Unsecurity Podcast

Evan and Brad are joined by Ron Woerner for episode 129 of the UNSECURITY Podcast. Ron and Evan first met at RSA, and they bonded over their shared passion to help people from all walks of life better protect themselves from cyber threats. Together, the three have an open discussion about current events, social engineering cybersecurity, projects Ron is working on, and what’s generally top of mind. Give episode 129 a listen or watch and send questions, comments, and feedback to unsecurity@protonmail.com.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Evan Francen: All right. Welcome listeners. Thanks for tuning in to this podcast or this episode of the unsecurity podcast. This is episode 129 and the date is april 27th by the time we published this 2021 joining me is my good friend, great guy all around, awesomeness. Mr Brad Nigh and also joining us is our special guest Ron Woerner. Welcome guys.

[00:00:46] Ron Woerner: Thank you for having me.

[00:00:48] Evan Francen: Yeah, man. How you doing?

[00:00:50] Ron Woerner: overall?

[00:00:52] Evan Francen: Overall. Yeah, we’re recording on a monday. So we’re still getting into the flow of things.

[00:01:00] Brad Nigh: What’s that? I’m coming from my email so that’s that’s a huge positive.

[00:01:06] Ron Woerner: I don’t know the thing is working. All the internet is on, it hasn’t come to a crashing halt yet that we’re aware of. Yeah,

[00:01:14] Evan Francen: I haven’t been caught up on emails since 2013. Yeah,

[00:01:20] Brad Nigh: well it could be that my outlook is not working and there’s a whole bunch waiting for me. But

[00:01:24] Ron Woerner: so let me ask you this, which email, how many different email accounts do you have? A

[00:01:30] Brad Nigh: strictly work. The rest of them. Just I don’t,

[00:01:34] Ron Woerner: I’ve given up, I want to have this conversation. I went to our high school students had this conversation with high school students about email and so we asked how many email accounts do you have? One young lad said I have five for that my parents know about. Oh boy. And I’m like dude I know your parents, you’re not.

[00:01:56] Evan Francen: No. Yeah I’ve got uh CFR security security studio Got the security shoot show one. We’ve got the insecurity podcast. And then I don’t know if I have personal email anymore because you know personal and business life is become so intertwined but then you have to check, you know, linked in occasionally get messages there, you get twitter if you’re on that one. Oh yes. Discord. Yeah. Right. What the hell’s that doesn’t want to have. I can’t even remember all this crap. I’m totally

[00:02:31] Brad Nigh: not cut up on a lot of other ones that don’t get me wrong. But I finally got caught up on

[00:02:36] Ron Woerner: the work one.

[00:02:37] Evan Francen: Yeah. Oh and signal. Of course

[00:02:42] Ron Woerner: whats app just more and more twitch. Do you have any sock puppet accounts? Wait, no, we’re not supposed to talk about those. Never mind. I did not ask that

[00:02:55] Evan Francen: we can talk about those. Yes I do. Yeah that’s actually the only thing I have on facebook now is I think eight sock puppet accounts but I don’t do a lot

[00:03:08] Ron Woerner: of that did not say that. So for facebook who is listening Jedi mind trick. You know you just have your one valid user. Right?

[00:03:18] Evan Francen: And please well and facebook is listening please do brand me because then I can delegate this work to, somebody else. There you go. So that’s okay. So for people that don’t know Ron uh just I want to make a quick introduction. You know, I have so much respect for you. I’m happy, happy that you’re here. Uh So Ron and I first met about a year ago at R. S. A. We were introduced by Ryan Cloutier, who’s also been on the podcast a few times. And almost immediately when we first met the way we talk about security, the way we um really are in this to help people, you know, we’re both mission before money kind of people. So we hit it off right away and then I got to know your background like, oh my gosh, this guy’s got his own company, He teaches at a university you regularly give. I don’t know how many talks you must give the year. How many times have you talked at R. S. A.

[00:04:15] Ron Woerner: Almost every year since 2005. Okay. So obviously I missed two years. So 50,006, So yeah.

[00:04:25] Evan Francen: And finally you’ve ever tried to rabies ever tried to talk at Rs. A trying to get their talk approved. Um most people I know, you know myself included if tried to speak at our PSA maybe a half dozen times and still haven’t gotten him. So

[00:04:42] Ron Woerner: it’s knowing how to social engineer. The program committee is what I’ve learned. So the first talk I gave it our esa was R. S. A conference. 2000 and five. It was about the wily insider with Hugh Thompson. Here’s the guy who helps run the R. S. A. Conference. So that was one of my early ends. Just I don’t know how I kept getting selected people like hearing me. So like, I guess

[00:05:09] Evan Francen: you’re a gifted speaker.

[00:05:10] Ron Woerner: Thank you. I practice my trade as well. So Toastmasters. So if anyone’s wondering, how do I get better at speaking removing audible pauses, try to not start a podcast with saying All right, sorry, did

[00:05:27] Evan Francen: I do that? All right,

[00:05:29] Ron Woerner: Booker? All right. So let’s get

[00:05:34] Evan Francen: yeah. All right. So Brandon, please let that out. The all rights when you get this podcast.

[00:05:41] Brad Nigh: Yeah. I think we all have those, those verbal crutches. I know I do and I’m aware of them and here and I’m like Barnett,

[00:05:51] Evan Francen: my wife has one of those. She she always says, you know what I mean? Right. You know what I mean? Right. You know what I mean? Right. Yes. For the 14th time I I do know what you mean.

[00:06:04] Ron Woerner: I’m married. I would say, am I making sense? Is that’s clear how can I help you? I had questions or just use silence. Silence is very powerful.

[00:06:17] Evan Francen: A good point. Well, you’ve got me self conscious and I’m gonna be paying.

[00:06:21] Ron Woerner: It’s like a golf swing. Now. You’re thinking about it. I’m not counting. I don’t have my grammar hat on. So we’re just here to have fun.

[00:06:31] Evan Francen: Stop saying. All right.

[00:06:33] Ron Woerner: I

[00:06:33] Brad Nigh: think the four year and theater for four years in high school, I signed up as a freshman because I needed a class and I was like, sure, you know, enjoy it. So that definitely

[00:06:45] Ron Woerner: helps wonderful training I recommend because then you learn how to be entertaining because getting to security awareness, it’s one thing to have the information and so often we insecurity, we just like to show our own knowledge to make ourselves appear really smart without realizing. Are we connecting with our audience having some type of entertainment value. So here’s something that I learned, working with an actual videographer producer. Mhm. You know how a camera can add 10 lb? They say it takes away 10% of your personality. So if you notice particularly when I’m doing these types of video and podcast, I’m extremely emphatic, really try to overdo my personality. Otherwise if you look at my early videos, it’s like, oh my gosh, I’m so bad stuff.

