Unsecurity Podcast

With the 2020 elections coming up quickly, it feels like the country is as divisive as it’s ever been. What implications might that have on the information security industry? Brad and Evan unpack this and the role of cybersecurity in world politics in this week’s episode of the UNSECURITY Podcast.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Evan Francen: Good morning everyone. Thanks for tuning in. The date is 15 September 2020 and this is episode 97 of the Unsecurity podcast. I’m your host, Evan Francen and back with me this week is my good friend Brad Nigh. Good morning Brad.

[00:00:35] Brad Nigh: Good morning Evan.

[00:00:38] Evan Francen: You’re back.

[00:00:40] Brad Nigh: Oh, so much better. Just yeah, just a little migraine last week it happened. Allergies triggers, so yeah.

[00:00:49] Evan Francen: And so uh, what’s going to say about that? Did you listen to last week’s podcast?

[00:00:56] Brad Nigh: You know, I didn’t, I’m gonna listen to it. Well, I have to mow the yard so I’ll listen to it while I’m in the yard.

[00:01:03] Evan Francen: There you go. Yeah, it was awkward man. It’s awkward because I think in 96 podcasts it’s the first one I’ve done, which is a miracle really when you think about it the first time I’ve done by myself. Uh, and then afterwards Ryan Cloutier was like, well dude, you could have called and I was like, well, a little late now. I mean pretty out there.

[00:01:26] Brad Nigh: Uh, you know,

[00:01:29] Evan Francen: yeah, I appreciate you covering the formal. Oh, you always man, you know that you do the same for me. Uh Alright, so regular listeners to our show. No, that brad and I normally start off catching up with each other. It’s sort of what we’re doing now. Uh Let’s talk about work stuff. You know what you’ve been working on. It’s been a while since you and I have talked. Yeah it’s the same company.

[00:01:53] Brad Nigh: I know but you know everybody being remote. You know you just don’t see each other as much. Uh I’ve been working on the Ir maturity assessment, it’s been pretty much my focus the last couple weeks.

[00:02:07] Evan Francen: Okay and how is that going? Uh

[00:02:09] Brad Nigh: I think it’s going really well because we have a meeting this afternoon, we’ll find out what you think. Yeah I mean

[00:02:16] Evan Francen: I’m invited to that meeting.

[00:02:17] Brad Nigh: Yeah. Yeah we’re just gonna go through that assessment. It’s like 300 30 ISH questions all around different uh maturity for companies. Okay. So yeah we’re doing the best to assessment

[00:02:36] Evan Francen: your second Oscar yesterday I think we were both in the sales meeting. I was explaining to the sales folks about cowbell uh cowbell cyber, that’s an integration with security studio and just a i stuff they’re doing with you know uh cyber insurance underwriting which is really cool. Uh Salespeople had caught wind of it and didn’t know really what it was. So I was in that meeting and that Oscar was also in that meeting talking about the I. R. Stuff so that’s cool.

[00:03:06] Brad Nigh: Yeah it could be uh it’s fun doing it. So yeah the next piece I think is I think the questions are pretty solid. It’s got a really good flow. There’s gonna obviously going to be some editing and you know, cleaning up is still a first draft, maybe second draft. But doing the math and figuring all that out is kind of the next step and that’ll be fun to do.

[00:03:32] Evan Francen: Oh man. Uh Yeah. So what man time is when you’re in this industry, I mean, you know it to uh we’re so busy all the time. It seems like you’re going on about 1000 different directions. Uh security shit show last week was the title was hands up, Give me all your money. We talked about ransomware and one of the things that was frustrating in that the train was, you know, we preach the same thing as we’ve been preaching. I mean, I’ve been in this for, You know, damn near 30 years. Yeah. And it’s not new packing up your data, protecting your backups is not new.

[00:04:16] Brad Nigh: Doing backups having logs like it’s Yeah. Oh

[00:04:23] Evan Francen: yeah. So it was a good conversation anyway with uh you know, chris Robertson, Ryan Cloutier. Uh All right. You know, you talk about it and then you wonder why why why why isn’t this stuff being done? Mhm. And something I could come up with was accountability. Nobody’s being held accountable. Like executive management isn’t holding it accountable if you have an I. T. Service provider or a backup provider, you’re not holding them accountable somewhere. There’s a breakdown and accountability and I understand that you can’t awesome. We prevent all bad things from happening. But you should be able to restore your data in 90 plus percent of the yeah. You know our currencies. Right?

[00:05:10] Brad Nigh: Absolutely. Yeah.

[00:05:13] Evan Francen: So I wrote about ransomware contract.

[00:05:16] Brad Nigh: Yeah. Looking at that. I like it.

[00:05:19] Evan Francen: Did you get that? I send it to you. Oh good. Good. I meant to and I was like, but like I said to get there’s so much like squirrel stuff. I’m like, man, I don’t know. I don’t even remember what I did. Yeah. So that’s a contract I think uh Simple, right? I mean there’s what 878 thing there that ask your I. T. Director or uh in outsource it provider to attest to these things and then I even included like an exception. So if you can’t attest to these seven things, just explain why do you can’t. Yeah. And then, so all executive management should just give that, hey, sign this contract. If there’s hesitation in signing the contract that should tell you something.

[00:06:09] Brad Nigh: Yeah. Or had even I. T. Shirt site due to executive management. There you go. If you’re doing it. If you’re doing it, why wouldn’t you want sign off from executives that hey, we’re, we’ve got your back basically.

[00:06:25] Evan Francen: Right. Yeah. So I came out of the security, you know, the security should show was creating a ransom or contract some way to enforce or at least solidify more of the accountability behind these things.

[00:06:40] Brad Nigh: Yeah.

