MSP 1337 | Cybersecurity Education & Security Guidance

We talk about frameworks, compliance, cybersecurity, and many things in between but we haven't discussed getting assessed against a framework or even the new CompTIA Cybersecurity Trustmark. I sat down with Omer Kasim Aslim of Lake Ridge to discuss assessments. How the different frameworks, whether prescriptive or not, are often looking for compliance to protect a specific type of data and not an organization's overall security. We go through several scenarios and Omer offers many tips and best practices. Enjoy!

In recent years we have seen Solution Providers begin offering services that are showing a shift in our industry around our client and client prospect needs. Five years ago very few solution providers would be comfortable talking about risk registers, GRC tools, PoAMs, and take a leadership role with our clients. Joine me as I sit down with Chad Holstead of BKS Group to talk about challenges, risks, and opportunities for positioning compliance as a service.

From the trenches... I sit down with Jim Harryman of Kinetic Technology Group to discuss their progress through the new CompTIA Cybersecurity Trustmark. What are the significant challenges and what are the easy wins. A glipse into the journey that got Kinetic Technology Group to where they are today and preparing for their asessment at the end of the year.

Fireside chat with Matt Lee brings us control 6. Access Management goes hand in hand with Account Management but if you have been following along we coverd control 5 last month. Join Matt Lee and I as we deep dive into each safeguard and discuss what you should be doing and then mapping it to the safeguards we cover.

Each day we are bombarded by cybersecurity threats and this episode adds another vector you should be looking at as you address your asset inventory. Are you looking at the asset that controls your thermostat? How about the IP cameras you use to secure your office? These are just some of the many questions as I sit down with Huxley Barbee of Run Zero. It isn't all doom and gloom but the outlook is definitely scary if we don't start taking action to secure the devices that often are ignored or the responsibility and burden is assumed to be already handled.

There is no question that CMMC is here to stay. It is a much-needed maturity model for measuring companies that cater to the Defense space and are doing what is needed to protect Confidential Unclassified Information (CUI). I sit down with Adam Duman of Vanta to discuss frameworks, contracts, cybersecurity challenges, and how all of these things impact a company looking to keep or add contracts within the defense space.

In Cyber we often focus only on the events that come from the ether, the dark web, and we forget that disasters can come from all sorts of events. With a hurricane less than 24 hours from making landfall, I sit down with Charles Love of ShowTech Solutions to discuss their prep.

I am a big fan of Scott Augenbaum's book, "The Secret to Cybersecurity." Specifically, the 4 truths that we talk about with Tye Male, Senior Pastor of Wellspring church. Suspicious email, inconvenient timing, stress-inducing, and when it is all said and done... it has the potential to damage your reputation. Listen in to hear what Tye learned as it pertains to being vigilant and communicating the cyber dangers with friends and loved ones.

We are 1/3 of the way through the CIS Top 18 and I think Control 5 might be my favorite. Matt Lee joins me as we dive into all six safeguards and how important they are in the journey toward cyber resilience.

I remember the days when Joshua Smith and I decided we should build our own MSP. It was simpler times and Cybersecurity was defined largely by firewalls and antivirus. Today starting an MSP or even being a small MSP trying to get arms around cybersecurity is a daunting task. I discuss with Dor Eisner to talk about why he decided to build Guardz. Why the desire to focus on a solution for the smaller MSP and his overall look at the threat landscape. Together we can we can make it more difficult for the threat actors.