Women in Cybersecurity and Their Experiences (Part 7)

Unsecurity Podcast

We’ve gotten great feedback on the women in cybersecurity series thus far, so we’re keeping the ball rolling. Part 7 of the series features Amy McLaughlin, who has an incredible background working in InfoSec in education—including the State of Oregon, the Consortium for School Network (CoSN), Chemeketa Community College, and Oregon State University. Get to know Amy and her experiences in the industry by giving episode 90 a listen.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Evan Francen: All right, welcome. Thanks for tuning in to episode 90 of the insecurity podcast. My name is Evan francine. The date is july 27th and I’m here with my buddy brad and I good morning brad.

[00:00:33] Brad Nigh: Morning Evan.

[00:00:34] Evan Francen: How you doing?

[00:00:35] Brad Nigh: Good. How are you?

[00:00:37] Evan Francen: Doing well. Doing well. Well this is part seven of the women in security series and we have a great guest joining us today. She is the director of information services at Oregon Oregon state. Have to say it right. University Adjunct faculty psychology at Chief McKenna. And I’ll ask

[00:00:55] Amy McLaughlin: her in a lot of good enough

[00:00:59] Evan Francen: uh community college and cyber security and network consultant and project lead at the consortium of school network networking which is known as also known as casa and Home improvement extraordinary. And we’ll talk about that a little bit. Amia Mclaughlin. Welcome

[00:01:15] Amy McLaughlin: amy. Hi, thanks for having me.

[00:01:18] Evan Francen: Yeah, it’s really, really cold that you’re here. I’ve been looking I’ve been actually looking forward to this show. Not that I wasn’t looking forward to the other ones, but you and I have gotten to know each other a little bit more, you know through the daily insanity check ins and all that kind of stuff. So I’m really, really, really happy you’re here again. Thanks for being here.

[00:01:37] Amy McLaughlin: Yeah, thank you. I’m excited to be here.

[00:01:40] Evan Francen: Yeah. Well I, I just know we’ll have a great talk. So, but before we get jumping into all the details. I always like to check in first to see how people are doing. Sometimes we go so fast, you know what I mean? Everything’s go, go, go, go, go. It’s just like, hey, slow down a minute. How you doing? How was your weekend? Uh you know, stuff like that. So bad. Good.

[00:02:04] Brad Nigh: It was fun. I had a good weekend uh other than, you know, trying not to melt because it was like 95 with 80% humidity out but started a home, a home improvement project for building a aquarium stand. My daughters and I, for one of the things so they were excited to get to use like the belt sander and orbital sander and at all the sanding and staining of all the wood done. So next step is cutting and putting it together. So they’re super excited to be doing that and it’s a lot of fun to teach them how to do that stuff.

[00:02:42] Evan Francen: You will be happy to hear that because I don’t know how many times I’ve been on the daily insanity check in and she’s been either painting or I don’t know, flooring, wallpaper, something windows.

[00:02:55] Brad Nigh: I’m excited. I got to get, you know, I’m gonna use a pocket uh screws for this. I got to get the jig for that. The new toys are always fun.

[00:03:06] Evan Francen: Did you get that craig’s thing?

[00:03:07] Brad Nigh: I didn’t get it. It’s not the craig’s but it’s similar.

[00:03:11] Evan Francen: I have the craig’s thing and I lost all the pieces.

[00:03:14] Brad Nigh: Uh That kinda doesn’t help.

[00:03:18] Evan Francen: No. Hey I still have to your tools and I haven’t lost him

[00:03:21] Brad Nigh: yet, luckily I don’t need either of them right now. I will at some point but not not right now

[00:03:30] Evan Francen: that uh what the hell is that thing called? The grinch? Yeah. Holy crap. That’s good for dex. It’s a it’s a wrench that like I don’t know if it’s on the Joyce and then he like push it and it takes the bow out of the deck boards and

[00:03:46] Brad Nigh: Holding space. Oh my gosh it was the best $80 or whatever. I spent

[00:03:51] Evan Francen: 80

[00:03:52] Brad Nigh: bucks, Something like that. I don’t remember, I bought it like six

[00:03:56] Evan Francen: years ago. I didn’t know was that expensive man. I should pay like 20

[00:04:00] Amy McLaughlin: rental fee.

[00:04:02] Evan Francen: It’s just a piece of metal. I can’t believe it’s that much.

[00:04:06] Brad Nigh: Maybe it wasn’t, I don’t know,

[00:04:08] Evan Francen: googling it right now. I

[00:04:09] Brad Nigh: AM. I’m looking it up right now, $63

[00:04:13] Evan Francen: still. How so how is the week we had monday? We had our quarterly company meeting thing, how things go after that.

[00:04:25] Brad Nigh: It’s good. We had our monthly V. T. O thursday with S. And T. Um

[00:04:30] Evan Francen: It’s a lot of acronyms. What do those mean

[00:04:33] Brad Nigh: uh vision traction with organization I think. Right uh So just kind of reviewing where we’re at are rocks are big projects to the corner and planning for next quarter and looking forward, you know, so you know more of the vision looking forward as a, as a dedicated check in to make sure we’re not losing track of it.

[00:05:02] Evan Francen: That kind of catch off guard. It’s like early monday morning and I’m like, what does V. T. O.

[00:05:06] Brad Nigh: Mean? No. Yeah, it was good. A lot of fun. So presented on some of the stuff that I’ve been working on. Cool, really good.

[00:05:16] Evan Francen: And SmT is senior management team. Right, okay. That’s cool. Amy. How is your weekend? How was your week?

[00:05:24] Amy McLaughlin: Um, my weekend was good. I funny enough I got through can number 21 of uh, So far I’ve bought 24 Kansas stain from my house and um, I’ve got another 10 on order because it’s not done yet. Um, so I did some repairs on the drainage in the backyard as well. Uh, just stuff like that kind of poking around the house. Um, Yeah, it’s, you know, it’s kind of fun. It was really hot though. I can’t really complain. It’s actually cooler in our house than in other parts of town. But um, yeah, it was kind of warm to be out. We have deer and turkeys lying around in the backyard panting because it was so hot.

[00:06:10] Evan Francen: You know, I’m really good deer hunter on my Harley. Right.

[00:06:13] Amy McLaughlin: I know, I think you’d be nervous to be in this area, you’re everywhere. Uh but yeah no the week was good too. Um We’ve been super busy because you know, I work at the clinic uh huh at student health issue. So so while everything else is large nation down, we have been open the whole of Covid’s,

[00:06:39] Evan Francen: have you seen a significant rise uh recently or in the last month?

[00:06:45] Amy McLaughlin: Um Not really, but most of our students, so we um we went to remote only for spring term. So a lot of our students moved sort of I would say home of 70% of our students Oregon residents anyways, so um they didn’t necessarily stay in town. We’ve we’ve done a lot of we do a lot of telehealth now. Okay. Um that was our two week go live or tell how, which was supposed to be a sort of a project was a pilot project that I was working on for spring term. It turned into like all spring terms work. Uh huh.

[00:07:24] Evan Francen: Yeah, things changed quick while it lasted.

[00:07:29] Amy McLaughlin: Okay, we’re ready.

[00:07:31] Evan Francen: Well yeah, well you’re still here and you know, thank God. Yeah, the world hasn’t ended yet, although it seems like it’s getting closer. Mhm. Every 10 minutes every time I turn on the news, I’m like what do I watch this?