[00:06:41] Evan Francen: So we’ll see how that flies. Uh Yesterday I also wrote, Yes, she was yesterday a new work from home security Policy, which I haven’t shared with you yet. Uh But it’s specific it’s sort of borrow some of the things from, you know, existing sort of teleworking remote access policies, but that makes it specific to at home, you know, what physical requirements are there, what technological requirements are there and what general sort of requirements are there?

[00:07:09] Brad Nigh: Well, that’ll probably go well with the uh we’re from home checklist we put out on the website for for covid 19.

[00:07:19] Evan Francen: Yeah, exactly. There’s even a couple of two I think statements there that if you’re using s to me and S two team, uh they fit perfectly there, you know what I mean? But you would remove those if you’re not using those those products. That was that, I mean, what else I’m working all crap discussion with CS last week? uh yeah, about integrating the top 20, a little Heitor with uh Phase three and 4 of the S. two or assessment, um And they’re actually volunteering to help, but that which is really kind of cool. Yeah,

[00:08:01] Brad Nigh: that’s really cool.

[00:08:03] Evan Francen: Yeah, they’re good neighbors, those C. I. S. People, so if you don’t always see eye s is if listeners don’t know what CIA is, Its Center for Internet security uh been around for a while. So you’ve been working on the incident response stuff. Have you had any incidents? You know that you had to work in the last couple of weeks?

[00:08:20] Brad Nigh: Uh thankfully not that I’ve had to work. Um We actually just had one coming yesterday though uh ransomware that there they were recovering from somewhere shocking. It was the uh oh she was it uh uh I can’t think of the name of it. Yeah blocked it. All right. Are a variation of lock bit?

[00:08:49] Evan Francen: Sounds another ransomware attack. It sounds like the I. R. Team has really sweet lab that they just finished building or rebuilding. I’ll be like yeah you know that my son is uh I haven’t heard from him. I called him yesterday. He’s in the middle. He was in the middle of his oh SCP. Uh so I called them. I’m like hey you know when you get it you know because you gotta take little breaks here and there when you’re doing that examined 24. And so uh You know he said he called me yesterday afternoon. He said yeah I got this 120 points and I got this one. So I think I’m in a good spot. And I said well you know it sounds like you’re really close to getting your points and getting this thing wrapped up. Then he said call me you know when you’re done right just even just a text or drop me a line. We didn’t call me needed text me. So I don’t know what that means. I hope I hope it’s okay.

[00:09:51] Brad Nigh: You haven’t heard anything about it so. Air boss.

[00:09:57] Evan Francen: It’s kind of cool when your own son is taking your idea. No no cp.

[00:10:02] Brad Nigh: Yeah those guys like tech services and I are they got the but Erica is uh is it re malware researcher and expert pin tester? G. X. He and I think

[00:10:20] Evan Francen: we should have those guys back on. Uh Because who is it that who was it that took two tests in the same weekend? Oh

[00:10:29] Brad Nigh: Kyle. Yeah Kyle took his he took the uh is it yet it was an incident one of the scenes uh different ones. And then he took the C. C. H. I. E. The certified incident handler.

[00:10:48] Evan Francen: Yeah.

[00:10:50] Brad Nigh: Advanced pin tester G. G. S. P. M. For eric.

[00:10:54] Evan Francen: Okay cannot pass Kyle passed both exams in the same weekend.

[00:11:01] Brad Nigh: Yeah I did the sands one on friday and then woke up saturday and did the. Uh

[00:11:06] Evan Francen: huh. I guess if you’re gonna do it get her down you know what I mean?

[00:11:10] Brad Nigh: You know if you think about it, it’s fresh in your mind you’ve been doing all that studying. Yeah similar to what I do with C. S. P. N. C. I. Uh am I did the C. S. P. M. Kind of september and then two months later to the CSM it’s all fractions just get it done. Makes sense.

[00:11:33] Evan Francen: Plus cows younger than us. True. I don’t have that kind of stamp anymore. I have enough stamina to get out of bed down the stairs and then I take a rest on the couch.

[00:11:47] Brad Nigh: Yeah. Yeah so he did the G. C. F. E. The certified forensic examiner.

[00:11:54] Evan Francen: Cool very cool. And then tomorrow I’ve got I’ve got a wiser webinar uh the title of the webinar is what do I do with nothing. Uh Yeah so that that’ll be an interesting webinars. Typical actually it’s robust on the panel. Mm The wiser is good man wiser Gabriel, the guy who uh you know founded visor and you know runs that organization is uh he knows what the hell he’s doing. He’s good businessman. Good security per uh so that’ll be fun. And then the indiana infra guard members alliance conference, the second annual education sector event. I’ll be speaking to that on on that on friday.

[00:12:44] Brad Nigh: Very cool. Yeah.

[00:12:45] Evan Francen: Ash figure out the topic. Hello I want to speak about like I sort of like the ones where I sort of like and then sort of don’t like the you know the conferences or really you speak out where they want to know like what’s your topic and I need a copy of your slides you know six months in advance right? You know I mean obviously I’m exaggerating but

[00:13:11] Brad Nigh: Usually like six weeks 4-6 weeks something like that.

[00:13:15] Evan Francen: Yeah and that’s you know being a squirrel guy. Being a D. H. D. Guy it’s like opportunity to my mind like 18 times between now at that time of the conference.

[00:13:26] Brad Nigh: Yeah. Well depending on how far out they wanted things change so fast that something you’re like oh this is a good idea. Three months later you’re like, well that’s completely different. Everything’s changed,

[00:13:41] Evan Francen: right? Yeah. And then you have those ones that don’t don’t ask you for a topic or it’s like do you trust me that much or is it that disorganized? But I think it’s I think it’s very well organized because it’s infra guard. So I think they just trust me. Lieutenant twisting. I don’t know if I’m the guy you want to trust.

[00:14:04] Brad Nigh: It’ll be entertaining either way.

