Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Episode 6: Life, Cybersecurity & What’s Ahead with Evan Francen from FRSecure & SecurityStudio
12 Plays2 months ago
In The Chat Room is a dynamic interview series where industry leaders, innovators, and experts gather to share their insights on the ever-evolving landscape of technology and business.
In Episode 6, Matt Bauer, co-founder and director at BetterWorld Technology, hosts Evan Francen, who is the co-founder and CEO of FRSecure and SecurityStudio. Evan has spent decades helping organizations, from Fortune 500 companies to small businesses, navigate the ever-evolving landscape of information security. He’s developed tools like the S2Score to measure risk, created the first-ever CvCISO® certification program, developed Project Broken Mirror, and founded the free CISSP® Mentor Program, which has reached over 100,000 students in 120+ countries.
Matt and Evan cover the waterfront with many topics centering around life, from ADHD to alcoholism, to Evan’s thoughts on where the Cybersecurity movement stands, the forthcoming update to his 2019’s book, ‘Unsecurity’, and what’s ahead in the years to come.
𝗘𝗽𝗶𝘀𝗼𝗱𝗲 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀
00:00 Opening
00:39 Transparency, identity, and the power of sharing personal truths in cybersecurity leadership
02:07 How vulnerability and stigma-breaking help build stronger connections in business and life
04:02 Why understanding human behavior is the hardest and most importantpart of cybersecurity
05:00 From rebellious hacker to CEO: the unconventional path to founding two cybersecurity firms
06:53 Breaking things to learn deeply and the value of curiosity in mastering complex systems
08:04 Early innovation stories from IBM, PaintShop Pro, and hacking SQL before clustering existed
09:22 Building threat response teams at scale and choosing mission over money
10:10 Why doing things “the right way” became the foundation of a new kind of security company
11:17 Revisiting 'Unsecured': what’s changed since declaring the industry broken
12:26 How tech outpaces responsibility and why misuse is the real threat
13:12 The compounding risks of unexamined innovation in AI, quantum, and connected systems
15:30 Embracing ADHD as a superpower in chaotic environments and leadership
17:19 The CISSP mentor program and the mission to freely educate 100,000+ global students
18:23 Project Broken Mirror and why defining critical infrastructure is the next urgent step
19:10 Closing thoughts and staying connected with Better World Technology
𝗘𝘃𝗮𝗻 𝗙𝗿𝗮𝗻𝗰𝗲𝗻’𝘀 𝗟𝗶𝗻𝗸𝘀
- Website: https://evanfrancen.com/
- LinkedIn: https://www.linkedin.com/in/evanfrancen
- Book: ‘Unsecurity: Information Security is Failing. Breaches are Epidemic. How can We Fix This Broken industry?’ - https://www.amazon.com/Unsecurity-Information-security-failing-epidemic/dp/164343974X
𝗟𝗲𝗮𝗿𝗻 𝗺𝗼𝗿𝗲 𝗮𝗯𝗼𝘂𝘁 𝗼𝘂𝗿 𝘄𝗼𝗿𝗸:
- Visit our website: www.betterworldtechnology.com
- Stay connected by subscribing to our YouTube channel for exclusive content, behind-the-scenes insights, and more. And if you enjoyed this episode, be sure to follow us on Spotify and tell a colleague.
🌐 Keep innovating, keep connecting!
Recommended
Transcript
Introduction to 'In the Chat Room' Series
00:00:09
Speaker
Welcome to In the Chat Room from Better World Technology. In the Chat Room is a dynamic interview series where industry leaders, innovators, and experts gather to share their insights on the ever-evolving landscape of technology and business. I'm your host, Matt Bauer, co-founder and director of Better World Technology.
Guest Introduction: Evan Francine
00:00:28
Speaker
we're excited to have in the chat room today, Evan Francine, co-founder and CEO of FR Secure and Security Studio, two valuable and close partners to us here at Better World.
00:00:39
Speaker
Welcome, Evan. Thank you. It's great to be here. Okay, let's dive in, Evan. you've You've had an illustrious career and are very well known in and around and outside IT t security, cybersecurity circles.
Evan's Personal and Professional Identity
00:00:54
Speaker
At the top of your blog, you you come right out with it on a personal front. You're a, and I'll quote, Christian, husband, father, grandfather, friend, business leader, CISO, a hacker, a certified rescue diver, Harley biker, welder, American, Mexican,
00:01:13
Speaker
cancer survivor, recovered alcoholic, a harsh self-critic, a problem solver, and a problem creator. i love it. And so I just was hoping maybe we can pick one of those things that's on your mind right now, just kind of getting it all out there.
00:01:28
Speaker
ah is there anything you can pick from from that long list and focus on it or something that's you know resonating with you now? Yeah, I mean, I think the thing that people appreciate most about me is transparency.
