thankfully you don’t have to define that once unless there’s significant changes in the business, right? But if you are integrated well with the business, which in most enterprise organizations the sea so does sit with the business, you know, uh so anyway, that was hm kind of a solution. Um but the important thing in all of this is listening to what the client says and try to figure out a solution and then repeat back the solution, repeat back the problem. So the client because you know what I mean, you just before you ever get to a point of selling anything right? And can we do that because it might be many, many hours of time to try to figure out, hey this is what I think you told me the problem was this is how interpreted it. Is that right? Yeah. But there’s this thing too okay and there’s that back and forth and then it’s like, well I think this is a potential solution and then the back and forth and back and forth. I mean you might spend 100 hours and never ever get a deal. Yeah.

[00:31:15] Brad Nigh: And that’s not what sales people want, right?

[00:31:19] Evan Francen: And in the fact of the matter is I’m fine with that. I don’t mind spending 100 hours because think of all the things that you learn along the way in this exchange. Uh and I think if if the person you’re working with, if it’s a C. So if they know that the reason why I’m spending all this time with you is to get a sale rather than the reason why I’m sitting with you is to is to figure out a solution to your problem. The the whole conversation goes different. If you know, I’m trying to get something from you, you’re going to say you’re not going to interact with me the same

[00:31:59] Brad Nigh: way, it’s not going to be honest, right? You’re gonna be very guarded

[00:32:03] Evan Francen: if I come to you as as a peer who truly wants to solve a problem for you and I could give two craps if I make any money, I want to solve the problem. Right? The conversation goes so different. So anyway, I wonder how many and I get it. I mean sales is driven by numbers, right? I mean if you’re not closing deals that probably measure your success,

[00:32:29] Brad Nigh: I think, you know. But yes, I agree. And I think what’s different is how we kind of approach that having myself or you know, a chat or you know, these experts. What’s that? I said, you know the rule here. Yeah, but you have an expert coming in that at the end of the day, uh, we’re doing, we want to do what’s right? And you know, you you don’t have, you know, a lot of other places, especially with hardware software. Let’s just get something in the door and then that’s it. Yeah. That seems really frustrating.

[00:33:09] Evan Francen: It’s frustrating. It seems desperate to like if I was on the receiving end of the pitch be like this is desperate. Don’t you solve a problem for me? Don’t you understand first that I have a problem and that, you

[00:33:24] Brad Nigh: know, you actually care of this easy button, you just install this and it takes care of all your problems.

[00:33:29] Evan Francen: Yeah, exactly. So when I figured you’d get because you are kind of, you’re not front line, but you’re that uh, solutions architect listens to customers all day long. Not all day, but most of the day has to interpret what they’re telling you, you know, into a solution and either it’s a solution that we already have that we do normal. It’s a standard solution like a Fyssas score or uh, you know, any type of an audit assessment, a penetration test vulnerability scan. I mean those things that we do that are kind of standardized, but then there’s those times where it’s like holy crap, this is going to take something completely custom. So we’ve never done

[00:34:13] Brad Nigh: before. We get that. Yeah, quite a bit.

[00:34:17] Evan Francen: That’s right. Geek out.

[00:34:18] Brad Nigh: It is, it’s fun. So they’ll be working on on this week is, is one of those things. I was like, oh, interesting. Yeah, we can totally do that. You got to build it.

[00:34:30] Evan Francen: And I think, well, I think it’s funny too because I used to get it. I don’t get it. And maybe you do because I’m not in sales anymore. You know, I’m not, I don’t, I don’t, I’m just not there very often, but I used to get all the time. Like, uh, how many, how many other times, How many times have you done this before or who else have you done this for? Right. And it’s like what you’re asking is a completely custom solution, right. Nobody has done this before.