[00:14:06] Evan Francen: There will be entertaining in the links to both of those things if you’re interested are you know, in the show notes. Uh any other things going on? How’s family? Good,

[00:14:18] Brad Nigh: good. Um So we’ll see how that how long that they’re able to stay in. Hopefully for a while. It’s good for the kids. Uh you know, get out of the house and see. Mhm. You know to friends and get some in person instruction

[00:14:37] Evan Francen: Sure. Absolutely. Uh One of things Ryan uh Ryan left for Chicago are not Chicago colorado. He went his are 78 RV. Have you seen a picture of that thing? No. All right. So he fixed up his, it was his father in law, his father in law passed away left them The 68 Chevy RV. So he spent most of the summer fixing that thing up and then took it on the inaugural trip with me last weekend. The weekend before last we went to Apple River and then he decided while he’s going to take this thing all the way to Colorado. We got from here to mason city Iowa and the transmission went out. Oh no. Yeah. So he stranded in uh, mr city Iowa right now I told him I’d come pick him up. It’s only like a couple hours away. Oh that’s actually, yeah, he’s gonna try to get it fixed up and continuous trip

[00:15:44] Brad Nigh: because he is uh, he brought his family with him.

[00:15:48] Evan Francen: Yeah, him and his wife, they’re empty nesters now. So him amy and their dog and they were heading out to Colorado. She’s never seen the mountains and uh, we’re going to find chris roberts because he lives out that way. And then yeah, he made it to mason city Iowa.

[00:16:07] Brad Nigh: That’s strange.

[00:16:10] Evan Francen: I know does think so, but I’ve been in contact with him. It sounds like he’s going to be all right. So you know we have the choice of kind of any top every week. You know, we can kind of choose what we want to talk about and you could go deep into any one of these things. We can talk about ransomware. We if if you want to ransom where we talked about that for two hours last thursday night on the security shit show. So I wasn’t really in the mood of going in deep about that kind of stuff. But I like some of the things on the podcast where we can kind of talk about things a little bit touchy. Uh huh. So I chose the topic, you know, why can’t we all just get along? And the point is, you know, so much of what we do in our industry. And information Security reflects life outside of our industry and vice versa. So, as I was thinking about, you know, also what our next series should be, because I think it’s, you know, I like series because it keeps us kind of focused on the topic for a while. Uh we’re in the middle of an election cycle right now in the mud slinging is full gear. Uh I can’t remember a time, certainly since I’ve been alive. And maybe, you know, maybe if you talk to talk to some Alzheimer’s they’ll tell you if times when the country was this divided, but the country is so divided to me. Uhh So I figured we talk about it and we talk about how this divisive nests in our country spills over in the information security. And, you know, there’s some of our experiences in dealing with that stuff. Does that sound good?

[00:17:48] Brad Nigh: Yeah, let’s do it

[00:17:51] Evan Francen: all right. And I think what we could lead into potentially is a series next week, you know, or whatever it is. Let’s talk about politics. Information security. Next talking about politics myself included. But you can’t run for that.

[00:18:06] Brad Nigh: Yeah, there’s lots of stories around, you know, hacking and attempts for influencing and stuff like that. So I think that there is relevance there. Yeah.

[00:18:18] Evan Francen: Well it seems like so many people, you know, like when you look online, we talked to somebody in person, they talked and then you see some of the things that people write online, if you ever bring opinion online, there’s no like civil discourse. It’s like, it seems like before so quick to attack each other. Hmm.

[00:18:40] Brad Nigh: Uh, you know that anonymity you should, if you like get away with more

[00:18:47] Evan Francen: yeah, intimidation and the bullying that you see online. It’s really, you know, frustrating. You know, there are certain things that I won’t share online because uh, one my, my profile is fairly public, right? I use my name for, you know, on twitter, yeah, don’t, you know, try to hide behind something. So I don’t want to say something to controversial and especially nowadays have a bunch of people show up at my doorstep with pitchforks and you know, shotguns. Yeah, because that’s the kind of world we live in right now, you know, my neighbor across the street has a bite and Harrison witness yet guard, you know, and uh, I’m not giving, going to share so much with my political, you know who I’m gonna vote for or anything, but that’s dangerous to put trump sign or a biden hair a sign in your front yard nowadays, which it’s sad. It is sad. Everybody should be entitled to their opinion and we should have good discussions about the difference of opinions. You know what I mean?

[00:20:04] Brad Nigh: Yeah. Yeah. It’s a yeah, you were talking about the divisiveness and everything and I think part of it too is and this goes for, You know, information security, all that is the 24/7 news cycle where you have to have something feeling all this time. So things that maybe weren’t amplified are now amplified.

[00:20:32] Evan Francen: Mhm. Yeah. Well there’s that and uh there’s just such a polarization and I think it’s I don’t know if it’s on this or what I mean, I can’t get my head around it, but it’s so hard to get non biased information anywhere. Yeah. You know, I mean you really have to start digging. And that was one of the things I’ve written a post last week about the difference between facts and opinions. You know, and I like to make decisions based on facts. Yeah. They’re not hard. They’re not easy to come by right opinions were much easier. Oh yeah. Mhm. Mhm. You know, you read the news and it’s like and then if you do, if you have a difference of opinion, you really do risk getting attacked, not just virtually online, but you can’t risk getting attacked physically.

[00:21:28] Brad Nigh: Yeah. Yeah. You see the all the reports of death threats for um you know, that health officials because of the reporting on Covid and that, I just don’t understand, right? But that’s a security significant security is right. Yeah.

