MSP 1337

Social media lives Social media is somehow a part of our everyday lives, and we see different platforms that cater to varying types of communication and content. With that said, when we misuse the platforms or share too much, we potentially risk all that we care to protect. Join me as I discuss the ins and outs of the appropriate use of Social Media and some world observations on what we can do better.

Cybersecurity is not the primary focus for hiring new employees but is vital to ensuring you hire the right candidate. I sit down with Ted White with Vertical Talent Solutions to discuss a strategy that lines up suitable candidates with MSPs so that the effort spent to get the right candidate isn't a pleasant and perhaps even enjoyable opportunity.

Ever wonder if you should be offering cybersecurity services? Are you taking on liability that isn't worth it? I sit down with Scott McCrady CEO of SolCyber to discuss the opportunities and benefits of partnering with an MSSP.

It is the Third Tuesday of the month, and we bring you to Control 13. This is an exciting Control (they all are) because it is often confused with being legacy, it is also potentially cost-prohibitive, and we believe it will likely only be doable when partnering with third-party resources. Matt Lee brings it home as he always does!

MSP spend a lot of time and energy trying to align with standards from one of the many frameworks that are out there to improve their cybersecurity posture. Whether you do it to meet regulatory requirements, or are just looking to improve your business operations, how do you know when you are failing or succeeding? I sit down with Jim Harryman of Kinetic Technology Group to discuss how evidence comes into play. Policy Process and People are key to collecting that appropriate evidence and Jim and I are going to talk through how to make it part of your cultural habits.

Tabletop exercises or simulations can be daunting and scary. Join me as I sit down with Sarah O'Kelley from Choice Cyber Solutions as we discuss some tips and tricks to success with your first Tabletop.

If you are familiar with CIS v8 Top 18 then you might be comfortable talking about Security Awareness and Skills Training. I sit down with Jim Harryman of Kinetic Technology Group to talk about the Why and the Proof that ever solution provider should be considering in their own traning.

We are on Control 12 in our Fireside chat with Matt Lee and are digging into a control with only one IG1 safeguard and only one IG3 safeguard. Network Infrastructure comes with some rabbit holes and tangents, but I think you will find that this control is essential to most MSPs.

As an MSP, many decisions go into taking on a new client or getting rid of an existing one. I sit down with Charles Love of Showtech Solutions to discuss when the decisions are tied to cybersecurity and where one should consider drawing a line in the sand.

What does it look like to have an employee request approval for a specific tool? Do you have an evaluation process? What types of risks are introduced that you need to consider when evaluating a new vendor, product, or service? All of these questions and more are discussed with Chad Holstead of BKS Group.

When a vendor fills a gap in cyber, they deserve to be heard. I sat down with Nick Wolf of Cork to discuss the cyber insurance industry and the space they fill. I'd say Cork is to cyber insurance like Aflac is to Medical insurance. Join Nick and I as we navigate the challenges with questionnaires, insurance questionnaires, and all the crazy around insurance and coverage.

Storage costs are relatively cheap compared to the cost of storage, but one might say that data recovery is where most MSPs have been very successful. Years back, we were challenged with costs around storage and destination fees costs, so we had to be selective about what we backed up. In today's world, the cost of storage is relatively cheap in comparison, but so many new variables complicate this process. Listen to Matt Lee of Pax8 as we dive deep into CIS Control 11 Data Recovery and explore all five safeguards.

Data protection is tough when you don't know where your data is or who might have access to it. Join me as I sit down with Prandar Das, cofounder of Sotero, as we discuss the challenges and the opportunities that AI and LLM bring as we continue to look at better ways to protect data. Stick around for the four tips to follow on your own journey to protect your data.

How many buzzwords do we have in the MSP world? MSP, MSSP, Web 2.0, AI? At any rate, we now have AI as a buzzword to deal with. Kidding AI is a lot more than a buzzword. Join me as I discuss AI and the risks of AI with Jim Harryman of Kinetic Technology Group.

