Unsecurity Podcast

Brad and Evan pick up where they left off with The Social Dilemma summary. The documentary outlines the problems with the way society is moving and how social media and big tech companies are aiding in that. With security and online privacy and tech going hand-in-hand, this is an important topic to discuss.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Brad Nigh: Welcome back. This is episode 100 of the Unsecurity podcast. I’m your host this week right now. Today is October seven and joining me this morning as always is Evan Francen morning Evan.

[00:00:35] Evan Francen: Good morning.

[00:00:39] Brad Nigh: No, last week. Uh, just last week has been a little bit crazy for both of us. So we’re not doing this video today.

[00:00:49] Evan Francen: No, we look like crap.

[00:00:52] Brad Nigh: It’s been a long week. Just yeah, no,

[00:00:58] Evan Francen: it has been so just so just so people know like sometimes people come off like they have like everything, you know, everything’s under control. Life is good. No, it’s not always he’s right. I mean, there’s times when it’s just like, man, this, this, this day, this week, maybe this month, maybe this year, you know, sucks. And uh, and that’s okay. We’re gonna get through it. You know, it was one of those most weeks for me.

[00:01:31] Brad Nigh: Yeah, I’m with you. Uh, you know, we always do a, you know what, your mental health number on that 1 to 10 scale And you know, just so with some stuff that had happened over the last couple of days yesterday. Honestly, I was like 34 mate, probably fight by the end of the day. Just just one of those days, like where like you said, all right, I got everything under control of everything. Holy crap.

[00:01:58] Evan Francen: Just blindside. Right. Yeah. Right. And you and I, you know, we talk obviously off off and also, and you know, I know you’re doing a lot of crap and uh I woke up this morning, it was july when uh we had to let one of our dogs go. Uh he was just a, an awesome, awesome dog. I mean it was people is probably the worst day of my life, I mean, and I’m not exaggerating, I’m not one to exaggerate on stuff like that, but it was terrible. And then, uh, yesterday, uh, maisie, their oldest dog, we have three, our oldest dog, She herself has been deteriorating in 2:30. Good morning. Uh, you know, she woke me up and she was in pain and you could just tell like, son of a gun, this is uh, this is going to happen again. So yeah, yeah, yesterday afternoon we had to put down, uh she was the queen of the dogs. You know, she was just such a, she’s a full bird, maltese and just a, an amazing, amazing friend and to let her go yesterday. So yeah, you know, I have a kind of a big dude and I come off like I’m tough and all that. But man, I’m bawling like, yeah,

[00:03:25] Brad Nigh: you’re losing a member of your family, you know, especially she was pretty old too, right? Yeah,

[00:03:32] Evan Francen: sort of, I mean, she was 14 15 for, for a dog, Yeah, for £4 dog lets you know, I think they, there was a chart at the, at the Uh, that, that, uh, I guess about 73, in human years maybe.

[00:03:52] Brad Nigh: Yeah, never fun though. You know, you had that. I was, you know, feeling good that the weather has been just amazing being able to get outside. And then, you know, monday night I got some really bad news from a member of the family, not my immediate family here, but you know, just bad medical news, not covid related directly. But you know, Jeff was just completely blindsided me. And yeah, it was, it was not a good couple of days.

[00:04:27] Evan Francen: No, no, I’d rather rather get punched in the nuts About 100 times then lose a dog. And I can only imagine a family member because I know you’re close to, you have a very close knit family. So that’s, that’s, that sucks too.

[00:04:44] Brad Nigh: Yeah. So well I guess it just to let everyone know, you know, it can happen to anyone where yeah, we’re real people. So

[00:04:55] Evan Francen: well there’s that and you know, not everybody has their stuff together all the time. So, you know, it reminds me that, you know, things are going well and you’re in a good spot and you know, we all need help. Right? I mean, I can’t tell you how grateful I am for the people that reached out. You know, that texted me and said, hey I’ve been praying, thinking about you and I mean that stuff matters man, it gets you through Yeah, you know the crap life and I know insecurity, you know where she can develop, you know, we, you know, I don’t know, some of us carry like the chip on our shoulder or we feel like, you know we’re more and because we are a bunch of smart people, I mean the security community is pretty damn smart in general and so is he taking, you know, you’re above all this stuff and you’re not and if you need help, reach out and get help and we’ve talked about mental health before, there’s lots and lots of resources to get, you know, so if you’re listening and you’re like man, I’m just, I’m in a rut right now or whatever, you know, reach out, reach out to me, reach out to brad, reach out to somebody, right? People care Well let’s get mhm Oh Yeah, I give a talk yesterday too, I don’t know man, it was like 40 colleges, wow and I get harder to well I made it hard to write because you’re going through crap at home although and then you got to buck up and like okay let’s give a talk.