[00:07:47] Amy McLaughlin: You know, just remember for perspective, like at least you and I were around for like the cold war. True and it always felt like it was getting close then too, so that’s

[00:07:58] Evan Francen: true. Well, the way I get away is I just hop on my bike and go somewhere, you know I mean just get away uh no electronics um and that’s uh what do I do? So I finished the deck. Oh, I know all to send pictures. My wife was really, really happy, which is all that matters man. I don’t really care about the deck. It’s you know, make the lady happy. Mhm uh Ryan and his wife and Justin and his wife and my friend bobby and his wife came over on saturday and you know, they’re doing road construction up in front of our house, like the big tractors and things and they leave all that stuff sitting in the road. And my buddy bobby who’s you know, Ironworker, big burly dude. Uh he’s like, I know where they leave the keys.

[00:08:52] Brad Nigh: I was waiting as soon as you said, that was like, oh boy,

[00:08:57] Evan Francen: yeah, I’m like where did we leave the keys and goes right in the access panel? Like no, it goes, Yeah, I guarantee you I’m like, all right, so let’s go, we go out there and sure enough we checked every single tractor in big track, like the big huge things, man, I mean big huge things and you open up every one of the access panels and there’s the key they did that because the construction guys, you know, forget stuff and you know, if you forget the keys, no work.

[00:09:29] Brad Nigh: Right? Those things are pretty complicated to operate, right?

[00:09:34] Evan Francen: I don’t know, man, I was really attempted to hop in one

[00:09:37] Amy McLaughlin: say, did you didn’t take one for a spin?

[00:09:39] Evan Francen: No, I don’t know. Go out there. They’ll be out there until september. Mm I want to really bad, but get in so much trouble. You guys. Yeah,

[00:09:52] Brad Nigh: that seems like a bad idea.

[00:09:55] Evan Francen: Yeah. Anyway,

[00:09:57] Amy McLaughlin: just imagine it instead.

[00:10:00] Evan Francen: Yeah, I don’t know. There’s like the keys are like right there. Did you know that they do it?

[00:10:06] Brad Nigh: No, I’m not surprised, but I didn’t know that.

[00:10:09] Evan Francen: Okay, so tonight I’ll go for this afternoon and I get home. I’ll take pictures of them and I’ll show you. I mean, it’s like they should do much better job of securing those things. Yeah, I mean, what would like, I mean, I’m talking like the huge backhoes, man, like uh,

[00:10:28] Brad Nigh: you could do some serious damage

[00:10:30] Evan Francen: Like 6, 7, 8 um uh, yard cubic yard things, you know, scoops And I could dig a hole. I could dig a pool in my backyard in like 15 minutes from those things. You know what I mean?

[00:10:47] Amy McLaughlin: That marla’s need a pool.

[00:10:49] Evan Francen: She could have one. I could do it, but I could do this at this evening. Yeah. Be so easy. So what would think of the damage you could do, especially nowadays, like the riots and anarchists and whatever. Hop in one of those things, take it down to city Hall and tear that thing up. I only live like two blocks from city hall. No way the cops are gonna stop you before you get

[00:11:15] Brad Nigh: there. No.

[00:11:17] Evan Francen: And I make the news. Am I giving people ideas bitch? All right, forget it. Let’s move on. Alright, quick discussion. We did that about last week and all that other stuff. Um, let’s get to it. We’ve been doing this series called Women in Security. Uh, and it’s really been truly, uh, you know, use words a lot. It’s been a great experience. I’ve learned a ton Part one We did with Renee Rudder, who’s the chief operating officer here at F are secure. I have so much respect for her because I think I give her a lot of credit for actually changing a lot of the culture here for the better. I mean, we already had a really good culture, but she came here. It was like a brush breath, fresh breath of fresh air, right? Certainly at the lead at the executive leadership team level because it was almost like immediate where the solutions became fresh, the ideas became fresh and I think it was because of the different perspective. It’s not because, you know, she’s a woman versus man or whatever. If you had one group of one people group of any type, constantly working on the same problem gets dry, right?

[00:12:38] Brad Nigh: Well, she brought in a lot of experience that that was relevant to, you know, for where we were at at the time

[00:12:49] Evan Francen: You look at her like pedigree, like you look at her 30 plus years of experience in like why would she be here? Why would you choose this place? But whatever she’s still here, we’ll count our blessings and stick with it. But the one thing that she taught, I think that stuck out from that episode, you know, as I look back and think of it is just how important it was for her to be strong and confident. I think she brought off, brought out, brought off, brought out right away. How um yeah, you know, it’s not women’s tendencies in her opinion to be just confident, just kind of a risk taker, you know, just take chances. She thought that men are more likely to do that where you know, where women just need to go, right, don’t be afraid to fail, be strong, get support. I thought that was cool. Episode two was Laurie Blair who’s you know, probably the awesome ist security person I know in one of the humblest 35 years experience, you know, she’s been here since 1985, we didn’t call it security back then, you know, and she’s still here and she’s still mentoring. Um she’s not quite as ambitious as she used to be. I don’t think, you know, she’s I think there was a middle part of her career where she was very, you know, leading really lead and now she just doesn’t want to leave the more I’ve had enough, right? Uh but great experience. Their part three was Victoria. One of my I mean she’s crazy awesome, she’s relatively new. She came out of the insurance adjuster world, one of the sad things. So that still sticks out out of all the episodes that I think sort of raises a little bit of anger in me. Was the fact that that one recruiter said to her um when she was asking, you know, advice about getting into this industry and he said, well you got, you know, something like you’re smart and you got good looks. Yeah, but he said it, you know, face home creepy. Right? Right. And we don’t get that. I mean, I’ve never had anybody compliment me on my looks in this industry. I have. That’s cool

[00:15:09] Amy McLaughlin: man. I had somebody tell me that I got the job because I was the cute girl who the interview, it was an all male panel during the interviews, so you can’t win either way. You know, you don’t get hired because it’s but they’re buying where you get hired is because the way you like

[00:15:25] Evan Francen: let’s see there’s no place for that. Not, not not unless you’re like a model, right? That’s like that’s like what I get paid for is looking a certain way that’s not what we get paid for, we get paid for things that we do with our brains, things that we do with, you know, typing, whatever we do, but not it’s not looks it’s so it’s so uh shallow,

[00:15:50] Brad Nigh: like because my mind is who they told you that after the fact like who what you can’t even talk what into that world.

[00:16:03] Amy McLaughlin: Here’s the here’s the setup female coworkers told me they thought I only got hired because I was the only woman being interviewed by an all male panel, which was derogatory to me and derogatory to the men doing the interview.

[00:16:19] Evan Francen: Okay, so it’s a third party witnessing what was taking place who obviously injected all kinds of wrong bias. Mhm.

[00:16:31] Brad Nigh: Crazy,

[00:16:34] Evan Francen: mm. Well, I guess we could I do get that kind of crap sometimes from other men uh ego gets in the way, you know, for a man I think, I don’t know if it’s more than women or not because I don’t know a woman’s perspective on that, but I know I’ve had men put me down, you know, because they because their ego got in the way because they’re just full of shit, excuse my language, you know? All right, so christian judge joined us in part four, she’s pretty crazy awesome, she kind of stumbled into this industry through, she was like county commissioner and then she went to these awesome, like pretty high power places, like one was C. You know C. I. S. The center for internet security, but now she runs her nonprofit uh cybercrime support network and she just altogether cool. That was the first time we went outside of this uh our own people, right? If our secure people and we were joined by Andrea Hatcher a senior at Penn State University other than the fact that it’s the wrong big 10 school. Uh It was awesome man. She was just crazy good. It made me feel I came away from that feeling like all right, our future isn’t as screwed as I thought. Maybe if there’s more people that are around.