[00:07:39] Evan Francen: I learned something from this guy. I learned something from you every time we talk.

[00:07:43] Ron Woerner: Well, thank you. That’s the value tried to bring to everybody as we were talking about, linked in. I loved your post, by the way. Evan Yeah. We experienced Groundhog Day reliving the same day over and over and we should get organizations to take care of the basics. Uh, we might be out of a job.

[00:08:04] Evan Francen: I love that.

[00:08:05] Brad Nigh: I don’t, I don’t think that’s gonna happen anytime soon. Unfortunately

[00:08:10] Ron Woerner: if we,

[00:08:10] Evan Francen: if we were out of a job, I could ride my Harley a lot more often.

[00:08:14] Brad Nigh: There you go.

[00:08:15] Ron Woerner: So I tell people my job is to work myself out of a job knowing I never will.

[00:08:22] Evan Francen: That’s true. Very true. So tell me when, Okay, so our essay you’ve given that I’m looking at, you know, some of the talks you’ve given cybersecurity tips tools and techniques. That was 18, Hacking your cybersecurity career, which I have seen that talk. That’s an awesome talk. It’s great for people that are getting into this industry. And then once you’re in, what do I do now?

[00:08:46] Ron Woerner: How do you keep your skills sharp?

[00:08:49] Evan Francen: Yeah. Do you have a talk that you give or that you’ve given that’s kind of been your favorite? Yes,

[00:08:56] Ron Woerner: The I have one kind of like your insecurity book. I call an influence. The dark side of influence about social engineering, which I’m giving actually at our essay on 20th of May, something like that. So I I if you are attending euros a 20 rs a conference 2020 it’s a fun one because social engineering minds are always a lot of fun. Easy way to infiltrate systems. Very common romance camps you talk with today, the FBI Romance scams are continued to be high on their radar and it’s not only because of the $240 million dollars lost that we’re aware of most romance scam victims don’t ever admit it because they’re ashamed of it. But it then leads to business email compromise, which is over a billion dollar problem for the FBI. So romantic. How do they do this through maliciously trying to scam using Robert Shelby six rules of influence, likability, authority, commitment, consistency, scarcity, all of those that many of us have studied but just realizing it can occur to any of us. Yeah. And then how does fishing happen? So we’re talking about the different types of social networks we use to me fishing has gotten kind of blast. If I’m going after someone, I’m not gonna email that’s pouring. I’m gonna hop on a web conference. I’m gonna see if they allow public chat and that’s where I’ll throw my malicious links. Hey, I got this really cool resource for you, check it out. So according to her wishing webinar fishing.

[00:10:40] Evan Francen: Yes. Like that. One of my favorite places to do social engineering. When I was much more active was conferences. It was so easy to fit in with other IT folks. Right. You speak the lingo, You’re one of them, Hey, what are you using for antivirus? You know, because I’m trying to, I’m, I’m, you know, shopping myself. I’m using this that and everything else. So I’m doing a bunch of recon on what you’ve got running in your environment. So if I were to attack you, I know exactly where to test my malware before I attack you. It was, it’s very effective. It’s building that report with people being part of their herd and then God knows where you can go from. There is

[00:11:19] Brad Nigh: like asking the patch management, what are you using for patch management? Yeah, we struggled with him. What are you using? Uh we’re just having to beat themselves.

[00:11:31] Evan Francen: It’s amazing the things that we tell people that we perceive to be part of our group, right? There’s this inherent trust. I don’t know you from Jack, but oh you’re one of me here. Let me talk. And plus we got that ego thing right in our industry. They like to brag about our stuff.

[00:11:51] Ron Woerner: We all yeah, try to one up and through that. What are we accidentally leaking through this through just developing report and so put on your either white hat or your black hat and it can be used for both. So black hat, malicious influence, but so often in our industry we need better leaders of cyber security, of information security, of technology. You can use those same techniques positively like how to win friends and influence people as I’m starting a new work as a consultant. So I’m beginning to meet with people what can we use to develop rapport. Like I love the helicopter there brad, you know the ship did you build a ship yourself? So what’s behind them, What do they have behind them and start a story around it

[00:12:43] Brad Nigh: And, and those are with behind me was definitely there was thought behind it, right? There’s no pictures of family, there’s nothing really overly given away

[00:12:55] Ron Woerner: styling and

[00:12:56] Evan Francen: I like to feature the virtual background because I don’t really like people knowing where I’m at. You know, I might be on a beach somewhere, I might be, who knows, maybe in the bathroom. I’ve actually taken conference calls in the

[00:13:08] Ron Woerner: bathroom,

[00:13:11] Brad Nigh: I’m sure you have it on

[00:13:13] Ron Woerner: you. What were at a conference people say. So where are you located? I’m like, I live on the internet, gives me a VPN and I can literally be anywhere. My physical presence is one place we were born on the internet, you know, a year ago when so many organizations were pivoting for remote work for us. It was kind of more just natural to go into this type of environment. It’s just weird. I’m looking at a little dot rather than actually looking at your faces. Go figure.

[00:13:45] Evan Francen: Yeah, let me do miss some of that. A nonverbal communication right? You know, as a social engineer, um, I can take advantage of the absence of that meaning. You can’t read my, you know, my body language, you can’t see how I’m sitting right now. You can’t see if I’m, you know, necessarily swamped or not. You can see facial stuff, but those are all really good cues when to a social engineer. But I’d like to see those things like I can see if you’re interested,

[00:14:15] Ron Woerner: fall asleep. Have you studied micro expressions? Yes.

[00:14:20] Evan Francen: I took uh I took chris had Maggie’s class at black hat in And what’s the year now? 2021. So it has been 20 17 maybe. Yeah. Yeah. Yeah. I like micro expressions very, very interesting

[00:14:38] Ron Woerner: what this is why I’m learning to do a poker face. So I watch it learn from everything, something I recommend a student. So I watch poker tournaments, not that I’m really into it, just how not to show expressions, particularly when we’re doing these video calls and all of a sudden something pops up and it’s like you don’t want anyone to know that hoops or someone said something and it’s like

[00:15:02] Evan Francen: Mhm. Well it’s funny too because with micro expressions, one of the mistakes I’ve seen people make. So you can’t control micro expressions right there, involuntary. They’re the same across all cultures that you know, you just can’t do anything about it. You got them and that’s it. Trying to control them. Forget about it. You can’t but so I can tell maybe what you’re feeling and see contempt. Maybe on your face, I can see surprise, what I can tell you is why and that’s what a lot of people will do is they’ll assume that you must be reacting this way because I did something

[00:15:39] Ron Woerner: not truly related to challenge your assumptions

[00:15:43] Evan Francen: right? They may be thinking about an argument they just had with their wife this morning.