00:01:44
Speaker
You know, i I feel like the more I share about myself, there's a connection there in something. Like maybe you're not a Christian, but you're an alcoholic. You know, maybe you're not a Christian or an alcoholic, but you're a diver.
00:01:57
Speaker
So I think the more you open up about who you are, the more you connect with other people. Yeah. and Behind all of this is ADHD. you know The list is long because it's hard to keep me still for any more than just a few minutes.
The Power of Vulnerability and Connection
00:02:16
Speaker
Well, and and and that's, it's interesting because, you know, some of these elements are, you know, society looks at them in negative ways or, you know, alcoholism, you know, ADHD.
00:02:27
Speaker
ah But they also contribute to ah spurring you to the great things you've done and who you are. And they're all part of the the tapestry, right? So you can't remove one piece or another. So it's interesting. Yeah, that's so that's so true. And I think there's there's so much stigma, especially in in today's world, right?
00:02:49
Speaker
ah Mental health, you know, how often do people talk about things ah like depression or suicide? um If you talk about it, then it's no longer a stigma.
00:03:00
Speaker
And it's also disarming. So when I share the things about me, what what are you going to use against me? You're going to, oh, you're just a Christian. Yeah, I know. i already said that. You know, let's get onto something that, you know, maybe more impactful.
00:03:14
Speaker
ah But usually it's like the alcoholism is definitely one that's resonated with a lot of people. You know I've had a lot of people come up to me afterwards and, you know, this is what I do. Do you think I have a drinking problem?
00:03:28
Speaker
At the end of the day, doesn't really matter what I think. It's what you think. I can give you my opinion, um but that serves us so well in professional circles as well, you know, with
Human Element in Cybersecurity
00:03:40
Speaker
information security. One of our biggest challenges is connecting and resonating with people.
00:03:45
Speaker
You know, securing computers, that's easy. Computers are binary. They only do what I tell them to do. People, on the other hand, are really difficult. They're challenging. So getting to know people, getting to understand what motivates them, why they do the things they do, and and and being being a leader in this industry, I'll start off. I'll share myself.
00:04:09
Speaker
And maybe that'll put you at ease where you can share with me as well, and then I can help you better. Yeah, absolutely. And as one who's gone through your VCSO course with Security Studio, I think we've had about 15 of us at Better World that have gone through it already. All right, love it. You guys, love seeing guys in there.
00:04:29
Speaker
You learn that piece about the people being the critical element, you know, so what you're saying definitely definitely rings true. So, well, let's dive into some of ah some
Evan's Journey to Entrepreneurship
00:04:40
Speaker
of the work things. So you're, as co-founder and CEO of FR Secure and Security Studio to household names in the industry. You've spent decades helping organizations from Fortune 500 companies and small businesses.
00:04:56
Speaker
And, you know, but let's dial it back a little bit to that through line, you know, from your early days as ah a self-proclaimed hacker and discovering, hey, yeah i can make money of this. and And how did that lead to founding these great companies?
00:05:13
Speaker
Yeah. so I grew up, I mean, it goes back. I grew up an only child of two Marine Corps parents. So I grew up on base. um As I got older, I got a little more rebellious. Both my parents were into technology. My mother was one of the earliest female executives at IBM.
00:05:34
Speaker
Until they were always bringing home technology stuff. And I've got ADHD. I'm kind of rebellious now. ah So I broke stuff. You know, that's how I learned most things was by breaking them.
00:05:47
Speaker
Excuse me. And there's a lot of early stories of, you know, you're not proud of those things anymore, but they were bragging rights back then. And as I navigated you know what I wanted to do with my life, and that's one of the things that have five kids, and one of the things I've always taught them is try everything.
00:06:09
Speaker
You don't know what you're going to be good at. You don't know what you're going to be built for unless you try it. So I did the same thing. you know i did that when I was a kid. I was ah security guard, cashier, stockbroker. I passed my Series 7 in 63, believe it or not.
00:06:25
Speaker
um I was a bartender, warehouse worker, furniture installer, loan officer, bill collector. There's probably something else in there too before I ever got into IT.
00:06:37
Speaker
I was always hacking things because that was my curiosity. I was always curious on how things worked. and if i And the best way to learn how something works is to break it and then put it back together again.
00:06:49
Speaker
I think so many people are risk averse. you know They want to know how something works, but what if I break it? Go ahead, you know break it, because then you'll know how to put it back together again, and you'll be so much better. So my first all of that stuff led to my first job, which was actually at IBM, ah cleaning boot sector viruses off of Windows 3 machines.
Career Highlights and Innovations
00:07:11
Speaker
um Not a very fun job, but it was intriguing enough. It was interesting enough. I actually got fired from that job. And then where I end up? a Jask Software. We made PaintShop Pro.
