Quality Plus Consulting - Breakfast Bytes

Quality Plus Consulting - Breakfast Bytes

Felicia King is known as the “Packet Whisperer” and considered to be one of the top network layer security strategists in the country. Since launching in 2004 on the WGTD network, her Breakfast Bytes podcast has focused on the current cybersecurity landscape and the security threats business owners need to be aware of. Learn about the most recent threats, what you can do to mitigate your risk, and how to protect your most valuable assets, your data and your time. Use the tags in the menu above to quickly access episode topics most relevant to you.

Episodes

November 30, 2022 29 min

Recent question I got:

What are the major changes that you have seen from security auditors in recent years and/or where do you see the audit process heading?

Quick response:

For the sake of a high level, automation is and will continue to be used. The size of the IT service provider is NOT a conveyance of their capabilities or capacity.

Many 60 person MSPs are grossly incompetent. Some small teams of about 8 people are exceptional...

Mark as Played

Breach attorney, Spencer Pollock joins Felicia for a vigorous discussion of what you must do in order to be prepared for an incident or breach. Learn from the breach attorney perspective. 

Spencer is with the well-known firm McDonald Hopkins. 

  • Policies
  • preparation
  • incident response plan
  • tabletop exercises
  • must get breach attorney involved before there is an incident
  • determine your team in advance
  • What's new?

  • regulatory enforcement
  • mu...
  • Mark as Played

    What is information security versus cybersecurity?

    What are policies and why do we care?

    Isn't that IT's problem?

    Examples to learn from

    Mark as Played
    October 12, 2022 58 min

    Special guest:

    Vince Gremillion – President and Founder of Restech: CISSP, CvCISO, GCIH

    Overview

    Travelers policy – requires MFA on switches. They require you comply with the intent of that.

    Recent Cowbell application did not require MFA!

    What is required is contingent upon the coverage you are asking for.

    Some suggestions:

  • Never fill out an app for a client, not even partially
  • MSP comms to a client should be in a document in a deta...
  • Mark as Played
    September 30, 2022 47 min

    Frank Raimondi, VP of Channel Development at IGI Cyber Labs

    IGI CyberLabs has a product called Nodeware which does continuous vulnerability assessment.

    PenLogic – regular penetration test – once a quarter deep dive heavy one and a monthly light test.

    CEO buyer’s journey

    Security velocity

    Risk scoring is part of security velocity

    Improve your cyber-hygiene – all small businesses

    Security 101 is inventory 101

    Cysurance – warranty and...

    Mark as Played
    September 29, 2022 49 min

    Ken Dwight is “The Virus Doctor” – Business consultant and advisor to IT service providers and internal IT at many businesses who have come to him for his training, has his own direct clients. Ken conducts a monthly community meetings for alumni. He provides a list of curated items of current interest for discussion and resources, and has a featured topic which often includes another speaker to provide breadth of perspective. He ha...

    Mark as Played

    This episode of Breakfast Bytes is Part 2 of a series where Felicia King and Dan Moyer of QPC Security continue their conversation on Vulnerability Management. Listen to Part 1 at https://qpcsecurity.podbean.com/e/vulnerability-management-part-1/

    In today’s episode, Felicia and Dan discuss vulnerability management workflows, supply chain risk management, starting with security on the front end rather than retrofitting, and proper...

    Mark as Played

    We have seen some really goofy cybersecurity insurance application questions. It is always best to not answer a question that is goofy, but instead to write an addendum that defines terms and explains the cybersecurity posture of an organization related to the topic. You need to try to figure what the insurance company was trying to evaluate rather than just answering their questions because their questions are frequently not suita...

    Mark as Played

    Felicia King and Dan Moyer of QPC Security talk about vulnerability management, patch management and all the things that business owners are generally not understanding adequately. As a result of that, you're being underserved, misled, and in some cases were lied to and ripped off.

    Ultimately, many business owners are refusing to pay for what they need for adequate risk management because they don't understand what they nee...

    Mark as Played
    Scenario 1

    Phone VLAN on a switch and cross connected into a Firebox with desk phones, PCs, and printers in the environment

    Questions we actually got:

    On Monday, we send over the list of what switch ports are for printers, which are for PCs, and which are for desk phones. Technician says that two of the three phones are not working. We use our awesome switches to find out exactly where these other phones were plugged in. The phones...

    Mark as Played
    July 16, 2022 33 min

    More than 80% of breaches occur due to credential theft. All organizations have compliance requirements to have org-owned password management systems and MFA enforcement on accounts used by employees and contractors.