[00:15:48] Ron Woerner: So can I share with you one of my favorite social engineering stories.

[00:15:52] Evan Francen: Yeah. Please

[00:15:53] Ron Woerner: using micro expressions. I was flying to Washington D. C. And I was going through Chicago on southwest familiar southwest open seating. Get on the plane really early. So there’s the window of ill too. So uh of road to there’s a Hispanic lady sitting on the aisle. So excuse me ma’am, may I get in and then notice she broke her arm and curious about people. So you know how to break your arm. Oh I just fellow so how did you fall? I kind of tell she didn’t want to talk too much. You can feel the barriers go up. So it’s like okay, do no harm. Didn’t want to press it. Wait a little while later the drunk guy of the plane gets on. You know had way too many at the airport bar and he has to sit between us. I’m just hiding in my corner, reading my little book, he’s talking to everybody and this Hispanic ladies. Very gracious. He notices she’s reading a law journal. So he proceeds to try to tell her everything he knows about the law, which was nothing actually. Finally he shuts up. We land at the list. She gets off the plane. He gets off the plane. The stewardess then asked do you know who the hispanic radio was? No Supreme Court justice sonia. Sotomayor, wow. So yes, I’ve tried social engineering. A Supreme Court justice. God, I failed. But more important, I did not try teaching a Columbia law professor about the law. Yeah.

[00:17:26] Evan Francen: How did she maintained her silence? Some self control.

[00:17:30] Ron Woerner: Yes. Extreme self control. Regardless of politics. I admire or her grace.

[00:17:37] Brad Nigh: She you’d probably get worse if the guy knew who she was. She started arguing with

[00:17:42] Ron Woerner: her. Yeah. People are like, did you recognize her? And I’m like, she’s five ft nothing. She does not travel in her black roads. I was met by 26 ft eight behemoths. Oh, by the way, so I think that’s really cool. You never know who you’re going to be. The world is super small,

[00:18:00] Evan Francen: right? Yeah. I’ve got some stories uh that I haven’t shared them in a while. I used to share them in quite a few talks. One was where a police officer actually helped me carry out the social engineering attack. And later on, I came to find out that I had actually broken the law here. That, you know, um, statute of limitations has gone right?

[00:18:23] Ron Woerner: You’re only guilty if you’re caught,

[00:18:25] Evan Francen: right? Because we used to do in physical social engineering and we still do actually physical social engineering attacks. We would get uh an engagement letter, right? And in that engagement letter would basically be or get out of jail free, right? This is what we’re doing, This is the context. So if you do get a, you know, busted by law enforcement you’ve got something to get. Not all that. Unlike who was a coal fire.

[00:18:49] Brad Nigh: Yeah

[00:18:51] Ron Woerner: fire in Iowa yeah

[00:18:53] Evan Francen: see what they made a mistake is they were actually doing a physical attack against a government building. Whenever you’re going to do that, make sure that law enforcement knows ahead of time that they’re part of the project planning. Ah But in this in this instance I was dumpster diving looking for you know some good information. And a police officer pulled up and asked me, you know well they don’t take that lightly I guess. Uh but we used to create two um we would take the engagement letter and we would make a copy of it. So the original says to call and it’s got the clients contact information. The copy is the contact information is actually one of us right back at the office. And so the reason why we carry two is because I may want to continue. If I think there’s an opportunity to continue the attack without getting caught I’ll do it. Well that’s the one I played and so the police officer called. It was one of us and I don’t know what transpired on the communication but the police officer got off the phone, took the cuffs off and said right well can I help you out and started helping me take boxes out of the dumpster. Yeah yeah I came to find out that our person said yeah you know it’s he’s there it’s authorized is really important for our security if you don’t mind if he looks like you need some help please help them out. And so that’s the police officer. Did the legal part of that is I gave the police officer a false identity. Mhm.

[00:20:31] Ron Woerner: Mhm. That is here with a gun. Right again guilty only if you’re caught in if there’s damage I’ve learned working with law enforcement if they see it’s worth the time and effort to do it. I mean once I found out do they really care? Yeah I wonder how often we inadvertently break the law like that has security professionals.

[00:20:54] Evan Francen: The point that’s a really good point.

[00:20:57] Ron Woerner: I mean I know I have so I was at a conference of fraud conference and you know we get bored and this was when we used to be in person at conferences. So I was just looking at the open wifi and had out my elite hacking. No actually just my iphone. Anyway I saw wifi called auditorium. So I click on this is how how easy it can be to infiltrate. What if I called Auditorium. So I attached to it pulls up a web page for the overhead projector up on the ceiling so it’s a really high ceilings huge room okay during the keynote I could have cost a little bit of trouble but hey right side there’s a button that says admin. So I click on it takes me to the admin login page user I. D. Admin password blank. What do you think the password was? Uh huh. I can’t remember whether it was admin or password but I had a 5050 shot of breaking in. So yes I was in at his administrator on that system. Here’s my question. Did I break the law?

[00:22:02] Evan Francen: Good point. I’m not

[00:22:03] Ron Woerner: sure I E M. C. A. I did not have explicit permission later on. That is what I did unethical though. I would say no because I took no action. Do not have many malicious intent and I went and told the I. T. Guy in the back of the room was like oh yeah we said it early in the week and I forgot to change the password. So that’s why I hear when you see something say something.

[00:22:29] Brad Nigh: It’s amazing what you can like on the open wifi s networks out there because I did one at resort was one of the sales and uh award type of thing weekend and I just connected with my phone and was able to like list out every device with patches and get the controller and yeah same exact thing. It’s

[00:22:53] Ron Woerner: like do you have people being on your phone? F. I. N. G.

[00:23:00] Brad Nigh: I think so

[00:23:02] Ron Woerner: it’s just a fun little app that all used to actually that I mean just a script kiddie.

[00:23:08] Brad Nigh: Yeah exactly

[00:23:10] Evan Francen: what’s amazing how most people don’t realize how insecure public wifi is. Most people have their systems set up to auto connect and they don’t realize that the only thing that’s used to authenticate who your auto connecting with is the S. I. D. Name. So if I set up, you know a wifi ap the same ssed, you know you’re connecting to me when you think you’re connecting to somebody else. Proximate

[00:23:37] Ron Woerner: traffic wifi, pineapple do you have? Yeah. Oh yeah

[00:23:42] Brad Nigh: yeah we were gonna do that for one of the events at the office and we’re like no that might be pushing it

[00:23:50] Evan Francen: right so if you’re listening turn off auto connect. So please I’m an iphone user so there’s a setting in settings, turn that off and while you’re at it just forget all the wifi networks that you already connected to.

