Unsecurity Podcast

In the second episode of the UNSECURITY Podcast’s Women in Cybersecurity series, Evan and Brad chat with Lori Blair. Lori is a Senior Security Analyst with FRSecure and has done fantastic work over a 35-year career in IT and security. Together, the three discuss her path and some of her thoughts on the industry.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Brad Nigh: All right, welcome back. This is episode 85 of the Unsecurity podcast. I’m your host this week Brad Nigh today is june 22nd and joining me this morning as usual is Evan Francen. morning Evan

[00:00:36] Evan Francen: Morning. It’s not official when I said that very little deep voice.

[00:00:38] Brad Nigh: Wow. Uh so this week we have our second guest in the women in security series. This uh wow, we were second guest this week. I can’t read. It’s too early caffeine more. Uh, FRSecure senior security analyst Lori Blair uh, is probably easily one of our most experienced and talented analysts are secure and has over 20 years experience and information security and experience across multiple industries is both consultant and as a manager and organizations. Thank you for joining us this morning already.

[00:01:11] Lori Blair: You’re welcome. Thank you. I’m really excited to be here And I’m just gonna sadly correct you. I have this year will be 35 years in information security exclusively.

[00:01:23] Brad Nigh: Oh, 20 years. I’ll be honest. Get that information. I looked at Lincoln and the farthest back it goes is like 98.

[00:01:33] Lori Blair: So I have no, I probably haven’t helped and I may not have updated it. But yeah, no, I actually started an information security in 1985. So I thought it was

[00:01:41] Brad Nigh: a lot more than that. But I didn’t, you know, I want to go overkill. So I just want

[00:01:45] Lori Blair: you actually made me feel kind of young when I said 20

[00:01:51] Brad Nigh: more experience than that. But yeah, so

[00:01:55] Evan Francen: Lori are you a morning person?

[00:01:57] Lori Blair: You know, I I really am. I usually wake up fairly early and uh you know, I have four kids and I think I’m still in the mentality of getting up early for those couple hours to myself. So I still do that. I actually get up, I don’t necessarily jump on and start working, but I just do stuff for me in those early mornings. So yeah, I’m wide awake up in a couple hours.

[00:02:19] Brad Nigh: Boy got a challenge in front of us today. Keep up with their Evan.

[00:02:25] Evan Francen: Well I’m a morning person, aren’t you?

[00:02:26] Brad Nigh: Oh no, not at all. One night owl.

[00:02:31] Evan Francen: I got in to the office this morning at 2 30.

[00:02:37] Lori Blair: Okay. That’s a little insane morning type person. But you know

[00:02:41] Evan Francen: why didn’t do any work this weekend? So I had to catch up.

[00:02:45] Lori Blair: Mm That’s crazy. I, you know, I used to do that in my younger years and I just can’t quite do that unless of course we’ve had international like clients that I’ve slept on the couch and I turned up the alert really loud so that when stuff started coming in when they start working, I’d get up at like two or three in the morning and work with them. But that was, it

[00:03:10] Brad Nigh: has been interesting with the working like from home and kind of the transition. Uh, I used to get up early, come in pretty early just so I could get that extra time in without and then have the evening, just know the kids, but I’m not having to do that because I see them all throughout the day, so I’m not, you know, having to get up quite as early as I have been because like I said, I’m a night person, so I do not feel as guilty working a little bit later.

[00:03:38] Evan Francen: Yeah.

[00:03:40] Brad Nigh: So uh recap and then he said he didn’t work this weekend. What did you do

[00:03:45] Evan Francen: camping?

[00:03:47] Lori Blair: Oh, nice, nice. I

[00:03:49] Brad Nigh: was close. I almost put RV in in there.

[00:03:52] Evan Francen: Yeah, I didn’t ride at all. I did do some deck building. I got home, you know, yesterday in the afternoon, it rained a little bit and then it stopped raining and then it cooled down first. I do, I started doing some deck stuff when it was like before the rain. Holy crap wasn’t humid.

[00:04:09] Brad Nigh: Yeah,

[00:04:11] Evan Francen: that sucked. But whatever we’re getting the deck down.

[00:04:17] Brad Nigh: What about you are the weekend?

[00:04:19] Lori Blair: You know, I had a great weekend. I’m, I’m living at the lake, so life is good every day now. But um, I actually on saturday. I went wedding dress shopping with my future daughter in law. Very, very cool. Yeah. And I’m such an emotional person. The poor girl saw me as soon as she got out of the car for a shop. I started crying.

[00:04:39] Evan Francen: That’s

[00:04:41] Brad Nigh: awesome to hear if you’re that investor though.

[00:04:44] Lori Blair: Yeah. I was just so excited. She called me and invited me. It was it was pretty awesome. And this was my first real outing. We went to lunch and stuff with the covid stuff. So kind of some big steps for lori getting out

[00:04:55] Brad Nigh: there.

[00:04:57] Evan Francen: Yeah, but you brad.

[00:04:58] Brad Nigh: Uh not a lot. I did some I finished up most of the painting. I’ve been kind of putting off because it’s been nice out. So like our upper landing was like trimmed out. I had all the edges and everything done. And then that was because I wanted to spend time outside. Life is kind of like, yeah, p please finish this. So I got knocked out and then yesterday I smoked a pork shoulder. So I was

[00:05:26] Evan Francen: delicious. So what kind of rolling papers do you need to smoke something that

[00:05:30] Brad Nigh: big? No, it was good. You

[00:05:36] Evan Francen: should bring some of that into the office.

[00:05:38] Brad Nigh: So actually Sean uh hooked me up with, he got a hog so I got half a hog and they called friday for processing instructions. So was to figure out what’s allowed and what’s not allowed with smoked foods coming in.

[00:05:55] Lori Blair: Alright allowed. It’s allowed.

[00:05:59] Evan Francen: Trust me it’s allowed.

[00:06:01] Brad Nigh: So

[00:06:02] Lori Blair: yeah, we’re getting we’re getting beef from Sean here next month. They think

[00:06:07] Brad Nigh: Yeah, helping everyone out. Was he called them? Yes,

[00:06:12] Evan Francen: that’s cool. You’re not gonna be happy about this, but my wife is going to be getting a trigger,

[00:06:18] Brad Nigh: you know, there’s nothing wrong with them

[00:06:20] Evan Francen: to Pella pooper.

[00:06:22] Brad Nigh: Yeah. What good food at the end of the day? As long as they put out good food. Really? That’s it’s called important.

[00:06:31] Evan Francen: It’s called appellate pooper.

[00:06:33] Brad Nigh: I mean I may look down on you but as long as the food is good.

[00:06:37] Lori Blair: Is that another type of smoker or what?

[00:06:40] Brad Nigh: Yeah. Hell it’s smoker. So you said a temperature and it automatically adjusts the fuel to keep that temperature.