[00:17:57] Brad Nigh: Yeah, I was really impressed. Yeah.

[00:18:00] Evan Francen: And then last week was judy Hatchet also outside of she’s the sea. So for sure scripts and we’ve known her for a while. So nothing really surprised me about her. I already knew she was awesome so I was like whatever, but really really good. Uh I mean big corporate America type of experience.

[00:18:19] Brad Nigh: I liked her comment of when they got resumes, they got it without names.

[00:18:24] Evan Francen: That’s a good idea, right? We should talk to. Uh It’s funny the one who does resumes here.

[00:18:34] Brad Nigh: Yeah.

[00:18:36] Evan Francen: We don’t even know, do we? Yeah.

[00:18:38] Brad Nigh: Why do they were just, it’s in transition right now.

[00:18:41] Evan Francen: No, don’t send them to me. No. You know much of weird people working here. Uh Yeah that was good advice. You know, we just take away the names that way you’re judging the resume by the content versus any bias about the name anyway. All right. So that brings it all that stuff brings us to this week, which is part seven. We’re talking to Amy Mclaughlin. I’m a big fan of yours, Amy. Uh, and I remember the first time I heard your name, it was um, Ryan was telling me about you and uh, spoke really highly of you and I was like, okay, because some people do that right? They speak highly of others and you’re like, whatever I’ll judge for myself. And then I don’t know where the first time we met was, but I think the first time I felt like I got to know you was the daily insanity check in and he was right, you’re you’re awesome.

[00:19:38] Amy McLaughlin: Well, thank you. Um Yeah, Ryan has been a great collaborator for the last, I don’t know a couple of years. I really love working with him.

[00:19:47] Evan Francen: Well, that makes one of us. Yeah, no, I’m scaring, I love working with them to uh we do the security shit show on thursday nights too. That’s a lot of fun, you know, and then you get him outside of his element a little bit and he was at my house this weekend and yeah, he’s a nut. Yeah,

[00:20:08] Amy McLaughlin: yes,

[00:20:09] Evan Francen: he made he made me too. He forged two things for me. uh, last week one is a hook, which I love it. I hung it up right outside the right outside my sliding glass door for hanging. Uh, like the dog leash right now is hanging on that before. Judge that for me

[00:20:28] Amy McLaughlin: to clarify for your listeners. He forged it in the iron forge as opposed to like illegally signing something for,

[00:20:37] Evan Francen: you know, that kind of force. No, no, no.

[00:20:40] Amy McLaughlin: Yeah, yeah. I just wanted to make sure people realize if they don’t know why in this. Uh,

[00:20:46] Evan Francen: well, you know, he, he may or may not have done some of that to

[00:20:49] Amy McLaughlin: a

[00:20:51] Brad Nigh: different story.

[00:20:52] Amy McLaughlin: Right? What’s going on there?

[00:20:57] Evan Francen: He also made me this, I have to show you it’s, it’s cute. It’s like uh, he took a piece of iron and like twirled it so it looks like a pile of

[00:21:05] Brad Nigh: shit

[00:21:08] Amy McLaughlin: this for the celebration of the shit show.

[00:21:10] Evan Francen: I don’t know. But if you, if you, if I were assured to, you wouldn’t think that’s what it was because it doesn’t really, I mean, it’s just cool. I love that guy. Uh, yeah, we’ve gotten to know each other a little bit. Um, so let’s start with, let’s get to know you. Let’s let the listeners get to know you a little bit. How did you get started in this industry? I mean, where did you get, did you come from

[00:21:36] Amy McLaughlin: a question? I have to eat. So, um, I started in it actually right around the time that the dot com, it the explosion happened. I had um, a finished college with a bachelor’s degree in english and history, Those useful double major. Um, And I discovered that there’s not a lot of employment out there for people with an english major without additional experience to go with it. Um I ended up working at a performing arts center in box office and I managed to get promoted into the marketing department and I think it was because they had this web thing that somebody had to do something with. So they just tossed this web thing at me and figure it out. Mhm. Um So I started um in web design and in coding on our ticketing system which is an HP. UX back end. I needed marketing reports so I figured it out. I will tell you I also learned firsthand that if you screw up your code in a production environment you can take the entire ticketing system down really easily. Um So yeah that’s where I started and uh I sort of moved through the I. T. Ranks. Um I went to work at the state of Oregon and I took a job as a network services manager at one of the departments there it was my first management job and about two weeks into the job I was like these people keep asking me security questions and I’m not really sure why. So I pulled out the position description and discovered that um they hadn’t put this in the posting when they did the hiring but I was also the information security officer for the department. Uh I wanted to be able to continue to have a job. So I figured it out really fast and discovered that I actually really, really loved the work. So it was really kind of one of those things where you end up where you’re supposed to be without, you know, I like listen to the interview with Andrea and I thought, wow, that’s amazing. She’s pursuing this is major. I mean I don’t we didn’t even have this as a major, so it wasn’t really an option but you know, just so focused and directed and I’m like I’m the person who found out that was the security officer by Reading my PDF two weeks since the job, I’m actually on accident and then explain to me why somebody else’s like, oh you took that job and they didn’t tell me why they had that comment. It’s like, you know, you kind of said something

[00:24:21] Evan Francen: right? So then that’s a fascinating part and that’s one of the things I think that’s true across gender is just the different paths that people take into this industry. I majored in geology. The hell am I gonna do with that? Uh And then I was a stockbroker. Uh Bill collector, mortgage broker, bartender, warehouse worker, warehouse manager, furniture installer. And then I got and I t

[00:24:56] Amy McLaughlin: There you go. Well. And I also, you know, I trained his family therapist, seven master degree in family therapy

[00:25:02] Evan Francen: and I think I want to talk to you about was like this adjunct faculty because that stands out. It’s like psychology. Where did that come from?

[00:25:10] Amy McLaughlin: Well so while I was working in the marketing department I was in grad school um getting a degree in family therapy and I worked with interned in a position where I worked with clinical sex offenders as a therapist and that’s roughly egg. Um And so when I graduated I thought my tea fixed systems fixed problems that actually stay fixed or people a lot harder to fix. And and the pay was like $7.50 an hour it’s a therapist and quite a bit more in I. T. So I sort of went the I. T. Route but I kept I love the psychology component and I think it actually makes mixes really well of information security because you know the psychological aspects is how do you out think the ways that people can get into your systems. Um So I I ended up having the opportunity to teach at every local community ecology years ago and I’ve been teaching the same not The same class title. It’s changed obviously over 20 years. But I’ve been teaching a workplace psychology ever since.

[00:26:27] Brad Nigh: Alright that probably really helps you in your career with the communication piece that so many people in our industry struggle

[00:26:35] Amy McLaughlin: with. In fact that network services manager job I got was because the team really wanted somebody who communicated. They were like we don’t care if you know the technology, we need you to talk to people for us.

[00:26:50] Evan Francen: We’ve had some great communicators on the show. I mean that’s one thing that I think has been a common thread to with all six others and then amy as well, you know, just the good communication one and one of the things that fascinates me to about you, amy in the in the psychology pieces, that’s the biggest challenge is people right? Trying to help people or convince people or influence people to do the right things right to do better stuff.