[00:24:07] Ron Woerner: How many are going to really do that? If I say that to most people they’re like then I need to remember to connect, be aware of connecting. I kind of like auto connect because then I don’t have to think about it and remember so convenience will always have precedence over security and practice e it’s the challenge so it depends on what you’re doing where you are I guess you know what are the potential risks coming up with their own risk equation for many of us working from home.

[00:24:38] Brad Nigh: Yeah the VPN on my phone and all the places and that it is set to VPN auto connect on a wifi, It will won’t allow any connectivity if it’s not running. So

[00:24:53] Ron Woerner: what VPN do you recommend?

[00:24:55] Brad Nigh: I’m using nord?

[00:24:58] Ron Woerner: Yeah. Social engineering to find out anyway. Mm Yeah

[00:25:06] Evan Francen: everybody uses nord. Uh my uh one actually I I switch VPN providers I don’t know why maybe it’s the um paranoid security guy and me but I’ll switch from north to proton to whatever when I feel like going to

[00:25:23] Ron Woerner: the next level multiple. Yeah. Bear and piper so many. That’s often a question I got asked by people who have VPns. Most people don’t even think about it actually was just so I teach a class on information security actually right before we did this when the exercise is just looking at your I. P. Address. It’s amazing to go to what is my I. P. Address and gives you your location can be very telling to this is how they know specifically where you are.

[00:25:59] Brad Nigh: I like to mess with our IT admin and switch my VPN connection to different cities. So he gets the alerts and uh 65 for the Unlike what is it the unlikely logins or whatever risk you Chicago to New York to L. A. in 45 minutes.

[00:26:20] Evan Francen: Yes. Right. Well that’s one of the most I mean I think a lot of times people don’t realize that that’s how Attackers really work. Right? They use VPns. They proxy through open proxies in countries that don’t cooperate with the United States because you know it’s a a proxy through Iran. Good luck trying to get the log files or even what’s around that server.

[00:26:43] Ron Woerner: Yeah. Doesn’t even have to be a malicious type. It’s just yeah hiding tracks. I don’t want

[00:26:50] Brad Nigh: a

[00:26:51] Ron Woerner: actually had to do that. I was traveling in europe a couple of years ago and to read news in Omaha had a VPN back to the United States because of G. D. P. R. Was blocking. The locals say they were blocking because they just don’t want to have to deal with it. So it’s yeah

[00:27:11] Evan Francen: I was done in Mexico last week and uh it was with kevin and kevin couldn’t get to last pass because last passing at geo blocking turned on. So I said just VPN or cool cholera admin. Uh you know there’s a way around it. So you’re a professor at Bellevue University. And tell me about, tell me a little about what you’re teaching.

[00:27:38] Ron Woerner: Oh let’s see all sorts of fun stuff. So I’ve been teaching here a little over a decade. I started the cyber security studies program. Look at from two students now we have over about 800 to 1000 worldwide. So we’ve been an online university. I kind of stepped away a few years ago turned over being the program director to a good friend of mine Because I wanted to get my hands 30 again back in industry because I love teaching but I want to keep all my skills very sharp as well. And sometimes with teaching, you don’t get that opportunity and I like consulting etc part of it. So I teach information security, also teach a lot of the Basic 100 Level Classes. We have a class that I absolutely love. I will share the podcast with the students. Hopefully some, it’s just on information security awareness. My real goal of this is to get students just to be a little bit more aware. Maybe paranoid. That’s a nice side effect of the class because so many who go through this, you know, they’re just taking 100 level class. I need a gen ed. This one looks interesting and they end up going OMG I did not realize all the silly things I was doing on the internet that we’re putting myself and my family at risk and I’m like, yes, I did my job. So it’s not just the academic purpose of that, but that’s I teach a social engineering class, which is always fun. One of the exercises we do there and this is now it used to be required. We kind of moved away. But was he here when we actually saw people in person. But the idea was to see if you could get someone to give up their cell phone. So you come up with some type of a pretext. Yeah, I was supposed to call my daughter and my battery just died. You know, hey Evan can I borrow your phone? You know, it’s just a local call. Yeah. Well and so what they’re doing is they call me at my office actually have my google voice number that they call and they just leave a message and it’s amazing the success rate. I’ve had students even internationally, one who was in the military went off post but a sailor some drinks and before long sailors pretty much telling them all about what’s happening with the navy at that base and gave up his cell phone. You know, here let me unlock it for you. Here you go. It’s like a poem. And uh it’s just a fun exercise just to realize like chris had Maggie. I know that’s something similar when we develop a level of trust. It sometimes is complete. So just trust but verify almost continually and all that we do. But how do we do that and be efficient and keep things simple.

[00:30:22] Evan Francen: Right. Well I think it’s, you know, before when we were in more of it, we’re in a unique position. The three of us were in this age group where we, we didn’t grow up with the cell phone in our pocket, right? We remember the days when we maybe had to use a pay phone or go home or go to a neighbor’s and use their phone. But it was we transition from this kind of physical world to this digital world. B and one of the things that my parents taught me when I was young was situational awareness, Be aware of the environment that you’re in, be aware of the things that are approaching, you know, take into account where you’re at, okay. Like, you know, if I were to go to North Minneapolis, that’s a pretty dangerous neighborhood here, I wouldn’t be on my phone like this year. That’s not situational awareness, right? Looking around, seeing what’s coming, what’s going, that situational awareness, take that into the digital world and we just use stuff, be aware of what it is. You’re using, how it works, where it communicates. You know, if uh, it’s, it’s a skill certainly, but it’s learn able. I mean I learned it so hell you should be able to, to help

[00:31:36] Ron Woerner: some people pick it up easier than others. Thank you.

[00:31:40] Evan Francen: Yeah, I agree. Maybe it’s, and some of it comes from maybe being posted yourself, you know, enough times

[00:31:47] Ron Woerner: you’ve learned by getting burned so bad. Were you going to add something?

[00:31:51] Brad Nigh: Yeah. Just to say, I agree with you like doing the training and all that and watching the people like yeah, get it or see their face drop my favorite training story happened three or four years ago. I was doing just a one hour awareness training for government, The county government I think and we go through and talk about how do you make a strong password, you know what pass phrases, all that stuff and there’s some examples of like how long it would take to crack it. And one of them was like spring 2018 and you know, because that’s what people do, right and talk through that. And afterwards somebody comes up to me and goes, uh so if I saw my password on your presentation, I should change it. Yes, yes you should

[00:32:39] Evan Francen: next time. Next time. Don’t come ask you then either. Just do it.