[00:34:58] Brad Nigh: Right. And I’ll, and I’ll tell them that? You know, and it goes back to that honesty thing, right. Either. We’ve done similar things, but not exactly this. We’ve got expertise in these areas, but not doing exactly what you’re looking for. Yeah. You know, and I think most of time people are they’re okay with that. They’d rather hear you say, you know what, we’re building this custom for you. But here’s how we’ve here’s how it here’s our relevant experience and how we can show it. And we All

[00:35:34] Evan Francen: right. Yeah. And you know, it’s almost like share, share with them the methodology for creating custom methodologies. You know, There is one and we

[00:35:44] Brad Nigh: we make it up as we go. No, not they do.

[00:35:47] Evan Francen: Sometimes you have to write because there one of the things that uh certainly um a truth is no to security programs are exactly

[00:35:56] Brad Nigh: alike. Yeah. There is a lot of that. We joke about it, but you’re you are right, I think. Yeah. Yeah. You have a kind of a I like to say we give them very analyst like a playground, right? They’ve got the tools, they’ve got the the structure there, but how they actually use it is going to differ slightly from everyone for every customer. We can give them. Yeah. Kind of the guidelines on what they should be doing and how they need to do it. But it will have to be if we said everybody does it exactly the same way every time. It’s not going to work.

[00:36:30] Evan Francen: Yeah. Yeah. I mean, you don’t want us to take uh well Wells Fargo security program and apply it to, you know, Caribou coffee or something to

[00:36:40] Brad Nigh: Work or even to a $200 million dollars bank. It’s just not gonna

[00:36:47] Evan Francen: work. Told two totally different things. All right. So, so anyway, that was kind of my sales thing. And I’m not really ripping on sales at all. I understand sales. It makes come I mean if you’re capitalist at all and you like your paychecks and like you know, driving a car and living in a house, you have to have sales, right? But it’s selling the right way. It’s selling uh solution selling as opposed to product, you know, cookie cutter type selling. Yeah. I’m listening to the customer man. You gotta you gotta hear what the problem is.

[00:37:24] Brad Nigh: Yeah, that that is really is important.

[00:37:30] Evan Francen: Yeah, when it builds trust to you know, that’s nice because I noticed that a lot of times when when I am in those kinds of situations and I’m talking to a C. So it’s very closed at first and then we realized like, oh yeah, we have some we have some credit here and I’m really not trying to sell you anything. I really do just want to talk and see if I can understand because another thing that I tell people a lot is as consultants, we we steal shamelessly. Um I still great ideas from shows all day long. I mean it’s like, oh my god, that’s a great thing is part

[00:38:07] Brad Nigh: of why I love this job is you get to see so many different things.

[00:38:12] Evan Francen: Yeah, it’s not, that’s the that’s probably one of the coolest things is uh talking to some of these people and and then applying the best of what you see to other places.

[00:38:26] Brad Nigh: Yeah, it is. It’s a lot of fun.

[00:38:28] Evan Francen: All right. So enough of the sales, the sales stuff, but do do sell solutions. It I don’t know, pisses me off when people are just selling stuff for the sake of selling stuff.

[00:38:37] Brad Nigh: Also, I probably our sales people that listen there, there’s I guarantee you they’re they’re listening to this going, yeah, thanks brad. Because we’ve gone into calls where they’re like, this is going to be is what we’re gonna do and get out of them. Like, no, it’s right there. This isn’t the right for this or that. You know, they think it’s some big deal and it’s like, no, it’s they this is what they need and it’s a fraction of that and we’ll just do it right?

[00:39:06] Evan Francen: When could I start to our sales organization

[00:39:08] Brad Nigh: to they accept it, right? They don’t if what the S. A. Comes up with is that’s it is they don’t, you know, they accepted to understand

[00:39:20] Evan Francen: we have amazing uh leadership here, you know, between one, a great relationship to write with you and operations and or in operations delivery and the sales group led by Drew boki. Um just a great culture of no, let’s do what’s best for the customer’s always got to do what’s best for the customer because our mission is to fix a broken industry. Our mission is not to get the sale at any cost. You know, totally

