The quest to gain perspectives from women in IT security continues this week as Brad and Evan welcome their sixth guest, Judy Hatchett. Judy has experience operating in security departments across a number of industries including consulting, healthcare, manufacturing, and food. She’s currently the CISO Surescripts, a health information network designed to increase patient safety, lower costs, and improve quality of care.
Protect Your Organization from Cybersecurity Threats
SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.
[00:00:22] Brad Nigh: All right. Welcome back. This is episode 89 of the Unsecurity podcast. I’m your host this week. Brad Nigh. Today is july 20th and joining me this morning as usual as the Evan Francen. Morning Evan.
[00:00:33] Evan Francen: Good morning brad. How are you?
[00:00:35] Brad Nigh: Good. Well, I guess RV trip, but I wasn’t, I wasn’t totally off.
[00:00:42] Evan Francen: No, I just didn’t bring the big trailer with, Yeah.
[00:00:47] Brad Nigh: So we’ll talk about that here in a second. Um, today we have our six guests and women insecurity series and the second from outside of our secured Judy Hatchet. Good morning Judy.
[00:00:59] Judy Hatchett: Good morning brad. How are you? Good. How you doing? Good. Thank you.
[00:01:03] Brad Nigh: You haven’t seen the notes, but I said you were going to say something positive or funny.
[00:01:07] Judy Hatchett: Hey, you know what? It’s monday and it’s not raining. How’s that? Here we go. I heard the weather was bad here this weekend. So
[00:01:19] Brad Nigh: you know, it’s some pretty bad storms up here, but luckily it missed the where I live, but just north of the city has had some really nasty storms. Mhm All right. So before we get going recap the week Evan I mentioned and I don’t think we talked at all. Yeah. Can we talk last week after the podcast. Maybe one day.
[00:01:41] Evan Francen: Yeah, I don’t remember talking to you last week. I don’t remember your face until you just showed
[00:01:46] Brad Nigh: it.
[00:01:47] Evan Francen: You’re
[00:01:48] Brad Nigh: looking good.
[00:01:50] Evan Francen: What’s that?
[00:01:51] Brad Nigh: Maybe Tuesday morning.
[00:01:53] Evan Francen: Yeah, yeah, maybe.
[00:01:54] Brad Nigh: So what happened last week would you do this weekend?
[00:01:58] Evan Francen: Last week was really good. Uh Had a good meeting with job insurance on the s to me. I think there’s a pilot coming for that, you know that’s the personal information, security risk assessment tool. Another good meeting. Uh Oh you remember our guest from a couple weeks ago, Kristen judge? Uh we’re still continuing conversations about um Yeah. Partnering to try to help the cybercrime Support network. Very cool. The security shit show on thursday if you if you missed it was awesome. It was chris roberts uh topic. And we talked about hiring practices and how um we can’t screw that up a lot. And then saturday at about 10 o’clock at night, we’ve been shopping, you know, we lost fight last week. And so we’ve been kind of like coping and then towards the end of the week we’re like, we should get another dog, we should try to find another breed like him. He was a charki. So my wife was shopping online craigslist nationwide and then uh she kind of really, really like this little £2.5 she’s 12 weeks old, £2.5 teacup thing. And so Saturday night at about 10. I walked in the house from like went to the, I don’t know if someone of the stores or something and I said I’m just gonna go get her. Yeah. And so I drove straight through uh, fueled by energy drinks straight through to indiana. Uh picked her up and brought her home. Got home last night, about 11 30. Sure it’s my life man. And that’s how I do things.
[00:03:42] Brad Nigh: Yeah, I can’t imagine doing. Yeah, I’m not sure how you’re functioning this morning.
[00:03:52] Evan Francen: I don’t either man. I don’t know how I function most days. But you talked about that storm. I ran into that twice. You know, I ran into that storm on the way out uh in Wisconsin about middle Wisconsin. I ran into a storm coming back again. Uh, just decided like Indianapolis.
[00:04:11] Brad Nigh: Well
[00:04:12] Judy Hatchett: yeah
[00:04:14] Evan Francen: Catherine. How about your weekend? And we got to ask about judy’s weekend to
[00:04:19] Brad Nigh: yeah judy go you can go next judy. How was your weekend?
[00:04:23] Judy Hatchett: Oh I did a lot of screen. I went short time to this weekend. I was saying earlier, my son had a lacrosse tournament in racing Wisconsin which is just like south of Milwaukee. So we left thursday night and games friday saturday, sunday we got home last night around eight o’clock So it was super busy. I get really tired and I drive that much. So I don’t even know how you did it Evan because I could never do it 11 hours in a row. So it’s his next tournaments in India and I said no you’re not going because I’m not driving that fire
[00:05:00] Evan Francen: needs a ride
[00:05:01] Judy Hatchett: if
[00:05:03] Evan Francen: you need to ride and you trust me, there’s
[00:05:06] Judy Hatchett: room. Of course, of course, you know, it was really busy long days and we didn’t have, we had some pain immunity and we got Milwaukee got hit um, last like the early sunday morning, probably around three the storm that hit here in Minneapolis. So when we got hit, but it was just super McGee and we kind of breeze, which was fairly is, but you know, it’s a warm, muggy breezes, nothing to cheer about. So I just was really making sure that the kids stay hydrated and like I had my truck parked right at the field, so garth kick it off and come right into the truck and cool down and then go play again. So
[00:05:41] Evan Francen: yeah, good tournament.
[00:05:43] Judy Hatchett: Yeah, they took second. There was a really good tournament. Really good tournament. There had to have been over 40 teams there. It was uh, it’s all club lacrosse teams of all ages, like from 10 up through 17, 18. And uh, he plays on the 21-2021 team, which is 1718 year olds and they took second. So it was a really good game. He’s gonna be sore today, but it was really good games. Really good tournament. So
[00:06:10] Evan Francen: the cross is a brutal sport.
[00:06:12] Judy Hatchett: Oh my gosh, it’s, you know, this is field, he played box in February and I’ll tell you a box is 10 times worse than field boxes like you have a stick and it’s just a weapon, so. Oh yeah, it’s good. It’s good. It’s good to spend time with them.
[00:06:30] Evan Francen: Awesome. I’m glad you made it home safely brad. How was your weekend?
[00:06:34] Brad Nigh: It’s good. Just kind of hung around. Did some yard work, Saturday was, you know, it was like 94, with like 75% humidity. It was like you walk outside and just, you know, it was sticky and gross. So we just kind of hung around, put some gains in the house and yeah, look it easy, kind of nice.
[00:06:58] Evan Francen: Yeah, I was not working in the yard on saturday morning, so saturday morning, I didn’t leave till saturday night, saturday morning I was out working in the yard and I got a surprise visit from joe and, and Danielle, it’s my old, Second, 3rd, 3rd youngest oldest son, whatever. And so they just show up and I’m like stretched and sweat. I was working on the deck so you know somebody and yeah, it’s a bad time to come say hi.
[00:07:23] Brad Nigh: Yesterday was pretty nice. It was pretty breezy but cooler and not bad. So I did a bunch of yard work and it’s kind of, yes, but like I said the time with family, it’s kind of how nice to have a down weekend.
[00:07:40] Evan Francen: Yeah. And I doubt
[00:07:42] Judy Hatchett: what is that like.
[00:07:44] Brad Nigh: Yeah, I know. I know.
[00:07:47] Evan Francen: Well that’s one of the things I’ve always, I really admired about you brad honestly. And I say this as a friend uh just how you do a good job of setting an example of work life balance. That
[00:07:59] Brad Nigh: it’s a it’s a very deliberate thing because yeah, I used to before kids would work all weekend. But I remember, yeah growing up and uh my dad was a C. P. A tax season from like february through april just didn’t see him. So I want to make it yes, deliberate.