[00:32:43] Ron Woerner: All right. What’s like the jimmy Kimmel man on the street on password? Ceo one gave up her password but I like to ask people how many places do you have password as your password? Do you have used password as your password anywhere I knew. And it’s like what? That’s it. We’re taking away your certifications, your fire drawn there for places I don’t care about. They have a password protect the site. Not me. Doesn’t have any of my information is just to limit who can get on that website. So for that website I don’t care if anyone comes in as me. It’s like a news site. Okay. You see that I read particular news story. Who cares? So it’s not protecting me. It’s to limit them. So it’s understanding what level of password you need, you know, and again, situational awareness. Keeping it simple and not so often we like to shame people. You’re using a bad password. Bad, bad, bad. You know, it’s like the book, the popular books series eat this. Not that rather than saying yeah, I don’t need a hamburger to say, hey, have you thought about trying this instead using a password manager? Try to sing a song when developing a password, you know, be aware of how you can use maybe multifactor authentication.

[00:34:04] Evan Francen: Yeah, absolutely. And there was nothing I just picked up on when you just, when you were just talking, I was thinking you do this risk assessment on the fly, right? You you assess the risk of this particular site if it gets compromised, this is the impact, right, likelihood and impact is risk and you do this automatically because it’s native to you or it’s become native to you. I think It’s a skill that people need to learn. You do the same thing in the physical world, right? When you, when you’re driving your car and you’re going 50 miles an hour and you see that light turned yellow. Mhm You do a risk assessment, believe it or not, you do it really quickly. Do I go, do I stop cross traffic? How fast am I going? Where’s the stopping distance? You do all that stuff. You calculate it so fast and most of the time you make a really good risk decision? Mm right. I mean you’re gonna go for it. Right,

[00:34:58] Ron Woerner: Well, I don’t hear anything as it happened before. Other, but it’s moving too. If you fred thinking faster, slow Daniel Kahneman Nobel prize winning uh you’re in your fast brain when you’re initially doing it. But then you move into your slow brain which does more of a deeper type of analysis just knowing how to cross between them and its qualitative versus quantitative risk management because there’s some who don’t like the qualitative, the impact and likelihood, but that’s how our brains work quickly. Success, I don’t like that.

[00:35:33] Brad Nigh: It’s a really good one. Yeah, it’s all relative to, right? It’s not black and white. There are shades of gray. People ask me, how many passports do you have? Like six? Er Everything else is in a password manager? How I couldn’t even tell you what 99% of my passport or I have no idea. I know how to get into my password manager, into my email that is the backup for that and into my bank account.

[00:36:00] Evan Francen: I don’t even know what my much, I don’t even know what my password. See I have a terrible memory. I tell people I have a 23 minute um what do you call data retention policy? It’s built into.

[00:36:14] Ron Woerner: Oh now we’ve been talking now for more than that. Do I need to reintroduce myself to

[00:36:21] Evan Francen: you? I wrote you down. Okay written down the important stuff gets written down I think the passwords. No those go in the password safe and then I forgot the password to my password safe. I got sick of going through the password recovery process. So then I got a biometric to get me in my password safe. So the thing about biometrics though brad you and I have talked about it is if the manufacturer, the biometric device or you know, isn’t doing it correctly destroying the entire image versus the minutia of the image. That’s really, really bad because then somebody can steal my image and I can’t change my fingerprint. Mm hmm.

[00:37:06] Ron Woerner: So, so so I’m gonna go on a weird tangent Physical safe. So do you know how physical safe? R rated how they know how good of the physical safe it is. Have you ever looked at that?

[00:37:20] Brad Nigh: So how long it takes to the break in based on at some level of expertise. But I don’t know the details.

[00:37:28] Ron Woerner: So pressure. Usually it’s pressure or heat pressure and heat are related. So, but it’s assumed that eventually you’ll break through the safe. So maybe we need that same type of mentality with security. It’s just because everyone’s saying it’s not a matter of if but when type of idea, but maybe we just have enough roadblocks in the way to make it. So we’re not so obvious targets again like situational awareness.

[00:37:55] Brad Nigh: Oh yeah, I tell people all the time, you know, just don’t make yourself a little low hanging fruit. If somebody’s really targeting you, they’re going to get in like you just can’t we start with the government and all this stuff that’s just happened. But don’t make yourself don’t leave the door open, close your door and lock your windows

[00:38:15] Evan Francen: well and in its risk management, not risk elimination, right? And I can’t manage something that I haven’t assessed, but I haven’t made decisions upon that. I haven’t measured whether it’s quality over quantity and the first times you do it and I know, you know, for for us we do it regularly, right? It’s almost natural for the first time you do it for the people listening that it doesn’t come natural, it’s very mechanical, it’s awkward, It doesn’t feel right, that’s all normal, continue to do it right, fight through it, make it become natural, you’ll be safer.

[00:38:53] Ron Woerner: Looks like learning how to drive a car. You go from me unconscious incompetence to the conscious incompetence. I know I don’t know how to drive a car to the conscious competence. I need to think about how I’m doing it to the unconscious competence where it just becomes second nature. So it’s moving along that spectrum, but these are the lessons we need to teach in the online world that we also try to teach in the physical world both ways before you cross the street, situational awareness. This is where we’re trying to get in front of teachers. I worked with her science teachers worldwide. I’m actually giving a talk at their conference in june about how we need to be training young hackers kind of tied to my ted talk on ESPN, and I say the word hacker because hacking is sexy hats themselves, you know, if I say, who wants to learn about data privacy policy, you know, but I say all right, any hackers out there

[00:39:48] Evan Francen: brad and I are offended now we’re like, I

[00:39:50] Ron Woerner: do, I know you talked any younger folks Yeah, that’s like their ears perk up and it’s like teaching some basic hacking, but then we can introduce ethics associated with it as well. So just yeah, come join them. This is why actually I’m on platforms like twitch and tick tock discord and it’s not that I want to limit it just to be aware of those areas to be knowledgeable of them because you can’t just say, don’t be on Tiktok. Well, are you on Tiktok? Well, no, I just heard you know that they’re tracking you okay. Set up a sock puppet, maybe check it out. Be aware at least, you know, don’t be aware of what you’re doing, which you want to get out and play is actually one of the biggest tips I give in terms of hacking careers, you know, don’t be afraid of trying something, you know, failing and learning from it.

[00:40:48] Evan Francen: Yeah, I’ve done this experience.

