This is the presentation deck that was delivered by Evan Francen on the nVision 2019 Main Stage. The presentation establishes core truths about information security then presents a call to action for getting people to simply focus on the fundamentals using SecurityStudio's free S2Org cybersecurity risk assessment.
2. IMPORTANT!
Before I get started…
• The World Health Organization states that over 800,000
people die every year due to suicide, and that suicide is the
second leading cause of death in 15-29-year-olds.
• 5 percent of adults (18 or older) experience a mental illness
in any one year
• In the United States, almost half of adults (46.4 percent) will
experience a mental illness during their lifetime.
• In the United States, only 41 percent of the people who had a
mental disorder in the past year received professional health
care or other services.
• https://www.mentalhealthhackers.org/resources-and-links/
3. ME: Evan Francen, CEO & Founder of FRSecure and SecurityStudio
I do a lot of security stuff…
• Co-inventor of SecurityStudio®, S²Score, S²Org, S²Vendor,
S²Team, and S²Me
• 25+ years of “practical” information security experience
(started as a Cisco Engineer in the early 90s)
• Worked as CISO and vCISO for hundreds of companies.
• Developed the FRSecure Mentor Program; six students in
2010/500+ in 2018
• Advised legal counsel in very public breaches (Target, Blue
Cross/Blue Shield, etc.)
How do we secure America?
AKA: The “Truth”
4. UNSECURITY: Information Security Is Failing. Breaches Are Epidemic.
How Can We Fix This Broken Industry?
Published January, 2019
How do we secure America?
5. Resources & Contact
Want to participate?
Want to partner?
Want these slides?
LET’S WORK TOGETHER!
• Email: efrancen@securitystudio.com
• @evanfrancen
• @StudioSecurity
#S2Roadshow
• Blog - https://evanfrancen.com
• Podcast (The UNSECURITY Podcast)
Thank you!
8. How do we secure
America?
Show of hands.
An idea, but we need to start
somewhere and we need to start
now.
Before we get there…
9. How do we secure
America?
Show of hands.
An idea, but we need to start
somewhere and we need to start
now.
Before we get there…
What is “Secure”?
We sort of need to agree on
this first.
10. How do we secure
America?
Show of hands.
An idea, but we need to start
somewhere and we need to start
now.
Before we get there…
What is “Secure”?
We sort of need to agree on
this first.
How many of you are
security people (my
tribe)?
11. You know we have an
language problem in
our industry, right?
Our Industry
AI
Blockchain
Penetration Test
Vulnerability
Management
NIST CSF
RiskRisk
Management
Containers
Incident
Management
Cyber
Insurance
Threats
Maturity
Assessment
Malware
Security
Cryptography
Breach
APT
Cybersecurity
BCDR
Malware
Trojan
Spoofing UTM
Phishing
Vishing
DDoS Worm
Botnet ML
Vulnerability
Zero-Day
Layered
Exploit
Threat Actor
Attribution
Kali
OSCP
CISSP
NIST CSF
12. You know we have an
language problem in
our industry, right?
Normal
People See
Us Like
AI
Blockchain
Penetration Test
Vulnerability
Management
NIST CSF
RiskRisk
Management
Containers
Incident
Management
Cyber
Insurance
Threats
Maturity
Assessment
Malware
Security
Cryptography
Breach
APT
Cybersecurity
BCDR
Malware
Trojan
Spoofing UTM
Phishing
Vishing
DDoS Worm
Botnet ML
Vulnerability
Zero-Day
Layered
Exploit
Threat Actor
Attribution
Kali
OSCP
CISSP
NIST CSF
13. Why?
Because we
don’t agree on a
language
Their Language
FIX: Fundamentals and
simplification.
Translation/Communication
WARNING – It’s work and
it’s NOT sexy.
14. Why?
Because we
don’t agree on a
language
Their Language
FIX: Fundamentals and
simplification.
Translation/Communication
WARNING – It’s work and
it’s NOT sexy.
So, let’s listen…
Let’s demonstrate
our own language
problem 1st.
33. Some truth about information security
It’s relative.
Something insecure at the core will always be insecure.
You can’t manage what you can’t measure.
You can’t manage risk without assessing it.
Complexity is the enemy.
34. Some truth about information security
It’s relative.
Something insecure at the core will always be insecure.
You can’t manage what you can’t measure.
You can’t manage risk without assessing it.
Complexity is the enemy.
You cannot build an effective
security program or strategy without
an assessment.
35. Some truth about information security
It’s relative.
Something insecure at the core will always be insecure.
You can’t manage what you can’t measure.
You can’t manage risk without assessing it.
Complexity is the enemy.
You cannot build an effective
security program or strategy without
an assessment.
Most organizations (public and
private) FAIL to do fundamental
information security risk
assessments.
WHY? Reason #1: Complexity
48. Minnesota is one state
amongst 49 other beautiful
states.
Are you troubled having the U.S. Flag
anywhere near the word “Poor”?
I am.
49. How do we secure America?
By speaking a common language we can work on what really matters (our most
significant risks).
What we’re going to do:
• Keep preaching.
• Work politically.
• Keep improving (by listening). What you need to do:
• Get your free S2Org Assessment and do it!
• Help us preach.
• Help us work politically.
• Help us improve (by talking).
50. Your Tasks:
1. Do your S2Org Assessment:
https://app.securitystudio.com/organization/signup
2. Help us preach by telling everyone.
3. Help us politically by telling your leadership.
4. Help us improve by telling us:
• Contact within the tool or here:
https://securitystudio.com/contact/
• Twitter: @evanfrancen or @StudioSecurity
How do we secure America?
Thank you!