[00:39:48] Brad Nigh: different. And what’s amazing is all the sales people here have bought into that. And I think what they’ve, you know what they realize that you know is when you do what’s right and do that, the sales will come right and you’ll do really well. Yeah. You don’t have to press and the ones that have pressed in the past there. Not here. It’s the truth. It just doesn’t work. It’s not the right fit

[00:40:17] Evan Francen: well. If you do, if you sell the customer something that they don’t need. I run you over with my truck

[00:40:21] Brad Nigh: or now the Harley

[00:40:23] Evan Francen: No, because then it’s gonna hurt my early speed. Don’t hurt my truck. True. The uh it seemed like there was something else I was going to say about that. Um Yeah, but it does pay off big dividends in in the end, right? Angry people trust

[00:40:41] Brad Nigh: us. Well, it’s it’s it all goes back to the mission and I’ve told people, yeah, we can tell you all this stuff. But if you spend all your money figuring out what the problem is and doing all these things and you don’t have any money left to actually fix anything. We haven’t helped

[00:40:57] Evan Francen: you right? What’s

[00:40:58] Brad Nigh: the point?

[00:40:59] Evan Francen: Well, that’s and that and the fact that we don’t sell anything, right? In terms of like product, you can save that money and go by the right product, it’s not going to come from us.

[00:41:11] Brad Nigh: Yeah. You know, Well, and we’ve had, I’m even, they can, you know, additional, well we need, we’ll have them come in and we need all these pin tests and we need all this stuff and it turns out, you know, it they’re like not even close to ready for that. You’re not going to get a $15,000 pinto’s, you’re gonna get $1500 scan because that’s what you

[00:41:37] Evan Francen: need to start with. Then you’ll need to fix those things

[00:41:39] Brad Nigh: and then we can do it, right. And it may be a year from now before you’re ready. Well, I spend that money if you’re not even ready fix use that money to fix things.

[00:41:49] Evan Francen: Yeah, totally. All right. So, uh, enough about that. The important lessons I had in my notes, you know, an important lessons from last week. And I think I just had, There’s no one. I mean, I had lots of lessons I learned been in this industry and you have to, I mean, we’re or veterans not, uh, and that’s not something necessarily to brag about. It just means that we’re

[00:42:15] Brad Nigh: old that’s older than I’d like to admit.

[00:42:18] Evan Francen: Yeah. And so, um, there’s always lessons span, I mean, every day, it’s like, it’s like you never, ever, ever. No at all.

[00:42:29] Brad Nigh: No,

[00:42:30] Evan Francen: no. And I think, uh, you know, if you’re not humble enough to recognize that if you don’t live with enough humility um Yeah, I I feel bad for anybody you’re working with because I don’t know what give me a lesson or give me one, you know, lesson that maybe that you learned last last week. That man good to share. Can you think of one? Mm I put you on this. I know it is in the show

[00:42:53] Brad Nigh: notes. It is. I know, but then I had to do this. Why are my brain is broken? You know, I think,

[00:43:02] Evan Francen: gosh, I can come back to it.

[00:43:08] Brad Nigh: Yeah, I’m struggling. I think I think one of the, well, so one of the calls I had that I have to follow up with this week was really around um you know, consistency that, that we on our deliverables and you know, I think we can always be better internally it. You know, our QA process or providing our team with better tools to understand, hey, we did this last time. Here’s what it was. It needs to look the same and you just, you know, being better at Yeah, it’s not winging it right? Like I think you and I are really good at just winging it and and it doesn’t work for everyone and just kind of that, that yeah, that’s called, they were really happy with the results. They really liked what they saw, but they wanted it the same so they could look at year over year and understand it better. That makes sense. So yeah I think just just being better at documenting this stuff so that the customer is happy that our analysts are in a position to succeed.