[00:27:23] Amy McLaughlin: Yeah. You know that’s the hard part, right and get people to change because at the end of the day, the only person who can change someone is themselves true, but you can influence them um in different ways. Uh you know in public health we have this thing called social norms campaigns where you basically show people doing what you want them to do. Um It’s similar to my philosophy on parenting, which is model the behavior you want to see. It works really well for managers to uh but if you show people, you know this is how you have fun without a beer or whatever it happens to be. Um

[00:28:05] Evan Francen: you see a beer or beard

[00:28:06] Amy McLaughlin: beer, I don’t have any experience with fun with beards can have fun with a beard,

[00:28:14] Brad Nigh: no beard would be a,

[00:28:18] Amy McLaughlin: you know, you guys would do well in the pacific Northwest thing out here. So um

[00:28:22] Evan Francen: give me an ex.

[00:28:24] Amy McLaughlin: Yeah

[00:28:26] Evan Francen: but

[00:28:29] Amy McLaughlin: yeah the you know this whole notion of how do you model for people, what you want to do in terms of like uh security and how to protect themselves. How to even have this situation awareness to think about it. Because culturally were not raised in this country to have a lot of situational awareness for a lot of people. There are subsets of people who I think have quite a bit more. But

[00:28:56] Evan Francen: right. She wrote the state, how long were you at the state?

[00:29:01] Amy McLaughlin: 18 years?

[00:29:03] Evan Francen: Oh my gosh. Really?

[00:29:04] Amy McLaughlin: Yeah I worked at like five different agencies in there. I took a little tour of ST

[00:29:12] Brad Nigh: that is one of the pluses for the like working in the government. You do have a lot of opportunities to kind of move around and see different things.

[00:29:20] Amy McLaughlin: Yeah it was really um really really interesting experience because I also worked with so many different components of our different security regulations. So I worked uh in revenue with the I. R. S. Um 10 79 requirements and work to education, which was my last stop Sherpa. I worked at human Services when hippo rolled out. So. Uh huh. Got to play with a lot of different regulations.

[00:29:50] Evan Francen: So then you went to us, you and how long have you been at LSU now?

[00:29:55] Amy McLaughlin: I’ve been at a. S. U. 3.5 years. Okay what’s

[00:29:59] Evan Francen: the typical I mean, what’s your, what do you do it unless you know what’s the typical I mean around for like security. Like what, you know, for a lot of us we don’t I don’t have, I’ve consulted a lot of higher ed, but I’ve never been in higher ed and it seems like there’s no to higher EDS that are the same.

[00:30:22] Amy McLaughlin: That’s definitely true. Um It was, you know what I do um specifically as I am actually charging all the technology for student health systems, student health services. So we have a campus Health care service that has about roughly 19 clinicians, doctors, nurse practitioners and physician’s assistants. Um And we we have a student body of about 28,000 that our campus based. we’re just a little smaller than penn state, which is um by the way, the other research one university and it’s like oh S. U. Uh because they also have a sea land air and space grant and there are only two universities in the country that have that. So it’s fun to listen to Andrea because she was a penn state which is part of our uh sibling university. Um So yeah, so I basically make sure that um we have operational systems. So when I first got there we had some archaic system looks a little bit like garage sale in the closet. Um And so I renovated and we are constructed all of our systems and then uh right now we’re working on sort of just continue to advance our security mission and make sure that we have it all locked down really well and protect privacy. So I do investigations if there’s like a privacy breach of any kind or security breach, that kind of thing. And I do a few other things because I wear a lot of hats

[00:31:52] Evan Francen: because you didn’t, you just take on some additional responsibilities not that long ago.

[00:31:56] Amy McLaughlin: Um Yeah, so my department also includes marketing and communications and our marketing manager left. So I’m doing that right now because we’re in a hiring freeze and um we had a manager who was out only for extended duration. So I was supervising the alcohol and other drug prevention staff as well. Um

[00:32:17] Evan Francen: people that you’re one of those people that just steps up.

[00:32:20] Amy McLaughlin: Yeah. I always had this philosophy that if you see a whole little dyke spares to finger in it, right? Um, I worked my first job, I worked in an ice cream store and I worked for a guy who had been at IBM for years. No xerox and he had this motto which was you lean you clean and if you work in an ice cream store and they tell you clean something, I can guarantee it’s gonna be gross. Like you’re scraping all the ice cream out with toothbrush out of some grilled somewhere. So you learn really, really fast to find things that need to be done. Yeah, you build good habits that way.

[00:33:00] Evan Francen: Well, I think that’s one of the things to that, that is a trait of a good security person is that you do just step up a lot of times, you can’t really tell me what to do. I just do it, you know I mean it just needs to be done. Yeah.

[00:33:19] Brad Nigh: Looking forward, like more proactive approach to things. Yeah,

[00:33:26] Amy McLaughlin: I think that’s the thing, you have to see where the gaps are. Um you can’t wait around for somebody to tell you to fix something because chances are especially like a small team, there’s not going to be somebody that I can tell you.

[00:33:39] Brad Nigh: Mhm. So the the users will tell you when it’s broken?

[00:33:43] Amy McLaughlin: Yeah, but

[00:33:45] Evan Francen: the FBI the

[00:33:45] Amy McLaughlin: time, mate,

[00:33:47] Brad Nigh: that’s not how you want to find

[00:33:49] Amy McLaughlin: out. Yes. And I’ve had friends who found out that way to like, oh the FBI just show that how to go. Yeah, that’s yeah, that’s not the way to do it,

[00:33:58] Evan Francen: nope. Remember the target breach they found out about it from the Secret Service? No. You know, and I remember that one because it was well because I was up to here and then, you know, for so long. Uh huh. All right. So what? And it’s a weird question. But uh do you do you notice a difference because I’m trying to figure out what it’s like to be a woman in this industry, not because I want to be one, you know, I’m happy just being this, but um you know, what’s the difference between being a woman in this industry, being a man in this industry, you were in state government? Is state government known for being more, I don’t know, man driven versus woman driven. I mean, I don’t understand any of this

[00:34:49] Amy McLaughlin: stuff. Well, you know, it’s a good question. Um I certainly know plenty of women and higher level positions in state government, but I think that uh my experience has been on the technology side and security side, women are really I mean, marty, I’ve been the first woman manager at two agencies in the tech side um in my career. And uh certainly like there have been those experiences where I was the only woman in the room and somebody said something and I looked at them like, really, that’s what you’re gonna say or what is more common is to have people um talk over you or you say something, nobody listens brad says it. They’re like, well that’s a great idea. You’re like, really? Yeah, uh the same thing five minutes ago. Yeah, exactly. You know, so I think um I know that for myself have gotten less patient over the years um where now I just call it, I’m like, you know, I just said that five minutes ago and you just think, pardon me?

[00:36:00] Evan Francen: Yeah, I know and I like that about you.

[00:36:02] Amy McLaughlin: Um but I think that was hard. Early in my career, I was more likely to just sit there in shock because I really had grown up with this notion that The feminist revolution happened and you know the 60s and I was going to walk into a workplace and be equal. And um the first time I sat through a meeting where everybody talked about my work, like I wasn’t there, I was like what just happened? And I had a supervisor who never supervised anybody before. He was lovely. Um really great guy. And we walked out of the room and I said what just happened there? And he’s like, I have no idea what was that. He was just a couple years old. We were both completely like he didn’t know what to do with it either. Um because it was a weird experience, it’s happened multiple times now obviously since then, but you know, and just showing up at a conference right, I’m usually a minority in the room. Um I Yeah, I went through, I go to conferences and maybe 10% of women and security cut our people in security conferences or women. Um And that doesn’t count the then like some of the, I went to one of security conference, it was really strange to me, the only labor like five women at the conference. Um not including the women working at the vendor stands and what I couldn’t figure out is why all the women working with understands for like Stickpin wearing micro skirts and 3″ stiletto heels. And I thought obviously the folks here are trying to market to me.