[00:40:50] Brad Nigh: Yeah, I’ve done several presentations to high school and you know, kind of explaining what we do and the one thing that I found that is just grabs their attention faster than anything is like the old def con cts bringing it up and just kind of talking through the process, right? Like letting them see and then I do the I C squared the I am cyber secure. I think what they can secure online and I’ll be honest, I’m surprised how hard it is and and how many people go, what’s the catch when I offered to come in, it’s free for teachers, I’ll do it for the students. Like, let’s get a talk going this route and nothing. It’s so hard to get.

[00:41:33] Evan Francen: We’ve been trained, we’ve been trained on, conditioned to believe that anything that’s free must be worthless

[00:41:42] Ron Woerner: over. So we need to start charging the teachers. Actually, the teachers tend to be overburdened. I’ve made an offer that’s actually still open to any teacher in the United States. We can bring a cyber security professional into their classroom, particularly now over zoom super easy because mentoring and getting into those environments counts towards cps. So what’s in it for me as a professional, this is CP towards my C S P N C I S F. Mhm. Fighting for Cps, you don’t have to go to take a class, you can just get out to your local senior residents, you know, your local community center, church, religious area school and give a talk about what, you know,

[00:42:26] Brad Nigh: Yeah. For mom’s groups and that, is that the right, Like, what do you, what what is it, what’s the catch? Nothing I gotta do Cps anyway, so let’s help the

[00:42:37] Ron Woerner: bigger community myself out of a job.

[00:42:39] Evan Francen: Right, please. I’d like to retire.

[00:42:42] Ron Woerner: So I asked the students, you’re free to use any of my material. Oh, by the way, so I’ll ask students, do you haven’t aunt jane or an uncle joe in your life? You know that person that comes up to you and says, can you help me fix my computer? You know, my printer doesn’t work anymore or you know, something no longer works. My bluetooth isn’t working etcetera. And you’re like, okay, you know, it’s often during a holiday and you end up being local tech support. We all have someone like that in our life. So I asked the students and it’s like, okay, learn these techniques not necessarily protect yourself, protect your aunt jane or uncle joe. You don’t want to have to re image their computer after they got ransom. Where do you? They’re usually like, yeah, I had to do that last year. I’m like, yeah, it’s very painful for everybody involved. So they learn how to protect your family. Mhm. Make it less. The thing

[00:43:40] Evan Francen: too. Yeah. Well, the and what people need to realize is how fast we’ve moved. Technology is far outpaced our ability to secure it. And now what used to be, you know, we had the physical stuff where before we had the electronic stuff sort of now everybody is connected. And now the way things have moved so fast. You can’t separate information, security from physical safety anymore because I can hack into your pacemaker your whatever your telemetry device I can hack into your camera surveillance at home your door locks at the school. They’re all connected. The sense. So the second thing is just I don’t you know because there’s schools of thought. We talked about this last week with um roger grimes. I’ve talked about this with you know chris roberts you know there chris is of the belief that half the population is going to have to die. He’s a little extreme but it just it just it’s going to take I don’t want it to have to take something really significant and severe before people are like okay I got it. What do I need to do now? I need you to passwords get out ahead of this. It’s gonna hurt.

[00:44:56] Brad Nigh: Okay I have my family trained but none of my siblings are in I. T. Or security and they do not hesitate to reach out. Hey what do you think of this or this is going on. Sweet. I don’t mind answering those questions. It’s a lot easier.

[00:45:13] Ron Woerner: It is and this is actually I’ve talked to homeland Security and the FBI number one tip I try to give leave with people of all ages. All types of if you see something say something if your spidey senses are tingling. Something’s not right reach out to somebody else doesn’t really make a difference. Who I just got an email from the I. R. S saying I need to pay my 2020 taxes. I thought we had all had extensions but they’re saying I’m late and I need to pay through this link. We’re also gonna have to pay $1000 fine. What do you think? Of course you’re all get on. Yeah. Hey pay up. You know you’re all gonna say? Yeah well you can always contact the I. R. A. Separately. The iris won’t send you an email. You don’t have to pay in Walgreens green dot cards or a Bitcoin. You know those simple things again? Fast brain to slow brain moving from fast to slow. Let’s take a time out. Stop. Think about it for a second. Does this make sense? Where are you going on the internet? Just taking you to the I. R. S. Website. No it’s giving me weird numbers I go to I think it’s called an I. P. Address. Yeah. Okay. Most likely that’s going to be. Thank you know, just call the time out. I

[00:46:32] Evan Francen: love what you love your advice. I mean that’s exactly right time out. We’re going so fast.

[00:46:37] Brad Nigh: Yeah. The one thing I, you tell everyone of the training. It’s the same thing in online as it is in real real life. If it seems too good to be true. It probably is it’s no different just because it’s on a computer screen doesn’t change the facts.

[00:46:54] Ron Woerner: Right? So my son is in construction management but when he was 16, he worked at a local McDonald’s? This is why fishing will never go away. I love sharing the story of my favorites. So he, two weeks after he started at the local Mcdonald’s here in Nebraska, he got an email that said click here to see your paycheck. So he clipped the here. But email was not for Mcdonald’s took him to a web site that said, put your first name, your last name, your social security number hit, submit website was not Mcdonald’s, What do you think my son did? I really hope hopefully

[00:47:31] Evan Francen: called you.

[00:47:32] Ron Woerner: Yes, he did success. I was so yes, I’m like, you know, he remembered that one thing. Ask, you know, so I check it out. So was that fishing or was it legit based on the information you have? It was legit, we keep doing this to each other. You know, Hey, to learn more about fishing. I’m gonna send you a link. It’s okay if it’s a shortened blank, I’m doing that just to save bandwidth shorter bit, you know? Yeah, but it was the local franchise. That’s how they get paychecks out to their employees. I mean, why, why would you have jobs?

[00:48:13] Evan Francen: But you bring up a really good point too about being approachable. I mean, how many people that aren’t in our industry, even within our industry? How are you? Are you one of those people where people will feel comfortable coming to you or are you a drink? What are you an egotist? You know, then you sit here and complain about, you know what users do? Stupid user, stupid users, you’re just exacerbating the problem,

[00:48:38] Ron Woerner: right? A couple of books on that right now where you can’t fix stupid, I think is one of the Yeah, but just because we all can’t be, we’re all potentially vulnerable. I got an email is just from my I S. P. And I was literally holding my hand from clicking the link to check it. Yeah, but it can happen to any of us. So that’s why we look out for each other and well, you know, hey, what do you think? Type of idea?