[00:44:16] Evan Francen: Yeah I think my biggest things last week is um when they’re constant struggles I said I need to get much better at you know time management. Um I learned about a new tool. So Ryan Cloudier actually called here told me last week about something that he uses for a time management and so we were talking about that um I’m excited for him to share that with me so that I can see how maybe I can integrate it with wonder list and some other tools that I used to kind of keep track of my time. Uh But yeah I mean last week I can give you 100 lessons you know it’s just it’s

[00:45:00] Brad Nigh: just crazy. So here’s one for you, the Microsoft has the to do which was created by one. Like it though you don’t like it.

[00:45:07] Evan Francen: I didn’t know because it’s wonder list. I can I can group my tasks a lot better. I can assign tasks to myself and to others. So I I assign tasks to my admin.

[00:45:18] Brad Nigh: Yeah I like it because I can just flag something in my email. I did like that and it shows up and it’s integrated a little bit better.

[00:45:25] Evan Francen: Yeah I just lost some of the things with wonder list in that to

[00:45:29] Brad Nigh: do, which is interesting because it’s created by a wonder

[00:45:32] Evan Francen: list. Yeah, but Microsoft got their hands on it. Well,

[00:45:35] Brad Nigh: they, you know, just like anything. They had to put their spin on it. Right?

[00:45:40] Evan Francen: All right, so, so good things, lots of things, man and uh you know, for the for the listeners, I’m sure it’s all over the place. But man, that’s what it’s like right now. I mean we’re doing a lot of good things and a lot of different places and it’s a lot of fun. Um if you want to be part of it, you know, coming, come and join us. Either come and join us and work here. We have six open positions or come and join us in terms of just collaborating on things, creating solutions together. We love love, love helping people and yeah, so get in touch with us uh now on to the news and I’ve got four news stories and I noticed that

[00:46:19] Brad Nigh: your computer, is it locked? And I couldn’t get Okay,

[00:46:23] Evan Francen: well computer

[00:46:23] Brad Nigh: guy like that. It was computer. No, it’s just, I couldn’t type right from this angle.

[00:46:28] Evan Francen: Alright, yeah, we are kind of sitting funny, oh, hey, that’ll be cool. So next week I think we do the video live, we’ll do a live video. We color podcast isn’t sure. I don’t know what you call it. We have to talk to Brandon first though, get him to come in and figure out how to make it work. But then he’ll do all the audio then you and I can just sit here and chill, but not to do any of the tech stuff because if you see our studio, it’s a really nice studio now, but we’re still running the tech at the same time that we’re talking, right, Which just makes a little funky, be cool just to sit back

[00:47:03] Brad Nigh: and not have to deal with it and chill. Yeah, we’re not we’re not audio, people know or video people. If people could see the before, why isn’t this working?

[00:47:15] Evan Francen: Oh yeah, we’re always bitching about it. All right. So news, First news I got uh there are four news stories. And and uh again, if you want to see this, they’re all in the show notes. So you can always go back and reference that. The show notes are Evan francine dot com. Just click on blog or click on a podcast and you’ll see it in both places. The first one was, you know, sort of interesting. This is from uh security affairs that Ceo, I don’t know if you it’s a popular site to go to. Uh and the title is Cryptocurrency Startup Comotto. This is with a k. Not the C one, Except the C1 would not be a startup. Cryptocurrency startup Comotto hacks itself to protect its users funds from hackers. Uh and it’s an interesting story. It’s an interesting story because, um what was at risk is, was people’s Cryptocurrency, the wallets. There was a vulnerability in the gamma wallet and there was actually a library used by the Obama wallet, an open source library. And uh what the what they had to do or what they did do was once they became aware of the vulnerability of the security team at Kimoto compromised the vulnerability in these wallets so that they could take that the Cryptocurrency and put it into a A secure wallet one without the same vulnerability. Mm So essentially they ended up hacking themselves before a hacker hack could do it because as you know, with Cryptocurrency, once it’s gone, it’s gone. Right. So

[00:48:54] Brad Nigh: it’s interesting.

[00:48:56] Evan Francen: Yeah. So it was it’s an interesting story. I give him credit because it’s a bold move. I give him credit because, you know, there’s, I’m sure there’s ethical questions there. But at the end of the day, they had to make a quick judgment call and they made the quick judgment call to protect the funds of their customers and I think that was the right call.