[00:08:24] Evan Francen: Get a women insecurity. We had our wives on back in episode like yeah
[00:08:29] Brad Nigh: that was where it was a long time ago
[00:08:32] Evan Francen: they told me so
[00:08:33] Judy Hatchett: I missed two episodes. I didn’t realize I missed you. I know you guys start talking about your wives.
[00:08:38] Evan Francen: This is back. This wasn’t part of the series. This was I can like, I don’t know man. It must have been like episode in the twenties,
[00:08:45] Brad Nigh: Maybe 25, something like that.
[00:08:48] Evan Francen: Yeah. And they told the truth. Huh?
[00:08:52] Judy Hatchett: But I was actually thinking about that though yesterday. You know, it’s this whole women in security that your spouse is really are women and security as well because your wife is just like my husband, you know, our jobs are seven by 24 3 65 and it’s tough. Sometimes it’s really tough.
[00:09:08] Evan Francen: Yeah. That’s why they make a
[00:09:11] Brad Nigh: sacrifice. Yeah. It was one of the things my wife mentioned. She’s a nurse. And when she leaves, she’s done right. She thinks about her patients and cares about him. But she’s done. You know, we we never are off. Mhm. All right. All right. So we’ll get started. Um six week. This is really been just really enlightening. I think like I said last time we are starting to see some I don’t know commonality, some trends of it I think. Um so far. So I’m curious to see if uh judy has the had the same inside your experiences and it’s Evans needed.
[00:10:01] Evan Francen: Sorry about that. Yeah. Well, first I said something kind of funny, I was like, well see if judy’s not wired, but then it’s not funny anymore because our out of context. Uh But the other thing is I was thinking, what’s one thing can you think of? One thing that kind of sticks out as that you’ve learned uh in on the five that we’ve had so far?
[00:10:24] Brad Nigh: I think the biggest surprise to me is the How women, if they’re not 100% confident, they don’t go for it right? They have that kind of like, I don’t know self doubt or whatever where these guys are like, like you said, you describe yourself as breathless borderline. But yeah, like yeah, that’s what happens and that doesn’t, I was really surprised to hear. But that is not at all. It’s the complete opposite.
[00:10:58] Evan Francen: Yeah. And as I look back in the episodes like, you know, because it was 84, 86, 87 and then this is, you know, 88 and then this is episode 89 judy. I learned something from everyone but there is like a common threat I think of um it started with Renee Renee, you know, said that she’s had to be really strong and confident and uh and I think for her and maybe for many of the women, it’s not all of them. That’s been something that they’ve had to consciously, you know, sort of, you know, emphasize whereas I just look back and I didn’t, I don’t know, I have to focus on that at all.
[00:11:38] Brad Nigh: Yeah, I fully agree.
[00:11:42] Evan Francen: They, I mean crazy awesome people with Renee Lori. I didn’t know that Laurie had been in Information Security from, she’s an episode 85 since 1985.
[00:11:56] Brad Nigh: uh and she still is giving me grief about the 20 year thing,
[00:12:00] Evan Francen: Right? 20 years. Yeah, I did that in 2005. Thanks
[00:12:04] Brad Nigh: pal. All right.
[00:12:06] Evan Francen: Uh victoria, the one thing that stands out with the talk with her was how that recruiter said that her.
[00:12:14] Judy Hatchett: That was shocking.
[00:12:15] Evan Francen: Oh my gosh! Right.
[00:12:16] Judy Hatchett: I was listening to that one and it was just shocking. I’m just like, oh my gosh, what I mean? I can’t imagine how she felt. That was just horrible. So,
[00:12:27] Evan Francen: but and she seemed like kind of just yeah, I think that will serve her well. She’s uh she’s definitely not coming, I’m excited to see where her career.
[00:12:37] Judy Hatchett: She seems very eager just amazing. I mean she wants, she wants to learn, which is amazing. So that’s always a good,
[00:12:46] Brad Nigh: she’s fun to work
[00:12:47] Evan Francen: with what I’m thinking as a security person when you have that kind of that personality, that magnetic kind of personality and communication style. Uh it brings people in and you know, we try to do that so much with security. Uh Kristen just her path was interesting to me how she had come from an elected official right? As a a county commissioner. Yeah, yeah and now she’s running a nonprofit, she’s run her own consulting company. She’s worked at uh you know the national cybersecurity alliance and
[00:13:26] Brad Nigh: yeah,
[00:13:28] Evan Francen: area her
[00:13:29] Judy Hatchett: edges, Christine’s uh education awareness around how to train and then you know, just listening to her very passionate about if you don’t train them, it’s going to happen again to them and that’s the biggest thing. This take advantage of that. I think both you guys have had and she did to take advantage of unfortunate an unfortunate incident that happened to take advantage of train them and teach them. Yeah,
[00:13:53] Evan Francen: yeah she had that one saying what was it? Uh Oh christ, I can’t remember, I took my notes somewhere else but
[00:13:59] Brad Nigh: actually I do remember it,
[00:14:04] Evan Francen: we should pay attention more, shouldn’t
[00:14:05] Judy Hatchett: we? What if it was never waste a good breach and trying to remember the other one was
[00:14:09] Evan Francen: something was along those same lines it was like the best time to teach us after a
[00:14:13] Judy Hatchett: breach. Yes that’s what yes that’s what was.
[00:14:16] Evan Francen: Yeah. Yeah she’s awesome and it’s cool that we were you know we still have conversations you know outside of this in just ways that we can work and make a difference together. Uh And then Andrea yeah where’s she gonna go? I mean that that girl’s got some amazing potential.
[00:14:35] Brad Nigh: Yeah. Oh man I pulled an Evan right to meet my phone.
[00:14:41] Evan Francen: Oh yeah I have a phone
[00:14:43] Brad Nigh: usually it was you that did the audio when we were doing all the time. Um Yeah I was I was really impressed with Andrea she’s going to be. Yeah uh like I said it’s gonna be fun to watch where she goes in her career.
[00:14:59] Evan Francen: Yeah. Yeah Sky’s the limit for her and then one of my in judea and I’m not saying this is because you’re on the show, I’ve said this to numerous people. You’re one of my favorite security people because you’re down to earth person that I can when I talk to you. Uh It’s just like it’s just like a conversation but yet you’ve got this awesome experience in this background so I’m really happy that you’re here.
[00:15:23] Judy Hatchett: Thank you thank you. Yeah it’s um I’ve been a couple of different industries and I’m. Currently now to see so it sure scripts which is uh it’s The largest health IT network that links every physician clinician and pharmacists. So we basically we got rid of all of the paper that you would use to go and get your pharmacy prescriptions filled. And so our network is amazingly it’s it’s huge. I mean last year we delivered 1.79 billion prescriptions across our network. Yeah and 2.8 or 2.18 billion medical history responses. So we do med history as well that were delivered from pharmacy to pharmacy. And then um 333.8 million links to clinical document sources that we shared across our network. Yeah so for mid-sized company and we have a very very large health network. So it was close to being part of the health care critical infrastructures you could possibly be. So
[00:16:25] Brad Nigh: just a little bit of
[00:16:27] Judy Hatchett: yeah just a little bit. So previous to that I was at Fairview health Services as I see. So in previous battles at three AM. So manufacturing and healthcare are very similar but then doing information security for almost 15-20 years and retail and manufacturing and now healthcare and it’s interesting to see how some things change and some things never do. Um But it’s been fascinating. Absolutely fascinating. I’m very honored to be here today. I really do appreciate it. Thank you.