[00:06:28] Brad Nigh: Yeah, but you know, I agree, I totally get that, but at the same time it’s almost like it’s a nice distraction because it’s your wheelhouse, right? So it’s like okay I’m I’m doing what I need to do, this is this is good. Yeah,

[00:06:51] Evan Francen: the talk yesterday was about simplification, you know, that’s something I preached many times. And really the moral of the story is if seems if things seem too complicated that are too complicated, you know what I mean? It’s like it seems like it is, it probably is. And then the second thing is if you don’t know how to either through all your crap away or learn how to use it properly slash securely, right? Uh because people, you know, and that’s the same thing goes at home, same thing goes at work, something goes everywhere, right? There’s so much, so much complexity in everything we do. And it doesn’t have to be this way we can simplify, we can do a lot of simple and simple, doesn’t mean easy. Those are two different things, but but simple, make it simple and look for look look across your environment. Do you do you have servers that are, you know, they can maybe be collapsed, You have applications that have redundant functionality that you can get rid of. Some applications, you have data that you don’t need any more. I mean get rid of that crap simplify If you’re following a 10 step process for something that should be a two step process. The new two step process. Nobody’s impressed with your 10 step complicated process.

[00:08:16] Brad Nigh: No, I’m with you and you know, that’s the way I always try to put together like, you know, procedures and documentation was just anybody could walk in and do it. All right. So like screenshots keep it easy so that just like try to eliminate as much chance of, of confusion or you know, mistakes being made.

[00:08:39] Evan Francen: Yeah, totally. So there’s some security advice for you in the middle of all the things going on. But you know, today, that’s another thing about morning, you know, and you go through kind of the process and you know, as you’re coming to grips to with you, you know, family health issues as the days go on, it does get easier. You know what I mean? Today is an easier day than yesterday was no one. I was going to have to face what I did. You know? It doesn’t mean I have MS don’t miss them anymore. I mean I find myself looking at pictures, you know what I’m like, I am just just the memories but I’m just driving myself crazy.

[00:09:18] Brad Nigh: Yeah. Well and you have bad timing because you’re just about getting getting back to the with all these quotes normal from the other dog in july and it’s like I know ripping the wound open again. So I get, I feel for you.

[00:09:36] Evan Francen: Oh my God, I hate it. People. The dogs are the best. Yeah. I mean unconditional love you. Oh my God. And it’s like how much do people brave? Unconditional love? Yeah. If you if you haven’t had it before. Oh my gosh it’s so addicting. It’s like it’s the best thing ever.

[00:09:57] Brad Nigh: You have nothing like having the dog come over and just lay their head on your lap or well your dogs couldn’t really do that but climb up you know it just yeah wag their tail and you know it’s just calming and it’s fantastic. So I’m with you

[00:10:14] Evan Francen: right? I mean I could be having the crappiest most worst day ever, angry at everything and here comes the dark. It’s like oh or I could just I could just get done yelling at the dog like you know because we’re all human right, we make stupid mistakes sometimes. We call people things that we don’t mean or we call it dog something we don’t mean. And they still come up to you with those eyes and like you know can still put me maybe.

[00:10:43] Brad Nigh: Yeah

[00:10:45] Evan Francen: heck And so so

[00:10:49] Brad Nigh: well from a work perspective last week um

[00:10:53] Evan Francen: it was really more dogs, Let’s get dogs, let’s get dogs at work.

[00:10:57] Brad Nigh: Now they will have to tweet some pictures of my dogs. Is that I will say that is one of the nice things about having working from home is is they will randomly just come in my office throughout the day and just yeah look at that little head scratch or whatever it is. It’s fun right mm. Um So from a work perspective I’ll go back to that Uh just kind of my last week was really focused on um wrapping up Q3, getting ready for Q4, it looks like it’s gonna be nuts, I think, you know, we’re well over 90% uh booked for the quarter already, which is amazing. Uh just planning to kick butt and take names, but working with the counties on security stuff and that’s been really interesting and I will say this, the one thing that is really, I don’t know if it’s surprised me, but it impresses me is how passionate everyone of these people that I’ve talked to is about wanting to do the right thing and

[00:12:11] Evan Francen: you know, you don’t, you’re talking about people at the at the county’s correct,

[00:12:15] Brad Nigh: yep, I kind of feel it’s like people who work at schools, right, they could go somewhere else and make more money, but they’re doing it because they believe in what they’re doing and uh I’ve just been really impressed with like how honest they’ve been uh with where they’re at and what they want to do and they’re not surprised by they know what their weaknesses are, they know where these things are and uh they’ve got plans for uh fixing that like we talked through and the yell mentioned, well here’s here’s really what you should be doing on that, yep, here’s our plan, we’re going to do X, Y and Z and like, well, oh perfect, you know, so that’s been really, this has been a really fun project for me. Um I just hope we get more coming in and continuing to do this.

[00:13:11] Evan Francen: Yeah. So you were working with the counties and helping them secure for the election and everything else, Right? So you

[00:13:20] Brad Nigh: just kind of preparing for for uh that they’re they’re filling out uh uh medium level of the vendor expanded mint. So, yep. Yeah, so they’re doing like, you know, 350 questions and so it’s it’s a commitment for them uh and then they get, you know, a half hour to go over the results and get some recommendations and stuff. So it’s been, I’ve been really impressed.