[00:49:21] Brad Nigh: Yeah, I could I could see how you, you know, it’s very it’s justifiable to say, here’s why we did this and it was for the good of our customers.

[00:49:31] Evan Francen: Yeah, I know that if I was a customer and they Hecht into my wallet and moved my funds into a secure wallet. I would I’d be happy about

[00:49:42] Brad Nigh: that. I’d be like, I’d be much happier than you losing them acting in my wallet, you know how dare you Right,

[00:49:48] Evan Francen: I’d be happy. So anyway, interesting story. I’ve never seen that happen before. Uh But anyway, that’s good. The second one, this is about RTP believe it or not, we never hear anything about already do we?

[00:50:05] Brad Nigh: It was funny, we we had a customer I think we talked about this where they were arguing over a pin test because it RdP open. I think we talked about I don’t know if we talked about on the podcast. They’re like well it’s not it’s not a high risk we have. I’m like mm I don’t

[00:50:21] Evan Francen: know. Yeah, I’m not

[00:50:23] Brad Nigh: you got already p to open to the internet. You gotta risk, you got a whole

[00:50:27] Evan Francen: right. Yeah. And certainly if it’s, you know, yeah, if it’s protected by simply a username and

[00:50:32] Brad Nigh: password, but even if you’ve got multi factor or whatever, there’s still targets additional risk. Yeah.

[00:50:43] Evan Francen: Yeah. So this this uh this article is from ZD net and the title the the article is a botnet is Brute force saying over 1.5 million and it’s over 1.6 now RdP servers all over the world. And the interesting thing about this is it’s brute, this is nothing to do with blue keep blue keith has been grabbing all the news lately because N. S. A. Is begging people Microsoft is begging people to patch these P servers so that uh you know they don’t become part of this worldwide worm, this is just RdP servers that are being brute forced. Right? And it’s interesting, I really like the research that was done uh here um morpheus labs is the is Renato Marino the researcher 1.596 and over 1.6 million now our TPM points and gives the gave it a name. Gold brute, which I’m tired of names but whatever works as good as any other. The bat networks as follows. So first the botnet brute forces and gains access to a Windows system via RdP 2nd download the zip file with the gold brute malware code scans the internet for new RdP n points And then when it finds one, when it gets to 80, it then sends that list of iP addresses to the remote command and control server. Uh and then it sort of just keeps regenerating, keeps going through. Uh And so the target is the same target that we’ve been screaming to stop doing is already pee wee single factor authentication. Rdp with just you know, your username and password. This is by far and away. The most attacked probably system on the internet now, but this botnet is solely built to, you know attack those servers and get those things as part of the body and it’s growing in size um so if you do have if you have single factor authentication on anything really exposed to the internet, stop it. And I know, I know multifactor isn’t going to protect you from everything.

[00:53:09] Brad Nigh: It’s a it’s an additional step and also put it behind a VPN.

[00:53:15] Evan Francen: That would be video.

[00:53:17] Brad Nigh: Why expose your organization to that? Even if you have multi factor. All right. As soon as people find RdP, you’re going to get, you can get targeted

[00:53:27] Evan Francen: for sure for sure. It’s interesting article though. It’s interesting how you know, it’s working and it it does show, you know, because they’re still really isn’t any significant blue keep traffic compared to what you see with the RdP brew

[00:53:44] Brad Nigh: traffic. That was the most interesting part was the only what 33.4% is blue keep on RdP attacks,

[00:53:52] Evan Francen: 96.6 is not blue keep but you know, all it takes is, you know, an active worm and maybe that changes significantly. But anyway, that’s uh, that’s the moral of that story. The next one, which I think it was interesting and I didn’t see much in terms of news on this. This is from zd net. The title is Fortune 500 company leaked 264 GB in client and payment data. And the name of the company is tech data. Big company

[00:54:25] selling cybersecurity: you and your team need to get things done with monday dot

[00:54:30] Brad Nigh: com. It’s easy

[00:54:31] selling cybersecurity: fun and some

[00:54:32] Brad Nigh: closure mentioned,

[00:54:34] selling cybersecurity: your teammates share files, assign people to task, stay in control on the go with our mobile apps.