[00:16:57] Evan Francen: Yeah
[00:17:00] Brad Nigh: so you mentioned a little bit you know maybe a little bit of how you got into information security. How did where did you come from? And
[00:17:08] Judy Hatchett: yeah, so I actually kind of stumbled into information security. I was director of the regional multiple listing service of their IT department and had been working at ton of ours necessarily actually kind of funny retrospect, worked a ton of ours and got burned out and just left without having a job. I was I had two Children under the age of three and I was incredibly fried. And um my husband said to me hey you can make more money working at Mcdonalds and plus you have a uniform, you can bring food home for us at the end of the day. And I started a contracting gig at best by doing their identity and access management, RFP work. And literally that was right when uh P. C. I was just taking off, it was still called I. T. General controls at that time and I got in at that point and found a passion and um uh I had to leave Best buy the century came in and the group that I was with, the consultant that I was with was not part of their preferred vendor lists. And so I went back into the banking industry and did a program management and realized that I really didn’t like software development. It was very boring to me. And after two years, best buy called back and said eric centric called back and said hey we’ve got a position in Pc doing pcR certification and it was in their network space. And so did network access controls. Network segmentation. And for anybody that has ever thinks that network segmentation is easy. It’s not, it had many many sleepless nights uh in a retail industry where if you can’t ring up a cash sale or if your application isn’t working, you’ve got to figure out why. And um I think developers have gotten a lot better about understanding how their applications work and understanding which courts they talk on, but I will tell, you know, this was 10 years ago and they’re like, well I don’t know what he’s talking on. So then you rely on the firewall engineers to figure out what’s blocking it. And then you open up one and then you find out, oh no there’s another port that’s going to talk to another server and it’s um many, many, many sleepless nights. It’s a lot of trial and error and um it was very challenging but very rewarding, learned a tongue uh that led into a really good career around pc. I and I’ve actually had the opportunity to sit in and represent an organization as part of a pc accreditation. Um listening to the pc I. Q. S. A. Um at that point before I became a Cso. And listening to all the different questions and answers and what you can and cannot say during those those uh those interviews and um was at best buy for about eight years doing everything from P. C. I. To I. T. General controls to Identity and access management. Found out that I have to have a passion for identity and access management, love how complex it is and how you peel back all the layers of the onion, implemented some really good solid programs there and also had a. S. A. P. Security so learned a lot about ASAP security had an amazing boss who’s still a really good mentor of mine jOHn Valenti and he actually was a very he believed in having women in security. He believed that I needed to have a mentor. So I had a really strong mentor um that he had found for help me find at Best Buy which helped us what’s amazing. Um And then john left Best Buy and Dave Dixon came back another amazing woman in information security. She was Best buy his first see so and she came back in and uh really good leader really good programs. She’s actually the first one that had taken information security out of I. T. And put it under finance. So when she came back in she said we’re going to report to finance, get out of it so that we’re not the Fox watching the hen house kind of deal. So it’s really really interesting. Um And then uh left there went to Supervalu and did Identity and access management challenging environment, realized it wasn’t quite a good fit and then john was over at three AM as their C. So and uh took a role under john doing an international another international program for information security. Working with the health information systems team, you probably don’t think of freedom is having a lot of P. H. I. Data but they have a very large health information systems group. Uh They actually write the code for when you go to the doctor’s office and you have um an illness and they say well this is these symptoms, we think it’s this I. D. C. Nine code or I. C. D. Nine code, that’s what disability insurance company actually write that do that correlation. So they have a lot of payer provider relationships. Um had just a really great program, they’re really great opportunity, working with their aviation department, doing international work with them building up programs. Um And then the sees opportunity at Fairview came up again even at three AM, I had a really strong mentor and she knew nothing about information security which was great because if I would I would bring her presentations if she could understand it. I wasn’t doing my job. So when we first met she was like I don’t know what I have to offer you and I said oh you have the information, you have the three background. I said you could help me make sure that I’m articulating what I need to articulate and we actually worked out really well was a really good relationship that we had so strong mentorship. Again, a really good leader underneath john and then at Fairview um it was again a good opportunity to build a program and have really good executive leadership sponsorship. So um part of it is just getting in and having some really good leadership that can oversee what you’re doing and get behind what you’re doing and help promote what you’re doing. So, but it was really, I stumbled into it pretty much,
[00:22:52] Brad Nigh: I mean it’s kind of how what happened for me as well. It’s kind of interesting that you know how many people that we need and security just kind of are like, yeah, I just was doing it and realized, yeah, I like doing this.
[00:23:07] Judy Hatchett: I will tell you when you break down information security versus like socks, information security, I mean there’s some grey spaces in there, but socks is incredibly complicated. So any time I have socks responsibilities, I get a little stressed out because your auditors can play a lot of games with you. So
[00:23:27] Evan Francen: see I told you she had a lot of experience grab.
[00:23:30] Brad Nigh: I didn’t argue that worked with me. I knew
[00:23:33] Evan Francen: that he was like, no, she doesn’t and I was like,
[00:23:35] Judy Hatchett: no, are
[00:23:38] Brad Nigh: we having her on
[00:23:39] Judy Hatchett: really killed me. I that’s
[00:23:46] Evan Francen: one of the cool things about the path, the path that people take through and there is and this was something we talked about on the security shit show on thursday to is there is no one path, you know there’s so many paths into this industry and I think one of the reasons why that’s true is you know so many things fit into a bucket, you know like finance fits into finance bucket is just one of those things where it doesn’t really fit into a bucket, it’s in every bucket.
[00:24:13] Brad Nigh: I
[00:24:17] Judy Hatchett: thought when I was doing my early pc, I work, I thought that you had to be and being able, you had to do a B you had to do, you have to be very technical, you had to have that instant response background to be able to be anything in information security and I will tell you along my journey, I have proven that is not the case time and time time again and um Laurie actually brought it up on your, on your second session but Lori Lori Blair, give her a huge shout out, she was great, I reached out to her and she sat down with my interns. My intern had the same concern that I had years ago is I’m not technical And um it doesn’t matter like you said you don’t have to fit into a specific, there is so many different things with an information security that you can do that you and you don’t have to have a specific background um you can have a finance background, you can have a legal background, you can have a computer science background. You know, you can have all these different backgrounds to fit into it. It’s not something that you actually have to meet these requirements one through 10 before you get in.
[00:25:20] Brad Nigh: Yeah, that’s one of the things that I think is so great as is with quarry and that you should bring such a different perspective because I do come from a more technical background and I won’t, I haven’t totally rely on her for some of that governance and interpretation of some of those those types of things. It’s just such a huge help.
[00:25:45] Evan Francen: There’s enough room in this industry for everybody.
[00:25:47] Brad Nigh: Huh?
[00:25:49] Judy Hatchett: I completely agree.
[00:25:50] Brad Nigh: So well man, they’re just so many, so many interesting the areas that you’ve worked in um
[00:26:03] Evan Francen: on big companies too. Right.
[00:26:04] Brad Nigh: Yeah. I know, I think that’s probably so talk maybe a little bit about, you know, your experience as a as a woman in those bigger companies, you know, agreement we heard um kind of that bro culture that has been brought up a couple of times. Have you seen that? Have you?