[00:06:46] Lori Blair: That’s probably my kind. I’d like to get 12 at the lake. No.

[00:06:51] Brad Nigh: Yeah, they’re really nice, you know, they’re very nice but

[00:06:56] Evan Francen: it’s kind of cheating. No,

[00:06:58] Lori Blair: that’s uh that’s what Caleb got for father’s Day was a smoker.

[00:07:02] Brad Nigh: Very cool.

[00:07:03] Lori Blair: So he’s starting to fit in a little more.

[00:07:06] Brad Nigh: Thanks. Thanks a classmate board.

[00:07:11] women in cybersecurity: Right.

[00:07:13] Evan Francen: How was work last week?

[00:07:15] Brad Nigh: Yeah. Why don’t you go first? Your guest?

[00:07:17] Lori Blair: Oh man. I’ll tell you it was everything was good. We had some frustrations as brad knows on some some issues. Um and we’re still kind of working through that and and it’s a very important client. So we’re working that and then my internet. I mean I’ve been working on my hotspot since we moved May 15th and they were supposed to wire us May 15th and then Frontier comes back and says we gotta do construction, you’re not gonna get wired until the 24th. So you’re right and we’re closing in two days. So we’ve been working on our hotspots and it’s been great. Even last month after I maxed, you know, and your unlimited data, I had no problems. I came back to the office for an assessment because I didn’t want to run the phone and you know the app at the same time thursday afternoon through the hotspot, I was getting 0.6 download and 0.1 upload that’s on my maxed out data phone. I tried randy’s not maxed out data phone, I got the same, wow, yeah, so I don’t know, you know what’s yeah, there

[00:08:24] Brad Nigh: was, there was definitely some issues last week I think with the inertia of the mobile

[00:08:30] Lori Blair: when I tried all weekend and I thought yeah, I’m not going to risk it and I got stuff I gotta catch up on and yeah, so yeah, it’s kind of a bummer, it’s really sad rural America. Right.

[00:08:42] Brad Nigh: Yeah, it’s

[00:08:44] Evan Francen: who’s your, who’s your provider?

[00:08:46] Lori Blair: Uh Frontier, we’re getting actually DSL and and we had that at the camper last year across the lake and I mean the last five years and we’ve had no problem with that. Both of us can be working on our laptops, we can’t can’t stream at the same, you know, watching movies were working but that’s not a problem. But we’re also, we may get satellite also we got a really a really good direct shot. Um And broadband they say maybe in 18 months.

[00:09:14] Evan Francen: What about your cellular? Who’s that?

[00:09:17] Lori Blair: Externally? Mm. Okay. It’s literally it’s been great. I mean I was shocked at how good it’s been working video you know everything. And then thursday afternoon boom. So I don’t know if they didn’t maybe throttle that first month of covid. Yeah and and then all of a sudden throttled me but I’m at like 42 gigs right? And they throttle you at 20 and that was just thursday that this happened. So but here is the other thing I had to change my like online password and I’m wondering if things didn’t just couldn’t sink at that speed and maybe once everything gets spanked again I might be out because I couldn’t open security studio. I would I would get authenticated but I couldn’t get the windows open. It would just spin

[00:10:10] Brad Nigh: yeah I wonder if it was trying to sync up like you’re one drive or something and it was just

[00:10:14] Lori Blair: something but yeah 0.6 download like yeah.

[00:10:20] Brad Nigh: Yeah we were working last week. All right now we’re working on some F. F. I. C. Stuff so that’s what yeah. Well that will be coming for security studios and mapping is there here in the next probably a month or so.

[00:10:38] Evan Francen: Yeah that’s very

[00:10:39] Brad Nigh: good. So many napkins.

[00:10:42] Evan Francen: Yeah but they

[00:10:43] Lori Blair: are well and what’s sad like brad and I were talking about trying, trying to be competitive and give these banks a good services. They really have to comply with a lot and to try to keep, you know, this service in line for these little banks is really important because they can’t afford a lot if they have a lot of responsibility and requirements.

[00:11:02] Brad Nigh: Yeah. You look at some of the services that they’re getting in the reports and you kind of go, hey, I don’t, I’m not sure that they’re doing that right for, you know, Yeah. So trying to continue the mission and get them what they need, doing the right thing in a way that they can afford. Exactly. What about you? What do you do last week? Yeah.

[00:11:32] Evan Francen: Okay. I remember staff united Staff.

[00:11:39] Brad Nigh: I know you and I worked on C. M. M. C. That was last week, right? Yeah.

[00:11:45] Evan Francen: C. M. M. C uh bunch of meetings and a lot of meetings. I’m looking at my calendar right now. It’s like there are a lot of meetings.

[00:11:56] Brad Nigh: Yeah. It’s interesting. The CMC, there’s so much confusion out there that, you know, we’re hearing from customers. It’s kind of crazy that

[00:12:07] Evan Francen: what’s confusing.

[00:12:09] Brad Nigh: They just don’t know what they’re supposed to do what they should immediately and how they should be doing it. So

[00:12:13] Lori Blair: when they’re supposed to do it, they’re panicking because they think they’re going to start getting our FPs yet here because as of this month they could add, add that requirement to RFP s and they’re just not sure what does that mean for us.

[00:12:27] Evan Francen: They don’t have the certification yet.

[00:12:29] Brad Nigh: They just they just closed the R. F. I. For the marketing research on how they should do the training and exams to begin an assessor like june 10th. That’s good. So they’re going to have to figure out who does the market research, do the market research and figure that out. That’s going to be what at least three months of work.

[00:12:50] Lori Blair: Right. And they want to certify some 300,000 assessors.

[00:12:57] Brad Nigh: Mm be interesting.

[00:13:00] Evan Francen: All right. Well, people want to know what to do. Do

[00:13:03] Lori Blair: security. Nist Nist 800-171

[00:13:07] Brad Nigh: is the current guidance until until they get more out there. All right. Should we get going with this? I want to hear stories for

[00:13:16] Lori Blair: sure. All right,

[00:13:19] Brad Nigh: so this is the second week of our series and as ever mentioned is because we’ve received a lot of positive feedback about four part one. So going part two. Uh We have the same kind of questions in there. We’re gonna just left it in there because we want to keep the same format just to hear all the different people’s perspectives. Um So I guess, yeah, first question, how did you get into the industry. Lord,