00:07:23
Speaker
That was a fantastic job. Because there I was able to... It was very innovative then. this was you know As the dot-com bubble was starting to get bigger and bigger just before it was going to burst, and at the advent of digital cameras,
00:07:39
Speaker
So when you had digital cameras back then, you had you know the Kodak boxes, basically. You had two options for editing those photos. You had Photoshop, which was $1,200, or PaintShop Pro.
00:07:53
Speaker
And PaintShop Pro was... shareware basically so we were a very very popular website um one of the top 10 most visited websites in the world at that time but for me as a geek and a network guy I became a network guy Cisco was my my flavor um it was awesome I get to figure out how to load balance things before load balancers were a thing um how to cluster a SQL 6.5 server which For people who know SQL six version 6.5, there is no clustering.
00:08:27
Speaker
it's ah SQL 7 is when clustering came out. So we had to hack it. We had to figure out how to make that cluster. And Microsoft actually contacted us.
00:08:38
Speaker
We thought they were going to get really mad. They actually wanted to know how we did it so they could cluster it in 7. I went to US Bank after that. you JASC software was acquired by corel which is a canadian French Canadian company. Went to US Bank, built their threat and vulnerability team and their incident response team. And then I went to UnitedHealth, deployed laptop encryption to 46,000 laptops, which was kind of boring, but sort of fun.
00:09:12
Speaker
Anyway, long story, my last real job was MGI Pharma. It was a $4 billion dollars pharmaceutical, and I was their I loved that job. um and I'd still be there today, but they were acquired by um ah Japanese pharmaceutical, which then left me with vested stock options and figuring out what my next career move
Founding FR Secure
00:09:35
Speaker
was. and I started FR Secure then in 2008.
00:09:37
Speaker
two thousand and eight and The one frustration I had over all those years that had built up was the failure of people to do things the right way. you know In corporate America, it's You do just enough sometimes to get by.
00:09:55
Speaker
You have to play the but the political game, you know rather than doing things the right way. Well, that's not my responsibility or Johnny's going to get offended if I do that. This was an opportunity for me to say, all right, we're going to do security the right way.
00:10:11
Speaker
And not that we had all the answers, but if somebody can point out where something's not the right way, well, then we need to adjust and do it the right way, which then brought the the mission of fixing the broken industry. Anyway, it's a long story, but that's why I'm here. At the end of the day, i don't it's not about money.
00:10:31
Speaker
It's about mission. And the mission really comes from, as you pointed out earlier, I'm a Christian. I'm going to die someday. All of your listeners, i don't know if they knew this, and so I'm not a downer, but we all die.
00:10:45
Speaker
And when I die, I want to hear Jesus say, well done. And that's all that matters. Awesome. Awesome. It was a long answer, wasn't it? No, no, that
The 'UnSecurity' Book Discussion
00:10:54
Speaker
was great. That was great. And I think that leads well into my next question, which is your a noted author. And in 2019, you published the book Unsecurity. And the tagline is, information security is failing, breaches our epidemic.
00:11:16
Speaker
How can we fix this broken industry? So, you know, it's been six, seven years since you wrote those words, maybe even more. Sometimes it takes ah many years to write a book. So I'm not sure when, when it when how long it took to write, but You know, what is what has changed since then? yeah Do you have more hope or less hope or what what what do you what's your attitude towards, you know, where you were then versus now?
Challenges in Information Security
00:11:43
Speaker
Yeah, well, you know, opened that book with comparing this to a game. You know, I'm a very competitive person. um And so, you know, the point was, we're losing.
00:11:56
Speaker
We were were losing the game. And, you know, using that same analogy, ah we're still losing. You know, we're maybe, you know, it's ah it was maybe halftime, you know, just to try to build off this analogy a little more.
00:12:12
Speaker
Maybe it was halftime and we were down by 20 points. Now it's like third quarter and we're down by 25 points. So it's it's still... We're still losing ground, just not maybe at the pace we were before.
00:12:27
Speaker
But now with the advent of quantum computing and AI, it's, oh man, I don't know. It doesn't look good. the The problem for us, just as human, it's a human problem. The problem for us as humans is we continue to adopt new technology faster than our ability to use it responsibly.
00:12:47
Speaker
So it's not the technology that's a problem. It's not necessarily us that's a problem. It's our use of technology and the fact that we don't consider what's responsible before I use it. Maybe I should learn how it works. Maybe I should learn um what some of the risks are if I plug this thing into my network before I plug it into my network.
00:13:09
Speaker
But the problem just continues to compound when you don't get back to the root of what the problem is. So I think... I think the problem has gotten worse. I'm not a doomsday guy. I'm not a not um conspiracy theory guy.
00:13:24
Speaker
Just logic tells you there's lots of evidence to show that it's getting worse. And i was recently, I was asked a couple of months ago by um members of my team to write an update to that book.