[00:26:23] Judy Hatchett: I have I actually have, I won’t say where um but I have and it was shocking um and it was later on in my career when I experienced it and um I had heard about it from being a part of a women in leadership group at that particular company but had never experienced it. And then one day I was sitting in a meeting and I was one of two females in the meeting and that it happened where the guys talked over me or they literally had their back to me, like we were sitting around a conference table, but they would turn their chair and have their back to me and not acknowledge when I was saying something. And it was shocking because I had really honestly never experienced it to that degree. And um it’s uh really I walked away going, wow, that was really crappy. And then trying to think of how how you can address that going forward rather than because I kind of retreat a little bit. So I just was so shocked, I’ve never had it that blatantly in my face before. Um and I don’t you are you it’s a female in this industry, you deal with men all the time and um I don’t disagree. You have to be confident, you have to be assured what you’re saying and you have to be credible. Um And and sometimes and that’s the other thing is uh this is what I loved about, you know, my mentor john valenti, he was so understanding, I’d walked in his office literally go okay john how do I say this without sounding bitchy? Because if you say it, you’re going to be fine, but if I say it, it’s going to come out wrong so help me understand how I can say this and the first couple of times he would laugh at a joke and then he really got to understand that it’s different for women when, and how you come across and how you ST things and um, it’s tough to be assertive and aggressive sometimes, um, as a female because you do come across as being bitchy and um, but it’s different if a man says it. So yeah,
[00:28:32] Brad Nigh: it makes sense. But yeah, never,
[00:28:37] Evan Francen: Well we don’t see it from that. Yeah, we don’t see it from those eyes. But do you think men get a, get a pass on certain things more in business or maybe it’s a tough question.
[00:28:52] Judy Hatchett: It depends on the culture. Okay. It depends on the organization. Um, I will tell you that. Sure scripts has a very diverse culture on the diverse thought process and I am onboarding into an organization that is very open and they, we’re just ranked as one of the leading companies to work for the United States and the, I honestly can’t tell you that in this organization. I have not seen a difference at all. The men are just as understanding and reaching out as the women are. And there’s this commodity, there’s a word that kept was being used when, when I was interviewing was people kept saying it’s very collegiate and um, but not organizations are like that. And sometimes, yes, men do do get a pass and um, it’s unfair, but it happens and it depends on if the leader is self aware to say, hey, you know you can’t do that or hey, you know what, I think that’s wrong and addressing it right there rather than addressing it a month or two down the road. So
[00:29:59] Evan Francen: yeah, like I know that there’s been a couple of times when Renee has, even personally I can remember meeting or to where I just talk right, I just say my my thing and uh she said to stop and he said, I don’t really think about how you said that, I was like holy crap, you’re right, you know what I mean? I think it also helps to have somebody hold you accountable because I know that mhm I’ve interacted with a lot more male leaders that I have female leaders and I think one of my mentors taught me uh as I was growing up to always consider your audience right? You speak to your audience, whoever your audiences, right? And so sometimes I forget that I’m not and I think there’s I mean there’s always lines you don’t cross, but I talked to you talked to different people in different ways and sometimes you forget about who your audience is to, you know what I mean? I want to show respect to everybody, everybody deserves respect. Yeah, it’s interesting but I do like that we have a powerful leader at are secure, who I mean, she’s held kept me in check a couple times, I appreciate that
[00:31:23] Brad Nigh: she’s a really good way of delivering that message to
[00:31:26] Evan Francen: write. And sometimes it is like right in your face, it’s like, hey bam
[00:31:31] Brad Nigh: she yeah, she knows how to talk to her audience. I’ve
[00:31:38] Evan Francen: learned a lot from Renee.
[00:31:40] Judy Hatchett: She’s a fabulous woman. She’s uh she’s a great partner.
[00:31:43] Evan Francen: Yeah.
[00:31:45] Brad Nigh: So you know, I guess starting out, you know we had Andrea and last week he was a senior in college, what advice would you have for anybody looking, you know, either young or you know like victoria where you changed professions um, change for is what advice would you have for for someone looking to get into information security,
[00:32:08] Judy Hatchett: uh find a network, build a network and leverage that network. I will tell you I didn’t do that really on and um I think it hurt me a little bit. Um I love where I’m at, I love where I’m at in my career but I often think of if I really would have just leverage that network and trusted those people that were really leverage, leaning out and saying here, go look at this or hey come here and come to this session or come to this happy hour or do this. Not that it’s always the happy hour, but sometimes managers would offer, I’ll say, hey come and participate in this and I never did that and you don’t, you don’t get to build your network that way and if you build your network and you rely on your network, that network is gonna help you and there’s gonna always be opportunities that come up that you say, hey you know what I thought of this one person, I think I’m gonna reach out and just connect those two people and it’s so powerful. Um And that’s it’s the other thing is don’t be shy, don’t be shy about what you may have or what you may think. You don’t have asked questions. There’s no such thing as a dumb question. The dumb question is a question that was never asked. Um and everybody is always going at least try to help you out. But having that network building that network taking advantage of the people that are reaching out and say they really want to help you um by all means rely on those people because it does pay off and um what I’m doing now is just like with Lori, I reached out to laurean had to talk to my intern because I want to be able to help those those women that are just getting into security no matter what their ages but wherever they’re at and I still stay in contact with my intern that I had at three am. She’s in her master’s program. I wrote her a letter of recommendation for her master’s program because she was such an amazing excuse me amazing intern and it just you get them introduced to different people different walks of life and give them all different kinds of choices to determine where they want to go. The other thing is has become part of some organizations like ISIS women and cybersecurity or other areas that well, we also help you build that network and give you some exposure at least get to know people and hear what other people are doing.
[00:34:14] Brad Nigh: So do you think the part of the issue maybe, you know, we talked about how women maybe a little bit more hesitant and have to be very confident. Do you think building that network is somehow related right? You don’t feel like you’re you’re I don’t know what the right word is, but do you think that is part of it
[00:34:36] Evan Francen: is the right word, was pizza? I
[00:34:41] Judy Hatchett: think it definitely does brad because you find out you’re not alone, what you’re feeling or what you’re thinking and women, I mean men do it too. But I think the men camaraderie is much different than a women’s camaraderie the women, how women build each other up. And I think it’s just its we are made up differently. And so we think differently in some instances we feel things differently. We come across differently and having that network of women. Um and also men that are part of that network as well, like in our racist group, you’ve got a man that comes actually is kind of an adjunct board member. And it’s really interesting to hear his perspective, he actually has two or three daughters. So it’s really interesting. But I do think that that helps because you just realize you’re not alone. You’ve got somebody that and say, hey, you know, you can call him as a this person just did this, can you believe it? Oh yeah, that’s happened to me and you just, it’s just easier to deal with it, easier to cope with sometimes when you do get some of those blows every now and then
[00:35:42] Evan Francen: when I think for me, I mean, even for guys like, you know, like you’re sort of alluding to to um having that safety net. You guys sometimes, you know, we like to be all macho and uh who needs a safety net. Well that’s pride. And the sooner you can beat the crap out of that the better uh, because we all do needs up. I mean I’ve, I’ve got my safety network and bread. I’m sure you do to people that you can go run to.
[00:36:11] Brad Nigh: Yeah. It was interesting as you were talking about the building of the network younger and very much can relate to that, you know, Okay, probably shot myself in the foot career wise a couple of times, not taking advantage of it for whatever, you know, that reason is
[00:36:32] Judy Hatchett: that’s right. So bad
[00:36:34] Evan Francen: was because they’re just so for women just starting out, build that network. Yeah,
[00:36:39] Judy Hatchett: yeah. Take the time you have to input some time. It just doesn’t happen overnight. You have to take time to make those connections and invest yourself into that network and you can’t be afraid you have to just jump in and it’s not perfect. But you know what, it really pays off tenfold to have those relationships and it’s, its females, it’s males. It’s um, you know, but you just really got to build that network
[00:37:05] Evan Francen: and some of it for some of us it doesn’t come natural either.
