We’ve been reflecting on our core values as a company quite heavily in the last few months. They’re what make FRSecure, FRSecure, and provide our employees with a framework for how we treat our customers and each other. For that reason (and more) it’s incredibly important to us that we teach each other what the values mean to us as a company, that we hold each other accountable on fulfilling our values, and that we practice those values every day.
Our first core value is that we tell the truth. We’re in a business where sometimes the truth hurts. It’s not fun to hear that you’re not doing everything you could be doing in order to prevent and handle breaches. As security consultants though, we sometimes need to tell you the things you don’t want to hear because it’s the only way to really make a difference in how you’re protecting your customers, employees, and their data.
There’s a lot of noise in the InfoSec industry, and it’s challenging sometimes to determine what’s the truth and what isn’t. Sometimes that leaves us to do our own interpretation based on our experiences. So that’s what I’ve done. I took to Twitter at the beginning of April, and have been posting one InfoSec truth every day until I get to 100 truths. These are things I’ve seen and witnessed in my career that I know to be true through those experiences.
Day One – Information security isn’t about information or security as much as it is about people. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 8, 2019
Day Two – Information security is a business issue, not an IT issue. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 9, 2019
Day Three – Data breaches are inevitable, no matter how good you are. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 10, 2019
Day Four – One of the best tells of a novice (or poor) security professional is their inability to put risk into context. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 11, 2019
Day Five – You don’t need a degree to be awesome at information security. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 12, 2019
Day Six – Cybersecurity and information security are different things. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 13, 2019
Day Seven – There’s a lot of snake oil for sale in the information security industry. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 14, 2019
Day Eight – A good CEO is a champion for information security. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 15, 2019
Day Nine – Somebody’s got to do the dirty work, and there’s a lot of it to do. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 16, 2019
Day Ten – If you’re responsible for information security and you don’t know what the dirty work is, you might want to start over.
— Evan Francen (@evanfrancen) April 17, 2019
Day Eleven – The board of directors knows more about information security than you think, but less than they think. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 18, 2019
Day Twelve – One bit, either a 1 or a 0, like black or white. It only takes two bits to make gray area. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 19, 2019
Day Thirteen – Everyone has something that somebody wants. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 20, 2019
Day Fourteen – We can’t effectively secure the things we can’t control. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 21, 2019
Day Fifteen – While the “prudent man” drives the herd, the wolves devour the sheep. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 22, 2019
Day Sixteen – If you think you know the motivation of your likely attacker, you’re probably wrong. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 23, 2019
Day Seventeen – People are the greatest risk, this includes you (and me). #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 24, 2019
Day Eighteen – There’s very little (if any) return in chasing down the last 5-10% of information security risk. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 25, 2019
Day Nineteen – Complexity is the enemy of information security. (Thank you Bruce Schneier) #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 26, 2019
Day Twenty – Compliance and information security aren’t even close to the same thing. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 27, 2019
Day Twenty-one – It’s your job to protect yourself and your family, don’t expect others to do it for you. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 28, 2019
Day Twenty-two – If information security isn’t fun, you might not be doing it right. #100DaysofTruth #truth #infosec
— Evan Francen (@evanfrancen) April 29, 2019
Although it’s not always easy, hearing the truth about InfoSec can make a difference in your business and how your data is protected. Being aware of the latest InfoSec threats can help you and your organization be prepared. It’s only a matter of when you’ll be breached, and security awareness and training is important when preparing for and handling a breach. For more InfoSec truths and ways to protect your organization, visit frsecure.com.