    Some other needs which must be met are:

  • Compliance attestation documentation
  • Proper use of the best MFA method on a per resource basis
  • Aligning business continuity objectives with cybersecurity objectives
  • Developing proce...
  • Mark as Played

    You should not put things in the cloud unless you can secure them there at least as good as a highly competent professional would have if they had that asset on premise.

    Cloud hosted assets have additional risks.

  • Counterparty risk
  • Additional outage and accessibility risk
  • You have less control
  • You have less security over the human or governmental access to your content
  • Zero 4th Amendment protections over that data. It's fully subjec...
  • Mark as Played

    I got a request to post this podcast from 12/1/2018 to podbean. Here it is.

    Mark as Played

    Originally aired: 11/1/2018.

    I had a request to post this older podcast to Podbean, so here it is.

    VMS Appliance cost analysis between the "appliance" version and the "you get a real server" version.

    https://qualityplusconsulting.com/BBytes/QPCAnalysisOnAxisVideoRecorderServer.pdf

    Mark as Played

    I got a request to publish a podcast I did a few years back on podbean, so here it is. Originally this was from 10/19/2018.

     

    Usually there is no substitute for real server hardware. Attempts to pay less for server hardware almost always end up costing you more in the long-run.

    Windows 10 as of Build 1809 10/2/2018 has an IPv6 requirement. There are a bunch problems with that.

    We cover the option of running an ACS Appliance instead...

    Mark as Played
    Overview

    Listen to the podcast or the list of these resources may not make sense to you. You cannot secure what you cannot engineer, implement, maintain, and support. Security was always infused into IT if you did IT correctly. I know. I've been doing IT since 1993 and was programming in third grade. Security was ALWAYS part of a proper strategy. 

    I'm always trying to add to the team. But I find that a lot of people are jus...

    Mark as Played
    May 17, 2022 71 min

    Amazing interview with Colin Ruskin, CEO of WorkOptima, on the topic of right-sized software.

    Colin has an incredible talent at being able to distill the truth of something into a catchy and memorable tagline using spot on metaphors.

    Some highlights:

  • Can I actually use the software and benefit from it?
  • Floors versus software that grows with you
  • All features all the time, but license it at the per-user
  • Enterprise drama and enterprise m...
  • Mark as Played

    Cybersecurity insurance requires MFA for all internal and external administrative access. How do you accomplish this?

    Examples of things you might access:

  • switches
  • firewalls
  • servers
  • printers
  • workstations
  • DNS hosting
  • website hosting
  • cloud management portals
  • NAS
  • BCDR appliances
  •  

    There are many ways to solve this problem and they are all too long to post about here, so this is what this podcast is about. - Passwordstate remote integrated prox...

    Mark as Played
    API Security is going to be the thing you need to be paying attention to in the next two years.

    Partner with an information security officer like QPC Security to get an internal and external vulnerability scanning plan in place for your organization. A lot of vulnerability management is not possible to do with tools. It takes experience and expertise that comes from 29 years of hard work. 

     

    A great API scanner https://www.wallarm....

    Mark as Played

    Cyberlaw podcast

  • What needs to be pre-documented for the breach attorney to be effective? And in what format?
  • What to do to protect yourself from outrageous fees?
  • What to do in order to get proper service from a breach attorney?
  • What are the advantages of having a pre-established relationship with a breach attorney?
  • What positive outcomes arise from having pre-breach meetings with a breach attorney?
  • 3/24/2022

    Spencer Pollock – Cybersec...

    Mark as Played

    Popular Podcasts

      Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.

      Crime Junkie

      If you can never get enough true crime... Congratulations, you’ve found your people.

      The Piketon Massacre

      The most notorious mass murder in Ohio’s history happened on the night of April 21, 2016 in rural Pike County. Four crime scenes, thirty-two gunshot wounds, eight members of the Rhoden family left dead in their homes. Two years later a local family of four, the Wagners, are arrested and charged with the crimes. As the Wagners await four back-to-back capital murder trials, the KT Studios team revisits Pike County to examine: crime-scene forensics, upcoming legal proceedings, and the ties that bind the victims and the accused. As events unfold and new crimes are uncovered, what will it mean for all involved? What will it mean for Pike County?

      Stuff You Should Know

      If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks then look no further. Josh and Chuck have you covered.

      Morbid

      It’s a lighthearted nightmare in here, weirdos! Morbid is a true crime, creepy history and all things spooky podcast hosted by an autopsy technician and a hairstylist. Join us for a heavy dose of research with a dash of comedy thrown in for flavor.

    Advertise With Us

    For You

      Music, radio and podcasts, all free. Listen online or download the iHeart App.

      Connect

      © 2022 iHeartMedia, Inc.