[00:49:05] Evan Francen: I want to try to find this uh, on teams, Vinnie, our CFO asked if I was coming into the office, this was like a couple of weeks ago, right? And I said, uh yeah, I’ll probably be coming in on thursday, you know, physically. Mhm. And she says, well, can you pick up some um gift cards from the bank on the way in? I’m like, yes, Van are you? He’s scamming me right now. It’s a she replies back, she’s like, no, why they go, do you realize how uncommon it is to ask a ceo of a company to go get gift cards from the bank? And she goes, L O L No, really? It’s true. Like, okay, are you again, are you, are you somebody operating as somebody other than the name? So then there was this long pause where she was processing like what the hell? I just wanted to pick up something on gift cards you know? So then she picks up the phone and calls me and she’s like and she’s laughing she’s uh hey I really need you to pick up the gift cards and I go what are they for? Oh there you know we give out gift cards to our employees you know for things like okay this was a better way to approach it than on teams.

[00:50:22] Ron Woerner: Yeah you can demand yeah pick up the phone ask

[00:50:27] Brad Nigh: yeah something one of the examples I like to give to people to say look There’s if it’s gonna happen it’s gonna happen you can take all the right steps and it could still happen. So in 2016 uh somebody filed fraudulent filed taxes for me and my wife. It was part of the information from the anthem breach and filed fraudulent taxes, luckily they filed it the day or two but it was too every days before I actually filed and they got the alert going off but my credit was frozen. You know have alerts, I’m doing all the right things and can always prevent it from happening

[00:51:10] Evan Francen: again. Read runs facial expressions okay back

[00:51:13] Brad Nigh: but luckily they cut it so fast they didn’t they hadn’t processed it yet. So you know they were able to actually do a sting and get the people which is good but you know delayed my refund six months. It was like august or september.

[00:51:30] Ron Woerner: Yeah and that’s often the worst part of fraud is not monetary loss. It’s the loss of confidence and system. And for you the delay in getting your refund.

[00:51:41] Brad Nigh: Yeah because that was right at the time like we removed I’m sorry because that was the time we were moving from removed from Kentucky up to Minnesota and we were fully banking on using that to pay for it and it was gone. It’s a little uncomfortable but

[00:52:02] Evan Francen: what are you gonna do? Well so there’s I think it’s a double edged sword to like take regulation E for instance you know at a bank, if somebody hacks into my bank account steals all my money the even if I chose a crappy password or gave it out to somebody, the bank by law puts that money back into my account after they do their fraud investigation. Right? So there’s that little inconvenience that’s the good side. I think the bad side is I never learned a lesson. Mhm. There was no consequences to my poor behavior whereas in life they’re supposed to be consequences for bad behaviors. It’s kind of a conundrum there.

[00:52:41] Brad Nigh: That is tricky too because how do you prove you know that they did the wrong thing or is it even worth it? Probably not.

[00:52:50] Ron Woerner: How do you prove your innocence. How do you prove a negative sometimes And that’s often the biggest challenge is just you know and sometimes it’s easy. My credit card has been stolen numerous times. But my credit card process are really good about informing me because they know I’m not in California. It’s really yeah they could watch my previous behavior and see I was not traveling at the time etcetera. So fortunately we have the red flag rules in place that are supposed to catch this through the financial. However yeah you can still, maybe people just need to feel a little bit more pain. I don’t know you how do we better encourage good cyber hygiene And I think it’s just teaching them teaching from young. So getting into schools and encouraging you know who you’re talking to on the internet. Yeah because

[00:53:43] Evan Francen: because sadly the same mechanism used to compromise your bank account is the same mechanism I can use to take your life. Mhm. And so I would rather you learn your lesson by losing maybe a few $1000 then. Have you learned from attending a funeral of a loved one? Right? I mean I’m such a realistic it’s kind of a Debbie downer. But it’s like my God it’s true.

[00:54:09] Ron Woerner: It was just simple steps. We’re not talking rocket science as you published on linkedin last week. You know we’re still teaching the basics. So going back remembering the basics for all of us are always good reminders uh who is his name john would legendary basketball coach for U. C. L. A. Won 10 national championships I think in a row something like that would always start out the season the same way teaching how to hold a basketball, how to stand how to dribble a basketball. And the players are like we just won a national championship. When do we shoot? Like no we’re going back to fundamentals so often we hackers pen testers. We love the computer forensics but it’s like back to basics. Absolutely for all of us we need just to remember. So you know as your spring cleaning your house over the next few weeks. Yeah. Are you spring cleaning your computer and think about are you up to date on patches? You have backups where you have backups? Where do you remember the basics for yourself and then share it, share it with someone

[00:55:16] Evan Francen: else. I agree. I agree. And you know one of the things that really helps me and I think it helps you to bread and Ron I’m I’m guessing it helps you is teaching when you teach when I’m teaching the basics and fundamentals reminds me to do the same myself. And it makes me a better security person

[00:55:35] Brad Nigh: only agree.

[00:55:36] Ron Woerner: You do as I say not as I do. Come on you can’t. Right.

[00:55:41] Evan Francen: Yeah. So okay we’re gonna wrap up real quick. I want to cover it. Just a couple more things with you Ron because I do think you’re a fascinating person. I want people to be able to find you. One of the things that you mentioned early on in case anybody was interested and caught it was this thing called micro expressions. So I want to give you a place to go. Paul Eckman is the pioneer on this groundbreaking. Uh, I study I guess on micro expression. So paul Ekman, it’s P A U L E K M A N.

[00:56:18] Ron Woerner: You feel like tv series, he did lie to me. She was like, to me, that was

[00:56:23] Evan Francen: that is such a good series. Love that. Uh, so that’s that your teacher at Bellevue for people who don’t understand health

[00:56:33] Ron Woerner: view university in Bellevue Nebraska Bellevue dot e D u

[00:56:36] Evan Francen: Yeah. And it’s B E L L e v u e correct.

[00:56:40] Ron Woerner: People try to put me in Washington state all the time. No, I’m in Nebraska right on the back bone of the internet. Almost literally I have a facebook yahoo google data center within 15 miles. So as well as a national Yeah,

[00:56:57] Evan Francen: be in Nebraska on june 3rd.

[00:57:00] Ron Woerner: You really stop by and say hi,

[00:57:03] Evan Francen: I don’t know if I’ll be far enough south. I’m going to be on the border of like Nebraska Nebraska and south Dakota.

[00:57:10] Ron Woerner: Yeah, probably two falls. Yes. But I’m also cyber triple a cyber dash. I want to calm. So it’s my website, it’s my little consultancy. Uh, just for organizations where I can help or if I, if you need me to help perform. Training linkedin is actually one of the best ways to get in contact with me. So Ron Warner like in Ron W 123 on twitter. I do have a ted talk. So if you go to ted and look up hackers wanted a dad here in ted X. Omaha november 2019 with like 7500 views. So find out my plan on how we build for more hackers.