[00:21:48] Evan Francen: Oh, yeah, absolutely. And so have the supplies, you know, at at work. What if you have people, because everybody’s got opinions, whether you wanna believe, you know, whether they share them or or whatever, everybody’s got an opinion. And so what if people at work? Well now we’re all remote fish, but let’s say that, you know, people start coming back to the office and uh and you’re a trump supporter or whatever trump or biden, let’s say you’re a trump supporter for in this instance and uh and so they post things about, you know, supporting trump online. I read yesterday that somebody that I follow on twitter or no followed somebody retweeted it somewhere. Uhh they got fired because there are trump supporter and they weren’t wearing like wearing trump clothing or Maga mega had or whatever they were uh somehow the bit the company had found out through their social media posts and Mhm. Well,

[00:22:55] Brad Nigh: I mean, we’ve seen that not around politics that with and I was going to bring that up. So I’m glad you did, but where people are posting things online that are inappropriate, but they’re, you know, on facebook and it shows where they work we’ve had that happen and we found it and told companies and they let people go based on, you know, completely inappropriate posts. So, you know, this is something that isn’t new to necessarily, you know, politics, but it’s again, I think it’s being amplified more now due to the divisiveness.

[00:23:32] Evan Francen: Well, and that’s an inappropriate post, right? It’s not inappropriate to share your opinion and social media. It’s not inappropriate to share that you support biden for this reason, that reason or whatever. That’s not inappropriate. Yeah, Yeah, fired for him.

[00:23:50] Brad Nigh: You know, it’s tough to to say, but I guess that’s

[00:23:54] Evan Francen: the, well, let’s say even you didn’t you didn’t get fired for it. Uh, let’s say that you’re a biden supporter and the executives in your company, you know, because you cultures is a very conservative culture, right? You’re ceo is one of the people that was out, you know, on the trump rally in the boat and all that other stuff. I mean, truly a trump supporter and they find out that you’re a biden supporter. I can’t imagine that there would be some sort of backlash whether it’s a, you know, firing or, and it goes both ways, right? Yeah, totally goes both.

[00:24:33] Brad Nigh: Well, you know, and that’s, you know, it’s tough because, you know, this is the kind of the issue with the at will employment right there. You can be fired for any reason for just because, right. Right? So it goes back to that divisiveness of yeah, okay, technically that’s completely legal to do, Is it the right thing to do? Probably not,

[00:24:59] Evan Francen: you know, but if it’s social media, what’s the purpose of social media, isn’t it to share opinions?

[00:25:06] Brad Nigh: But if you’re, if you’re reflecting or if you’re now, if the owners of the company or whatever say that that’s a negative to the company, it’s within their rights to do that. I’m not saying I agree with it at all. I’m just saying that it is, there’s nothing.

[00:25:24] Evan Francen: Well then where does personal life and work life? Is there not? There’s no, it’s like there’s no,

[00:25:32] Brad Nigh: this is why it gets so blurred, right? Because right. If you’re posting and are associated with a company, it, it will get back and reflect on that company. So it’s,

[00:25:48] Evan Francen: well, this is where the crap is in my opinion because to me it’s like, you know, I agree what you’re saying is true. Uh, it’s just another form of intimidation. Another form of bullying where if you share your thoughts and opinions and I disagree with that, I’m going to retaliate against you.

[00:26:08] Brad Nigh: Yeah. Yeah. Again, I’m not saying I agree with it in any way. Like either

[00:26:13] Evan Francen: way. No, I me neither. Me neither. But

[00:26:16] Brad Nigh: it’s unfortunately what’s going on right now? It sucks.

[00:26:21] Evan Francen: Well, it does because, you know, I have friends, uh, I have friends on both sides, right? Of our political spectrum. I mean we’re talking politics right now because you know, that is front center, but you can take any one of the, you know the issues that we face today and try to talk about it objectively with people and it quickly goes, I mean it can, you know, quickly go sideways, people either change the subject, you know, and I’ve said this before that when they can’t defend their position, they either change the subject or they attack your

[00:26:59] Brad Nigh: character.

[00:27:02] Evan Francen: Mhm. Which is a really crappy place for us to be in. Especially when most of the people who do this are the people that were preaching tolerance, you know, just a year ago or a few years ago. Yeah, usually the people usually the people are, you know, accusing others of being intolerant are the most intolerant people there are, you know what I mean? It’s just it’s crazy because I’ve seen the politicizing of of I’ve seen this happen in, you know because I’m fairly active on twitter, I’m not super active, I don’t have like 20 million followers or anything, but uh it seems like most of the information security people that I follow on twitter are more liberal, I’m sure there’s you know, I’m sure there’s others, maybe these are, there’s the ones that I found is that I happened to find interesting or whatever and then they also at least on twitter, you know, are pretty damn judgmental uh huh,

[00:28:13] Brad Nigh: you know, kind of Yeah, I see that where they, you jump all over somebody for how they said something

[00:28:24] Evan Francen: right? Which is really frustrating because what happens if I’m not that way. Yeah. You know, let’s say that uh let’s say that I’m not liberal, right? Let’s say I’m conservative. I grew up in a christian home, have christian values. Uh I don’t hurt anybody, I respect people, but I just hold on to these conservative values and then uh maybe I’m newer to this industry, I’m not as well established and maybe I’m researching this industry and I start following, you know, some of the influential people on twitter. Yes, and find out that they’re all not only I mean it’s okay to have a different opinion, it’s okay to not be like me that way. But what it’s not ok is to attack other people because they’re like you

[00:29:12] Brad Nigh: Yeah, I would have figured that.