How we manage our time for a work life balance plays a role in how we work in both in our strategic and tactical workflow. I sit down with Jason Slagle of CNRW to discuss how important keeping track of what we do in a planner or in our PSA or other tools is critical when things happen. Evidence is hard to come by after the fact.

I have heard MSPs say, "we just eat the cost for some services." Whether they are services you have implemented internally are not, it doesn't mean you shouldn't sell those services. Liste to Bill Mulcahey of M6 Technology share his challenges and opportunities. Remember forward progress is good progress!

We have made it halfway through the CIS Top 18 and Matt Lee of Pax8 delivers again with a compelling argument for Control 9's demanding our undivided attention.

Hiring cybersecurity resources and the costs associated with it. What does the job description look like, and what are the responsibilities? Mike Stewart of Anchor Networks and I discuss the challenges and opportunities of hiring staff to help with cybersecurity.

I have had multiple conversations around backup vendors and the shift to solutions that are direct to cloud and other feature requirements that we didn't even consider 6-10 years ago. Remember the world before the data actors started doing data exfiltration. Join me with Matt Horning of Blue Tree Technology as we explore everything from the 3, 2, 1 and other backup models as well as airgapping.

As 2023 comes to a close and you I thought in traditional fashion, we share with you our outlook for 2024. Joshua Smith of Reliaquest and I have a few optimistic observations that might have been shadowed by some Sky Net references, but I think 2024 has a lot of potential. Enjoy the holidays and we will see you soon in 2024.

CJ and Matt Lee of Pax8 discuss control 8, which pertains to audit logs. Some of the safeguards are easy to satisfy... just turn the logging function on and set to 90 days. Others will require more effort but all are reasonable for MSPs to pull off.

From tools and breaches to LLM, IoT and OT we talk about it all. Where we have been and how far we have come with Charles Love of ShowTech Solutions, and Joshua Smith of Reliaquest.

We all know the dangers of connecting to Airport Wifi... Join Sarah Goffman and I as we discuss the dangers of connecting even your cellphone to public wifi.

What does future growth and sustainability look like in the MSP space? Acquisitions abound, SMBs and micro-SMBs bounce from one MSP to another... What is the future yield especially when we start discussing cybersecurity challenges and adopting even good cyber hygiene? I sit down with Eric Hanson of Inland Productivity to get his take on the future of client growth and where those net new clients might be. Whether with existing or new clients, they must recognize the need to improve their cybersecurity posture!

Deep dive into control 7 with some influences of other controls. We know that OS patch management, change management, Third Party App management and third party app patching aren't always prioritized the way it should be considering today's threat landscape. Matt Lee is on a pedestal on this control so stay tuned through the end as we run a bit long on this one.

I sat down with Matt Fisch of Fortmesa to discuss observations and highlights from ITN Connect. From new vendors in the pavilion tackling niche cybersecurity challenges to conversations with Solution providers that show our industry is maturing.

Maybe we have talked about this before? At any rate Business email compromise is a constant threat. We do Phishing simulations and other security awareness training to help our staff and clients make good choices, but we aren't always perfect. I sit down with Dan Gilligan with Integra MSP to hear his journey in dealing with this issue and the tools and training that have changed over the years to keep up with this evolving threat.

What are insider threats? Tim Schnurr and I discuss the importance of cybersecurity in protecting digital assets and preventing insider threats in organizations. There is a overwhelming need for employee education, the use of data classification tools, and the implementation of monitoring tools to track data flow. This is a great way to have open conversations with your employees and your clients as to why it is so important to think before you click on a link, hit send in an email, or download/upload files to file sharing sites etc.

Thinking back ten-plus years on the industry conferences we have attended in person and online. With vendor mergers and acquisitions it is hard to determine which shows you should still attend and every day it seems there is a new road show, quarterly show or another membership conference. How do you make decisions to attend what is relevant?

As we go through the CIS controls we try to stay in sequence but as a result of some discussions at recent events, we decided to jump to Malware Defenses. Hopefully, Matt Lee's insights and my humor will be enough for you to endure 30 minutes on what you should do in your journey to address Malware Defenses.