[00:37:09] Judy Hatchett: Oh I like I said it’s not easy and I think that’s you know, once I got over the hurdle of, it’s going to be all right. It’s, I am just amazed the people that I have met in the doors that they have open to meeting other people um like who would have, I would have never thought that five years ago wearing today and I was having a conversation with the interim C so from slack last week or two weeks ago, you know, and you know, and having a conversation with the Cso from Cisco this afternoon. She’s actually a native Minnesota and she’s a fabulous woman, very powerful leader and she is giving me her time just to have a conversation and help figure out a few things and it’s, it’s just because somebody else opened the door and said, hey judy, I really think you should meet this person. So yeah,
[00:38:03] Brad Nigh: I mean heck I’ve been weird for me that we’ve got like judy on and kristen came on
[00:38:11] Evan Francen: so top notch top quality people regardless of gender. Uh you know obviously the topic you know the we’re focusing on women because I think we want to empower more women. We need more, you know, steve martin difficult problems require creative solutions and a lot of times when you have these different views on things, it just makes your solution that much better. Uh so wherever there’s an inequality and you know those words have been kind of stolen for a lot of other agendas and biases and whatever but we do have inequality and things are off balance and you know hopefully we’re trying to correct that a little bit.
[00:38:51] Judy Hatchett: I mean like this for what I’m not sure if this is the first time I have not had a female directly reporting to me and I only have counting my intern actually now I’m a contractor, I have three females on my team and um it’s different having four males report to me and without having that female at that leadership lover level and they’re all great guys. I mean amazing guys, they’re super smart at what they do. Um and but I really am, I really want to look for that diversity across the organ donor across my team. But again I don’t want to hire female for the sake of hiring a female, I want to hire the person that’s right for the job. And so a very smart woman told me what they do with their organization is they take the names off the resumes when the resumes come in, the names are off. And so you are really just looking at the skills of that person. You don’t even know anything else about that. You don’t know their name, You don’t know the address, You don’t know anything that would identify who they are. And she said it has been very eye opening for them to interview and choose candidates that
[00:39:57] Evan Francen: way.
[00:40:00] Brad Nigh: It’s a really good idea
[00:40:02] Judy Hatchett: way.
[00:40:05] Brad Nigh: Well so with that you know, do you think we need more women in the industry? You know you said this is the first time you haven’t had a woman directly reporting to you. Are you seeing a shortage?
[00:40:20] Judy Hatchett: Oh by all means. I think there are I think there are definitely a shortage of women. There’s a shortage in the talent in the information security space across the United States anyway, but definitely a shortage of women. And I think again it goes back to some, if you if you’re not in a certain skill set, they felt I can’t do that. And that’s not the case. And I think that’s what we need to keep spreading the word about is that it’s all walks of life that come in information security and to get those girls into the elementary I know brad, you’re doing some work into the school systems helping them understand that it’s a really cool um location to get into. And it’s a great career path and any analytical skills and you know, type of process flows and right technical writing or even writing in general will get you in through that program and it’s going to be very rewarding for them. So yeah, I definitely feel there is a shortage of women and information security. It’s, it’s tough. It’s tough.
[00:41:19] Evan Francen: Yeah. Even like pr and marketing, we were talking about uh, a friend of mine is does marketing NPR work very, very talented and uh, and I was saying you should build a business on this. How many CSOs wouldn’t like to be viewed in a more positive light in the organizations they work within and uh, getting the message out in a more creative sticky way. Like we could totally use that in security.
[00:41:51] Judy Hatchett: Yeah. Yeah. I will tell you that, you know, some kids still think that information security when I talk with even like my teenage son and his friends, they think, you know, hacking that’s all they think of. They don’t think of the other components on it. Um, my daughter actually, she wants to go into forensic science and so she doesn’t, yeah, it’s very cool. Um, but you know, you talk to some of these other girls and they’re so smart and they’re so talented, but they just, you got to kind of point them in some of these different areas that gives them that exposure and that’s why these stem programs are so important.
[00:42:27] Evan Francen: Do you think a lot of women, maybe just people in general actually, I mean it may not be a man woman thing but sort of talk themselves out of going into this industry because of that. You know, you think that well I got to be, you know, I don’t know computer as well. So they just just kind of check it off their list and go somewhere else. Yeah,
[00:42:51] Judy Hatchett: I think so. I mean I think so. They don’t know where to begin. I think you have made reference in one of the, one of the other previous episodes that people point building with the help desk and that’s not the case. You can, you can bring somebody in as an associate analyst like what you guys have in your program to get them started out and get them just to dabble in it a little bit. They don’t always have to start at a help desk or at a systems operations on our type role. You can bring them into your program really early on. Yeah, I think it’s, it’s that, but not knowing exactly what it turns,
[00:43:24] Evan Francen: that’s important work would help a lot too. So really good advice on that.
[00:43:29] Judy Hatchett: Yeah, because maybe the resume doesn’t say that exactly who that person is. I mean resume is just a bunch of words on a piece of paper that you know, you try to figure out what that person’s about. But if you have somebody that can vouch for you and says, hey this person has done this, they’ve done this, they are really great go getter, They can communicate, they know how to navigate complex processes, you know, something like that, anybody that can help vouch for you does have its weight as well
[00:43:56] Evan Francen: for sure.
[00:43:59] Brad Nigh: So because along those lines, you know, what can we do better to get more women or just more talented people
[00:44:10] Judy Hatchett: do? I think this is this is a great thing. I mean I actually have a podcast out to a couple of different women and told them to go listen to it because I think it’s really great, you guys are very lighthearted but serious in the same sense because it’s it’s a very interesting podcasts listen to you um but different programs like what we’re doing for the Minnesota cybersecurity Summit last year, we did a women in cyber half day session and uh Leanne from your staff as part of that group as well and that was a very, I was so pleased and putting that helping putting that program together with Tina Maker and Eileen and a bunch of other very fabulous women. Um we had half hour panel sessions Break and the beginning of those sessions, the room was about three quarters full by the time 11 30 came around that there was standing room only in that room and it was just a really good trying get rave reviews, so we’re doing that again, and so I think organizations I can get behind those type of local programs are really helpful, um getting involved in some of the other national programs that are out there like women and cyber Oasis. Uh we actually just started up a Minnesota chapter here. Uh we’re just kicking that off, We’re partnering with the Minnesota cybersecurity Summit to do that for that four hour, half day session here in october um I think Executive Women’s Forum, I’ve heard that mentioned a couple times on your programmes as well. That’s another really good program, National Program as well. Um and then just giving the opportunity, you’re having um discussions maybe like I know it’s like some of the women that are c so as they run women and leadership programs at their company, and that also gives whether it’s a book club or they meet once a month and have different topics whatever that may be. Um That’s also really important to have to help build that network internally, If the organization is large enough, does maybe it doesn’t have to be a large organization. I know I had that one of the organizations I was at um and it gives women the opportunity to share, and also you learn about other opportunities when you again, you’re building that network inside your organization, whether you want to stay inside the organization or go outside your building the network. So sometimes having those types of programs internally are beneficial.