[00:37:40] Evan Francen: Yeah. Now we’ve been called to the carpet as an industry more than once for that kind of behavior, B A. R. S. A or a black hat where, yeah, you’ve got scantily clad women selling security stuff and it’s like, how do the two relate? I mean, why would I buy, you’re blinking like bull crap from some of you probably can’t spell it. And I feel bad for the lady standing there as well because you’re selling out. I mean there’s so much more to you than that skirt than that, you know, it it pisses me off honestly.

[00:38:20] Amy McLaughlin: Yeah, and it’s, you know, and then you get into the environment, we’ve had some um I have some great colleagues who like remember when conference I went to uh my team lead was standing there talking to somebody and I was trying to be part of the conversation and the guy’s like, well, you know, we should do this and we should do that. He’s like, well, I don’t know, you have to talk to my boss about that. And he’s like, oh, where is he? And my coworker turns to me and says, well she is right here. So, you know, I have to say that there is some amazingly wonderful and supportive people in the industry as well who don’t allow the behavior to continue. And um I think that’s almost as hard to be that guy as it is to be the woman in the room to be the one calling people out and saying, you know, that’s not okay what you just did.

[00:39:12] Brad Nigh: So that’s actually good. I want to go back to that. What is the reaction to from the guys in the room when you call them out? I can only imagine. Um

[00:39:25] Amy McLaughlin: you know, I think what’s really interesting is that I would say a large percent are embarrassed. They’re like, oh my gosh, I’m so sorry, I didn’t even realize it do that. Uh and and they, they learn from it. Um and then I would say there’s a small percentage who are just, that’s the way they like their world and no amount of anything is going to change that. Good

[00:39:51] Brad Nigh: to hear that. It’s not the opposite. Yeah,

[00:39:55] Amy McLaughlin: No, I think that usually there kind of embarrassed, like, oh my gosh, it’s so sorry, it never occurred to me, right? Because um and this is an interesting thing about like psychology, I teach workplace psychology, we do this exercise. It’s like, what’s the leader? Like, you know, what is a leader? And you would not believe how many times probably 80% of students, male and female, put he on everything, a leader is automatically mail. Um you know, I’ve been the female director or whatever of almost entirely the old teams from a huge part of my career. Um, and so I think that that mentality coming in of they expect it to be a man. Um, you know, can be a little jarring to people when they realize that, oh, I just, this the person who is going to be the decision maker and I didn’t even realize that my bias was showing,

[00:40:51] Evan Francen: Well, that’s the thing. I mean, we’re all humans, right. We don’t make mistakes. You know, I’m thinking of my own, I think one of the best tools for a leader is a mirror, you know, just to look at yourself and be like, yeah, I could have probably done that better or you know, without, you know, beating yourself up to, right? Because I’ve been called out actually by rene, you know, in a leadership team where I was saying something about blah, blah, blah, blah, blah and they just bitch, blah, blah, blah, blah, blah and she goes, I’m sorry, what? No. Uh, and I said, and I said it again and she’s like, you know, and she’s not one of those like cancel culture types, you know, but that was not a word that she appreciated using, you know, when you think about the meaning of the word, you’re like, yeah, you’re probably right, that’s probably not an appropriate word. And I think there’s been other like just times when, because it doesn’t come natural for some of us, it doesn’t come natural for most of us actually. Probably all of us. I don’t know. So you have to be deliberate. You know what I mean? You have to deliberately have an open mind and realize that everybody that participates. Everybody demands respect. Everybody should get respect, Right?

[00:42:09] Amy McLaughlin: Yeah. I think that’s the thing is like that and recognizing that. Yeah, I don’t have a problem with people making mistakes. You know, that’s not the issue. Um The the well, other than the fact that gets exhausting after a while, But the real issue is the smaller group of people who persistently just don’t want you in the room. Um And that’s the hard part. And that’s the time sometimes where it’s like when you’re a minority in the industry, it’s hard to determine. Is that because you don’t like me personally. Is that because I’m female or is that because like you feel threatened in some way? And so when when you are a minority and when it gets all mixed up, it’s like, ok, I can’t tell because I’m getting treated this way. If that’s about me or if that’s about something else, right? It can be hard to distinguish.

[00:43:08] Evan Francen: I think you probably hit. I mean, for most, it seems like you probably hit the nail on the head. I think people feel threatened. I like my territory. I like my thing. I like my way. I’ve always had it and who are you to come and shake it up, right. you know, and I can’t look at it with an open enough mind to say, well you’re shaking it up for the better, you know, so let go allow some, you know what I mean? Is it now insecure? Maybe that’s a big piece of it.

[00:43:35] Amy McLaughlin: I think that is a huge piece and a couple of the previous people had on talked about how important it is to have confidence. Um and I think that there’s a huge, really important component, I think also letting go of your attachment to what other people think of you. And I don’t mean that bad way. Like I still check myself, you know, to make sure that I feel like I’m acting appropriately, but I think needing to be liked is something that you have to let go of, because the reality is not everybody is kind of like you, and that’s okay, that’s more about them than it is about you. If you know, that’s unless that’s your persistent experience all the time, though, you might want to ask yourself what’s that about. Uh But I think it’s important to feel like you can be relatively independent and also to find your group of people who you trust and you connect with. Um I am so lucky to have developed an amazing tribe of colleagues over the years who are the kind of people who are like there to encourage you, male and female. I mean, I mean I, you know, I mean, I t I work with a lot of guys, so um and that’s a great colleagues who really appreciate then, you know, in the dark movements been like, no, that’s not about you, that people that can give that outside perspective, that person is treating you badly and let’s talk about how to get out of this mess. So

[00:45:08] Brad Nigh: it’s that I had to look it up, Mark Jansen book, the subtle art of not giving

[00:45:13] Amy McLaughlin: it.

[00:45:15] Brad Nigh: I mean, the reality that is very true, right? Like it’s not that you don’t care is that you care appropriately in the right terms and not about, you know, things that ultimately don’t matter

[00:45:30] Amy McLaughlin: and not about letting somebody’s opinion dr your career,

[00:45:34] Brad Nigh: your personal

[00:45:36] Amy McLaughlin: self worth. Yeah. Yeah. I worked for somebody once who uh wanted to always be the smartest person in the room and apparently I intimidated him about that, and his approach was to tell me that I really didn’t belong in this career field and I should find somewhere else to be,

[00:45:54] Evan Francen: oh, I just I would want to help my

[00:45:56] Amy McLaughlin: gosh, it was like, okay, but I had my, you know, the people who I trusted people who care and they were like, no, that’s really about him, that’s not about you. Yes, you might want to find some recipes that I have to work with him anymore, but um and that’s where it gets mixed up, It’s like, is that about me as a woman or is that just about me because you don’t like me as a person? You know

[00:46:23] Brad Nigh: that’s a that’s an interesting difference too because I think I’m sure you’ve worked with people like that. I know I have.

[00:46:29] Evan Francen: Yeah. Thank god. I didn’t have a baseball bat in my hand at the time.