[00:13:47] Lori Blair: Well, you guys know my background story is quite unique. I was actually in finance and back in the eighties and I was at a pretty large defense contractor that was headquartered here in the city’s back then I was in finance and I got laid off and so I was on a rift list and information security called me for an interview. I had no clue what they did. I thought I was going to sit outside a computer room and like let people in the computer room seriously. Um so I went to the interview and here’s you know for for managers interviewing me and they’re asking me things like have you ever been to a designated country, do you have any felonies in your background? You all this? You know, I’m on this hotspot, I’m just in shock like wow really? So I got the job and the job was called a visitor control administrator and what I did was exchange clearance information between companies and you know if we had a big meeting coming in, I’d make sure that everybody’s clearance information was there. They were authorized to attend the meeting. Things that we’d love to see in our world now right keeping track of who’s in what meetings and knows what. Um and on my first day when they started explaining things to me, I went holy crap is this like James bond stuff Really? So so that’s what I got started that was in 85 threw out a number of years, I went up and worked through, you know in a defense program you have to, you have to track every document, you have to number every document you have to you know I worked on clearing people doing clearances doing inspections doing you know all of that and then ultimately um uh for some very close to me said laura you’ve got to get into the computers, this was probably about oh must have been 98. He’s like yeah the computers you know computer side of security is where it’s at. So I became the computer ai s specialist, we called it automated information system um specialists in about 98. And uh and I would actually approve all of our computers to process government classified information and I had the authority in this region to actually process up to system high systems which is where you start getting to the C. Two and the discretionary access controls, things like that. And I’d have to just make sure that a there were no connectivity or if it was connected we had the right comsec link as we used to call it the you know, so we used to do ticker tape encryption. I literally with every day you go up to this little room and tear off this little piece of ticker tape feed it into a kg 84. Take the old one out, burn it in a little ash traits you know stir up the ashes and destroy it. And then I connect the link up again and go out to the navy sites and army sites and so yeah, I mean it’s really, really bizarre to think, you know, all of this was back then and it was classified where we have to do that today. So I always say when the internet took off, right, um, mosaic was my first exposure. It was on the World Wide Web. It was like, check this stuff out. Um, our job just really became that much more important. But what’s funny and we’ll probably get into this little more. But a lot of people did not see the jump, didn’t see the connection and stayed in that kind of defense environment thinking it was so carved out that their skills really wouldn’t apply into, into the world today. And I’m here to tell you that their skills are much needed on what we called the proprietary side of the program. So, so yeah, that’s how I got here. I thought it was going to let people in the computer room. Um, and then I ended up going Holy Toledo is what are we doing now? I think my third day, the naval investigative service and the FBI showed up with their guns because we’re missing a document, you know, and they’re searching the whole whole facility. And I’m like, okay then, yeah, this is pretty serious stuff. And then I got excited. I’m like, wow, you know, I got, I got kids, they’re going to, you know, someday being the military possibly I’m here protecting our people and you know, then then I really got motivated and that was kind of where I got my start.

[00:18:05] Brad Nigh: That’s cool, cool. So he started that you’ve done like consulting work and then, you know, kind of you’ve been management and how did you go back and forth between consulting and being, you know, in house?

[00:18:21] Lori Blair: So in uh in one of those programs, I ended up being the information security Manager at some point. And um we were one of the local companies that hired secure computing back in the day, which secure computing was also a spin off from my original, I did the spin off on the information security side for that company, but a couple years after they got going, we started they started this professional services group and um we were one of the first people to hire them to do a penetration test on us. And it was so cool. I mean it’s the local guy, he’s a he’s a c so local here in one of the bigger companies now, but he came in and did this penetration test, it was the coolest stuff we’ve ever seen, right? Um and we worked really closely with them while they kind of recruited me away from that job. And I really, so when I started in that professional services organization and secure computing, all we had was testers, we didn’t have anybody that had the governance background, that new policies and new programs and things like that. So we really was key and starting that side of of the consulting offering that, you know, we didn’t call it a risk assessment, we call those security assessment. And I actually built our methodology on a Department of Health and Human Services as they were called at the time um here in Minnesota, we worked with them for like 18 months and we built our methodology so it was pretty cool. So that’s how I got into consulting. Then I got burnt out a little bit because we were so crazy. We worked, we did a huge huge job for the postal service and um it was overwhelming, we were too small to be bidding on work like that and it just burns us all out. And I had four kids at home and I was on the road every week and I was I was the principal on the wrist on the uh security assessment. The company grew, I mean we spun off and became gardened, if I don’t know if any of you remember that, but we went from like 24 people to almost 200 you know, a matter of a year. I was responsible for doing a lot of the training on the assessment methodology and I burnt out. I had kids at home. I just, I couldn’t do it. So then I found a job managing again. And I really enjoyed that. Built a really awesome program for a company that was again, what was originally headquartered in uh in europe and we spun off, it was fortis and became assurance and I was information security manager there and built a program that we had four different business units that did health, that did finances and built a program where each of those business units could implement their own program based on our policies. Was there a number of years and then got recruited away again to consulting. Um And then uh I was back in consulting for, I had was a practice director for Identity and Access management practice. Then I went from there to a C. P. A firm and did kind of the bank exams for all of their banking partners um a few years there and then I actually get really sick and was off work for a couple years. Um So after that I decided not to go back into leadership, didn’t need the stress and uh went and was kind of security analyst at a local program you guys know recently. And and I really was fortunate because I got laid off from there one day and it looked you guys up and here I am, I have the greatest job yet.

[00:21:57] Brad Nigh: Well that’s good to hear, remember

[00:21:59] Evan Francen: how happy we are that you’re on our team. You know, I’ve learned so much from you in your time here. Uh That’s you know, most of what I’m doing is just sitting here listening to your talk because there’s so many things every time I talk to you there’s something new to learn. Cool. I mean I love your experience. I love where your heart’s at. I love how you serve you know our customers. It’s just uh so I’m just gonna keep listening while you keep asking questions bread. That’s awesome.

[00:22:29] Brad Nigh: No I agree. I think I remember very clearly like I got your resume. I was like, she seriously like just looking ahead and then in the interview was like yeah we know hire her like now.

[00:22:43] Lori Blair: Yeah that was cool and I just, it was really an awesome interview too because I just really liked everybody and you know at this point in my life I was actually thinking about retiring. I mean I had that opportunity after the layoff and um that didn’t last very long. I got bored. So then I knew I was just in the driver’s seat, this is who I am, this is what I want to do. Um you know here I am. It’s and it’s really cool to be able to be that way, you know, a brand new right away. I don’t want leadership. I don’t want that stress. I want to go work with clients. So been there, done that right.

[00:23:18] Brad Nigh: I think you pretty much told me flat out in the interview, you’re like no I’m glad you’re doing it because I want no part of it. I was like uh what have I done? Uh No, I think you know it’s kind of a good transition because in your role now you still do a lot of mentoring for everybody across your organization. But you know it gives you the chance to share your knowledge, you know, you know, it still blows my mind when you come and ask me for clarification on something like really, you know, it’s way more than I do.

[00:23:53] Evan Francen: Well that’s another thing, that’s another thing about Lori though too is, you know, all this experience and yet you’re still humble.