[00:13:52] Evan Francen: Let’s go. That’s good because the impression sometimes for what scientists that government can’t figure out how to secure anything. Yeah. You know, at least it sounds like the state and local governments or the local governments, the county governments that you’re talking to actually have their hands around things pretty well.

[00:14:13] Brad Nigh: For the most part, they’ve all been above average not to say that there are issues. Right? I think that that’s the case anywhere, but they’re aware of them and are putting things in place and have plans for the remediation. I mean, I’ve definitely seen businesses that I scored much worse.

[00:14:33] Evan Francen: Right?

[00:14:34] Brad Nigh: So

[00:14:36] Evan Francen: have you done Carver County?

[00:14:39] Brad Nigh: Uh No,

[00:14:41] Evan Francen: okay, because that’s where we live. You and I both live in Carver County car is a customer of our secure and has done work before, so they’re good, they’re good folks.

[00:14:52] Brad Nigh: Yeah, I agree. So I’ll, uh, this will be going on for the month, I guess and leading up to the election. And honestly, even if they get it done later, I wouldn’t tell them where we’re not going to do a call. Let’s help them get it, get it right.

[00:15:13] Evan Francen: Right. This was all, this was all arranged through the state of the uh, yep, they can,

[00:15:20] Brad Nigh: yeah, and we’re doing this, they get the call. It’s there’s, it’s a no charge for for them to get that call. So kind of our way of, you know, mission before money helping get back. Very cool. So that’s what a big part of what I’ve been working on. So

[00:15:40] Evan Francen: nice. Well, it’s good to hear that. I think uh, yeah, security for both companies are in really great shape right now are secure, is, you know, doing well. You know, I know that the, the executive leadership team has some really, really great plans. They’ve been sharing. I think they’ve been showing, yeah, I think they’ve been sharing with the SMT. I think it was a good collaborative effort. So it was really good. I’m happy about that, you know, some new services, you know, that we’ve been talking about quite a bit, you know, the Certainly the VC, so, or the fact version two, you know, it’s pretty exciting. Um, and then the uh, the penetration testing as a service is something that I’d like to, you know, working a little bit with uh uh Oscar I think that’s what that’s got legs as well as uh you know, blue tuning as a service or you know incident response to the service which I know that we already well down the path of

[00:16:42] Brad Nigh: Yeah, yeah that I are many service approaches. We’re gonna kinda adopt what worked really well. Some uh for the fact that you see so program and apply that to manage service. So that was that whole uh maturity assessment which by the way that scoring stuff is way harder than I thought it would be. Like I’m second guessing myself on weight. I mean, I mean, I’m having a lot of fun but I was like, I thought this would be way easier.

[00:17:13] Evan Francen: Yeah, I know people like when you score stop people like, oh you just put a number to it now. I mean you can do it, that’s a shortcut way to do scoring. But if you want to do it right, you need to score and wait and what you’re gonna affect your weights so that you can apply those things right? As those. So in risk, right? It comes down to vulnerabilities. So can I manipulate weights based on threats and vulnerabilities to then, you know, flow through the rest of the scoring system. It’s a lot harder than people think. I mean, people know.

[00:17:50] Brad Nigh: Well yeah, exactly. It don’t get me wrong though, like it’s a fun problem, right? It’s just, it was, it surprised me,

[00:18:02] Evan Francen: but well, and you also need to have focus on it, right? Yeah, we get we get pulled away all the time, it’s just like coating, right? It’s really difficult to do, You know, 15 minutes of coding, go to a meeting and then come back to 15 minutes bring again because you were in a mindset, you were in a you were in a workflow in your head and then you’ve got to stop and then back and like, okay, where was I, what was I thinking on this thing?

[00:18:30] Brad Nigh: You need hours uninterrupted. And that’s uh it’s hard to find sometimes.

[00:18:39] Evan Francen: Oh yeah, it’s really hard to find on the security studio side. You know, we had our second month of profitability for a software as a service company that’s like, yeah, for software as a service company at our age, that’s that’s really impressive. And there’s just a ton of really good things going on. A lot of uh we’re pulling a lot of data now, so we’re doing a lot of data mining um in terms of like average risk average risk scores across industries. So we just updated that the s to me also we have an average, so we’ve been minded in terms of average overall average s to score for s to me, you know, the personal information security risk assessment and then averages across topics within that assessment. It’s a pretty interesting data. So I’m gonna be writing a we’re gonna issue a absolutely slash report. Uh our state of the info sec union report that’s going to highlight that data and kind of what it means and where we need to focus where we need to go next. So that’s that’s kind of neat working on that right now. Yeah, so stay tuned and I think it’s you know, because a lot of uh there isn’t this data that we have, nobody else really has the way they happen. What I

[00:20:04] Brad Nigh: mean? That’s awesome. Yeah, I would definitely we get asked a lot of times around some of that, some of the data. So I’m definitely interested in seeing uh some of what comes out of that,

[00:20:19] Evan Francen: right? So I don’t know. Can you hear the beep beep beep?

[00:20:23] Brad Nigh: I was wondering I have my window open and I couldn’t tell if that was coming from you or from outside my house.