[00:46:32] Brad Nigh: Right. Well uh I mean that’s why I left one of the jobs as it was they brought in a new boss who was just like that and I was just like and that’s this as opposed to like is it me or is it was like this guy isn’t sure I don’t need to put up with this and it wasn’t even never even occurred to me that to even look at it that way. So it’s an interesting difference between the men and women’s top process.

[00:47:02] Amy McLaughlin: I think that is a difference. I mean we tend to like sort of look at ourselves and we’re starting to put it on us and internalize it. And I think that that’s a, I will say that’s a What could be considered stereotypical when I say stereotypical and think yeah 70-80% ah of tend to say, oh is that me and my that you know, they internalize it. It’s sort of externally since you’re the jerk, it’s like, am I the jerk. Um And I do think that’s a different approach um Having said that I know some guys who are like that as well but I think it’s percentage wise it’s probably quite a bit smaller. Uh huh and it’s just a different way of viewing it, you know, it’s interesting to one of the things that somebody said earlier was and you guys talked about this was that ability to just jump in and do things um being a very sort of more male trait is actually one that I have, I got to eat man, I’ll figure it out, you know um has always been my sort of my approach which catches people off guard. I think they’re not expecting it, but I’m like I it’s not rocket science, I can figure it out as long as it doesn’t involve calculus, we’re good

[00:48:22] Brad Nigh: man. Well I think part of it too and you know it goes comes back to confidence, right? I mean you have to be confident to have gotten where you’re at but that doesn’t mean it can’t be humble and continue to learn and right. And so that’s kind of a uh huh fine line that maybe people don’t always Yeah, all on the right side of

[00:48:48] Evan Francen: when I think it’s easier for us to feel confident too and not just sure is the gender differences, but we are the majority people expect me to be like that. I don’t surprise anybody when I just jump in there like yeah that’s heaven. He’s a guy who does that whereas I think when you have that’s one of the things destroyed, fascinating about you amy and I think many of the women on our show is that you are strong, you are confident and a lot of you do just do it, just go out and do it. And I don’t know I’m trying to think of what advice we can give to other women who really want to get into this industry and be a part of this. Um You know is it come down to I guess it’s different for every woman. It’s not you get some support group is it just just do it and don’t worry about it. It’ll work out.

[00:49:44] Amy McLaughlin: You know I think that’s part of it. Just try it. Don’t hold yourself back because um the reality is is that we all make mistakes and you know if you don’t if you don’t try you don’t get so large for those mistakes.

[00:50:00] Brad Nigh: Yeah. Just don’t don’t be afraid to fail. Yeah.

[00:50:05] Amy McLaughlin: Yes and I think you know I I think that that’s hard to start with I got better at feeling as I got further in my career a more accepting of my imperfections. Um but I think that that’s the key. It’s like you know it’s the same to me it’s right up there with like a home improvement project. It’s like well I’ve never liked laminate flooring but heck what could possibly go wrong and getting tried anyways you know um it’s again not rocket science um does require some basic measurements and precision, but um I think just jumping in and giving it a shot. And also the other recommendation I give people um is, you know, find your supporters, find those people who cheer you on um who are there for you and not just in the good times, but one is tough. I’m super lucky to have an amazing spouse who has been my Number one year later if he’s listening in the other room goes house. Um and you know, and and my family, um you know, my dad still is like, I don’t really get what you do, but it sounds cool. Uh you know, so I think having those colleagues and those those family members and those people who are going to be there for you and building those relationships. Um

[00:51:35] Evan Francen: That’s another commonality to with with men, right? I mean without my wife, I mean, seriously, probably jail now are dead. You know, I mean, she’s such a good support person for me. And yeah, so that just resonated when you said that, I think we all need that.

[00:51:58] Amy McLaughlin: I think it’s great to have, you know, have good support because those are people that when things are weird, they’re like, no, you’re not crazy in a this is uh they can give you that other perspective of or just be there. You know, sometimes things are crazy and there’s nothing you can do about it and you just got to move through it and everybody’s been in that non ideal job or had that supervisor, right? Male or female. You’ve all been there, right? And just just getting through it

[00:52:32] Evan Francen: when I also appreciate how many of the women actually, all the women we’ve had on the show. Um because there’s another way that people could go, I’m just trying to think like, if I was in your shoes, how would I react? I think there’s another way that you could react where I could become jaded. I could become bitter. I could almost become, you know, angry, militant, whatever. That’s not probably not healthy either. Right? I mean, we all have to work together in this.

[00:53:05] Amy McLaughlin: Yeah, I don’t think it’s I mean, there certainly days when I feel pretty shaded. I think that that is the challenge. I know that for myself, like, I’ve had to had to examine sort of responses to me I interviewed for a job not too long ago, then we give you an example. And um and it was a c so job, and the recruiter comes back to me and says, yeah, you know, the interview committee just didn’t think you had the right level of professional gravitas. Okay, so let me tell you what professional gravitas means when they tell you as a woman, you don’t have it, it means that you’re not White and Male and wearing a suit in about six ft tall. That’s it’s a code for, you don’t fit our image of what we think we should have as a C. So it doesn’t mean that you can’t do the job. It doesn’t mean that you’re not smart enough, any of those things, it means that they had a pre existing idea in their head. And because you are, you know, five and five and female, you’re just never going to fit that ideal. Um And you could fight that all day long or you can just recognise it and say, you know what if that is your approach, then I don’t want this job anyway, and there will be the right job for me. And um I think the unfortunate thing is that we run into that often enough that it just becomes frustrating. Um And you have to give yourself, like I’ve got other routes with that. Um You know, it’s like, okay, you’re going to block me here, so how can I get where I want to go? Um Yeah, that’s cool. I’ll write, I’ll write a book, I’ll write an article, I’ll do my own thing. I don’t need outside validation from somebody who thinks that I’m not don’t have professional gravitas or whatever.

[00:55:11] Evan Francen: Gravitas, I can just imagine somebody used that word with me. Like, what the hell does that mean? Gravitas, I’ve never had this gravitas thing that you’ve said, well, if you look at the definition, its dignity, seriousness or some celebrity patient up at an M. And and then next to give each other of manner. I don’t have that no a seriousness, maybe dignity. I don’t know

[00:55:42] Amy McLaughlin: what does that even mean, right? But you know, but it’s coated it’s a coded phrase that

[00:55:49] Brad Nigh: avoid sexism claims.

[00:55:51] Evan Francen: Well, good for you for seeing through that bs right?

[00:55:56] Amy McLaughlin: Yeah. You know, and so yeah, you could become jaded or you can just find another route to do what you want to do. And I just encourage people to keep going like while it’s somebody else look at you, right opportunities

[00:56:09] Brad Nigh: out there. Don’t don’t be miserable with what you’re doing,

[00:56:13] Evan Francen: right. And I think there’s there’s more awareness today than ever around this issue around women insecurity. Just uh it’s almost like a revolution in a way and I really like it. I encourage it. We also by the way and not to change the subject too much, but we have a we have a yeah we don’t have enough minorities.

[00:56:40] Amy McLaughlin: No, we don’t. It’s true

[00:56:43] Evan Francen: and it’s not because it’s not because it’s it’s not a black or white thing, but different people groups bring different perspectives to solutions. Yeah. And we’re missing it right now. So

[00:56:58] Amy McLaughlin: yeah, I would totally agree with that. Yeah, I think that um having different perspectives and also having people different people can connect to is really important. I mean You and you know, for example you and Brad could say the same thing 50 times. But if you’re only reaching the people who can connect with you and relate. You’re missing another segment of the population,

[00:57:22] Brad Nigh: the majority of the population.