[00:24:02] Lori Blair: Well and I learned something new every day honest, you know, and you guys know I don’t like to delve deep into the technology so that’s where you know, I go more to the experts and like I said in my interview, I know enough not to be bullshit, right? I know I know what can be done, can’t be done what they should be doing. But do I want to get into the network layering stuff on solutions and you know that I just was that I knew that enough to pass my CSP. Yeah.

[00:24:31] Evan Francen: Yeah. Speaking of that to you also help there, you moderate? I think you’ve done that the last couple of years to Yeah, yeah.

[00:24:40] Lori Blair: That’s cool. It’s fun and you know my mentality actually one of my downfalls at my old job was um you know and one of my uh my uh I don’t know if it’s a review or something but it’s like my mentality is to coach and mentor. I don’t know if we have to ever manage we’re not gonna be happy because I don’t manage well I get you know I I get worked up and that because you guys have you ever seen me brad see me a little upset here and there but it takes a lot to get me mad and and you don’t want to see that. So I like to coach and mentor. That’s where I like to stay.

[00:25:18] Brad Nigh: Yeah I loved it

[00:25:19] Evan Francen: here. I don’t want to see you mad brad remember your between us.

[00:25:23] Brad Nigh: I know I think she knows you can come to me anytime with any problem I will have her back. Yeah I’ve seen her worked up a couple of times but yeah we got through it overall you seem pretty happy still.

[00:25:40] Lori Blair: Oh yeah and and it’s a lot of times sanity checks right? We always need those.

[00:25:44] Brad Nigh: Oh absolutely. So I guess you know with the coaching mentoring aspect what would what would be your advice to someone who’s considering you know trying to get started information security.

[00:25:58] Lori Blair: Um I guess one of them is don’t think it’s all technology right? I mean one of the things going back to D. O. D. Again so when I got when I started 80% of the people on the team or women. Uh huh. Two guys were specialists. The rest were women. I think we had you know, and there was probably 40 people on the staff around the twin cities. One manager was a male to specialists were the male or a male and the rest were women. But the thing was as technology was only one component of those programs, right? You had to have the policy, you had to have documentation and so a lot of that was kind of the administrative side and often when you saw someone take over that computer side, it was the guys. So I don’t you know, that’s just kind of an interesting twist because it was very administrative, you know and people look at information security and right away you see assume its technology, you need to know cybersecurity, you know, you need to know how to hack into a system. I mean you can imagine the questions you get when I tell people what I do, can you help me with this can help you guys get it all the time and you don’t have to be an expert in everything, right? Find your passion. There are so many fields within the information security field that um I run across a lot of people with creative backgrounds, you know uh liberal arts. I mean just literally look at our look at our lead, she’s Megan, you guys are gonna be talking to her, she’s she had an animation background and philosophy, you know a lot of people in flocks with philosophy backgrounds, it’s just amazing and then they end up in security and do fantastic jobs. So, you know, I guess one of the big things is don’t think that you have to know all of the technology, there’s room to learn it and it’s always changing some of the basic stuff is there? Um but you know, we’re not system administrators out there learning the bits and you know, fights and the settings and so forth. We have to know what the capabilities are. But um there’s many ways to enter the field without being a technical expert.

[00:28:14] Evan Francen: One in the eighties now, have you noticed? Because, you know, being from the mid eighties to now uh in the mid eighties, it didn’t seem, I mean I don’t I was Mhm. I’m not gonna say how old I was, but it didn’t seem like there was as many, there were as many women and in the tech part of things, right? Whereas now it seems like there are more and more women in the tech part of things. Have you seen that too?

[00:28:39] Lori Blair: Yeah, absolutely. In fact, again, back to those days in the D. O. D. We had 100 engineers in the building. Just these bright smart, they’re building torpedoes and things like that. One female engineer one and probably in, you know, five years that I was with that program you might have seen a few more women getting into the analyst role, but they didn’t come in as an engineer. They were either had a lesser degree or something or a different degree and we’re moving up the chain. But even, you know, outside of security in the technology fields, we just didn’t see the women having the interest, you know, now with things like stem and you know, uh, the even the high schools and lower levels focusing on it. Hopefully we’ll see a lot more interest coming out of that in the technology field as well. Starting to see it more and more. I mean there’s, you know, you’re starting to get to conferences, you go to Evan, we did that panel here last year was about women in insecurity or something like that for one of the don’t you, that was pretty well attended for, you know, after hours, a lot of women interested in. How do I do this? So we have to keep doing those things, keep you know, evangelizing it

[00:29:57] Evan Francen: after hours and the weather was sucky.

[00:29:59] Lori Blair: Yeah, it was, yeah, the middle of the winter,

[00:30:03] Evan Francen: I’m telling you, I didn’t like it.

[00:30:05] Lori Blair: Yeah. But yeah, that’s, you know, it’s uh, it’s it’s an intimidating field, right? I mean you can be an app developer, you can learn, you can go somewhere and learn the code or you can do these things but there’s so much to cybersecurity people think technology right away again, how much does having that program and that training and the policy and the guidance and all that really feed into what we need to do today awareness and you know all of that is huge. Well somebody with a creative background is awesome there. You can you know you can coach them into you know we need people that can communicate and can get to these people and get the messages across. That doesn’t necessarily mean somebody with a engineering degree.

[00:30:54] Brad Nigh: Yeah that’s a good point and that we think have you

[00:30:58] Evan Francen: ever taken training from an engineer before?

[00:31:00] Brad Nigh: Well that’s exactly where I was going to go is I think what you see a lot of times as these really talented technical people, whether it be the N. I. T. Or you know the tech services side of contesting that type of thing is that that’s probably the area they struggle with the most is the communication right? There might be incredibly smart at what they do but they they just struggle with getting that across so to have somebody who can come in and bridge that gap and and be able to speak to both sides. Just valuable.

[00:31:36] Lori Blair: So my first week at fr secured, remember that brad, you guys were out of town, you went to some training, you and our other colleague that was there. I was there alone and actually the uh I think he was the lead of the testers at the time came to me with the reports, you know here you have some bathroom, you mind taking a look at this and you know, reading it. I red lined it. So bad. I think he got really upset with me. I mean I just,

[00:32:04] Brad Nigh: yeah,

[00:32:05] Lori Blair: not sure where it went because I didn’t know enough. You had to see if that, you know moved on. But it was kind of, it was just kind of funny and you weren’t there? Nobody. I was just kind of like, well that’s my background. Sorry,

[00:32:16] Evan Francen: good for you. Good for

[00:32:18] Brad Nigh: you. Well,

[00:32:19] Evan Francen: it’s interesting because today at fr secure, we still don’t have a female on the text services team.

[00:32:25] Lori Blair: I was thinking that this morning, right.

[00:32:27] Brad Nigh: They have a female intern lined up for the fall that we’re gonna do it this spring. But we had, you know, some pandemic thing came up. How

[00:32:36] Lori Blair: about how about applications? Are we getting any female applications?