[00:54:40] Brad Nigh: Gotta love auto play ads.

[00:54:43] Evan Francen: Yeah. All right. So anyway, tell me about it.

[00:54:47] Brad Nigh: Uh, yeah. So log management server leaking system wide information. Um, the company that found it. Uh, the VPN mentor founded, they took a sample of linked data and it was a serious leak. So 264 gig payment info P II full company account detail for in users managed service providers, criminal defense attorneys, utilities, some good data, private api key? S bank payment info, user names and unencrypted passwords.

[00:55:20] Evan Francen: Of course because it’s not, it locks.

[00:55:22] Brad Nigh: Yeah, I mean it’s just so many not good.

[00:55:30] Evan Francen: Right. And so in last month VPN mentor, you know, They found the 85.4 GB of security audit logs from Pyramid Hotel group that included Marriott Sheraton share Sheridan. I’m just kidding shirt and Hilton locations. So I think the surprising thing here is tech data did respond to it. They didn’t close it down. They responded to it quickly quickly.

[00:56:00] Brad Nigh: Yeah.

[00:56:01] Evan Francen: So you know, the extent of the exposure is anybody’s guess but the fact of the matter is is this was a configuration vulnerability. This wasn’t a missing patch. Right. And uh, it’s a lot of data really, really sensitive data and it’s a mistake that anybody could could sort of

[00:56:20] Brad Nigh: like the statement, the spokesperson is such a spokesperson really based on what we know at this time, no evidence that the data stored on the affected server was misused for any unauthorized transactions or other fraud. Right? Of course they’re going to say that. How can they possibly know that though?

[00:56:40] Evan Francen: Well that brings up a whole mother can of worms. Right. I mean who’s who where’s the burden of proof? Right. You know and a lot you have the preponderance preponderance of evidence in the civil case. But show me that my stuff wasn’t actually used that it’s not fraudulent. Let me take uh take uh Equifax. You know as one example the Equifax breach exposed. Well I guess through all breaches essentially everybody’s Social security numbers exploded, right? Everybody basically I’ve personally not been a victim of identity theft. But I know my social security number somebody has

[00:57:25] Brad Nigh: it. I had it we had fraudulent tax returns filed.

[00:57:30] Evan Francen: Right? So just because it hasn’t been used yet, doesn’t mean that I’m out of the woods either. Right. True. Something bad is going to happen. And

[00:57:42] Brad Nigh: yeah. And it seems contradictory to they said we don’t store credit card numbers or bank account details. But the researcher said we found credit card information and payment data. Well doesn’t that doesn’t

[00:57:55] Evan Francen: drive well it’s all set so and audit logs you know I think sometimes we we forget that audit logs contain can contain and probably do contain some really sensitive information and they need to be protected just as much as the target data does. Yeah. Right. So it’s not just make sure that you’re logging the right data but also make sure you’re protecting that log data, right, storing it on an isolated systems, trying it on uh you know encrypted at rest encrypted in transit. You know it’s sensitive information. So don’t forget to protect that as well just because you’re logging doesn’t necessarily mean you’re out of the woods, you know?

[00:58:40] Brad Nigh: No, not at all.

[00:58:42] Evan Francen: Alright. And the last news I’ve got and we’ll see if I get another ad that pops up. This is one of the challenges of using disk computer when you’re normally using my ipad for going through the talk. So Brandon will take care of this for us next week. So the FBI this is from naked security by sofas, one of my favorite titles of a

[00:59:03] Brad Nigh: once you get past the it’s actually got some pretty good stories on

[00:59:07] Evan Francen: it. Always. So the FBI is sitting on more than 641 million photos of people’s faces. Which you know, it’s not surprising that that’s the case, but it’s that’s a lot of information. Ah And how much of that information because privacy is one of those things that we all believe. I think not all but many of us believe is a right it’s a human right? The fact that the FBI storing 641 million facial pictures without any consent. I mean I never gave them consult a store at least I don’t think I did. You know. But then on the other hand I sort of want them to have facial recognition of criminals. So but yeah

[00:59:52] Brad Nigh: but the problem it mentions it in here is that the accuracy or lack thereof? Right.

