MSP 1337 | Cybersecurity Education & Security Guidance

As Solution providers (MSPs), a security first mindset can at times be difficult.  We know that our responsibilities to our staff and clients is about reducing the probability of being an easy target.  Cybersecurity isn't easy but it get's easier when you do it with others.  Chad Holstead and I discuss what it means to be part of an integrator group that has agreed upon a set of standards or controls to improve their security posture.

As we recover from a week in Chicago with our colleagues and friends I thought we should take a minute to recount some of the highlights.  I sit down with Lenny Giller of Reliable Technology Services to get his perspective on MSP-Ignite Pre-day and some of the tracks we had an opportunity to attend.  I think clearly the message is to get involved with GTIA ISAO, get involved with the community and share with each other lessons learned.  Cybersecurity is one step at a time.

The role of an MSP as trusted advisor or vCIO has evolved over the years and more recently it seems the added responsibility of security officer is added to the mix.  In my conversation with Craig Buesing who is the CISO to the Secretary of State of Colorado, we spent a lot of time talking about cybersecurity is a collaboration.  You can't do it by yourself and it is the collaboration and knowledge sharing that makes us all more secure.

One week until ChannelCon and MSP-Ignite Pre-day.  This week we have Dave Sobel, "Host of the Business of Tech Podcast." While Dave and I have been known to go down a few rabbit holes in past conversations, we manage in this episode to focus on three main points: Cyber Tax is a real thing and should be openly discussed with your clients, Tech Debt is a challenge for both vendors and MSPs, and victim blaming doesn't change what has happened.

Table top exercises, Security Awareness Training, and vulnerability management are all ways that we look to improve our security posture. Join me as I talk to Kevin Ireland of Hack The Box regarding teaching your team to participate in red team exercises.

ChannelCon is right around the corner and we are still discussing the culture shift to a cybersecurity first mindset.  I sit down with Joshua Smith of Varonis to talk about how culture shift and doing the right thing are same problem different scale. Whether you are a vendor or an MSP it still comes down to People, Process and Product (technology). We step you through four key steps to begin the shift within your organization.

With the theme of, "Doing the right thing," on our show I had the unique opportunity to sit down with Harry Brelsford to talk about the need for cybersecurity in the Cannabis dispensary vertical.  While this is a very specific niche and is definitely not as mature as many other verticals it was an eye opener for me and I hope you will find opportunity for strength and maturity in cybersecurity.  Harry very neatly breaks down security into three categories that really helps give perspective on areas to improve as we navigate our cybersecurity journey.

As we continue our discussion around "Doing the right thing", I sit down with Eric Hanson of Inland Productivity to specifically discuss 2FA.  There are so many layers in any security stack but there always seems to be a lot to talk about when it turns to 2FA.  Plenty of humor included in this episode!

When doing the right thing could have turned out so different.  I sit down with Jessica Millhiser of Systems Gal to discuss a recent event with one of her clients that could have turned out very differently.  Business Operations is her specialty and what we found in our conversation is that if you aren't weaving cybersecurity into your business processes you are just asking for a breach.

As we continue the discussion surrounding,"Do The Right Thing" it was brought to my attention that I had something in a town hall that an MSP disagreed with.  Join me as I sit down with Matt Horning of BlueTree Technology as we sort out our disagreement and align on a cybersecurity minimum that we agree is necessary for all of our clients.