[00:32:42] Brad Nigh: Yeah. You know, I don’t think there’s been a whole lot.

[00:32:46] Lori Blair: Right?

[00:32:47] Brad Nigh: But yeah, I know Oscar had had identified this person last over the winter last fall and was like, yes, we are. Like tell her we will do the internship in the spring. Like she’s guaranteed this internship and then yeah, I didn’t do it, but right. I think there’s, they’re hoping for, I think this fall to be able to bring her in.

[00:33:12] Evan Francen: But it’s interesting just, you know, in our little microcosm because we are very open. I think we’re very inviting. I mean I don’t think uh, you know, diverse. It’s kind of a big thing for us. We want to be diverse. And yet you know, going back to the eighties where Lori was, can I see the same thing here? Right? Not intentional by any means, right? It’s just a function of kind of the world we live in I guess.

[00:33:39] Brad Nigh: Yeah. If you look at the two different sides, I mean it really does follow that split and it’s not like is that intentional in any way? It’s just right. If people don’t apply, you can’t hire them.

[00:33:53] Evan Francen: Right. I wonder at what time because one of the things we needed to do with Renee and we talked about last week was we have to be intentional about getting of, you know, a woman and it wasn’t because it was a woman, it was because we needed another a different perspective perspective. Women think different. I mean it’s just different backgrounds. So I wonder when we get to that point. I mean I assume I assume we will. Right?

[00:34:21] Brad Nigh: Yeah. Well yeah,

[00:34:26] Evan Francen: I know that there’s a lot of good women hackers out there. Uh you know, I’ve seen some of my follow some of them on twitter and uh yeah, I mean, yeah,

[00:34:38] Lori Blair: I look forward to that there. They’re getting there. Um there is one organization I had shared this with Renee and uh you know, whether she’s interested, but there’s the executive women’s form for information security and privacy uh Joyce broke a glee. I can’t always say her name very well. I was part of the initial group back, I think they’re on like 15 years now. That’s an awesome group actually to get involved in. Um it’s all women executives management. Um and just the networking that goes on around there. Um I haven’t been involved in a number of years, but you know, even for a company, it might be something that they have a huge conference every fall. Um you’ve got I know it’s just a really cool, really cool group and I was so excited to be part of that back when I was,

[00:35:27] Evan Francen: what was the name of the group again,

[00:35:29] Lori Blair: Executive women’s form for, I think it’s security and privacy or information security and privacy Hossam group. I mean very very cool.

[00:35:38] Brad Nigh: Yeah. You know, I think that is something that we should look at because I’m thinking now because I don’t always get involved with the tech services interviews until they’ve made it past the first couple. Right, right, right. But I know I’ve had conversations with two other women for the consulting side that I was like well as soon as we have a position like they they would be front of the line, like just, you know, it’s kind of interesting. So uh

[00:36:16] Lori Blair: could I wonder if we should uh I mean as fr secure we could start kind of a women’s networking group or something, you know once a month Megan and I and some of us or even like that executive woman’s form there’s ways to get involved in local chapters or start a local some training stuff and mentoring programs and um that one I think they even have a whole mentoring program set up that you could you know use their stuff to bring in. So that’s one thought. But even you know some kind of women’s you know mentoring group where let’s do demos of different things at times or you know talk about subjects or. Uh

[00:36:58] Brad Nigh: huh. Yeah. So. Mhm. What can I guess I’m looking at that more technical side, you know what can we do to get more women in that side like we were talking about with Renee last week it’s about 25% of I. T. Is women and then you get a subset of that into security because that seems to be the most common funnel. How do we get more involved?

[00:37:26] Lori Blair: Let’s do a wine in women’s hacking night. Yeah. You know you throw wine out there, you get a lot of women to show

[00:37:33] Evan Francen: up, let’s do it brad.

[00:37:37] Brad Nigh: He was gonna lead it,

[00:37:38] Evan Francen: we should get Renee to leave it.

[00:37:40] Lori Blair: Wouldn’t that be kind of fun just to you know kind of like the wine and painting that women do or

[00:37:45] Brad Nigh: whatever.

[00:37:46] Lori Blair: Yeah the night of of testing or something.

[00:37:50] Evan Francen: Well it seems like women and women are better at attracting more women than men are. Yeah so I think it’s gonna need to be, you know, if we want to do. So it seems like it if we want to do something real and do something like that, it would need to be led by Renee and you and victoria or whoever wants to be involved and just feel empowered to do it,

[00:38:15] Lori Blair: right? And I think that’s part of it, right? Being empowered, You get these women more together again, you get, you know, you’re a little intimidated, there’s so much to our field and not being an expert at everything. You start to feel like you’re lacking, right? We know they’re not we know you can’t be an expert at everything, but women are very hard on themselves that way. So, you know, allowing them to realize that you don’t have to know everything and you know, just so yeah, it may not be a bad idea actually. Some kind of

[00:38:51] Evan Francen: I like that idea.

[00:38:52] Brad Nigh: Yeah, I’m particularly

[00:38:55] Lori Blair: good.

[00:38:56] Brad Nigh: That is interesting because I think that’s not a perspective that I considered of, you know, tougher to admit or harder on yourself that you don’t know because I flat out say it like there’s no way I could know everything

[00:39:11] Lori Blair: right, but but and you know, in information security, there are big egos, right? I mean, it’s just one of the things that comes along with it. You don’t see the big egos and too many women, it’s just not there. So they, you know, just kind of sit back and hold on to their knowledge and don’t speak up as much even, you know, I’ve got a lot of background. I can be quite quiet sometimes even when I’m feeling intimidated, when I’m around a lot of really, really smart people that you know technology in and out and I, you know, I’m not at the technology level, but I usually have something to offer. So but yeah, I even get intimidated at times.

[00:39:51] Brad Nigh: That’s a that’s a good point is may, you know, as you know, we have to be more aware of of that. Right? Well that is willing to speak out.

[00:40:02] Evan Francen: Yeah. And we have like imposter syndrome too. Right. I mean part of, I mean some of that intimidation comes from that, but some of any intimidation that comes from being intimidated, there’s something that we can’t tolerate.

[00:40:20] Lori Blair: Right? Right. Right. That’s what’s so cool about our team. People are just everybody across the board are so willing to share and you know, um you know, bring your voice to the table and if at which I say dumb things often we can laugh at it, right, They can write, they can help me, you know, even if I don’t understand things I struggle with, you know, some of the details, we have clients asking us questions all the time. You know, Again we don’t know at all. We have an awesome team behind us to help us understand that stuff and you know, Bones questions off and so forth. So it’s okay not to know everything

[00:41:00] Brad Nigh: well, you know, I think that’s, that’s good to hear because we really do try to work hard on that inclusion and everybody feeling safe to be able to say, hey, I’ve got somebody asking me this and I don’t understand it. I mean I’ve posted those questions and everybody, nobody, I don’t, I hope nobody on the team hesitates to or feels, but they can’t post those or there will be, you know, look down on for asking a question.