00:13:38
Speaker
So it's funny that you bring that up. So UnSecurity version 2 is in the works right now. And it will be, my goal is to have it done um at least ready for the editor by end of June.
00:13:53
Speaker
Oh, great. Wow. Okay. yeah So we can hopefully look forward to that. Maybe published by the holidays or something. Give us our updates, what we need.
00:14:04
Speaker
um Well, maybe maybe this ties in with my my last. Go ahead. Yeah, go ahead. No, this one is also very – sometimes I feel like I'm the guy, and I don't know if you ever feel this way, but sometimes I feel like I'm the guy that says the things that everybody's thinking but nobody wants to say.
00:14:22
Speaker
You know, and it's and maybe that comes with like, I'm at this point in my career now, you know, I'm i' in my mid 50s. um Essentially, my retirement is taken care of. You know, i'm I'm not motivated by that kind of stuff. I don't want to get rich.
00:14:37
Speaker
So there's a point where you're just content. And so when you get to this point, it's like. I'm just going to say what. I think is the right thing to say. And I'm and and if it offends people, so be it.
00:14:49
Speaker
Whereas when I was younger in my career, you know, I had to, I had to worry about that because, well, I might piss off my boss and I might get fired. Um, so I, I think it's, it's sort of, sort of, you know, the calling now is to share as much wisdom as I can before I do, you know, die.
Commitment to Education and Mentorship
00:15:10
Speaker
and this book is going to be, Very blunt. I think there's going to be a lot of people that are going to be upset by it. But then a lot of people will be like, yes, finally, somebody said it. Right.
00:15:22
Speaker
Well, let's, let's ah you know, kind of bringing it back into the station, you know, Evan, looking into your crystal ball, ah and maybe this is part of the process you're you're doing with the update of the book. Yeah.
00:15:34
Speaker
not to you know do any spoilers here of what's in there, but ah you know what do you see ahead? what What are you focusing your energies on the this on these days, which apparently I think the book is probably, you know, and ah I think kind of bringing it to that one focus, I thought of when I was when I was writing this, you know, sort of Jack Palance, you know, that one thing in in City Slickers, you know, sort of yeah focus on that one thing. What what what do you what what is that for you right now?
00:16:05
Speaker
Oh, man. I mean, being an ADHD guy, there's there's never one thing. Right, right. Yeah, maybe yeah maybe that's a – In retrospect, I might have rewritten this, you little bit. wish I could. ah youy One focusing on. For any of the listeners, you know, who have ADHD, you know, or have kids, you know, I've met a lot of people that have kids that have ADHD and they're worried about their children.
00:16:29
Speaker
And ADHD is a superpower. I think most mental things it's, you have a thing, right? It's how you use it. That makes it a superpower or a curse. So ADHD is definitely a superpower at times because you can pick up multiple things.
00:16:46
Speaker
You're comfortable in chaos. It's, you know, for incident response, it's like, it's an awesome skill to have, believe it or not, uh, for, you know,
00:16:58
Speaker
doing meetings, sometimes having discussions, sometimes trying to get a project done by a specific due date. you know Those things can be curses. My wife tried to be my administrative assistant for a while, oh which was good because I didn't have to explain her what I was doing at work every day anymore.
00:17:20
Speaker
but it was bad because it, she can't do it. I mean, it's, it, you're just unmanageable, but anyway, what am I working on? So the book is one thing, the most significant, highest priority thing on my plate right now is the upcoming CISSP mentor program.
00:17:36
Speaker
So that one kicks off on in two weeks from tomorrow. And that program started in 2010. Um, it's free, free CISSP training.
00:17:48
Speaker
Uh, And mentorship. So the mentorship comes, you have to do it at scale. Um, but I think we've had over a hundred thousand students since 2010, um, and 143 countries.
00:18:04
Speaker
So, so that's my number one priority just to get my stuff squared away for that. And then other things, the book and, this thing called I call project broken mirror, which is, um,
00:18:16
Speaker
It's about trying to protect critical infrastructure. You know, our our critical infrastructure in the United States is in some places it's great. In some places it's laughable, but the problem really lies in the fact that we don't know what it is. So we need to figure that, that out.
00:18:33
Speaker
So three things, not one thing, but three. All right. Good enough. Well, well, thank you, Evan. What, what a great conversation. And we look forward to collaborating more in 2025 and beyond.
Conclusion and Call to Action
00:18:47
Speaker
And thank you for watching and listening to Better World Technologies in the chat room. To dive deeper into our episodes and learn more about our work, visit BetterWorldTechnology.com.
00:18:58
Speaker
Stay connected by subscribing to our YouTube channel for exclusive content, behind the scenes insights and more. And if you enjoyed this episode, be sure to follow us on Spotify and tell a colleague, keep innovating, keep connecting.
00:19:13
Speaker
We'll see next
00:19:20
Speaker
you