[00:20:30] Evan Francen: Like I was telling me earlier, man. 2020 can go, yeah, go to hell. I’m tired of 2020. So that, you know, I was thinking this morning like Covid, okay, that affects us all. That’s just crappy everywhere. Social justice stuff. You know, hitting a deer on my motorcycle losing two dogs. I have this uh you know this road construction going on outside my house. It’s been going on whole year. It’s like, so that’s what you’re hearing with the beeping. It’s like I can’t find a way I can’t find a place anywhere that you can’t hear it.

[00:21:10] Brad Nigh: Yeah,

[00:21:13] Evan Francen: so, you know, I know it sounds like woe is me, but he sort of woe is me. I’m tired of it now. I want to move on.

[00:21:21] Brad Nigh: Uh Yeah. All right, well that’s good catching up. Uh That’s probably one of more fun parts of uh this is just chatting. So

[00:21:33] Evan Francen: uh then well that was that was the whole purpose of us starting the podcast to begin with, yep. Right, It was for you and I had to have an hour a week that we can just talk. And so if we pick a topic to talk about, the listeners dig it, then sweet if they don’t, if we have zero listeners, the fact that I get to talk with you for an hour is good, you know, that’s what I

[00:21:53] Brad Nigh: agree. But we will talk about security stuff a little bit more uh

[00:22:02] Evan Francen: do it.

[00:22:02] Brad Nigh: I’m actually looking forward to this. So we had last week we talked about the social dilemma, we didn’t get to everything. So we’re gonna do a part two. So let’s do this. Um Really there’s if you will if you just google social dilemma review, I mean it’s absurd. The number of things you’ll find, I’ve had it up and excellently closed it. Um up again. You have 106 million results. You go over

[00:22:39] Evan Francen: the limit review, yep.

[00:22:42] Brad Nigh: So there’s no no lack of takes on this. Um I put what 12345 links that I felt were interesting and I think tried to present both sides or all, you know, a variety of viewpoints. Um I know you said you were going to do some homework on your in on looking to those people up. So I don’t know, I guess, you know, so what we’re so I guess the biggest takeaway last week was what we agree that it’s good that people are now aware of it, that probably weren’t aware of what was going on. We had different takes on how they presented that and you know, where their motives behind it, that maybe you weren’t as clean from my side of it or versus you know, where you’re coming from with being like really good and helpful and again, that that either side is wrong, it’s just different, which was interesting. Yeah.

[00:23:52] Evan Francen: Yeah, it is and I and I like different perspectives, right? I think I will see more people embrace different perspectives. I’d like to see more people not be so stuck in their little box that you can’t have other inputs that maybe your counter to what you believed, right? I mean, how much better would the world be today if the left and the right? You know, politically found common ground and could work together to solve our problems, she because if you can’t do that, you continue to fight. Well then one side is going to try to eliminate the other and that’s called the civil war.

[00:24:33] Brad Nigh: Yeah. Well, and you know, I think what you see is, well, I like the most successful people surround themselves with not not yes men, right? People that have different viewpoints have different experiences, Bring a different tape, two things because it doesn’t it makes you better

[00:24:56] Evan Francen: tasks. I do that completely. So I like the fact that last week you and it wasn’t that we didn’t see things the same. It’s we saw them from different angles, which I thought was really neat because you immediately went to it seemed like immediately went to, well, what’s the bias behind the people in the documentary itself, where I skipped over that completely and went into, okay, what’s the content and does the content makes sense? You know? So it’s really cool to see just the different view from the very beginning on the social dilemma?

[00:25:33] Brad Nigh: Yeah. And I think, you know, there was a couple of articles that, that kind of hit it for me. There’s one you’ll see that has shown us that the social media today, uh, you know, they mentioned it, you know, a lot of the most reviews of social dilemma has been highly critical noting that while the documentary does make some valid and important points descends into sensationalism, which ultimately dilutes its key messaging and to me that that was I read that was like, yes, that is exactly what I was trying to get across. So

[00:26:07] Evan Francen: if you talk, but if you talk about bias, I mean you’re reading from social media today

[00:26:10] Brad Nigh: Well, but I mean I just tried to get a wide variety, but to me that that was my take is, hey, you know what, it has some really, really good point, but I didn’t agree with how they presented it, which, which does take away from what they’re really trying to get across.

[00:26:31] Evan Francen: Well, the thing that, so when you talk about a lot of the reviews, you know, think about where the power is, right, where the money is and the money is in the social media companies like facebook twitter. Yeah, they make more money than I can’t even comprehend. I mean, it’s like so much money. So if you come out with that with a and a documentary that is going to threaten your money making machine in any way, you know, they’re going to come out like, you know, guns blazing and do everything they can to discredit it,

[00:27:11] Brad Nigh: yep, no, I agree. You know, which is, you know, I think I liked the overall message, right? You know that, hey, you need to be aware of it and that, that was a really good, I think the biggest positive is you’ve got such a wide variety of people now talking about it. You know, if you look at the links that, I mean it’s a, it’s all over the place, you know I have one for protector the social media today, the conversation, the verge and the Guardian. I mean that’s a pretty wide I think so you’re now having a much bigger audience aware of and talking about it. And to me that’s the best thing out of this, right? You can’t be aware of it and fix things if you don’t talk about it. So we’ve now got a conversation going and hopefully it doesn’t evolve into us versus them, you know, because that that becomes uh counterproductive but I’m thrilled that people are talking about it regardless of the message or how the livers