[00:41:31] Lori Blair: Yeah, I don’t think so. I think I really do think everybody’s, I mean because we want to share the wealth, right? We want to share the knowledge and it’s important. We all are on the same team and, and everybody has expertise in, you know, different areas and it’s just, it’s awesome to be able to just reach out to someone and go, you know, I’m struggling with this. What do you think

[00:41:53] Evan Francen: right now? So on the intimidation side of things, do you feel like or have you seen in your experience Lori? Uh, this bro, culture, I mentioned it to Renee last week and you know, we talked a little bit about that. Have you seen that or was that a

[00:42:12] Lori Blair: little bit, um, not so much here, but um, you know, historically, when I worked with, um, you know, the tech team versus the governance team or something and I apologize this, we used to call the tech team the Prima donnas right? Because they just had to have everything perfect. You know, there’s, there’s that, um, I do this and I do this well and you know, everybody else has to work around me back in the day. I’ve been on teams where you’re doing testing online and I’m doing the assessment right? And the guy had to use my laptop because of the testing while I was working and so I continued to use my laptop right while the testing was going on and he just blew a gasket because that was so important that his testing went right. I forget that I’m there for three days to also do use my laptop right is a while ago. But I mean that’s just kind of that, that’s the, that’s how that culture kind of grew. I think again not, yes, some of the tech texts, I may not respect the governance side because it’s in some people’s mind, it’s all about technology and, and we know without that program, without that communication, without that direction we’re going to spin our tails, we could be thrown technology and stuff all day long. Um, and it may not make us any that much more scared if we don’t know what to do with it and have that, that process and governance in place. So, so yeah, there is some of that, I don’t honestly, I don’t see it here, the people are great I am, I can ask any of them anything and they know my they know you guys didn’t hire me from my technical skills

[00:43:59] Evan Francen: well it’s that bro culture, you know, it’s like a, it’s like a locker room thing, you know what I mean? It’s like get a bunch of guys together and sometimes it gets like that, right? And then you forget, I mean you can forget, oh crap, we’re not all guys here, you know, and and that’s that’s where I think some of that bro culture comes in because it can get intimidating and get offensive because you’re not one of the guys, right, when you have something that’s so dominated by men um it’s wrong but I think a lot of times it happens unintentionally too, so

[00:44:35] Lori Blair: right, and I think you see that, you see that here, you see that in boardrooms, right? Um you often see a board with uh you know the percentage of it are men and you might have one or two women um and and you have to be a strong woman to be part of that culture and stand up for the reason that they put you there um But yeah, we see it, you know, we see it across the board, it’s just we need to, we need to educate these women and help give them the confidence um that what they do know is good and they’re intelligent and you know, they are important and they’re needed at the table and um their opinions matter. Right?

[00:45:16] Brad Nigh: Oh, absolutely. Yeah, I said it. How many times have I asked, you know, working with Megan, are you and and you guys come back with a solution where I’m like, yeah, I never would have even considered that approach that something. So yeah. Why wouldn’t you want people that look at problems differently than you two work with you? All right. This makes everyone better.

[00:45:43] Evan Francen: I think a lot of times the people stepping on other people or people that feel about this big themselves. Yeah. I mean they get a lot of their power from pushing other people around.

[00:45:54] Lori Blair: Right. Right. Yeah. Mhm, yep, lack of self confidence. That’s how they build themselves up and we all are a little weak there and here and there. But

[00:46:06] Evan Francen: yeah, true. But you’re the second so two weeks and both you and Renee talked about being a strong woman, standing up for yourself. Feeling confident. Uh You know, not I wouldn’t allow anybody push me around. So why would you?

[00:46:27] Lori Blair: Right. Yeah. And you have to and you know, and some people just are hard to push back on that stuff. Well and the sad part is I’m an emotional person when I when I get upset and I have to push back sometimes the tears come and what does that do? My respect often just went down because I can’t control myself and those emotions come in? Well, we’ve seen over the last few years, we’ve even seen politicians getting tears over issues. So that has to be acceptable because, you know, sometimes that’s how we get our point across, you know, my emotions as well, and part of it’s my passion, right? And I believe in this. But yeah, that’s that’s another thing, right? We have very different emotions male. And in most cases, there’s sometimes, you know, you’ve got women that act like men and men like women, but but that has to be acceptable, sadly, it’s just that’s the way part of our way of communicating and we can’t be, you know, uh disrespecting women for showing their emotions however they do that.

[00:47:36] Evan Francen: You mentioned that because there’s a stereotype role reversal at my house where I’m the one balling every time I watch a movie and my wife is looking at me going like, what the hell is your problem?

[00:47:49] Brad Nigh: Yeah,

[00:47:50] Lori Blair: we kind of have that a little bit too believe it or not.

[00:47:54] Brad Nigh: So I guess real quick before we wrap it up, you know, I have two younger daughters, what what can I do to empower them? And or, you know, like, let them know and how how do they become a strong woman? What what advice?

[00:48:12] Lori Blair: Um you know, the biggest thing is is letting them follow their desires, right. Don’t, you know, a lot of us were told you couldn’t do that, or you couldn’t do that. You’re supposed to do this. And it’s really what are their dreams encouraging their dreams, exposing them to everything, right? Everything from the typical female roles too, Male roles to, you know, you can be anything you want. Um You know, and having them talk to people bringing them to all kinds of different things that exposing them to careers, right? Just even in the fun way while they’re still young and and and expanding their horizons to see what do I want to be interested in and just supporting them. Absolutely. I have four successful kids and all I was was a supportive mom. Um and and I’m so proud of him. One just came a doctor,

[00:49:05] Brad Nigh: wow, congratulations.

[00:49:07] Lori Blair: Family nurse practitioner, but a doctor and nursing. So yeah, we’re pretty excited.

[00:49:12] Evan Francen: That’s awesome. Congratulations.

[00:49:14] Brad Nigh: That’s a lot of work.

[00:49:16] Evan Francen: So not only work in 30 I just want to point something out real quick. Not not only 35 years working in this industry, but you also in traditional stereotypical roles. Women are also, they’re nurturers and the ones who raised the Children. So 35 years in the industry and four awesome kids way to go.

[00:49:41] Lori Blair: Yeah. It’s pretty cool. I’m really enjoying life right now. I really am. It’s awesome.

[00:49:46] Evan Francen: It’s cool. Talk about strong

[00:49:49] Brad Nigh: cheese. Yeah.

[00:49:52] Evan Francen: Yeah. It’s cool.

[00:49:54] Brad Nigh: Yeah. Having you on the team.