[00:29:16] Evan Francen: And it’s really it really is frustrating. I’ve seen it happen. I see it happen continually. I mean, I could find some examples, you know this morning of where this plays out. But there’s also been times where I’ve seen, I don’t know if you felt this before, but where I’ve seen people say something but they have some people say things that are that are just not true, whether it be, you know, whether it be about information security, whether it be about something else and I want to say something to set the record straight, but I don’t often because I don’t want to I don’t want to deal with all the bs that comes with it

[00:30:00] Brad Nigh: very much. Uh so I get that

[00:30:05] Evan Francen: you feel that you feel that too sometimes. Oh

[00:30:07] Brad Nigh: yeah, yeah. You know, and you just see somebody posts something about, you know, security or you know, I. T. Type things and you’re like, I just completely inaccurate, you know, but it’s just not worth, It’s, you know, that fight or the blowback that is inevitable when you say something and tell someone, hey, I don’t agree with that. Yeah.

[00:30:36] Evan Francen: Right. Well this morning, you know, I reluctantly sort of posted this article, uh, the article is um titled Covid is not as deadly as we originally thought ranks at the bottom of the most deadly pandemics in history that’s there, that’s the title of the article. And so what I put why the reason why I posted is I just asked thoughts, you know, thoughts on this girl. And because I’m interested to see what people think about a differing opinion of what you’ve seen. Yeah. You know, you know, in the media it’s been that hasn’t been the narrative and I don’t and I’m not taking sides. I just asked for thought because this is a differing opinion. I think we need to entertain differing opinions. Yeah. Yeah. It just seems like that’s how we solve a lot of our problems is thinking outside the box. Yeah,

[00:31:34] Brad Nigh: Yeah. I mean, yeah, yeah. I don’t know where to. I’m with you, it’s just it’s just so frustrating that you know, you know people that like I personally I like constructive criticism, right? Like if I had we’re going to do it with this higher maturity and I told we went through it with the team and I told him I was like, hey this is don’t hesitate to give me suggestions or ask questions or cutting challenge on it. I want to hear it. That’s how we’re gonna get better, you know? But the problem is so much online is not constructive. It’s just criticism. Yeah. You know, and it’s just if he does it gets frustrating and cut it all up. I’m not going to engage.

[00:32:28] Evan Francen: Yeah. Well not only is it Yeah, I mean it’s frustrating and I disagree with you, but if we don’t entertain other opinions and other ideas, then how do we get creative solutions to difficult problems? Mhm. Me take like uh take another thing, you know? And in outside of an external influence really take uh like Black Lives Matter for instance. Super touchy subject. Huh? Uhh But I mean anybody who doesn’t agree with those three words not saying that you agree with the movement, that’s different is that there are different things, right? Everyone agrees that Black lives matter. Everybody should agree that Black lives matter. So then what are some constructive solutions to address the issues. Yes. Yeah with different people of different walks of life, you know, it’s that’s the frustrating part is you know, it’s such a touchy subject that most people aren’t even willing to have that discussion I’m attacking.

[00:33:41] Brad Nigh: Yeah, as soon as you say it, people take sides and again and it’s unfortunate because you’re right, everyone should agree, right?

[00:33:55] Evan Francen: Well inside, you know, inside our our industry, you know, certainly we all political views, not all, but many of us have a political bend one way or another or another. Uh I don’t agree with lots of people. Don’t even I mean I live with this wife of mine, we know each other like really well and to this day we still don’t ingredients Yeah. So teams that are really good. I’m not gonna agree with you and stuff, you know what I mean?

[00:34:28] Brad Nigh: Absolutely. Well, and like you said, I don’t want to be surrounded by, it’s you know that echo chamber, I don’t want to be surrounded by only the exact same things that I believe. I’m never going to grow as a person if all I hear is Reinforcement of of one Viewpoint.

[00:34:47] Evan Francen: But do you feel like so money people in society do want that. I just want you to be an echo chamber.

[00:34:56] Brad Nigh: Yeah, I think I would agree. Yeah. Mhm.

[00:35:00] Evan Francen: A typical what they your ability to think I want to take away your ability to disagree and you better agree with me, otherwise I’m gonna attack the crap out of you, I’m gonna burn your hand. I’m gonna whatever death threats, I don’t care.

[00:35:14] Brad Nigh: Yeah. You know, I think, well, it’s it’s more, I guess, reinforcement of your own police and attacking anyone who doesn’t agree with you. Yeah. And it happens. I mean, take a subject, it doesn’t matter. You see it out.

[00:35:34] Evan Francen: Yeah. Yeah. And, and uh, well, I mean that’s that’s the world, right? And within our industry, it’s, I don’t see much of a difference. You know? Honestly, I think we have a common thread that sort of holds us together in terms of like, we’re information security practitioners. So we have that level of respect with each other, you know, much like, uh, you know, plumbers, you know, they have respect for other plumbers, but they may have a bunch of different against, in our industry, uh, there’s so much opportunity, I think, to be more of a shining light to be more inclusive to. And it’s funny that people have said that they are inclusive too often are so exclusive. It’s nuts. Uh, but I don’t know how to fix it. I don’t know how to necessarily call people out without getting attacked myself and then having to fight that battle as well as trying to fight the other battles that are going on, you know, with life for work. Yeah,

[00:36:44] Brad Nigh: it’s tough to do a public forum to because if you, if you disagree, you know, all the people that agree with that person, attack you, it’s not just that person,

[00:36:58] Evan Francen: right? Well, personally, I like, you know, like I said, I wrote that stuff, you know, facts and opinions last week and you know, I prefer, but it’s interesting to how many people you can confront with hard facts. This is factual information and they don’t believe you. Oh yeah, they stick so hard to their ideology. Mhm. Uh So divisiveness within our industry, certainly within the people, you know, and I’m not saying it’s all over the place either red. I don’t want to paint this super grim picture and say yeah, we’re all just a bunch of jerks who can’t get along, you know? But there are many who don’t and they’re not entertaining and I just I’m sort of reaching out to those people who feel like they can’t say what’s really on their mind because they’re afraid they’re going to get attacked by others in our industry.

[00:37:57] Brad Nigh: Yeah.

