x

75% of people globally want unbiased news (Pew Research) but are concerned they're not getting that.

Get balanced coverage with Symby. See how stories are covered across diverse outlets and spot when one side covers a story the other skips.

PODCAST

QPC Security - Breakfast Bytes

Felicia King is an internationally recognized CISO and considered to be one of the top network layer security strategists in the U.S. Since launching in 2004 on the WGTD network, her Breakfast Bytes podcast has focused on information security risk management and the issues business leaders need to be aware of to benefit from the challenges others have faced. Learn about the most effective approaches, what you can do to mitigate risk, and how to protect your most valuable assets, your data, and your

technology management

All Episodes

29:31

FTC SafeguardsRule, IRS requirements, and tax preparers

QPC Security - Breakfast Bytes ·

2023/05/05

The IRS regulations for tax preparers being compliant with the FTC Safeguards rule is specified to be enforced starting in June 2023. It is doubtful that the majority of tax preparers are adequately compliant. The IRS published information about this compliance requirement as far back as 2019. https://www.irs.gov/newsroom/heres-what-tax-professionals-should-know-about-creating-a-data-security-plan All of it is common sense and things that orgs should have been doing for ages. IRS publication

en

29:30

Methods to prevent business email compromise

QPC Security - Breakfast Bytes ·

2023/03/31

en

29:30

Business survival over the next decade

QPC Security - Breakfast Bytes ·

2023/03/03

What is the number one thing you can do as a consumer to protect yourself when dealing with tax preparers? Practical examples of what to ask for from your tax preparer and why. What are the total number of people that would have access to my records if I do business with you? You want me to sign a contract with you, terms and conditions that I have to abide by. If you are going to prepare my taxes, show me your affirmation statement where you as a tax prep preparer have put it in writing that you

en

50:03

PSA or ERP - paradigm and requirements analysis

QPC Security - Breakfast Bytes ·

2023/02/19

I get a lot of questions about PSAs, ERPs, and overall paradigms related to core business software. This podcast summarizes things you should be thinking about in your software selection process. After three years of investigating PSA and ERP options including spending a lot of money on software and payroll, the product we like is Odoo. Organizations using a PSA with add-ons approach are really missing the mark. There is no PSA that does project management well. None of them have accounting systems

en

01:00:32

Tech E&O and cyber insurance with Joe Brunsman

QPC Security - Breakfast Bytes ·

2023/02/09

Tech E&O and Cyber insurance with: Joe Brunsman of The Brunsgroup – Expert on Tech E&O and Cyber Insurance YouTube channel – Joseph Brunsman https://www.youtube.com/@JosephBrunsman https://www.thebrunsgroup.com/ Damage Control book https://www.thebrunsgroup.com/book2 Tech E&O and cyber MSP should have a tech E&O policy. They cover different things. What types of third-party claims will they cover? A guy on the Que recently said that he did not think that E&O was required because his customers have

en

29:15

Implications of poor design on security - an example

QPC Security - Breakfast Bytes ·

2023/02/03

Google and how they do their technology Things that make security hard. This is not an exhaustive list of the implications of poor design on security. Covering that topic adequately would likely rival the size of War and Peace. This is a discussion of a tangible example to convey understanding of how technology selection directly correlates to an organizations’ ability to secure or secure their overall environment. In order to accommodate something poorly designed, larger than necessary holes

en

01:50:09

Dark web monitoring and avoiding FUD decisions

QPC Security - Breakfast Bytes ·

2023/01/11

Kathy Durfee – CEO & Founder of Tech House joined Felicia to discuss dark web breach monitoring Scenario: FUD report from a competitor Perceived: Multiple users in their environment were breached. Perceived proof was report with the listing of the users and the passwords and columns that the customers did not know what that data was. Good: Customer told their current IT service provider about the report. FUD – Fear, Uncertainty, and Doubt – is, in the wrong hands, a powerful tool to drive snap

en

29:35

The relationship between proper data handling and...

QPC Security - Breakfast Bytes ·

2023/01/04

Those who listened to the November 19th, 2022 podcast I did with breach attorney Spencer Pollock know that he stated that 90% of the breaches he was involved in over the prior 12-month period would have been non-reportable had the data been properly encrypted. https://qpcsecurity.podbean.com/e/what-you-must-do-in-order-to-prepare-for-a-breach/ (Review link above for attestation and regulatory enforcement proof.) I have three major points for you in this show. You need an IRP You need a CvCISO And

en

29:28

Understanding vCISO services and why you need them

QPC Security - Breakfast Bytes ·

2022/11/30

Recent question I got: What are the major changes that you have seen from security auditors in recent years and/or where do you see the audit process heading? Quick response: For the sake of a high level, automation is and will continue to be used. The size of the IT service provider is NOT a conveyance of their capabilities or capacity. Many 60 person MSPs are grossly incompetent. Some small teams of about 8 people are exceptionally skilled. C-suite needs to drive it from the end in mind. The end

en

39:24

What you must do in order to prepare for a breach

QPC Security - Breakfast Bytes ·

2022/11/19

Breach attorney, Spencer Pollock joins Felicia for a vigorous discussion of what you must do in order to be prepared for an incident or breach. Learn from the breach attorney perspective. Spencer is with the well-known firm McDonald Hopkins. Policies preparation incident response plan tabletop exercises must get breach attorney involved before there is an incident determine your team in advance What's new? regulatory enforcement multi-state class action lawsuits attorney generals getting together

en

29:21

Information Security, Cybersecurity, and Everyone’s...

