MSP 1337

Maybe we have talked about this before? At any rate Business email compromise is a constant threat. We do Phishing simulations and other security awareness training to help our staff and clients make good choices, but we aren't always perfect. I sit down with Dan Gilligan with Integra MSP to hear his journey in dealing with this issue and the tools and training that have changed over the years to keep up with this evolving threat.

What are insider threats? Tim Schnurr and I discuss the importance of cybersecurity in protecting digital assets and preventing insider threats in organizations. There is a overwhelming need for employee education, the use of data classification tools, and the implementation of monitoring tools to track data flow. This is a great way to have open conversations with your employees and your clients as to why it is so important to think before you click on a link, hit send in an email, or download/upload files to file sharing sites etc.

Thinking back ten-plus years on the industry conferences we have attended in person and online. With vendor mergers and acquisitions it is hard to determine which shows you should still attend and every day it seems there is a new road show, quarterly show or another membership conference. How do you make decisions to attend what is relevant?

As we go through the CIS controls we try to stay in sequence but as a result of some discussions at recent events, we decided to jump to Malware Defenses. Hopefully, Matt Lee's insights and my humor will be enough for you to endure 30 minutes on what you should do in your journey to address Malware Defenses.

We talk about frameworks, compliance, cybersecurity, and many things in between but we haven't discussed getting assessed against a framework or even the new CompTIA Cybersecurity Trustmark. I sat down with Omer Kasim Aslim of Lake Ridge to discuss assessments. How the different frameworks, whether prescriptive or not, are often looking for compliance to protect a specific type of data and not an organization's overall security. We go through several scenarios and Omer offers many tips and best practices. Enjoy!

In recent years we have seen Solution Providers begin offering services that are showing a shift in our industry around our client and client prospect needs. Five years ago very few solution providers would be comfortable talking about risk registers, GRC tools, PoAMs, and take a leadership role with our clients. Joine me as I sit down with Chad Holstead of BKS Group to talk about challenges, risks, and opportunities for positioning compliance as a service.

From the trenches... I sit down with Jim Harryman of Kinetic Technology Group to discuss their progress through the new CompTIA Cybersecurity Trustmark. What are the significant challenges and what are the easy wins. A glipse into the journey that got Kinetic Technology Group to where they are today and preparing for their asessment at the end of the year.

Fireside chat with Matt Lee brings us control 6. Access Management goes hand in hand with Account Management but if you have been following along we coverd control 5 last month. Join Matt Lee and I as we deep dive into each safeguard and discuss what you should be doing and then mapping it to the safeguards we cover.

Each day we are bombarded by cybersecurity threats and this episode adds another vector you should be looking at as you address your asset inventory. Are you looking at the asset that controls your thermostat? How about the IP cameras you use to secure your office? These are just some of the many questions as I sit down with Huxley Barbee of Run Zero. It isn't all doom and gloom but the outlook is definitely scary if we don't start taking action to secure the devices that often are ignored or the responsibility and burden is assumed to be already handled.

There is no question that CMMC is here to stay. It is a much-needed maturity model for measuring companies that cater to the Defense space and are doing what is needed to protect Confidential Unclassified Information (CUI). I sit down with Adam Duman of Vanta to discuss frameworks, contracts, cybersecurity challenges, and how all of these things impact a company looking to keep or add contracts within the defense space.