We talk about frameworks, compliance, cybersecurity, and many things in between but we haven't discussed getting assessed against a framework or even the new CompTIA Cybersecurity Trustmark. I sat down with Omer Kasim Aslim of Lake Ridge to discuss assessments. How the different frameworks, whether prescriptive or not, are often looking for compliance to protect a specific type of data and not an organization's overall security. We go through several scenarios and Omer offers many tips and best practices. Enjoy!

In recent years we have seen Solution Providers begin offering services that are showing a shift in our industry around our client and client prospect needs. Five years ago very few solution providers would be comfortable talking about risk registers, GRC tools, PoAMs, and take a leadership role with our clients. Joine me as I sit down with Chad Holstead of BKS Group to talk about challenges, risks, and opportunities for positioning compliance as a service.

From the trenches... I sit down with Jim Harryman of Kinetic Technology Group to discuss their progress through the new CompTIA Cybersecurity Trustmark. What are the significant challenges and what are the easy wins. A glipse into the journey that got Kinetic Technology Group to where they are today and preparing for their asessment at the end of the year.

Fireside chat with Matt Lee brings us control 6. Access Management goes hand in hand with Account Management but if you have been following along we coverd control 5 last month. Join Matt Lee and I as we deep dive into each safeguard and discuss what you should be doing and then mapping it to the safeguards we cover.

Each day we are bombarded by cybersecurity threats and this episode adds another vector you should be looking at as you address your asset inventory. Are you looking at the asset that controls your thermostat? How about the IP cameras you use to secure your office? These are just some of the many questions as I sit down with Huxley Barbee of Run Zero. It isn't all doom and gloom but the outlook is definitely scary if we don't start taking action to secure the devices that often are ignored or the responsibility and burden is assumed to be already handled.

There is no question that CMMC is here to stay. It is a much-needed maturity model for measuring companies that cater to the Defense space and are doing what is needed to protect Confidential Unclassified Information (CUI). I sit down with Adam Duman of Vanta to discuss frameworks, contracts, cybersecurity challenges, and how all of these things impact a company looking to keep or add contracts within the defense space.

In Cyber we often focus only on the events that come from the ether, the dark web, and we forget that disasters can come from all sorts of events. With a hurricane less than 24 hours from making landfall, I sit down with Charles Love of ShowTech Solutions to discuss their prep.

I am a big fan of Scott Augenbaum's book, "The Secret to Cybersecurity." Specifically, the 4 truths that we talk about with Tye Male, Senior Pastor of Wellspring church. Suspicious email, inconvenient timing, stress-inducing, and when it is all said and done... it has the potential to damage your reputation. Listen in to hear what Tye learned as it pertains to being vigilant and communicating the cyber dangers with friends and loved ones.

We are 1/3 of the way through the CIS Top 18 and I think Control 5 might be my favorite. Matt Lee joins me as we dive into all six safeguards and how important they are in the journey toward cyber resilience.

I remember the days when Joshua Smith and I decided we should build our own MSP. It was simpler times and Cybersecurity was defined largely by firewalls and antivirus. Today starting an MSP or even being a small MSP trying to get arms around cybersecurity is a daunting task. I discuss with Dor Eisner to talk about why he decided to build Guardz. Why the desire to focus on a solution for the smaller MSP and his overall look at the threat landscape. Together we can we can make it more difficult for the threat actors.

There are lots of frameworks to choose from and some are more complicated than others. What is important is that you use some set of controls/safeguards or standards that are measurable and can be aligned with. I sit down with Alex Spigel to talk bout her approach to compliance and how things like responsibility matrixes can help. We are at channelcon23 and I hope to see many of you in person.

Over the past few months we have spent time on policies, how to tackle controls and safeguards in CIS Top 18, and we have even pointed out cybersecurity areas that might be overlooked. In this episode, as we all look at maturing our cybersecurity practice we look at how one might show evidence to support all of the efforts in creating policies, processes, and procedures. Thanks to Chase Griffin for highlighting that sometimes you do need some tools.

It is the 3rd Tuesday of the month and it is time for Control 4 With Mat Lee. This is a shorter episode but we get it done and got great insights on how to go about addressing CIS Control 4.