[00:57:24] Evan Francen: Yeah, I got an idea and I’m making progress and I want to start a nonprofit to reach out to underprivileged people in information security and open up training centers in inner cities. Uh

[00:57:39] Amy McLaughlin: huh. I’ll be fantastic. Okay, great idea,

[00:57:45] Evan Francen: interested in an idea ideation.

[00:57:47] Amy McLaughlin: Yes. Okay. I’d love to be part of that. That’s what’s fantastic.

[00:57:54] Evan Francen: Yeah. So nothing, it’s a frustrating thing for me is when people just say stuff and then they don’t do anything. Everybody has the opportunity, everybody has the ability to do something

[00:58:07] Amy McLaughlin: and they think, you know, sometimes you have to be really active about it. So, you know, we were talking about, how do you get more women into security? Um, yeah, you don’t see high numbers of women going into computer science and I will tell you it’s not necessarily a friendly environment. I don’t have to drink, you know, science. So, but I know people who do, uh, I have started recruiting. Um, I worked with psychology majors. There are quite a, you know, our helped us staff. Um, I have an amazing young woman who works on a help desk whose psychology major, she’s getting great experience by the time we’re done, there should be very hirable. Um, probably doing computer stuff, not psychology. Uh, and I think that, you know, finding other avenues and finding ways to help people grow and learn. Um yeah so we we had an interesting team makeup last year. 50% of our staff was young women of colour. Uh huh and 50% were our white guys and they were amazing, they’ve been amazing mentors, I’m so proud of my team for the level of mentorship they do I do want to point out too that the other thing you have to be careful like your when your woman is getting stuck at the help desk. Um career wise, I cannot tell you how many women I have talked to who can’t get off the help desk. And there’s this concept that because you’re female and you’re helping people that maybe you’re not interested in some of these stretch assignments. Uh And um women on the help desk are interested in stretch assignments. I don’t wanna spend the rest of your life on help desk. So but so often there’s frustration because they’re not seen as the next level

[01:00:04] Evan Francen: good point and I like the fact that you call, you know because a lot of people don’t I don’t see it okay for whatever reason,

[01:00:14] Amy McLaughlin: well in the term help desk, your service desk, it just becomes gender. Mhm. Yeah and when you see a lot of women who haven’t who are stuck in the lower tier and not taken seriously for the harder, tougher network jobs or security jobs. Um That can be really hard. I’m super lucky that I’ve done all kinds of interesting things in networking, but partly that’s because I grew up with it, right? The industry was growing as I was coming in, so

[01:00:49] Evan Francen: that’s cool. Alright. To two things. One thing before we move into the news, two things actually one uh amy you have a book coming out, another listeners briefly what the books about and when we can expect to go by,

[01:01:05] Amy McLaughlin: okay, it’s called learning continuity planning. It’s a handbook for schools, colleges and universities. Um it’s basically about how to do business continuity planning in an education environment. Most educator, education organizations don’t think of themselves as a business typically. And so you’ll say, oh, what’s your business continuity plan? And they look at you like what? We don’t have one of those, what, why do we need one? Right. Um So it really focuses on how to build step by stuff, a learning continuity plan to keep critical services for students open. Whether that’s, you know, food service, dormitories, um classes everything that goes into supporting learning because so digger the deeper you dig the more components there are um to just delivering an education experience. Um So yeah, so that’s coming out. It should be an amazon and about the next week or so,

[01:02:03] Evan Francen: wow, yeah, that’ll give you some that’ll give you some

[01:02:07] Amy McLaughlin: gravitas. There you go.

[01:02:12] Brad Nigh: Make sure give me a message on that comes out because I’ll definitely let some of our K through 12 customers know about it because that is absolutely something they struggle with.

[01:02:22] Amy McLaughlin: Fantastic. And it was really built for them in that it’s like okay, do this step. What’s your mission vision and values? Let’s start there.

[01:02:34] Evan Francen: I like it. Yeah, I’m excited to get a copy of that. Mhm. All right. Onto the news. Three quick stories and we’ll go pretty quick. Uh Seriously, maybe I could have talked for hours with you because a lot of stuff there. Uh So maybe we’ll have you back on again. So actually we’ll have you on when when brad and I get a chance to read the book and then we can talk about it.

[01:02:56] Amy McLaughlin: Yeah, sounds good.

[01:02:58] Evan Francen: All right, so the first news I’ve got it comes from security affairs dot com and uh The title is seven VPN services left data of millions of years exposed online. This was found by VPN mentor. Uh 1.2 terabytes president. That’s it. That’s not too bad. So I

[01:03:26] Brad Nigh: mean,

[01:03:27] Evan Francen: amy you can feel free to time into. Mhm.

[01:03:31] Brad Nigh: Yeah. 20 million users. The yeah. Yeah.

[01:03:37] Evan Francen: So personally identifiable information includes email, home address passwords in plain text. Who the hell stores passwords and plan? Uh huh. I p addresses and the worst thing of all is the logs of user activities which these VPN users are VPN services claim that their log bliss liars. What a way to put it. You lied. So if you’re using UFO VPN fast VPN free VPN. Super VPN flash VPN, secure VPN end or rabbit VPN you’re affected um change your passwords, change your address, you move somewhere I suppose. But that stuff is out there now.

[01:04:31] Amy McLaughlin: What a pain. I mean just as frustrating that people will tell you something’s log list. I never believe them anymore. Anyways, I’m like, no, everything you do is recorded somewhere. And I guess that’s the cautionary component is to recognize that whatever you do somewhere, somebody has a record of it. But you know, we do, we try to tell people to use VPN to protect themselves and yeah, that’s kind of, that’s a betrayal of trust right? There

[01:05:01] Evan Francen: it is. And so I would say that if you’re using any one of those VPNS, they’ve now lost your trust. Uh they wouldn’t, I mean it should never be on a list of VPNS that you should use nord E. P. M. Here so far so good. But there’s not to say that that same thing couldn’t potentially happen.

[01:05:23] Brad Nigh: Yeah.

[01:05:26] Evan Francen: Yeah. And the rules are around security, right? No matter what you do, you’re not going to be able to prevent all bad things from happening, right period where I can’t prevent bad things from happening. What do I have in place to detect it and what would be my response? So here you now detected it if you’re using any one of these VPN services and what your response would be changed passwords stop using the stupid service because it they lied. Right. But still use VPN give up on VPN. The technology is good. It’s just that these Turks didn’t use it the right way.

[01:06:02] Brad Nigh: Yeah, VPN mentor, I’ve been impressed with some of the stuff they’ve done reviews. If you’re looking for another VPN.

[01:06:11] Evan Francen: Yeah. Yeah. And it’s a good article, it tells you kind of everything that happened. It was found on these same these VPNS all shared the same elastic search server and that’s where the data was

[01:06:23] Brad Nigh: found.

[01:06:26] Evan Francen: So and a lot of VPN services, there’s a lot more to it. Right? A lot of VPN services are all made are made by chinese people don’t realize. And so a lot of VPN services, you may have one VPN provider that makes 5678 different VPN applications. Right? And so you hear that 1? Oh that one’s bad. So I’m gonna use this one would be the same developer. Yeah. You may search so talk to somebody like us, talk to somebody you trust. Um you know like I said we use Nor V. P. M. It’s pretty inexpensive. It’s not free but it works.