QPC Security - Breakfast Bytes ·

2022/10/28

What is information security versus cybersecurity? What are policies and why do we care? Isn't that IT's problem? Examples to learn from

en

58:33

Ripping apart cybersecurity insurance

QPC Security - Breakfast Bytes ·

2022/10/12

Special guest: Vince Gremillion – President and Founder of Restech: CISSP, CvCISO, GCIH Overview Travelers policy – requires MFA on switches. They require you comply with the intent of that. Recent Cowbell application did not require MFA! What is required is contingent upon the coverage you are asking for. Some suggestions: Never fill out an app for a client, not even partially MSP comms to a client should be in a document in a detailed format and it should be digitally signed and locked for editing

en

47:26

CISO Workflows

QPC Security - Breakfast Bytes ·

2022/09/30

Frank Raimondi, VP of Channel Development at IGI Cyber Labs IGI CyberLabs has a product called Nodeware which does continuous vulnerability assessment. PenLogic – regular penetration test – once a quarter deep dive heavy one and a monthly light test. CEO buyer’s journey Security velocity Risk scoring is part of security velocity Improve your cyber-hygiene – all small businesses Security 101 is inventory 101 Cysurance – warranty and liability company It’s good that insurance companies are trying to

en

49:33

Business Email Compromise

QPC Security - Breakfast Bytes ·

2022/09/29

Ken Dwight is “The Virus Doctor” – Business consultant and advisor to IT service providers and internal IT at many businesses who have come to him for his training, has his own direct clients. Ken conducts a monthly community meetings for alumni. He provides a list of curated items of current interest for discussion and resources, and has a featured topic which often includes another speaker to provide breadth of perspective. He has been doing this community service for 83 months! I asked Ken to

en

54:58

Vulnerability management with Felicia and Dan - Part 2

QPC Security - Breakfast Bytes ·

2022/09/21

This episode of Breakfast Bytes is Part 2 of a series where Felicia King and Dan Moyer of QPC Security continue their conversation on Vulnerability Management. Listen to Part 1 at https://qpcsecurity.podbean.com/e/vulnerability-management-part-1/. In today’s episode, Felicia and Dan discuss vulnerability management workflows, supply chain risk management, starting with security on the front end rather than retrofitting, and proper patch management. Workflow management 01:10 CISO-related (Chief

en

29:51

File integrity checks (hashing) versus communications...

QPC Security - Breakfast Bytes ·

2022/09/21

We have seen some really goofy cybersecurity insurance application questions. It is always best to not answer a question that is goofy, but instead to write an addendum that defines terms and explains the cybersecurity posture of an organization related to the topic. You need to try to figure what the insurance company was trying to evaluate rather than just answering their questions because their questions are frequently not suitable for yes/no answers. Greg Cloon joins me to discuss this topic. We

en

01:03:15

Vulnerability management that every business decision...

QPC Security - Breakfast Bytes ·

2022/09/13

Felicia King and Dan Moyer of QPC Security talk about vulnerability management, patch management and all the things that business owners are generally not understanding adequately. As a result of that, you're being underserved, misled, and in some cases were lied to and ripped off. Ultimately, many business owners are refusing to pay for what they need for adequate risk management because they don't understand what they need. In today's episode Felicia and Dan fill that gap. Announced on October 6,

en

32:16

Signs of insufficient networking knowledge

QPC Security - Breakfast Bytes ·

2022/07/17

Scenario 1 Phone VLAN on a switch and cross connected into a Firebox with desk phones, PCs, and printers in the environment Questions we actually got: On Monday, we send over the list of what switch ports are for printers, which are for PCs, and which are for desk phones. Technician says that two of the three phones are not working. We use our awesome switches to find out exactly where these other phones were plugged in. The phones were plugged into the wrong switch ports. Move desk phones, phones

en

33:26

About Password Managers

QPC Security - Breakfast Bytes ·

2022/07/16

More than 80% of breaches occur due to credential theft. All organizations have compliance requirements to have org-owned password management systems and MFA enforcement on accounts used by employees and contractors. Some other needs which must be met are: Compliance attestation documentation Proper use of the best MFA method on a per resource basis Aligning business continuity objectives with cybersecurity objectives Developing procedures for staff on how to use the company password manager system

en

29:35

Requirements for premise hosted assets;...

QPC Security - Breakfast Bytes ·

2022/07/01

You should not put things in the cloud unless you can secure them there at least as good as a highly competent professional would have if they had that asset on premise. Cloud hosted assets have additional risks. Counterparty risk Additional outage and accessibility risk You have less control You have less security over the human or governmental access to your content Zero 4th Amendment protections over that data. It's fully subject to FISA searches that the provider is required to never tell you

en

104 results

Similar Podcasts

Lead With AI

Tamara Nall

Linux in the Ham Shack

Black Sparrow Media

Data Engineering Podcast

Tobias Macey

Eye On A.I.

Craig S. Smith

Reflections

Livewire Labs