[00:59:59] Evan Francen: Right.

[01:00:00] Brad Nigh: So they’ve got all these pictures but well it says they Misidentified falsely matched 28 members of Congress with mug shots. Now some would argue that perhaps there isn’t a difference there. But it should be the the other one was the one out of London where uh the their facial recognition software couldn’t tell the difference between a young woman and a balding man.

[01:00:25] Evan Francen: That’s the problem. Well that yeah that opens up a whole nother can of worms with machine learning and ai and ah You need more data right? six cent even this much data still doesn’t give them enough data to have because like if you want to do really really good facial recognition of me you would have to have X. Number of pictures of me, right? And be able to compare those X. Number of pictures of me with X. Number of pictures of you. Right? I mean like probably hundreds of thousands of pictures of me, maybe millions of pictures of me because I look different in different angles, different lighting, different facial hair, different.

[01:01:12] Brad Nigh: Yeah. Well yeah as you grow and.

[01:01:14] Evan Francen: Right. Yeah. So it’s gonna be a while before I think really facial recognition gets awesome. But I just you know I’m not a guy who really trust that. I mean I’m not a conspiracy guy. I’m just not a, but I’m also a guy. I don’t trust the government. I just see them do so many dumb things. I don’t want them having stuff about me if I didn’t give you consent to have stuff about

[01:01:41] Brad Nigh: me. Well, and I think also in their mentions the Georgetown University’s Center for privacy and technology study and that goes back to the machine learning ai there’s an inherent bias in it for gender and racial and it all comes back to, yeah, Hey, I will, will fix, will build aI to fix the Ai. We still had people building the Ai and their biases, intentional or not. We’ll get in there for sure. So

[01:02:11] Evan Francen: no, no easy but no silver bullet yet yet ever. No. All right, Well that’s uh, that’s what we got there was, I thought a pretty good episode. I was sort of kind of covered a lot of things today’s episode, but I think there’s a lot of things to cover.

[01:02:27] Brad Nigh: Uh, there’s never a shortage.

[01:02:29] Evan Francen: No, but I think my next episode, I will get a host and I think somebody interesting, I was talking to somebody from DHS, maybe we’ll get somebody from Department of Homeland Security to join

[01:02:41] Brad Nigh: us. Be cool with that. Oh, you think, hmm,

[01:02:46] Evan Francen: yes. You know, you think, you know, I am, Yeah, maybe get one of those guys from quill even to come talk to us. They seem like they had a bubbly personality.

[01:02:53] Brad Nigh: Yeah. Yeah.

[01:02:54] Evan Francen: Minister, curb it a little bit. I don’t know because we’re more laid

[01:02:58] Brad Nigh: back this early in the morning. I don’t know if I could handle right?

[01:03:02] Evan Francen: My head will explode. All right, well, good talk brad. Uh we’ll see if we have another week, like last week. I’m hoping it’ll be a little bit tamer for me. Yeah. Uh but I do hope everybody that’s listening. You know, if you know me, you know, I generally do hope you all have a good week. Uh I don’t enjoy uh don’t forget you can follow me or brad on twitter. I’m @EvanFrancen, that’s my handle. Do you call it a handle? Sure. My twitter handle. Twit twit. I’m a twit. Yes, yes I am. And then @BradNigh. That’s brad’s and then send us an email. If there’s something you like something you don’t like or if you know us in some other way, maybe through linkedin or whatever. Send us a message. Tell us, tell us how we’re doing, Tell us what you’d like to see. Uh and that’s it. I think that’s a wrap.

[