[00:28:25] Evan Francen: when I’d like people to to when they talk about it. You know I mean we talk about bias a lot and so it’s funny how biases entered into so much of our conversations and it always has but like you and I can look at facts, right numbers, uh binary stuff, true false kind of thing. And

[00:28:47] Brad Nigh: yeah,

[00:28:50] Evan Francen: and I’d like us to focus more on that stuff as opposed to well why is the question the question and why is it true and why is it false the Biasi stuff? Because I think it it it muddies the waters a lot. I totally agree that there’s bias behind everything. There’s bias behind everything I’m telling you and vice versa. If you claim that there is no bias. Well then you either deceived yourself or you’re lying. Yeah, we all have bias period I have bias based on you know, where I live based on how I was raised based on my family based whatever it is, that it’s my perspective on things. And so one of the things that I think people get confused and hopefully it doesn’t take away from into act is what are the facts? How do you dispute the fact that you know, the team that uh You know the suicide rate and teenage girls 11-14 has nearly tripled since 2011

[00:29:51] Brad Nigh: 12.

[00:29:54] Evan Francen: Oh yeah, I mean what’s the bias on that is it’s either true or it’s false if it’s true then why? Right.

[00:30:03] Brad Nigh: Yes, no, I agree. I think uh but so I think that that bias though is is kind of that if as long as it’s not a black and white, right? I’m right, you’re wrong bias. That’s what makes having all those viewpoints better is because you’re bringing all these different experiences and all these different upbringings and experiences into one. But that’s the trick is how do you bring those without in a constructive manner versus they Well, you’re wrong, Evan you saw that movie completely wrong, you just missed the point, right? Like that. What does that help?

[00:30:46] Evan Francen: Right. So when the and then you know, so you come up with this thing that I thought was pretty well put together and you know, and disputing the biases and everything because I think you can even make a case that there was more altruism in that documentary than we’re giving them credit for. But Mhm. Take that out of the equation. Things that don’t help. So if you look at the facts is social media being used to manipulate you true or false. Mhm. You know, and if it’s true, which I believe it’s true, I mean, I think there’s plenty of data to support that it’s true. Okay then, are you comfortable with that? Do you know what? You know what I mean? It’s those core points that are in the documentary itself that I think the point and those are the things that we need to focus on. One of the things that doesn’t help. You know, when I look at the article from Tector, you know, people typically don’t read past the title of an article or much further than that. So the title of the article, the social dilemma millet social dilemma manipulates you with misinformation as it tries to warn you of manipulation by misinformation. It’s like did you miss the did you miss the area? Everything that was I talked about? I mean that doesn’t help because now Now what you’re doing is you’re taking people away from. Is there an issue with social media and I think 100% there is. But now if you read this should be like socialism is a piece of shit. I’m not watching it. Yeah, you missed it.

[00:32:30] Brad Nigh: Yeah. The the title of that was, it was maybe not great thanks. You know, like I said, I did try to get all all sides of it, so, you know, if you actually do read it, it does, it’s pretty, pretty harsh on some of it. Um Yeah, I thought the one from the um, yeah, the conversation article, netflix is the social dilemma, highlights the problem with social media. But what’s the solution to me? That I mean, that’s a great, that’s a great time.

[00:33:09] Evan Francen: I love that title title. Exactly.

[00:33:11] Brad Nigh: And I thought it was actually a really good, I’ve never, I’ve never seen that site before, but I thought it was actually a really good article. Um you know, being pretty fair in terms of like how they wrote it wasn’t, it didn’t seem to have a specific slant. And they had some really good actually useful information on, you know, here’s how you can turn off the these settings and you know, in IOS and facebook and you know, they do come out and say like, hey, yeah, this is great, but what do we have to do? And ultimately, you know, they conclude, um that is probably going to take legislative reform to protect the flow of the system are of the sensitive information. Right? So gpr California’s new york has sun. So, you know, I think that’s really, I kind of agree that we need to have better control of our personal data and we’ve seen that these companies are going to do it themselves. So it’s going to take some sort of legislative reform too. Give us back control of our personal data, right?

[00:34:25] Evan Francen: Yeah. Uh, there’s things you can do at home, you know, I mean, it all comes down to your ear against what I was talking yesterday. You know, the talk I gave, which wasn’t related to the social bomb at all. It was talking, he was about one of the questions somebody asked. And the talk was, how do you disincentivize Attackers? Because we punish, we punish people, you know? Yeah. That uh, more than before hacking, if we can even find them, I mean, if we can even find, you know, a ransomware Attackers, you know, so how do we change all this? And so it was our laws are so antiquated and so far behind anything with tech, you know, so there’s when that happens, there’s so much, I think so much uh, gray area for abuse. I mean, I don’t fault, okay or twitter for doing the things. They haven’t done anything illegal, but is it Right.