[00:46:19] Evan Francen: one thing we’ve learned is you have to be deliberate, You know, we in our leadership at, you know, in our company, we, we recognize we’re, you know, we have said it, you know, kind of lots of times. We were all sitting around the room, the leaders and we’re all white men. All right. Think else does seem kind of dry in here. I mean it seems like we talked about the same things every week and it’s not like we’re not talented and smart guys, but it’s like we need, we need to shake things up, we need to have different perspectives and you know, and when we brought Renee in, it was like a breath of fresh air. It was like, oh my gosh, the flowers blossomed, there’s dew on the grass. It’s like, okay, it’s not dry
[00:47:09] Judy Hatchett: anymore, but but it says a lot about you as a leader that you’re aware that you need somebody different than you are different than people on your team and that sometimes we’re leaders struggle. They want people like themselves because maybe they’re insecure they have too much pride. They don’t want to let somebody else tell them that what they’re doing is wrong. And I think it takes a really good leader, a strong leader to say, hey, we got to mix this up a little bit because we have to think differently and not being afraid to bring in that amount of change into the organization to get what you need from your leaders or even to have that filter down through, so when you’re doing at the leadership level it has to filter down through as well, because that resonates with your employees, that if the employees see that you’re very consciously aware of the diversity that needs to happen within the organization and promoting that down through within your organization, your employees are going to be so much more satisfied as an employee working for your organization. And I see that a lot of sheer scripts where things that are at the top are filtered all the way down and it’s carried all the way down and employees feel empowered and feel respected, no matter who or what they are. Um and that’s really, really important.
[00:48:22] Evan Francen: Yes, for other leaders out there, get people not like you, you know, if there are gaps because I think another place we have to go that we haven’t billion, it’s not so much race, it’s more um just background where you come from,
[00:48:38] Brad Nigh: yep, Well, I mean we’ve talked about it better, the more background, more diversity, the better your solution is going to be like every time man, everybody is doing the exact same thing, you’re going to make the same mistakes, right?
[00:48:56] Evan Francen: That’s what it felt like, man, we were just like this is really boring. I only feel like coming to these meetings
[00:49:01] Brad Nigh: anymore. Well and then, and then we added uh in a right, which is, you know, not too confusing. Thank you guys.
[00:49:10] Evan Francen: Yeah, Bonnie and running one. And the thing about Vinnie is not only is she a female, but she’s, you know, she’s our CFO and I’m not, I suck with money, you know, and I don’t want to talk about money. And so here you got this, you know, we have our weekly meetings, her and I on Tuesday. So tomorrow morning and we don’t even talk about money. I don’t wanna talk about money.
[00:49:43] Judy Hatchett: But my current role, I actually report to the CFO and she’s a female and she’s an amazing leader. She’s really done to earth. And um, she was one of the, one of the executives that really made me want to come to share scripts because she had only had the information security team short time. But she was very into it as to what information security was all about and what she wanted to see happen with the department, how she want to see it grow. It wasn’t just purely, we gotta cut dollars sense type of thing. It was, here’s what we need in the organization. Here’s what I see as the CFO, here’s where we need to pull these different lovers to ensure the program. So she’s, she’s an amazing woman. So really good
[00:50:25] Evan Francen: before. I have like a dry throat, Hey, I have to point I keep looking at that picture in the background is that
[00:50:33] Judy Hatchett: you, that is my daughter, I took that of my daughter and I put it up because it’s one of my favorite pictures that I’ve ever taken. It’s really cool. But the thing that was interesting is everybody goes, is that a gun she’s holding and like no it’s bubbles, she’s sitting on a track and she’s holding bubbles and she’s got this bright orange, reddish hair and the blue and the black, it just was crystal clear. Yeah, so the winds carrying the bubbles. So yeah,
[00:51:05] Evan Francen: yeah, because I could see that but it’s a great conversation starter because I thought it was, I thought it was a gun too and it’s like because she’s got this like the same color hair as
[00:51:15] Judy Hatchett: You. Yeah, no, that’s my daughter when she was about six or 7. So I was taking pictures of my son’s lacrosse game and she was not happy about being there. So she brought something to do and it was just, it was one of those opportunities and shooting pictures. That was just really cool. But anyone that knows me knows I have a concealed carry permit. So that’s why they always ask, is that a gun that’s really like, no, it is not this bubbles,
[00:51:40] Evan Francen: we should go shooting sometime judy myself john herman uh we have a bunch of shooters at our work,
[00:51:47] Judy Hatchett: most definitely, most definitely
[00:51:50] Evan Francen: that’d be cool, john is a really good shot, like really good, wow, you know because sometimes john you know john you know, he’s uh mhm Sometimes I just want to call B. S. So you’re saying that the shooter this before I knew and then we go shooting and I was just like, okay, yeah, you’re good.
[00:52:10] Judy Hatchett: Okay, I’m not that good. So it wouldn’t do I still practice a lot
[00:52:16] Evan Francen: and john but john is a really good coach to, he’s a good uh this is, this is like we’re mentor’s mentor the leaders, venture leaders, you know, in a way because he was my teacher, you know, a lot of shooting tips and things like that. So it’s pretty cool brad. Do you shoot?
[00:52:37] Brad Nigh: No, I used to shoot rifles but yeah, not anymore. Yeah.
[00:52:44] Evan Francen: My wife just got went to her class for concealed carry I think last week. So she just needs to go pay the fee and file the papers with the sheriff.
[00:52:54] Brad Nigh: Yes. Now you’re gonna have to behave
[00:52:58] Evan Francen: oh, she’s already got weapons man. Seriously. She doesn’t need the gun
[00:53:03] Brad Nigh: keeps you in line. I’m
[00:53:07] Evan Francen: very grateful.
[00:53:08] Brad Nigh: Oh man. Alright. So kind of like off a little bit there. But any last thoughts judy on anything we’ve talked about, Anything else you wanted to
[00:53:19] Judy Hatchett: share with us. I appreciate and give you guys kudos for, I don’t know if you guys came up with us on your own but having a women and security sessions and everything, all different women across you start with women in your organization and then moving across different industries and different walks and where they’re at different points in their life, huge kudos to you guys for pointing that out and just giving women the opportunity to share their story and you guys being very good listeners and having everybody else here that out there on the podcast that’s listening. Um and hopefully we will inspire a few women out. There are young young gals that hey realize it’s it’s there’s things that they can do and it’s it’s a really good industry to be in. It’s always gonna be around, it’s constantly changing. There’s a lot of challenges that are always happening with us. Um but it’s very rewarding. Um and it’s it’s I just give you guys kudos to put this together.
[00:54:12] Evan Francen: No, thank you. What you guys are making the show? I mean originally day one, right brad are we? I started I want to do this podcast so I could talk to you for now.
[00:54:25] Judy Hatchett: Thank you. You
[00:54:29] Evan Francen: know? And then you pointed out that that’s about all we talked about last week together. Right? So at least we got that our man. So it’s proven out there and then these these people, these cool people join us and it’s like, what? How did you? The hatchet get here? Awesome.
[00:54:45] Brad Nigh: Yeah, yeah, I can’t believe it’s been 89 episodes. We haven’t missed a week.
[00:54:54] Evan Francen: We have not missed a single week and used to be a lot of work. It doesn’t seem like it’s a lot of work anymore.
[00:55:02] Brad Nigh: No Gosh, did you go back and listen to this first like 10 episodes when we were doing it over zoom. We should just delete those.
[00:55:11] Evan Francen: No, no,
[00:55:12] Judy Hatchett: no, you can’t delete those.
[00:55:16] Evan Francen: Yeah. There’s a lot of people that I think if you look at the numbers, there’s a lot of people have just listened to the first episode and never came back so they heard it. They’re like, yeah, I know. But you know those, those people, people that are like that, they miss out. They judge the book by its cover. They don’t give things the chance to mature to blossom to become something different. Uh, sometimes you stick it out right. If there’s a topic or something and same thing works with women or men or anybody getting into this industry. Don’t expect it to go smooth right out of the bat. Get right out of the gate. You’re gonna have resistance. You’re going to have jerks. You know, we, we all run into them but stay committed. You know, stick with it. There could be something really, really awesome on the other side. Then when you look at people like judy, you know, I’ve known, you know, watching her go from, you know, best buy at three am to uh well super value is in there somewhere. Fairview Fairview and you know, see where you’re at now. It’s, it’s really cool to see people just continue to push forward and I think yes, and you don’t have to say anything publicly, but this is probably your best job you’ve ever had judy kudos to
[00:56:33] Judy Hatchett: you. The other piece of advice as you were saying, that is women, not even women. Men in general have to be willing to admit when there’s not a good fit and you know, I think somebody said you always get one in your career and you always want to tell all that really wasn’t a good fit and you move on to something better. Sometimes things just don’t work out. It’s not the organization, he thought it was and it’s not, it’s not a bad thing, you know, it’s you, you’ve got to have a culture and organization that supports you and a culture that you’re comfortable with and um I am very proud to say that for sure scripts, they’re an amazing company. They have a lot of really good programs and what they do is really for the greater good of, you know, for people’s health across United States and so it’s really, it is really amazing.