[00:37:58] Evan Francen: That, you know, I I don’t have an easy solution for you. I can empathize, I can sympathize Because I feel the same way and I’ve been in this industry for 30 years and I typically don’t rap behind what people think about me other than the people that I care about, right? But like you said to, right, you’ve got a company directory, right? What I say online, you know, is a reflection of, you know fr secure security studio meant that yeah, you have to think about those other things too. So I don’t know, uh the divisiveness certainly hurts their I think it stifles innovation and DEA sharing, uh, I think divisiveness also, uh, these teams much less effective, much less cohesive. Um, it makes us appear, I think to outsiders, you know, when we’re working with the business, for instance, makes us appear to be, uh, as an industry anyway, do not have our are crap together.

[00:39:10] Brad Nigh: Yeah, I can see that

[00:39:12] Evan Francen: because you’ll hear one thing from me there. Another thing from somebody else. And then how often have you seen companies comp competitors within our industry, put down other competitors? Oh yeah,

[00:39:26] Brad Nigh: yeah, that happens all the time.

[00:39:30] Evan Francen: And that’s just so dumb, right? You should be able to stand on your own merit and let me show you why I’m better than the competition. Not, let me show you why they’re worse than me. It’s different.

[00:39:46] Brad Nigh: Yeah. Yeah, that’s a huge difference in, you know, one of the things we do is exactly, is to not compare ourselves to others, is to, hey, here’s how we do it. Here’s what we do it. Here’s why we’re good and you, you make that decision. But so often it’s that checklist of, hey, look, we’re doing all these things that these other guys aren’t right? And, and kind of say, oh, well we do these better than these people, right?

[00:40:17] Evan Francen: Right. Shit. You know, competition I mean, should never do it. Even if even if your competition is really, really terrible because I can tell you, I’ve seen some really terrible things in our industry from competition. But you can’t, I can’t you can’t address it like that, you know what I mean? It’s just, it’s a poor reflection on you. And if your competitor really is that bad, they’ll be out of business soon enough anyway, you know? Right. Yeah. So, uh, I think the way we’re did and you know, this divisiveness in information security is uh, attacking others with different opinions that, that we’re not immune to that in our industry. Like the rest of the world isn’t, I think there’s also still that intimidation factor where, um, if you ask a question, there might not be viewed as being were the, I’ve seen that happens a lot less. So credit to our industry. I see a lot more helpful people willing to reach out and coach than ever. So that’s really cool. Yeah. It’s still putting down others.

[00:41:41] Brad Nigh: Yeah, but that’s the right way to approach it. Is is coaching and education and helping, right? That’s how we’re gonna fit start to fix things and not just arguing with people.

[00:41:56] Evan Francen: Right. Right. Absolutely. Uh, and so I guess the fix, I don’t think there is a quick fix for the stuff, you know, you sort of have to work with what you can control. I think. So I will choose to be more positive influence. I’ll choose to be personally more inclusive, meaning I’ll listen to other people’s opinions and I will cattle, I’ll try it all costs to not people down because they don’t agree with me. I think we should all learn from that. It makes your job a hell of a lot easier to, people will start listening to you.

[00:42:39] Brad Nigh: It’s a lot easier to get respect when you actually respect others and you show that and you know, you show that you’re willing to help and you know, not a little somebody for them asking a question,

[00:42:52] Evan Francen: right? And you may not care about this. You know, it’s, you know, there’s some hecker type r, you know, the more technical services type, not at our company, but where kind of a lone ranger anyway, so I don’t really care. She don’t like what I say, screw you eventually. They will come back to haunt you eventually. You’ll come back in need, you’ll need an opinion from somebody or you’ll need something from somebody because none of us are isolated to that extent. It will come to you or maybe you’ll decide that someday you actually do want to start your own business or someday you do want to be in management. Well, she’s, you know, that’s gonna hurt you. Right,

[00:43:45] Brad Nigh: yep.

[00:43:47] Evan Francen: So I don’t know this is, this was always on my mind. So I just want to talk about this. I think where I’d like to go with it. Uh, I’m thinking about a serious title of politics and and and information security. What do you think about that?

[00:44:02] Brad Nigh: That would be I think it would be a good discussion, but you know, it does it’s gonna absolutely kind of expose us to the attacks on either side. But I think if we do it, like you said in a respectful manner, and you know, it will tell me what you got to start the discussion.

[00:44:29] Evan Francen: Well, yeah, well, and it’s uh I don’t like I don’t want to back away from topics because they’re difficult and I do want to be respectful, you know, there’s I would say most people don’t agree with me and a lot of things, you know, but let’s talk about it, you know, let’s uh um so I’m thinking of, you know, if we got people from both sides of the aisle, you know, and now, you know, be a short between now and may be the end of the election or something, um to have them share their opinions. And I think what we can do is even set an example about how people can share their opinions without being attacked with feeling comfortable. Yeah, no,

[00:45:13] Brad Nigh: it’s an opportunity to really do this and a good, you know, setting that standard right in a respectful,

[00:45:26] Evan Francen: right safe,

[00:45:27] Brad Nigh: I guess. I don’t know what the right word is, but yeah, we’re gonna yeah,

[00:45:34] Evan Francen: well, and I don’t want to, you know, I don’t want to sit here and preach inclusiveness, you know, you know, the people’s opinions and because it really does help you out in your job in information security. You do need other people, you do need to interact with other people. You do need to interface with. There’s a lot of times you have difficult challenges that you need to solve and you’re going to need other people to help you solve those problems. So if you don’t to just sit about it and you know, you and I know each other right? So you know how I operate and I know how you operate, listeners may or may not know, but it’s easy for people to say things and not do things. And so I think taking it to the next level where let’s actually take four weeks and do what we’re saying and show because I think it’ll come natural to us. I don’t, I don’t like it beating people up usually.