[00:35:42] Brad Nigh: Right. Yeah, Yeah,

[00:35:47] Evan Francen: I don’t know. And I thought it was funny to this book, you know, their official response to claims, It was like, okay, this book, what’s the crap, you’re gonna shoot me

[00:35:56] Brad Nigh: now. Yeah. Well, and uh, you know, it’s the social media today. One really kind of calls them out on it too. I did like that. It was pretty well done to in terms of, you know, hey, here’s where it is and well, that’s kind of misleading. Here’s what that means, right? But it was, it was interesting that facebook even felt the need to respond, right? Because doesn’t that lend more credence to what they’re the movies saying?

[00:36:29] Evan Francen: Yeah. Well, yeah, and I mean if you threaten their big money making baby, okay, you know, I mean facebook thinking about where facebook started and that was kind of the thing that did resonate also in the documentary was facebook started as a, as kind of a life enhance right kind of thing for people, you know at heart on the Harvard campus to,

[00:36:55] Brad Nigh: it was not for college students to communicate.

[00:36:59] Evan Francen: Uh yeah. And so then that’s kind of where it went after that. And then it totally made sense that because I’ve seen the same thing happened in so many companies where you start off with this like this mission, this thing that’s going to be good for humanity and then money gets involved. And then it’s like, oh, jeez, I didn’t realize I could be a billionaire,

[00:37:22] Brad Nigh: right?

[00:37:23] Evan Francen: You know, I don’t take any, I don’t take any advice, you know, on on uh social things from billionaires. Sorry, you don’t understand a thing. Plus you’re in all the, you are the person who is in all the power. You just want to stay in power to tell me anything different. It’s like, I don’t think so. Otherwise give up, you know, some summer millions to help people.

[00:37:49] Brad Nigh: Yeah. Yeah. Well how often are they just completely out of touch with what the you know, normal normal person air quotes again. Person is going through and what their day to day life is. Yeah, I’m with you I think well. And that also is what makes and if you’re scared like so special is it a mission before money? It’s not we everybody is brought into the mission and that is the that’s the driving force for me for everyone from you down to whoever would be at the bottom of the order chart, whatever that every single person believes like we’re doing something good where we really do it. And you know like you said, bets doesn’t always last. So I really like it. And I know as long as any of the people in leadership are involved, that’s not going to change

[00:38:55] Evan Francen: Well. But but even yeah, it’s 100%. And but there’s a reason why there’s a tagline, there’s a reason why I stay at all the time. It’s because I don’t want to fall for the same thing. I mean it’s it’s easy for anybody to say mission before money if you don’t have any money. You know what I mean? It’s easy to say that and it’s easy or there’s no money being exchanged, right? But then when you when you have a company that starts to grow and he starts, you know, I don’t know what our top line revenue because I don’t even care because I try not to but let’s say that you know fr secure and I think a couple of years it’s like a $50 million dollar plan, right? That’s the revenue, the sales go and whatever relatively soon. Well When it was when we had $265,000 in annual revenue, which I can remember like yesterday, it’s easy to say Mission before money because there isn’t any Right? But then when you when you’re a $50 million company it’s not as easy because it’s like Mission before money. But wait, that’s a lot of money. I can do you know what I mean? So we have to stay true to this this line because it is what makes us it is the mission, it is to fix the boating industry, It is to love people and help people and make a difference. You know, in the in the social media companies, you know, it really hit me hit home too. And the guy who created the like button said we created the like button because we want to spread positivity and love

[00:40:39] Brad Nigh: Yeah. And that’s been hijacked

[00:40:45] Evan Francen: distorted. Yeah. Then we made money,

[00:40:47] Brad Nigh: right? Yeah. Yeah. I don’t know.

[00:40:52] Evan Francen: So

[00:40:54] Brad Nigh: again, at the end of the day, I really I thought it was it had a really good goal right at the movie itself and it brought a lot of really good points up and it is going to be um yeah, if you haven’t seen it yet, you know, and I think it’s just okay. My life was like I opening for her even though she’s heard me rant and rave about some of that stuff. Uh it was kind of hit home for her. I don’t know, it’s going to just blow some people’s minds and get them thinking you have that conversation started. And so ultimately I think it’s a good positive step. I just didn’t like some of the way that it was delivered.

[00:41:41] Evan Francen: No, and I agree with that. And I think another good thing about the social dilemma that I that I enjoy critical thinking that comes from it? I think it seems like just in general society has lost its ability to think critically about things.

[00:42:00] Brad Nigh: I mean, well, that goes back to kind of, the the core of the movie is like, yeah, we’re not thinking critical because they’re just feeding you what they think you want. So you don’t have to think it’s just like, okay, here we go. You know, you clicked on these so you like this type of thing. So we’re just going to show you this type of thing versus allowing for that more critical think even looking at other sources.

[00:42:28] Evan Francen: Right?

[00:42:29] Brad Nigh: So,

[00:42:30] Evan Francen: right. So I think what are the things to do.