[00:49:56] Lori Blair: Yeah. It’s awesome. I love being here. It’s a I just can’t say that enough. I love the team. The management that, you know, I can I’m me, I can be me. There is no no facade here. It’s this is me. Um probably the first time in my career where I didn’t have to have some other face to please someone for some reason, you know, molding yourself to fit, fit them. All right. Yeah. No, it’s very strong.

[00:50:27] Evan Francen: I think people are the most beautiful when they’re themselves. So it’s awesome

[00:50:32] Brad Nigh: to get the most you get. Yeah, that’s cool. Energy hiding. They’re gonna be happier.

[00:50:40] Lori Blair: Yeah.

[00:50:42] Brad Nigh: Yeah. Well, thank you very much. Lori

[00:50:46] Lori Blair: appreciate it. Thank you. I’m honored to be here for sure. I love to share my story. You guys know that

[00:50:51] Evan Francen: we’re going to have you on again? We got more to the story.

[00:50:54] Lori Blair: Sure, anytime. Mhm. All right. All right. Have a great day. You guys

[00:51:01] Evan Francen: All right. You don’t have to leave if you don’t want. We’re gonna go through

[00:51:03] Lori Blair: the news. Oh, good for you. All right.

[00:51:05] Evan Francen: Sorry, but you can leave if you want to. It’s totally up to you.

[00:51:09] Lori Blair: I forgot to look at the agenda. No,

[00:51:11] Brad Nigh: no, no. Please get three quick stories. So, if

[00:51:14] Evan Francen: you got to adhere

[00:51:16] Lori Blair: feel free. No, I’m good. I want to

[00:51:18] Brad Nigh: hear. So, the first one. Um there’s a bunch of different articles out there. I grabbed this one from threat post uh theft of CIA is vault seven secrets tied to woefully lax security. Um I mean, wow, but they had no user activity monitoring, no audit capabilities on the on the server. They were using shared machines and and uh it’s really bad.

[00:51:50] Lori Blair: I know it renders you speechless actually.

[00:51:53] Brad Nigh: Right. Yeah.

[00:51:56] Evan Francen: And what, who’s going to be held accountable? Who’s going, who’s going to make sure that this never ever ever happens again because this is some of the most sensitive information that we have.

[00:52:10] Brad Nigh: Yeah. Well, and part of it said was like that they were so focused on building payloads and doing this that well, we can’t have anything slow us down.

[00:52:23] Evan Francen: So it’s the typical, like the worst running car on the road is the one that belongs to the mechanic.

[00:52:29] Lori Blair: All right.

[00:52:31] Brad Nigh: Well, and if you’re not intentional about doing it, I mean it’s really easy turn onto it. So yeah, this was I mean it was really, really bad.

[00:52:45] Evan Francen: My biggest my biggest fear on things. I don’t I don’t mind. It sounds weird, but I don’t necessarily mind breaches. The things that I I hate is when nothing changes. Right? Yeah. So do you think this is better? Do you think they’ve changed for the better? I hope so.

[00:53:06] Brad Nigh: Yeah. So yeah, they 100 at least 180 gig and up to 34 terabytes, but they don’t know because they didn’t have any sort of monitoring in place.

[00:53:18] Lori Blair: Love to see the lessons learned on that one.

[00:53:22] Evan Francen: Yeah. So Senator Ron Wyden. Uh he made public these Department of Justice court filings. I want to I haven’t clicked on the links to follow but this would be a good story to keep following.

[00:53:39] Brad Nigh: Yeah Washington post actually had a really good write up of it. It was a little bit more in depth but if you don’t have the subscription they don’t always let you read it. So I don’t want to include that one if people weren’t able to read it. But the Washington post are right up is really good. Yeah. All right. Uh Second one was from Krebs on security turn on mm Before cook to do it for you. Yes this was interesting to read. It was about um

[00:54:11] Evan Francen: these bastards always do this shit. Excuse my language.

[00:54:15] Brad Nigh: Uh They finally couldn’t access Xbox because if you didn’t have a multi factor they got in and turned it on. We’ve actually seen this um in organizations with you know office 3 65 where they were lock out of accounts because they didn’t set up an FAA. Somebody got in and then set up in the fe on an admin account. You can’t you know it’s tough to root that out.

[00:54:46] Evan Francen: That’s almost a ransom where combo attack. You know what I mean? Because now I can’t get into my own account because you have failed me out of it.

[00:54:55] Brad Nigh: Yeah. Yeah there uh there was a good site in there on that car is one of the two factor auth dot org. That kind of goes through a bunch of different sites that support M. F A and what they do, what they allow and what they don’t. So um that’s another good uh resource for people. But yeah, turn on your in this exit it enabled everywhere. I saw a recommendation anywhere you can get in if I do it.

[00:55:28] Evan Francen: And back to the intimidation thing that Lori was talking about, if you don’t know what MFA is or you need help getting to talk to somebody who’s not going to make you feel like a, you know, this big because there are lots of us out there that would love to help you spend 5, 10 minutes helping you set it up. Um But yeah, on that link is, you know, all the all the places that they know of, you know, to factor

[00:55:53] Brad Nigh: Yeah, 900 websites are listed on there.

[00:55:59] Evan Francen: There’s no reason you should be using anything with a log in unless it’s just a throwaway account right? Without too, you know, without multifactor.

[00:56:10] Brad Nigh: And what’s crazy if if you look on that to factor off that or you can click on the banking, the number of banks that don’t offer, it is scary or the number that only do smS is pretty pretty scary.

[00:56:28] Lori Blair: Okay. And people and people complain when they do have that extra layer. It’s like you need to have that on your accounts? Get used to it, get, you know, condition yourself to be using these security things. Can you believe that

[00:56:46] Evan Francen: BB and T.

[00:56:48] Brad Nigh: I just saw that.

[00:56:49] Evan Francen: Bmo Harris Citizens Bank. Citibank in Australia.

[00:56:57] Brad Nigh: Suntrust bank. That’s a big one in the.

[00:56:59] Lori Blair: Yeah so

[00:57:01] Evan Francen: discover banking. You know that the discover credit card uses N. F. A. But not discover banking.

[00:57:09] Lori Blair: That’s a lot of our banking clients. They are clients just push back. They don’t want it. People wake

[00:57:15] Brad Nigh: up dead. That’s a huge one for military optimum. Yeah just keybanc that’s another big one

[00:57:25] Evan Francen: regions regions bank. Yeah. Yeah. Crazy. Yeah. Change would change banks. My bank didn’t you know offer multifactor authentication

[00:57:39] Brad Nigh: luckily mine does. So and not just that some apps we have a software token on that. So yeah. Yeah. Crazy. So check it, put it where you can last one for today was out of info security magazine. Female employee indicted for hacking medical center 43 count indictment yesterday accusing fema. I. T. Specialist Justin Shawn johnson of illegally accessing data held by the University of Pittsburgh Medical Center. Feeling gets this role about they said around 65,000 employees personal information. So uh yeah so on the dark web they don’t know very undisclosed sum. Uh But yeah he said let’s see in here they exhilarated the data used the exfiltrate data file, hundreds of phony tax returns claimed approximately $1.7 million in false refunds. These were then laundered being converted to amazon gift cards that were used to purchase goods worth about $885,000.