[00:46:30] Brad Nigh: No, Well, but if you think about it just from an information security perspective, you know, how many times have you had to go to an executive who didn’t agree with you and try to convince them of, hey, this is the, this is the right thing to do or give them, you know, unpleasant news in a way that they’re not going to attack you. It’s a really big skill to be able to go and you know, like you said, you’ve got to work with all the different business units. They’re not going to have the same priorities. You do it from a security perspective and working with them and helping them learn and how to communicate with them. So, you know, it’s it’s something that is really important to be able to do.

[00:47:14] Evan Francen: Yeah, I agree completely. And who knows? It might even save your job, you know, so trump supporter who’s Yeah, already get fired. Maybe, you know, it would help you to say things online that maybe would show more respect and keep, you know, I don’t know the details of trump supporter or a biden supporters. I’m sure it happens on both sides. But you know, if you send a sample of respect, uh, you know, that reflects hopefully well on the company and um, you know, maybe you’re maybe it will save your job, who knows?

[00:47:54] Brad Nigh: All right. But it will definitely be an interesting series.

[00:48:00] Evan Francen: Yeah, I think the timing is right, right. I mean, I mean what kinds of things we can talk about? I think maybe our first guest I’ll have is Jim nash. Jim nash is pretty conservative. He’s in information security, be interesting to hear his take on things after remind him that he’s on a podcast. This is being recorded and we are sharing it. You know, some of the things Yeah, you may want to say you probably don’t maybe you don’t want to. I don’t know. I think he’s he’s up for reelection and he’s very well known and loved in by his constituency some where he’ll get re elected and he does represent the constituency. Well, so, but he’s got his opinions. So be maybe a good talk with him.

[00:49:03] Brad Nigh: Yeah.

[00:49:05] Evan Francen: All right. Let’s get on with some news, some newsy stuff. Uh, stay tuned for the ticks in information security. That might be cool. And I really want to reach out to people that I know are really far away from my beliefs. You know what I mean? Like, like I’m pretty conservative. I mean, truly I am. Uh, so get somebody who’s like so far on the other side of the spectrum and just have a discussion, remind them of the rules that we need to play by these rules. And we also ask, you know, you as our guests to play by these rules, meaning respect at all times. No attacking somebody’s character on if they do drop them off the podcast midstream, that might be interesting

[00:49:53] Brad Nigh: to yeah. See what happens.

[00:49:58] Evan Francen: It’s not only is it okay not only is it important for you to show respect, but it’s also okay to demand respect to walk a well if you’re not getting the respect that you deserve and we all deserve it. So All right. I’m preaching to the choir. Uh, for news articles, we can talk about these fairly quickly. The first one I’ve got is from the state of security. So this is actually, you know, sponsored by a trip wire. But the blog is uh, the title is Cryptocurrency exchange better base. Eat your base, depending on how you want to say it Was hacked $55.4 million dollars worth of funds are stolen, were stolen? $5.4 million, I mean. Yeah, it’s bad, but super bad. It could be worse.

[00:50:57] Brad Nigh: Yeah. Well, you know how many people lost money on that? Not just the out of business. True.

[00:51:07] Evan Francen: Mhm. Yeah. So people don’t know who at our base is. It’s uh they’re a european exchange. So cyber currency exchange. Uh This happened, when was it last week? Believe it was fairly recent? They posted a message on telegram. Uhh six hot wallets were standard. Uhh for their Cryptocurrency Making a total of about $5.4 million dollars stolen. They put uh in response. Everybody’s put their exchange into maintenance mode. Uh huh reported the attack to law enforcement. Now there’s Slovakian I think at her base. So what law enforcement capabilities are? Yeah, there. Uh

[00:52:05] Brad Nigh: huh. Yeah, that would be just kind of unregulated currency exchange stuff.

[00:52:16] Evan Francen: And they tracked the track the movement of the stolen funds and their traditional books pages, including finance hit btc and who be Yeah. So it is possible to get this money back to because uh those exchanges could freeze the funds and make it impossible for the for the bad guys to get their money out, right? Yeah. Like, am I am I having audio problems? Can you hear me Okay?

[00:52:57] Brad Nigh: I can hear you now. It kind of keeps freezing a little bit but

[00:53:01] Evan Francen: yes, Well it’s technology in the year 2020? It’s hard. Maybe I’m getting indeed asked May said something to you, I said something that offended somebody. Uh These were hot wallets by the way, the difference in the hot wallet in the cold wallet is hot wallets are connected to the internet so they’re connected to the exchange and they have this kind of ongoing communication. Cold wallets don’t have that. Yeah. Uh The second article have is from G. B. Hackers on security. World’s largest data center provider hit by networker made somewhere. Yeah. Not there’s an X. New The detective attack at 12:45 AM Eastern time on Thursday last week.

[00:53:53] Brad Nigh: They’re I mean they’re huge.

[00:53:56] Evan Francen: They are huge man. 205 data centers and factories on five continents.

[00:54:03] Brad Nigh: Yeah. And you know, reading that article kind of buried it at the very bottom but they got You know, 74 RDP servers uh for Equinox that are on the internet and that there log in credentials are being sold by the hackers.

[00:54:23] Evan Francen: It’s just so like so here’s the thing, I doubt it wouldn’t be surprised. Equinix didn’t even know 50 74 remote rdP servers for there. I wouldn’t be surprised. Mm and you know, and you can’t possibly protect the things you don’t know I have. So then. Okay, how could you not know? Right, let’s assume you did. No. Well then why would you leave them exposed security is only a user name and password? Yeah. Mhm.

[00:55:02] Brad Nigh: Right. Yeah. Yeah that’s going to be uh that’s not good.

[00:55:11] Evan Francen: Yeah, It’s crazy. And according to the article, Equinox has given $750 million dollars as a ransom to the threat actors.