[00:57:19] Evan Francen: That’s really cool. And so for me, knowing you that coming out of your mouth is, you know, that means something, you know, there’s truth in credibility behind those words.
[00:57:30] Brad Nigh: Mhm. Yeah, it’s like you said, if it’s not if you’re not happy, find a job, you’re happy at plenty of opportunities in the industry. So true. All right, well thank you judy. that was really, that was good. I’m
[00:57:52] Evan Francen: gonna go ahead and use the word awesome. Yeah. Along with along with pizza,
[00:57:58] Brad Nigh: Pizza there it is. You have to use that in the all hands meeting later and everybody to be like, what is she talking
[00:58:05] Evan Francen: about? Yeah, yeah, we do have that today, don’t we? We have a quarterly meeting. Yeah, it’ll be fun. I’m actually letting not letting uh, I shouldn’t say letting that was just bad. Poor choice of words. But the uh, Ryan is going to speak on behalf of security studio and I’m just gonna be the commentary. Uh, so you just keep delegating stuff and it makes your life so much better. I don’t even have to, don’t have to do anything anymore sort of drived indiana.
[00:58:40] Brad Nigh: You have to stay up on that with a puppy. Yes. All right. A couple of news stories and judy. Feel free to chime in. Um, first one is off of, I just grabbed it from naked security from sofas, but it’s all over the place is uh, cigarette and the bug with an impressive name. Yeah, I like that. I never, I hadn’t heard be weighing before, but uh, cigarette is a DNS uh, flock that is war mobile. So that’s not great considering how many windows DNS servers are out there. Um, which is crazy. Did you see when it was originally like, how long this bug has been there?
[00:59:30] Evan Francen: 2001.
[00:59:31] Brad Nigh: Yeah, it’s like like 17 or 18 years. Yeah.
[00:59:36] Evan Francen: Yeah, but you know, there’s there are a lot more out there, man, they’re, you know, at the more and more complex you make things the more and more difficult you make it to secure. Right? And so if you go by statistics, how many errors for lines of code is even in a well run really well run shop, What’s that? A
[00:59:56] Brad Nigh: couple 100 per million lines or something?
[00:59:58] Evan Francen: Yeah, I think it’s usually 10 to 15 per 1000 lines of code or something like K lock something in that range. So when you take something with millions of lines of code, there’s lots and lots of vulnerabilities, you know, buried in that code, so
[01:00:13] Brad Nigh: yeah, I just blew my mind, how how long is that out there that nobody, nobody found it for that long?
[01:00:24] Evan Francen: Well, you know what the NSA does NSA has a whole bunch of uh the exploits, right? And they’ll sit on exploits until it becomes public and then then they’ll release their code for it. Uh Usually, I mean, it’s kind of kind of works that way. And they’ve been, what was it last year? I think they released a piece of code that they had written and like, You know, in the late 90s.
[01:00:52] Brad Nigh: Mhm.
[01:00:54] Evan Francen: Yeah. Uh But that means that’s because it took that long before the world found it.
[01:01:03] Brad Nigh: Yeah, so uh there is a patch out there and there is a workaround as well. They are both in that article registry fixes but if you if it’s exploited they could, you know, the attacker can run arbitrary code in the context of the local system account
[01:01:24] Evan Francen: on the DNS server,
[01:01:26] Brad Nigh: on the DNS server
[01:01:27] Judy Hatchett: because you said the dhs I think had all of their systems, they said they had everything had to be patched by friday friday at noon, everything had to be patched
[01:01:40] Brad Nigh: France. Yeah I think I thought Sisa had a 24 hour requirement for patching. Yeah it’s not good.
[01:01:51] Evan Francen: How long has the patch been available for it? It just
[01:01:54] Brad Nigh: Yeah. Yeah last uh last Tuesday. Okay So that there is 123 bugs for patch Tuesday with 20 critic als This one is a 10 on the CBSs right, so after systems please. Uhh Yeah next one is off campus security magazine. This will be interesting to follow. Last was it last week, two weeks ago? Last week there was a ruling by the european union like Supreme Court that privacy shield is invalid. So companies with the U. S. Or well companies in the Eu doing business with companies in the US it’s gonna be a really uh it’s gonna be interesting to see what happens here because this is the whole this is you know allowing they’re protecting liability you know and now they’re saying nope doesn’t work, you gotta you have to comply. The U. S. Doesn’t have the same security requirements and data protection as the Eu does.
[01:03:11] Evan Francen: Yeah you got to give the use some credit. I mean they have done if they certainly understand that um you know you’re always strong as your weakest link and in this case some of the weakest link so U. S. Companies in the way they’re handling data. Mhm. Um Yeah but you know so the way private privacy shield, I mean hasn’t privacy shield kind of always been invalid. I mean in my opinion.
[01:03:36] Brad Nigh: Well I mean
[01:03:37] Evan Francen: capable.
[01:03:38] Brad Nigh: Oh for sure but it was still the law so you had
[01:03:43] Evan Francen: some protection and it was vowed from the legal perspective and the compliance perspective but from a security perspective it was always invalid in my mind.
[01:03:51] Brad Nigh: Well I mean it was basically a past to not have the security requirements net. Right? So
[01:03:58] Evan Francen: but if you tell us you do
[01:04:00] Brad Nigh: great. Yeah that’ll be interesting things like you know you think about the radio, you know smaller companies they think about you know the Facebooks and googles and twitter and what whoever that’s I mean this is gonna be a massive change and how they do business which hopefully is good for consumers.
[01:04:21] Evan Francen: Yeah hopefully we’ll see they’ll find so I just I have so little um they find ways around things and they they manipulate so I checked the box and then it’s argued in court and not just the pain if people just do the right thing from the beginning a lot easier.
[01:04:45] Brad Nigh: Yeah, but it’s hard Evan
[01:04:46] Evan Francen: Yeah.
[01:04:49] Judy Hatchett: It’s hard when it’s after the fact it’s not hard when we’re at the table. Right?
[01:04:54] Brad Nigh: Very true.
[01:04:56] Evan Francen: I love when my kids used to set used to use that excuse. Well, it’s hard. Yeah, we could, I can show you some something hard.
[01:05:08] Brad Nigh: Alright. Last one is again from in Passaic magazine Russian, a pt crew actively targets covid 19 vaccine developers. I mean, uh, yeah, I wasn’t really surprised. It’s probably not just this is cozy bear. Uh, just the group. I’m pretty sure it’s probably not just them, but it’s kind of I don’t know,
[01:05:35] Evan Francen: there’s a lot of state sponsored stuff going after. Yeah, I just ate it too.
[01:05:41] Brad Nigh: Yeah. I mean, you’re the only hope that they are not negatively impacting the research by doing this.
[01:05:52] Judy Hatchett: But this has been going on. It’s not just Russia, like, like Evan said this has been going on for a project about 68 weeks or so right now that even I know some nation state of targeting it too would read this for quite a while.
