Felicia King is known as the “Packet Whisperer” and considered to be one of the top network layer security strategists in the country. Since launching in 2004 on the WGTD network, her Breakfast Bytes podcast has focused on the current cybersecurity landscape and the security threats business owners need to be aware of. Learn about the most recent threats, what you can do to mitigate your risk, and how to protect your most valuable assets, your data and your time. Use the tags in the menu above to quickly access episode topics most relevant to you.
Recent question I got:
What are the major changes that you have seen from security auditors in recent years and/or where do you see the audit process heading?
For the sake of a high level, automation is and will continue to be used. The size of the IT service provider is NOT a conveyance of their capabilities or capacity.
Many 60 person MSPs are grossly incompetent. Some small teams of about 8 people are exceptional...
Breach attorney, Spencer Pollock joins Felicia for a vigorous discussion of what you must do in order to be prepared for an incident or breach. Learn from the breach attorney perspective.
Spencer is with the well-known firm McDonald Hopkins.
What is information security versus cybersecurity?
What are policies and why do we care?
Isn't that IT's problem?
Examples to learn from
Vince Gremillion – President and Founder of Restech: CISSP, CvCISO, GCIHOverview
Travelers policy – requires MFA on switches. They require you comply with the intent of that.
Recent Cowbell application did not require MFA!
What is required is contingent upon the coverage you are asking for.
Frank Raimondi, VP of Channel Development at IGI Cyber Labs
IGI CyberLabs has a product called Nodeware which does continuous vulnerability assessment.
PenLogic – regular penetration test – once a quarter deep dive heavy one and a monthly light test.
CEO buyer’s journey
Risk scoring is part of security velocity
Improve your cyber-hygiene – all small businesses
Security 101 is inventory 101
Cysurance – warranty and...
Ken Dwight is “The Virus Doctor” – Business consultant and advisor to IT service providers and internal IT at many businesses who have come to him for his training, has his own direct clients. Ken conducts a monthly community meetings for alumni. He provides a list of curated items of current interest for discussion and resources, and has a featured topic which often includes another speaker to provide breadth of perspective. He ha...
This episode of Breakfast Bytes is Part 2 of a series where Felicia King and Dan Moyer of QPC Security continue their conversation on Vulnerability Management. Listen to Part 1 at https://qpcsecurity.podbean.com/e/vulnerability-management-part-1/.
In today’s episode, Felicia and Dan discuss vulnerability management workflows, supply chain risk management, starting with security on the front end rather than retrofitting, and proper...
We have seen some really goofy cybersecurity insurance application questions. It is always best to not answer a question that is goofy, but instead to write an addendum that defines terms and explains the cybersecurity posture of an organization related to the topic. You need to try to figure what the insurance company was trying to evaluate rather than just answering their questions because their questions are frequently not suita...
Felicia King and Dan Moyer of QPC Security talk about vulnerability management, patch management and all the things that business owners are generally not understanding adequately. As a result of that, you're being underserved, misled, and in some cases were lied to and ripped off.
Ultimately, many business owners are refusing to pay for what they need for adequate risk management because they don't understand what they nee...
Phone VLAN on a switch and cross connected into a Firebox with desk phones, PCs, and printers in the environment
Questions we actually got:
On Monday, we send over the list of what switch ports are for printers, which are for PCs, and which are for desk phones. Technician says that two of the three phones are not working. We use our awesome switches to find out exactly where these other phones were plugged in. The phones...
More than 80% of breaches occur due to credential theft. All organizations have compliance requirements to have org-owned password management systems and MFA enforcement on accounts used by employees and contractors.
Some other needs which must be met are:
You should not put things in the cloud unless you can secure them there at least as good as a highly competent professional would have if they had that asset on premise.
Cloud hosted assets have additional risks.
I got a request to post this podcast from 12/1/2018 to podbean. Here it is.
Originally aired: 11/1/2018.
I had a request to post this older podcast to Podbean, so here it is.
VMS Appliance cost analysis between the "appliance" version and the "you get a real server" version.
I got a request to publish a podcast I did a few years back on podbean, so here it is. Originally this was from 10/19/2018.
Usually there is no substitute for real server hardware. Attempts to pay less for server hardware almost always end up costing you more in the long-run.
Windows 10 as of Build 1809 10/2/2018 has an IPv6 requirement. There are a bunch problems with that.
We cover the option of running an ACS Appliance instead...
Listen to the podcast or the list of these resources may not make sense to you. You cannot secure what you cannot engineer, implement, maintain, and support. Security was always infused into IT if you did IT correctly. I know. I've been doing IT since 1993 and was programming in third grade. Security was ALWAYS part of a proper strategy.
I'm always trying to add to the team. But I find that a lot of people are jus...
Amazing interview with Colin Ruskin, CEO of WorkOptima, on the topic of right-sized software.
Colin has an incredible talent at being able to distill the truth of something into a catchy and memorable tagline using spot on metaphors.
Cybersecurity insurance requires MFA for all internal and external administrative access. How do you accomplish this?
Examples of things you might access:
There are many ways to solve this problem and they are all too long to post about here, so this is what this podcast is about. - Passwordstate remote integrated prox...
Partner with an information security officer like QPC Security to get an internal and external vulnerability scanning plan in place for your organization. A lot of vulnerability management is not possible to do with tools. It takes experience and expertise that comes from 29 years of hard work.
A great API scanner https://www.wallarm....
Spencer Pollock – Cybersec...
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
If you can never get enough true crime... Congratulations, you’ve found your people.
The most notorious mass murder in Ohio’s history happened on the night of April 21, 2016 in rural Pike County. Four crime scenes, thirty-two gunshot wounds, eight members of the Rhoden family left dead in their homes. Two years later a local family of four, the Wagners, are arrested and charged with the crimes. As the Wagners await four back-to-back capital murder trials, the KT Studios team revisits Pike County to examine: crime-scene forensics, upcoming legal proceedings, and the ties that bind the victims and the accused. As events unfold and new crimes are uncovered, what will it mean for all involved? What will it mean for Pike County?
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks then look no further. Josh and Chuck have you covered.
It’s a lighthearted nightmare in here, weirdos! Morbid is a true crime, creepy history and all things spooky podcast hosted by an autopsy technician and a hairstylist. Join us for a heavy dose of research with a dash of comedy thrown in for flavor.