[00:57:53] Evan Francen: Love it. Yeah. And really real quick www dot cyber dash a. Dot com. That’s Ron’s company. Uh He’s got he’s got my endorsement. So if that’s worth it squat I would go to Ron to get my security stuff done for sure.

[00:58:11] Brad Nigh: Yeah. So I do have one question for Ron because we talked about entertaining and teaching how in the world do you make teaching to security models for the C. I. S. Sp entertaining because I’ve gotten stuck with it the last two years and it is painful

[00:58:25] Evan Francen: impossible.

[00:58:27] Ron Woerner: I’d like to turn the tables and get the students to teach me as much as possible. So how and where do they use it using case studies telling stories. So the whole story around it by models. Which models are your like

[00:58:42] Brad Nigh: padua uh you know the things that nobody actually ever

[00:58:47] Ron Woerner: uses. So I do have numerous military students which where Mac is in place some mandatory access control so that’s I’ll use them to help getting students to help teach each other as opposed to something more discretionary, where we get to choose.

[00:59:06] Brad Nigh: Yeah, that’s a that’s part of the toughest class.

[00:59:10] Evan Francen: Well, let’s see what comes out in the new content. I think the new content is out. What a week from now?

[00:59:15] Brad Nigh: Uh yeah, I think that the book is going to be out of june though.

[00:59:19] Evan Francen: Yeah, but hopefully they dropped the some of those models because the theory is cool. But the it’s

[00:59:25] Ron Woerner: relevant, education is somewhat dated right? The same thing with, you know, firewalls, you know, do we really need to think about bastion hosts as much anymore? And the three diets or even dems is the idea of a DMZ a little bit outdated if we’re leveraging the cloud. Mm I don’t need my own dems at this point.

[00:59:45] Evan Francen: No. Very true. So you’re also speaking later this week, I think both you and I are speaking later this week, which I should get my slides finished. Oh, that’s cyber now. Well, you know, me man,

[00:59:57] Ron Woerner: you idiot like progress to me. Yes. Give you more time first. Full brain to think about what you want to say.

[01:00:06] Evan Francen: Yeah. And I would just work better under pressure. I don’t I stop overthinking because I’m under pressure to get it done.

[01:00:12] Ron Woerner: True. We’ll see how it works. So you’re talking about privacy, I believe. Yeah, if you’re from the UK or privacy, I’m getting talking about hacking your career. So building your career, Having done that. And then also talking about the nest, cyber security and risk management frameworks, which that one is a little bit more. Not as exciting, very relevant. So

[01:00:37] Evan Francen: I think it’s exciting. I will attend that one. I love learning from uh and that’s a that’s one of the things in our industry, right? Nobody knows. Uh huh. So if you are, if you fooled yourself into thinking that you’re the ultimate expert, we are full

[01:00:56] Ron Woerner: from each other mantra. I have, the more I learned, the more I’ve learned just how much more I have to learn. Mhm. Yeah, we’re all in this learning journey together, I worked for a CSO at a large brokerage Ron you should be learning from everyone. So the age. So yes, keep learning. That’s kind of my final thought for those who are watching more listening, keep learning. Don’t be afraid of learning make mistakes, learn from those mistakes grow from them. If we don’t make mistakes. But yes, and then reach out for help. We have a wonderful community. They’re all here to help each other all become stronger.

[01:01:38] Evan Francen: Yeah. And try and try not to repeat the same mistakes that we did as much as you can. Right? If we trust us, we’ve paid the dump tax on a lot of these things. Trying to save you from doing the same thing

[01:01:52] Brad Nigh: real quick. Even actually speaking of it next week with Ceo and data leader Global Son Summit for data heist protecting the crown jewels.

[01:02:02] Ron Woerner: Oh,

[01:02:03] Brad Nigh: I have not seen the material

[01:02:05] Evan Francen: yet. Isn’t that what you use a Yeah, an athletic protector for is to protect those crown jewels. Yeah.

[01:02:15] Ron Woerner: Do you use William Murray’s classic talk as a part of that busman’s holiday at the Tower of London?

[01:02:24] Brad Nigh: No, I don’t think I know that one.

[01:02:27] Ron Woerner: So William H. Murray is a luminary of cybersecurity helped start as he squared in 2000, maybe 2001. He had talked to west point because he, he equates cyber information security to protecting british crown jewels in the tower of London so I can share it with you. I’m not sure we have to look that up. Yeah. Or you can just look it up. It’s a classic talk again. Groundhog Day. We’re stuck in the same day. We keep saying the same thing over and over again. Please work us out of a job.

[01:03:00] Evan Francen: Yes. Yes. I guess I’ve got other things that I love doing what I do for a living. Bye. Yeah, I’d like to do something else. Maybe a little more. I don’t know, relaxing. Exactly. Uh, yeah. Okay, so in closing, Thank you to all our listeners huge. Thank you Ron for being here. I love talking to you. I love what you’re doing. Uh, and as a human being, man, I love you. Just being you. So it’s awesome

[01:03:34] Ron Woerner: to know you brad. Look forward to more fun conversations. Maybe someday we’ll actually get to meet face to face again.

[01:03:41] Evan Francen: I’d be nice breads, breads. You know the original reason we started the insecurity podcast was so I could spend an hour a week with bread And we did, we would just do this talk and some of those early podcast one. Oh, I don’t even know we were talking about, but we talked and I got to spend time with you. So it made our relationship I think stronger uh for our listeners. If there’s anything that you’d like to tell us, you’d like to interact with us, you can email us at un security at proton mail dot com. If you are the social type, you can socialize with us on twitter. I’m @EvanFrancen brad is @BradNigh. And one more time Ron

[01:04:21] Ron Woerner: Your Ron W123

[01:04:24] Evan Francen: Ron W 123. Uhh, Also, you know, look at Brown winners, W. E. R. N. E. R. You’ll find all kinds of good content and uh I think it would be really good for you. Other twitter handles that you can’t fall if you want to. The companies we work for on security. The podcast itself was on security, peace security, studio @StudioSecurity. We switched it up on, you trying to keep you on your toes. And FRSecure @FRSecure Ron – Do you have one for your company where you’d like people to find uh just like website?

[01:04:57] Ron Woerner: I do have a twitter that I’ll use making a cyber dash triple A. Okay. Yeah, cyber dash triple A triple A. Auto insurance. It’s

[01:05:09] Evan Francen: awesome. Love it. Love it. Right. That’s it. We’ll talk to you all next week.