[01:06:03] Brad Nigh: Yeah. So just a bummer.
[01:06:06] Evan Francen: Well, you know, but if they’re going after it, it doesn’t mean that you can’t defend against it if you know specifically what your what if I know specifically what it is you’re targeting. That’s really good intelligence for how he would design defenses against that. Right?
[01:06:21] Brad Nigh: It’s a good plan.
[01:06:22] Evan Francen: So hopefully these things are, you know, multiple layers of air gapped, uh, why would you even have it connected to the internet at all if you don’t need to. And I mean,
[01:06:34] Brad Nigh: Yeah, yeah, that’s a good question. And I don’t know enough about it to say, you know, is it are they doing any sort of data sharing with other researchers? You know, but
[01:06:45] Evan Francen: well, and you know, judy with her with your multiple nights of non sleep, you know, isolate these networks. I mean, you should know every single thing going in and out of a network with something this sensitive, right? Your data flows should be iron tight. You should be default and I everywhere. Right? So you can, I think protect against and hopefully the government is helping to like if the government knows where this research is being conducted that they’re helping
[01:07:17] Judy Hatchett: out. Yeah, they actually are chris from the DHS reached out to me that they started Sure, scripts. I want to talk to my predecessor at Fairview because they are reaching out to all the health care and, and also at the University of Minnesota and saying, hey, we want to talk to them. We want to tell them what we’re seeing. We want to make them aware of what to expect. So they are, they’re definitely reaching out through the different organizations to get the word out to say here’s what we need to do. That’s good.
[01:07:43] Brad Nigh: It’s just good Russian. Yeah. Yeah. That sucks.
[01:07:51] Evan Francen: But I think we can, I like when the, when the focus is that narrow, sure. When I know specifically what you’re coming after, I guess it makes a little easier. Yeah.
[01:08:02] Brad Nigh: Uh huh, Very true. And then the last one we’re not going to really talk about, it’s been talked about to death I think over the last week, but the twitter hack on Wednesday with people getting in. Hey, I don’t know if you read that he actually has a really good write up of uh, a lot of the technical background and what, what happened I just thought was it might be interesting for people to read
[01:08:31] Evan Francen: one of the big, the biggest frustration about the twitter act is the star, our industry sensationalizes way too many things. We push the big alarm button way too many times. And the thing is normal people, people that aren’t in this industry aren’t paying attention to us anymore because we’ve cried wolf so many damn times. And so it’s funny how something like the Twitter one was, You know, it was nation state. You know, this is a build up for, you know, the, the november attack and it’s like the hell are you talking about? What evidence do you have to support any of that? Because it looks to me like you had some guys who kind of stumbled on something, Uh, we’re looking for some money and they got maybe 300, victims out of it, out of a potential many hundreds of millions.
[01:09:20] Brad Nigh: Right? Well, and and going after these big names, it’s like a Badge for them, right? Like, Hey, look what I did. I got, you know, they were interviewed the one who has at 6 # six and so this is, you know, this is what they try to do. It’s how they make a name for themselves is going after these well known accounts that are verified. So yeah, I’m, it was clearly a money money grab.
[01:09:53] Evan Francen: Yeah. Well because I read some article, everyone articles like this has national security implications and it’s like, yeah, you’re stretching a little bit and then it’s a, you know, global you cause global instability. It’s like, well seriously,
[01:10:11] Brad Nigh: I mean I can see if you know, uh, listen to say trump’s twitter got hacked right? If they had gotten trump and he tweeted something about nuclear war or something like that. I can see that causing panic, you know, But yeah, I’m with you. It’s overblown. Um,
[01:10:33] Evan Francen: I saw that if anything I saw this and that’s what I said in my interview is this is success in my opinion. When you had this, did this few people fell for that attack.
[01:10:46] Brad Nigh: Gosh, considering the total number of followers
[01:10:49] Evan Francen: when what’s the percentage on that? If I got that kind of click percentage on my own phishing attack.
[01:10:56] Brad Nigh: So gas.
[01:10:59] Evan Francen: So I’m always looking for like positive things to, to share with call them normal people and people get offended sometimes about that but calm everyday average people, people aren’t in our industry Every time you can find something to be 2.2 success for them to encourage them rather than constantly beating them with a a stick on, you know, All the sensational stuff happens in an industry I think the better. So I like the fact that we only had 383 transactions that were
[01:11:32] Brad Nigh: Well yeah, well Bezos himself has over 1.5 million followers. Right? So I mean you’re looking at such a small fraction of a percentage.
[01:11:44] Judy Hatchett: It was it was good money for one day, but it really was not that big about it really wasn’t. I mean I have a new load of that interview to. It was like it was small. Yeah.
[01:11:56] Evan Francen: Yeah, I like positive stuff. We have a positive reinforcement. You know, Was it remember psychology in college? Either feed the dog or shock the dog. Well who was addicted
[01:12:12] Brad Nigh: was it? Yeah, I
[01:12:13] Evan Francen: know you’re talking half off. I don’t know, I can’t remember. I don’t do that stuff but it’s the positive reinforcement and negative reinforcement right? There’s a couple of different ways to motivate people to do things and look for the positive I guess.
[01:12:29] Brad Nigh: Thank you. All right. Well that’s it for episode 89. Thank you judy. This is a great installment or the women in security series. Either of you have shout outs this week, Evan,
[01:12:42] Evan Francen: let me give a shout out to just kind of the whole fr secure leadership. You know, I get the opportunity to talk to them. Uh and I’m saying leadership minus me, I get to talk to those guys uh every week and that’s awesome, you know, Renee Van john, I also get to talk to Peter, so I don’t know, it’s Peter Yeah, working there and I love Peter. Peter is awesome. He’s the guy that encourages me every Wednesday, but just to shout out to those guys, they’re doing a great job,
[01:13:12] Brad Nigh: judy. Any shots?
[01:13:13] Judy Hatchett: Yeah, it’s a couple. I’ll give a shout out back to Lori blair for taking the time again, you know, it’s investing that time to really help somebody else get into the industry and give them some words of advice and take, you know, just build them up, shout out to my friend and mentor john Polenta because I know I would not be here if it wasn’t for him and believing in me and considering continuing to support me and coach me. Um and then again to you guys for putting this on. I just really think it’s a great effort for for women and security in general,
[01:13:42] Brad Nigh: Thank you. Yeah. And I got one this week, I was saying, you know, talking to people over the weekend and, you know, talking with all the women about how we got started into security. So I’ll give a shout out to kevin Bruce who was C. I. 01 of the places he’s the one who paid for that got me into the initial CSP training that I did in like 2011 12. Someone has so shout out to him. Yeah, so
[01:14:14] Evan Francen: well by proxy I’ll give a shout out to him too because now you’re here.
[01:14:18] Brad Nigh: Yeah, so um All right, thank you to all our listeners. Thank you very much. Keep the questions and feedback coming. Uh send them to us by email at email@example.com. Be the social type man. I can’t talk socialist with us on twitter. I’m @BradNigh Even is @EvanFrancen and Judy, is there any way particular way you want people to find you?
[01:14:44] Judy Hatchett: Actually I don’t do twitter, I stay off of all of that. I like to read everything, but I stay off of it as much as I can. So
[01:14:51] Brad Nigh: if you look at my account, it’s very rare that I actually say anything and basically it’s like an aggregator. Alright, well if you want to reach out to judy email us and we can get in touch with her um
[01:15:04] Evan Francen: or go through the channels that sure scripts, you know, I’m super happy for you judy that you’re in a place where you’re well supported and it sounds like a great company making a big difference. So shout out to share scripts to you. Got a good one