Policies are the one thing no company wants to create but everyone has to have. We see them show up in employee handbooks, Written Information Security Plans (WISP), and System Security Plans (SSP), and there is no shortage coming from HR. In this episode, Charles Love of ShowTech Solutions, and I explore why policies should involve all staff. Either everyone gets it and acknowledges the need to follow them or they tend to not get followed at all.

I don't often have vendors as guests on the show and so when there is an exception made it is because they are bringing something to the table that is exceptional. Discussing Single Sign-on with Nick Wolf Of Evo Security is a topic that we have touched on before but never in the context of how it might help you address CIS controls or other challenges within your internal management of users or users client-facing.

A little Chutes and Ladders, a little Yellow Brick Road. In this episode, I think you will find that Data Protection is a rather complex beast but through the guidance of Matt Lee of Pax8 you will have the tools you need to better protect what is important to you and your clients.

This week we put a thought towards adding counterintelligence as something that should be part of your Business Continuity, Disaster Recover, and Incident Response. It makes sense when you hear what Darren Mott has to say. As a former FBI agent, his insights both from his time in the field and even now in his new role, are not to be missed. Why is TikTok bad? What are the personal risks that I am taking on by the decisions I make to use technologies like TikTok? What are the potential ramifications for me and my friends...? Not just today... what about 10 years from now?

After we did, "A Doozy of a Story." I was presented with this Gem. It almost feels like a perfect storm but in fact it is a legitimate business and as I discuss the details with Eric Hanson, I want you to think about CIS Control Service Provider Management and Software Management. It is easy to forget that our vendors don't always take a security-first approach.

When cybersecurity insurance first came on the scene it was a new frontier. Everyone seemed to be selling it and everyone seemed to qualify for it. That was then... Sitting down with Reid Wellock of FifthWall was an enlightening discussion of where the industry is at and hope for the future. There are several pointers in this episode and even a book recommendation.

What is a PenTest? What if I can't afford a PenTest? How is a pentest different from a vulnerability assessment? These questions and many more Matt Lang and I attempt to give some direction. Perhaps redefining what a pentest is will be our next endeavor.

Our first fireside chat was about Physical Assets and the hurdles or obstacles faced when trying to get a complete inventory. In this month's special edition, a fireside chat with Matt Lee, we are addressing control 2. This is a focus on really understanding and going about having a good handle on the software and operating systems. As always Matt has great insights and our conversation does drift a bit to other controls. Our hope is that this episode will help you build your foundation as you continue on your journey of Cybersecurity Maturity!

I love a good origin story. Sitting down with Matt Lang of SVAM International showed me just how alike many of our stories are. How we got started in IT, why we started an MSP, and in some cases why we became super passionate about educating our friends, peers and colleagues about Cybersecurity risks. Stick around to the end as Matt shares some great tips on getting more out of the CompTIA ISAO.

We are all too familiar with regulatory requirements and penalties for failing to comply. The FTC has put into effect June 9, 2023 requirements that will directly impact financial institutions. In this episode, we talk specifically about the impact this will have on the automotive industry, very specifically, car dealerships. I am joined this week by Jay Lamb of Core Plus discussing the impact of not properly protecting PII and the areas of focus are not limited to the following: Designate a qualified individual to oversee their information security program, Implement 2FA, Develop an IR plan and several other specifics that sound all too familiar.

Domain Registrations and an extra invoice that has a bit of sticker shock... This and more with Charles Love of ShowTech Solutions. We have talked about doom and gloom in the past but this story is one that I am already losing sleep over. I'd love to hear your thoughts on this one.

If you haven't met me, you know that my passion is to help others with improving their cybersecurity posture. In an effort to make a bigger impact, I have brought Matt Lee of Pax8 on to the show as a special guest to talk about the noise our MSP audience is dealing with. In this episode we talk about some of the challenges we have heard MSPs struggle with and we think this will help our friends and colleagues get past asset inventory in a meaningful way.