[00:42:34] Brad Nigh: Yeah. You know, be aware, I think, you know, read that the article from the conversation, they have some really good takeaways from that. You don’t understand what your settings on social, on the different social media platforms. What information are you sharing? Uh, and take control over what you have, what you can and just be aware of what you share and understand what that is going to be used for.

[00:43:02] Evan Francen: Yeah. Yeah, I think so too. And uh, slow down. Slow down a minute. You know, foam always bullshit. Sorry for that. You’re not missing out. Right? The world has always been moving the way it’s been moving. It’s always going faster than you can comprehend. You’re not missing out. So it’s okay to put the phone down. It’s okay. Go outside and do things. That’s what I can do in my own house. And that’s what I can do with my kids. I can set an example for them and try to talk with them about these things. I think on a bigger level, uh, ask you, ask people that are supposed to represent you in your state legislature or your, you know, federal government, you know, what are we doing? How are we governing this? How is this data being used and what do we plan to do it? The laws are so far behind. And if you’re, if you are somebody who is in tech and has some understanding or you want to learn, volunteer to write something, right? Any citizen can write a bill and then you just need to find somebody to sponsor it and take it for you. Yeah. Right. So you don’t have to sit here and wait for somebody else to things all the time. Because I might do that myself. I was thinking about doing the same thing with, you know, how we use social security numbers. And I talked with jim nash are local. He’s my estate representative about what doors can be opened in the federal because they know each other. Right of But can we write laws, you know, to govern this stuff better? And what about just laws in general in this country? Like privacy laws? What’s the privacy law here in the United States? Well, there isn’t one, Nope. Right. What about breach notification laws? We have 50 different breach notification laws. Where’s the federal one that’s been shot down 3, 4 times. So we have to do something more to govern this stuff. We have to hold people accountable. If you don’t hold people accountable, they’re going to do whatever the hell they want to

[00:45:08] Brad Nigh: do. Yeah. So yeah, I’m with you

[00:45:12] Evan Francen: and I think get involved with, you know, if this is something that clicks the nerve as obviously you can see it does with me, go check out, you know, the, you know, center for Humane Technology get involved.

[00:45:25] Brad Nigh: Mhm. Yeah. There’s a lot of really good organizations out there,

[00:45:30] Evan Francen: Right? And find one that resonates with you because hopefully what you’ll see is it’s kind of like the same thing in information is here. There’s a lot of different standards, a lot of different things. But what’s one things? So hopefully you’ll see these organizations that are all kind of fighting for the same thing come together and fight together because you’ll be better. Uh huh. Yeah, better to

[00:45:59] Brad Nigh: maybe. All right, well that I was not let down by this discussion. I think it was really good and hopefully everybody enjoyed it,

[00:46:11] Evan Francen: click the nerve with me and I don’t know probably with you too.

[00:46:15] Brad Nigh: I mean like something that we both are passionate about that come up come from different angles on it. So it was a really good discussion.

[00:46:25] Evan Francen: Well, one thing you and I both agree on too and I think at the core what makes us so passionate about our mission is but you and me both hate saying people get taken advantage of, I hate it few things in this world that I hate. That’s it right there.

[00:46:43] Brad Nigh: Well, I can’t argue with that. So, All right, Couple of news stories because we are coming up on our time. The first one is the uh from making security by cell phones to our evil ransomware crew dangles. $1 million dollar cybercrime carrot. So basically there they claimed they’ve Deposited $1 million dollars into a payment pot and are trying to hire new teams. Um teams that are already have experience and skills and penetration testing working with MSF CS kodiak and as a piper via an analog so medicine framework cobalt strike. Um and then kodiak is a penthouse and tour that clinton describes itself as a windows post exploitation root kit or could it? I’m sorry. Already long. Um Great. So kind of like instead of you know, it was actually pretty interesting. I didn’t realize um You know earnings with us per week averaged $2.5 million. We personally heard $150 million dollars per year. Holy cow. Right. Yeah, I mean Jack, it’s crazy

[00:48:09] Evan Francen: and that’s the thing man. And you know, I’ve kind of been honest legal thing for some reason lately but they do it without any, it’s so brazen. There’s no fear of recourse. No fear because there is, there isn’t any recourse. What the hell are we gonna do about it? Right. You get we do it all the time. Right. I think just in friday along the fr secure team had four ir triage calls.

[00:48:41] Brad Nigh: It was bananas. I don’t yeah, I kind of lost track.

