Season 3

As we go through the CIS controls we try to stay in sequence but as a result of some discussions at recent events, we decided to jump to Malware Defenses. Hopefully, Matt Lee's insights and my humor will be enough for you to endure 30 minutes on what you should do in your journey to address Malw...

We talk about frameworks, compliance, cybersecurity, and many things in between but we haven't discussed getting assessed against a framework or even the new CompTIA Cybersecurity Trustmark. I sat down with Omer Kasim Aslim of Lake Ridge to discuss assessments. How the different frameworks, whet...

In recent years we have seen Solution Providers begin offering services that are showing a shift in our industry around our client and client prospect needs. Five years ago very few solution providers would be comfortable talking about risk registers, GRC tools, PoAMs, and take a leadership role wit...

From the trenches... I sit down with Jim Harryman of Kinetic Technology Group to discuss their progress through the new CompTIA Cybersecurity Trustmark. What are the significant challenges and what are the easy wins. A glipse into the journey that got Kinetic Technology Group to where they are today...

Fireside chat with Matt Lee brings us control 6. Access Management goes hand in hand with Account Management but if you have been following along we coverd control 5 last month. Join Matt Lee and I as we deep dive into each safeguard and discuss what you should be doing and then mapping it to the sa...

Each day we are bombarded by cybersecurity threats and this episode adds another vector you should be looking at as you address your asset inventory. Are you looking at the asset that controls your thermostat? How about the IP cameras you use to secure your office? These are just some of the many qu...

There is no question that CMMC is here to stay. It is a much-needed maturity model for measuring companies that cater to the Defense space and are doing what is needed to protect Confidential Unclassified Information (CUI). I sit down with Adam Duman of Vanta to discuss frameworks, contracts, cybers...

In Cyber we often focus only on the events that come from the ether, the dark web, and we forget that disasters can come from all sorts of events. With a hurricane less than 24 hours from making landfall, I sit down with Charles Love of ShowTech Solutions to discuss their prep.

I am a big fan of Scott Augenbaum's book, "The Secret to Cybersecurity." Specifically, the 4 truths that we talk about with Tye Male, Senior Pastor of Wellspring church. Suspicious email, inconvenient timing, stress-inducing, and when it is all said and done... it has the potential to ...

We are 1/3 of the way through the CIS Top 18 and I think Control 5 might be my favorite. Matt Lee joins me as we dive into all six safeguards and how important they are in the journey toward cyber resilience.

I remember the days when Joshua Smith and I decided we should build our own MSP. It was simpler times and Cybersecurity was defined largely by firewalls and antivirus. Today starting an MSP or even being a small MSP trying to get arms around cybersecurity is a daunting task. I discuss with Dor Eisne...

There are lots of frameworks to choose from and some are more complicated than others. What is important is that you use some set of controls/safeguards or standards that are measurable and can be aligned with. I sit down with Alex Spigel to talk bout her approach to compliance and how things like r...

Over the past few months we have spent time on policies, how to tackle controls and safeguards in CIS Top 18, and we have even pointed out cybersecurity areas that might be overlooked. In this episode, as we all look at maturing our cybersecurity practice we look at how one might show evidence to su...

It is the 3rd Tuesday of the month and it is time for Control 4 With Mat Lee. This is a shorter episode but we get it done and got great insights on how to go about addressing CIS Control 4.

Policies are the one thing no company wants to create but everyone has to have. We see them show up in employee handbooks, Written Information Security Plans (WISP), and System Security Plans (SSP), and there is no shortage coming from HR. In this episode, Charles Love of ShowTech Solutions, and I e...

I don't often have vendors as guests on the show and so when there is an exception made it is because they are bringing something to the table that is exceptional. Discussing Single Sign-on with Nick Wolf Of Evo Security is a topic that we have touched on before but never in the context of how i...

A little Chutes and Ladders, a little Yellow Brick Road. In this episode, I think you will find that Data Protection is a rather complex beast but through the guidance of Matt Lee of Pax8 you will have the tools you need to better protect what is important to you and your clients.

This week we put a thought towards adding counterintelligence as something that should be part of your Business Continuity, Disaster Recover, and Incident Response. It makes sense when you hear what Darren Mott has to say. As a former FBI agent, his insights both from his time in the field and even ...

After we did, "A Doozy of a Story." I was presented with this Gem. It almost feels like a perfect storm but in fact it is a legitimate business and as I discuss the details with Eric Hanson, I want you to think about CIS Control Service Provider Management and Software Management. It is ea...

When cybersecurity insurance first came on the scene it was a new frontier. Everyone seemed to be selling it and everyone seemed to qualify for it. That was then... Sitting down with Reid Wellock of FifthWall was an enlightening discussion of where the industry is at and hope for the future. There a...