[00:58:54] Evan Francen: That’s only that I mean this is health

[00:58:56] Lori Blair: information is just one. Yeah,

[00:58:58] Evan Francen: this is healthy. You know, I mean this is you can get health insurance with this information, you could lead potentially to somebody’s death, right? So at what point do they start making you know, maybe I’m just doing it in an accountability mode today? But what are they gonna make an example?

[00:59:18] Lori Blair: Right, make an example of this guy,

[00:59:21] Brad Nigh: right. He’s cybercriminals are wire fraud, conspiracy and aggravated identity theft. If convicted on all charges, he could spend 20 years locked up in federal prison.

[00:59:32] Evan Francen: Yeah, so put them in for 30

[00:59:35] Lori Blair: I was gonna say, I mean he’s just messed with people’s lives, right? Doesn’t he deserve

[00:59:40] Evan Francen: 65,000 of them.

[00:59:42] Lori Blair: That’s

[00:59:43] Evan Francen: one of the things we talked about last thursday on the security shit show was things like this, right? The difference between cyber risk and physical risk and really the risk is risk, it still affects you and hurt you? It hurts you, right? And it can hurt you is bad or just as bad as you know, either one. So it’s like when do we start treating these things like their physical crimes right? You just stole something from 65,000 people if any single one of those people suffers physical harm and they can tie it back to this. Should you not be responsible for that assault or that whatever happens,

[01:00:29] Brad Nigh: you know, that that would be an interesting thing is is we see it with insurance and filing false claims or using other people’s insurance information to get coverage and then they get a bill or they go to try and get something done and can’t because there’s insurance issues

[01:00:47] Lori Blair: do that. It was it was already performed once, right? You know?

[01:00:52] Evan Francen: Yeah. So all that fraud stuff, This guy should have to pay restitution on every single one of those if somebody gets mistreated because something else is on my medical record that isn’t mine. I get mistreated. And let’s say that they cut off the wrong arm or I di

[01:01:08] Brad Nigh: you get denied treatment.

[01:01:10] Evan Francen: Should this person be charged with like bill involuntary manslaughter?

[01:01:14] Brad Nigh: Yeah, I mean, that would be that would definitely if you just kind of pause if if you know all these people’s identities and anything that happens to them as a director is old.

[01:01:26] Evan Francen: Well, and we could potentially do that kind of stuff if we use like watermarking and things. Well, it’s a whole nother story, but it’s just this stuff like this really ticks me off because you have 65,000 people and most of them have no idea. You know, they’ll get they’ll get the letters, they might get the letter in the mail and be like whatever another breach.

[01:01:44] Lori Blair: Yeah. Right. All right. We’re getting we’re getting sensitive desensitized to those letters. Mhm, wow.

[01:01:54] Evan Francen: Yeah. And he’s a female employee. It’s like, it’s like another level of like, you know, trust you put in people.

[01:02:01] Brad Nigh: Yeah jerk. Yeah, that’s a good way to play it,

[01:02:05] Lori Blair: yep. For sure.

[01:02:08] Brad Nigh: All right, well that is it for episode 85. Thank you Lori for a great second installment of the women’s series.

[01:02:16] Lori Blair: Thank you.

[01:02:18] Brad Nigh: And it is working on lining up guests for next week and I was gonna show I know shout outs this week. Uh Lori any shout outs that you want to

[01:02:28] Lori Blair: think

[01:02:29] Brad Nigh: about it and go to heaven.

[01:02:31] Lori Blair: Yeah, go to heaven.

[01:02:32] Evan Francen: Okay.

[01:02:33] Brad Nigh: Uh got a shout

[01:02:34] Evan Francen: out to Amy Mclaughlin. She works out in um I always say the word, always say it wrong, Oregon Oregon Oregon Oregon, whatever that place to the west of us. But she does a lot of stuff. She had a really good article that came out last week on key 12 cybersecurity and I know her heart’s in the right place. She’s also in the daily insanity check in. So I see her, you know pretty often. Um Yeah, so shout out to her. She’s doing a great job. Happy to happy that she’s a friend. Yeah,

[01:03:09] Brad Nigh: not one morning morning.

[01:03:10] Lori Blair: No, actually, yeah, if actually I’ll throw a shout out to judy hatchet and Pamela X judy contact us in the last couple of weeks. She’s in a new position and she had an intern come in and she recalled doing some work with me and actually reached out and asked me if I would have a call with her intern. So we did that last week from a coaching and mentoring standpoint. So also recall that she thought of me and thought of us and and asked to set that up. So I thought that was pretty cool.

[01:03:40] Evan Francen: That is cool. I actually asked judy to be on this series to so I’ll see if she takes us up on it.

[01:03:46] Lori Blair: Awesome. Great, Great plan. Yeah.

[01:03:49] Brad Nigh: Um I’ll give a shout out to uh jess in our marketing. She’s working to get Jeff chad night on uh webinar here this week or next week, I guess this week with locked in on how do we physically do physical security with returning to work and what our considerations around information security with those changes of people offices reopening. So she’s done a lot of really good stuff with that. Taking a lot of often my place. I don’t have to worry about it. Uh huh. All right. Uh well, thank you to all our listeners, keep the questions feedback and suggestions coming. Um you know, the one suggestion we did receive this morning was to discuss the indians capital one incident response. The whole thing. Um That’s that was interesting and there’s a lot to still unpack and I’m going to be willing to bet a lot of money that that is appealed. So there’s still a lot of uh

[01:04:49] Evan Francen: yeah, I mean it’s all it takes is a judge to waive privilege, right? And then God knows what’s Yeah, it’s an interesting story. We’ll talk about it maybe next week.

[01:05:01] Brad Nigh: Uh if you’ve got something you’d like to hear us talk about emails that unsecurity@protonmail.com or the social types can follow us on twitter if you like. I’m @BradNigh and Evan is @EvanFrancen. What do you have to enter Lori?

[01:05:14] Lori Blair: You know, I had set one up in FRSecure and I couldn’t get into it the other day so I got to get it back set up. But yeah, I did have it.

[01:05:21] Brad Nigh: Well, if you have one we can get that out there.

[01:05:26] Lori Blair: I’ll throw it out there.

[01:05:27] Brad Nigh: Yeah, the companies we work for a pretty social too. So security studios twitter is @StudioSecurity and FRSecure is @FRSecure and that is it. And we will talk to you all again.

[01:05:38] Lori Blair: Thank you. Have a good day.