[00:48:45] Evan Francen: Yeah. What do these people have to replace? These people have no requests. No,

[00:48:52] Brad Nigh: no and it’s having good people too. It’s not like yeah. Uh huh. A lot of them it’s that trusting an MSP or trusting somebody and then that happens. So

[00:49:05] Evan Francen: oh on that one, I know the one you’re talking about,

[00:49:08] Brad Nigh: you know or yeah, you know third parties and things like that where you do what you can but I can’t really say too much. But yeah it’s uh it’s tough. Um Oh so the next one is uh again from naked security and relevant to the I. R. S. Because we are seeing this type of thing happened uh fishing without links when fishers bring along their own web pages and we’ve actually seen something very similar kind of goes through. It does a good job of explaining how a typical phishing attack would work where hey you click this link and it actually goes and send you here and how to see it and explaining the different html tags and everything. I thought it was really well written from that side of it. Uh And then basically the new ones are now um opening an attachment and then who takes you right there? Right, so you’re opening an html attachment and we’ve actually seen um oh where it would come in as an embedded file in like a one note. So it’s a legitimate one note. So it doesn’t get caught by, you know, anti virus or spam filters when you open up your one note and there’s like a pdf or word or whatever in it and you click that and that compromises you. So it’s uh it’s crazy how advancing these attacks aren’t. It’s not surprising how that people click it. No

[00:50:55] Evan Francen: no but again slow down,

[00:50:58] Brad Nigh: yep.

[00:50:59] Evan Francen: Yeah slow down. Yeah. Yes. Yeah. No every time you’re not missing anything,

[00:51:06] Brad Nigh: they had really, really good. Um you know, here’s what to do to avoid HTM or html attractions altogether unless they’re from someone you know and are expecting avoid logging in on web pages that arrived our you arrived at from an email turn on two factor if you can change passwords at once, if you think you got fish and use a web filter. Mhm. So computations, that’s pretty solid advice. Yeah. All right, Last one was from Krebs on Security um emergency 91 month or two behind monday’s 14 ST 911 outage. So emergency systems were down for more than an hour on monday the 29th, it was when the article came out, so it would have been um on 28 September. So there was some speculation that it was related to a jury because they arrive in some issues, but they’re saying it’s a technical snafu involving in Toronto and lumen and this is the two companies that handle uh 911 calls for a huge portion of the country apparently. So no, I think Looking at that, you’re looking at your 3rd party and gosh, what the heck! Yeah, that’s scary. Yes.

[00:52:42] Evan Francen: Yeah, scary, but sadly not surprising. I don’t know man, we got a lot of work to do.

[00:52:52] Brad Nigh: It’s what was interesting in that article, I didn’t realize this that, you know, it’s like it’s no accident. These companies are now operating under new names as this would hardly be the first time a problem between the two of them has disrupted 911 access. They paid Last year they paid $575,000 settlement for a 65 minute Outage in August of 2018. Uh, in April of 2014, uh, 11 million people had no access for 911 for eight hours due to quote an entirely preventable software error. Um, you know, yeah, how how is this continuing? Right. I don’t know. It sucks.

[00:53:47] Evan Francen: No, man, I run out of words just like, yeah, I don’t know. This could be another long discussion and uh, I don’t know. Yeah. So many words in my head.

[00:54:03] Brad Nigh: Six. Yeah, yeah. Well, it probably doesn’t help neither of us are uh, particularly happy place.

[00:54:13] Evan Francen: No, not today,

[00:54:14] Brad Nigh: definitely, definitely some biases out there right now. So, but anyway, as there were some interesting articles I thought, um, but yeah, that’s it. Episode 100. Can’t believe we’re far away from two years of doing this.

[00:54:33] Evan Francen: I know, man, it’s crazy time has flown by, but I was looking back at all the discuss. You know, all the people we’ve had on over the Over 100 episodes and the discussions we had, you know, episodes from Bulgaria and all of the country. Just, wow. Yeah, it’s a long road. But fun. I’m thinking about writing a uh, kind of a recap something like,

[00:55:06] Brad Nigh: yeah, I got all the shoe notes. So it is funny to go back and look at some of the, you know, the first ones, it’s like, right. Yeah. Anyway. All right, well do you have any shout outs this week?

[00:55:23] Evan Francen: Uh, do I have any sharks shout out to let me say Oscar, I had just some really good discussions. I know he’s, you know, fighting a lot of battles, uh, to not just, you know, not just work and fighting battles with, you know, doing truthful stuff, but you know, protect services teams. Are there a bunch of really, really smart dudes that uh huh, you know, trying to keep those, those things corralled and check, you know, that’s a hell of a job. So shout out to Oscar

[00:56:03] Brad Nigh: cat Wrangler. I love that those guys. Yeah. Um, I’m going to give a shout out to everyone who is just, you know, supportive and there with an open year over the last couple of days and it’s really made a difference. And hopefully if anyone else is having that bad day, you know, there are people out there to reach out to, you can obviously, you know, hit us up on social media or whatever if you’re outside, uh, for secure, if you’re inside of it, you know, how to get a hold of us. I’m going to speak for having on this one because I know,

[00:56:40] Evan Francen: yeah, yeah, absolutely.

[00:56:42] Brad Nigh: So yeah, just shout out to the people that were there to listen. And it really, really helps. So Uh huh. All right, thank you to all of our listeners. Uh keep questions and feedback coming sentencing to by email at unsecurity@protonmail.com. Social type socialize with us on twitter. Oh, I didn’t I don’t have our uh our new twitter for the podcast, but I’m @BradNigh. And I Evan is @EvanFrancen. The podcast is at @UnsecurityP and uh be sure to follow security studio @StudioSecurity and FRSecure @FRSecure for more things that sit and talk to everyone again next week.