[01:07:04] Brad Nigh: Yeah. Yeah. The personal one is what like I think I paid $3 a month, $2 a month for a three year subscription. I mean it’s just not it’s worth it,

[01:07:15] Evan Francen: yep. All right. So that’s that stuff like that sort of ticks me off because I don’t like lying. Not at all. The next one is uh comes from G B hackers, G occurs on security and the title is hackers exploited Cbe 2020 34 52. You don’t know what that is. That’s a that’s a vulnerability, registration, that flaw in Cisco esa and FTD within hours after the disclosure. So this disclosure, this vulnerability itself isn’t terribly scary, right? Even though it’s a high severity vulnerability, uh it’s a directory traversal vulnerability, which means that you’ll be able to see certain files in the file system of some of these affected devices, right? You’re not going to be able to see passwords, you’re not going to be able to see, you know, probably anything all that sensitive, but it does give you a foothold a toehold into the system. Right. So it’s a vulnerability. The important thing though here is that within hours of the disclosure, you already had exploitation in the wild and people actually using it. Um And the point is stay on top of your vulnerabilities, if you spend all this time and effort on vulnerability management and patch management. Uh huh. Stay focused. Right, keep it up. Try to narrow that window because the hackers are narrow narrowing the window at the time.

[01:08:45] Amy McLaughlin: Mhm. Now, even if I remember correctly, this only affected the VPN on the essays. So if you are not using VPN on your essay, turn it off.

[01:08:57] Evan Francen: Yeah, nothing. Right. Turn after services you’re not using. And on this one it was rapid seven labs observed that only 10% of the Cisco F F T. D devices have been rebooted since the release of the patch 27 of the 398 detected Fortune 500 companies appear to have patched rebooted. So yeah. Anyway, that’s that the last one I thought was kind of interesting because there’s a lot of this in our industry to its, you know, do as I say, not as I do. Um This one comes from the register, which is always funny. The register has the funniest kind

[01:09:38] Brad Nigh: of they’re so snarky.

[01:09:41] Evan Francen: I know they’re from the UK.

[01:09:45] Amy McLaughlin: Are you saying that people from the UK or snarky?

[01:09:47] Evan Francen: Yeah, they got bad teeth.

[01:09:49] Amy McLaughlin: Hey,

[01:09:51] Evan Francen: I don’t know if that’s true or not, that’s just a rumor. You look at my teeth that, that’s why I have a big moustache is so you can’t see him. Uh, but this one UK dot gov admits it has not performed legally required data protection checks With the COVID-19 tracing system that they set up, but there’s no evidence of data being used unlawfully says the health department. That’s, they always say it probably hasn’t, but still you gotta follow the rules, they didn’t do their data protection privacy impact assessment

[01:10:28] Brad Nigh: or other things. Yeah, I’ll be interesting to see what happens.

[01:10:34] Evan Francen: What’s your recourse

[01:10:38] Amy McLaughlin: you can’t really see them. I mean, you know, it’s interesting though. I think this is endemic to having to do a fast rollout. Right? This is the kind of thing you get when you’re building and releasing a system under sub optimal conditions. Uh Nobody planned to build and release a covid contact tracing system this year, but tons of them have been built and released in various formats. So I think that’s when the challenges you get any time that you’re rolling faster than you would normally do. Mm And I’m pretty sure that the National Health Service in Britain’s about like any government organization that they don’t normally roll software very quickly are very well paid, depends on whose role in it. Right?

[01:11:30] Evan Francen: All right, well there you have it, you have the news wrapping up shoutouts. Uh just about done with episode 90 which is part seven. Again, the Women in Security series, we’re coming to an end in the series. I think I’ve only got a couple of ladies left slated. I don’t want it to run forever because we’ve got so many other uh topics and issues in our industry to to discuss. Uh but next week and next week we’re welcoming a C. So from the university system in Nevada, who is the former C so at University of Miami, who was the former C. So at North Dakota State University, that’s Teresa Seaman’s so she’s a pretty awesome lady too. Uh And Amy again, thanks for being a great guest. It’s so cool.

[01:12:22] Amy McLaughlin: Thank you.

[01:12:24] Evan Francen: Haven’t figured it out yet. I dig you because I think you know, I just like your perspective, I like your common sense approach to stuff. That’s why I like one of the many reasons why I like brad common sense approach right logically. Does this make sense? Well then, okay, you know, I always appreciate that. Uh huh. Before we do that, any of you have either of you have any shout outs bread. Amy,

[01:12:50] Amy McLaughlin: I think I gave out my shoutouts during my conversation but you know to the amazing people that I’ve worked with and continue to work with, I really appreciate them and my your spouse. Um and I should probably ever shout out to Ryan called Cloutier as well. See I can say his name uh for being so cheap. Good collaborator. Yeah and he wrote the foreword for my back too.

[01:13:16] Brad Nigh: Very cool.

[01:13:18] Evan Francen: How about you brad?

[01:13:19] Brad Nigh: Uh Yeah, I think just I’m going to say that the rest of the S and P was such a good I love doing those videos are always so energizing even with everything going on just spending five or six hours plugging through stuff and talking. It’s it’s just I really enjoy them.

[01:13:42] Evan Francen: Yeah, that’s cool man. Hello! It’s cool work loving people you work with in it.

[01:13:46] Brad Nigh: It’s amazing. That’s

[01:13:48] Evan Francen: cool. Uh I am a shout out. Well I was gonna say Ryan, but you took at a me so I’ll let you have the Ryan shout out, I’m going to give a shout out to um, duh, there’s gotta be somebody else I care about around here. Yeah, mm, I’ll give a shout out to steve martin. There you go. The reason why I’m going to give a shout out to him is I know he and if he’s listening, he’ll giggle. Uh, he, um, uh, I think he frustrates people sometimes, but man, is he a big cheerleader for the mission? Uh, he is out there all the time, making phone call after phone call after phone call, uh, talking to people, getting people to engage. Uh, so yeah, I really appreciate him

[01:14:41] Amy McLaughlin: heaven. I should say that because I referenced him twice. My lovely spouse. His name is steve as well. So, uh, column by name. Good

[01:14:51] Evan Francen: steve marla’s. You should invite him to the should invite him to the value. May not want to daily check in some time. Yeah, Brad and I had episode, I don’t know, it was like episode 20 something. Yeah, we had our wives on remember that. Oh yeah, yeah, they haven’t been invited back. You know why

[01:15:14] Brad Nigh: they told the truth. Yes, exactly

[01:15:18] Evan Francen: why. I don’t know what they were

[01:15:21] Brad Nigh: thinking.

[01:15:23] Amy McLaughlin: All right. Um, gave him a platform and they went with

[01:15:27] Evan Francen: it. Oh yeah, they did. Did she reminds me to uh, all right, huge thank you to our loyal listeners. If you’re not loyal or listener, just ignore what I just said. We love hearing from you. So reach out to us on linkedin, twitter, email, whatever is most convenient, twittering us is easy. I’m @EvanFrancen Brad is @BradNigh we also have our shows twitter now. Finally @UnsecurityP not like P but sharper podcast. Uh and you can email us at unsecurity@protonmail.com. Amy do you have a way that you want people to reach out to you? LinkedIn?

[01:16:05] Amy McLaughlin: Yeah. And I think I’m connected to both you and brad on linkedin. So easy for people to find me.

[01:16:16] Evan Francen: Yeah cool. Lastly be sure to follow security studio @StudioSecurity and FR Secure @FRSecure. They put out some pretty cool stuff. It’s not too sales you don’t think?

[01:16:28] Brad Nigh: Hmm.

[01:16:29] Evan Francen: All right. So that’s that. See you next week.

/by