[00:55:20] Brad Nigh: Which, well, I was a little bit confused by that because

[00:55:24] Evan Francen: I am too,

[00:55:26] Brad Nigh: they’re saying that uh Current ransom is 4.5 million.

[00:55:34] Evan Francen: We have 455 Bitcoin

[00:55:37] Brad Nigh: Uh as as ransom to the threats they can obtain 13 Canadian data centers from Bell Canada. I don’t yeah, I don’t understand what that’s

[00:55:47] Evan Francen: Yeah, I don’t either. They would need to do a little more research on that. But I’d be curious because I I don’t do any business with Equinox and I don’t know of any of our customers, not necessarily who do. There’s nobody’s reached out to me. So I don’t know the true impact. I don’t know if the impact is ongoing. You know, I think I would need to do a little more research, but it’s interesting that nobody really is immune. And the fact that again you have 214 are 74, sorry. RDP servers just dangling on the wind. Mhm. Bad things are gonna happen when you do that, yep. Uh The next thing uh from e hacking news Microsoft confirms cyber attacks on biden and trump campaigns. Okay.

[00:56:37] Brad Nigh: Yeah, I mean these are Biggs big well known Hacking you know groups, you know fancy there charming kitten. It’s cool which kind of is um using the name of them but you know these are well known. Most likely state sponsored.

[00:57:05] Evan Francen: Yeah chinese Iranian and Russian at least. And if you think about it you know the chinese don’t like I think I don’t think I think the chinese definitely don’t like trump. I think the Iranians definitely don’t like trump and Russia and the Russians. I don’t think they like anybody. So yeah you know if I were to guess I guess most of the chinese attack tax were probably aimed at trump. And mostly Iranian attacks were probably also aimed at trump. It’s the residents attacks were just aimed at whoever was in their way.

[00:57:45] Brad Nigh: Yeah that would be interesting to see what the breakdown is. That um what was interesting? Where is it uh they take did thousands of attacks by the group between March and september And hackers. It’s accessing almost 150 accounts.

[00:58:05] Evan Francen: Not surprising at all. That’s not

[00:58:09] Brad Nigh: Yeah

[00:58:11] Evan Francen: so I’m surprised it’s only 150 accounts. What’s that? I’m surprised it’s only 150 accounts.

[00:58:20] Brad Nigh: True. I’d like to see more data behind that. Like that would be interesting to dig into and be able to say.

[00:58:32] Evan Francen: Yeah it would be well you just know like politically though where alignments are for the state sponsored attacks right? It would be surprising to me to find a majority of the state sponsored chinese attacks for instance being targeted at biden. Okay. Yeah because it just doesn’t fit the narrative. At least the one that I’ve, the narrative I’ve done following is they would go after trump.

[00:58:57] Brad Nigh: Yeah, I have no idea.

[00:59:00] Evan Francen: Yeah. Well the last one I’ve got a quick news is just because I think it’s interesting every time you see another elasticsearch server, that’s just another floating in the kind of thing that this this is from hr heck this from hack read database mess up leaks. 800 into giggles of e commerce and dating sites, data. Mhm. 70 websites failing to. Yeah 70 websites that affect 70 websites

[00:59:34] Brad Nigh: Have 370 million records,

[00:59:39] Evan Francen: yep. And that doesn’t even faze people anymore. Mhm. You know I mean do you remember it wasn’t that long ago when 370 million records would make, you know, headline news? No.

[00:59:54] Brad Nigh: Yeah, I mean and this one is like actual conversations with yes uh you know P. Ii. And it you know, full name. Yeah. Musicians. Whoa. Yes.

[01:00:10] Evan Francen: Yeah, I think it’s interesting, you know. Yeah, I picked that one because one it is very big and you won’t probably won’t hear about it much anywhere else. And again it was another lesage server. Yeah. All right, that’s about it. Episode 97 is almost a rap Brad and he shout outs this week

[01:00:29] Brad Nigh: uh I’ll get a shout out to uh Kyle for the Uh as in those two exams. Uh Oscar at his uh g cfe and eric with his hands you know just those guys are killing it and it’s just awesome to see.

[01:00:53] Evan Francen: Yeah I’ll echo that. Uh those would be my shoutouts to just the whole the whole fr secure text service system just really kicking ass you know. Very very proud of those guys.

[01:01:05] Brad Nigh: It’s funny you talk about that you know they get the certifications and kind of the glory for some of that but you know there’s not that stuff on the consulting side you know I had the same kind of thing right? It’s kind of interesting. I just thought of that because yeah they’re just killing it as well. The whole team.

[01:01:26] Evan Francen: That’s that is true. Absolutely. We should uh yeah jewish found out to our consulting services because they’re kind of the unsung heroes right? They’re the ones not doing a lot of work. It’s kind of the government

[01:01:44] Brad Nigh: and the policies and the plans and the coaching and all that that kind of goes behind the scenes. It’s easy to read. True. Let that slide. But shout out to the guys that did get their certifications. I know they I think he got his G C. F. E. Oscar you know those are legit very difficult you know exams so shut up to them for all the work they put in to get those

[01:02:13] Evan Francen: awesome alright uhh nice to have you back brad. It’s easier to podcast with you.

[01:02:21] Brad Nigh: I prefer to be here then dealing with the migraine.

[01:02:25] Evan Francen: Sure. Alright. We’re grateful to our listeners and we do love hearing from you, send us messages by email at unsecurity@protonmail.com. Or check us out on twitter. It’s @UnsecurityP If you want to socialize with me or brad directly, we dare you not. Really. I’m @EvanFrancen and brad’s @BradNigh. Uh the people who work for, if you want to know about kind of the cool things that are happening, there are security studios @StudioSecurity and FRSecure is @FRSecure. All right. Talk to you next week.