We are all to familiar with our own mortality. In this episode we talk about the scenarios that can arise when a key person in a company holds all of the keys and is suddenly taken from us. While there is some morbidity to this episode and it helps us tell the story, it should make you pause and consider what if a key person in the organization is just un reachable? Have you done a tabletop exercise? You don't want to miss out as Sarah Goffman paints a pretty painful picture that I am sure all of us would like to avoid.

As a podcast we pride ourselves in the focus of cybersecurity topics. This is an episode focused on Cybersecurity without talking about cybersecurity. Crazy, I think Ian Richardson of Richardson and Richardson make it almost twenty minutes in before we really do talk about anything tech related. Risk anyone?

CompTIA's research team Seth Robinson and Carolyn April join me in discussing some interesting research trends that cover 4 pillars or steps that I like to refer to as the 4 Ps. Policy, Process, People, and Product. Be forewarned that much of the research is coming from the end-user perspective, but I think you will find the insights are very much important and relevant to the changes happening in our industry and the new opportunities presented as we go into the second quarter of 2023.

Cybersecurity challenges exist in every aspect of our daily lives. Join me as I discuss with Dom Kirby of Pax8 an approach to cybersecurity with friends and family. Technology helps but it doesn't solve it all.

Ever wonder why your prospect or client gets a confused look on their face?  You try to describe the new service offering or features that have been added to improve the security or efficiencies of their task force but they just don't seem to understand what you are trying to tell them.  Join Charles Love, of ShowTech Solutions, and myself as we talk about some ways to change the approach to solutions that will be met with much less resistance and are much easier to understand.

If my organization has no technology can I still be secure?  Matt Topper of Connectwise and I explore Cybersecurity with an approach that says you can prove a mature cybersecurity posture without technology.  Technology is shiny and often can be a distraction from a focus on business functions and what we should be trying to protect.  Stick around until the end as we may in fact find that technology is still a very important component of a mature cybersecurity-focused business.

With Communities, Councils, and Forums just a few weeks away, I thought we should tee up the Unfiltered Fireside chat between Matt Lee of Pax8 and myself.  In this precursor, you will hear our two different approaches to achieving the same outcome.  There might be some references to, "The Yellow Brick Road," and maybe a reference to the children's game, "Chutes and Ladders."  This is a fun banter between two friends that you don't want to miss.  Enjoy!

We talk a lot about social engineering and its potential impact on our employees, our businesses, and even our family and friends.  What we often fail to talk about is our responsibility to ensure that our employees, clients, family, and friends are educated about the dangers.  What can we do to reduce risk without strict and aggressive tools that block or prevent staff from using social media?  We all know they will likely still need to use email and despite our efforts, bad emails still get through to our end users.  Join me with Jim Harryman as we discuss ideas and an approach that gets everyone on board with staying safe when it comes to social media.

We are beginning to see a pattern in frameworks updating or adding additional privacy controls. Whether they are long overdue or not is neither here nor there as they are now being stood up.  From CCPA becoming CPRA, ISO 27001 adding new safeguards, and others all looking to improve privacy.  I sit down with Sarah O'Kelley of Choice Cyber to discuss how data protection and en emphasis on privacy.  Great discussion... Thank you Choice Cyber for the wonderful insights.

Have you ever dealt with a client, prospect, or perhaps an internal event that caused harm to your business or others?  If so I am sure you can relate to feelings of shame, and embarrassment and I am sure many sleepless nights as you work to recover as quickly as possible.  I sit down with Miles Jobgen of CompTIA and Robert Cioffi of Progressive Computing to talk through a real-world experience and how the CompTIA Emergency Response Team came to be.  The Genesis of ensuring that a business doesn't have to navigate an emergency alone.  To have a team come alongside you at no cost to your business.  Volunteers who want to help you! 

There is some buzz circulating about the upcoming CompTIA Cybersecurity Trustmark, Compliance with frameworks, and how to get started as a solution provider.  I sit down with Matt Lee of Pax8 to discuss the opportunities presented to Solution Providers who submit their organization to comply with a framework.  Similarly, the new Trustmark from CompTIA while not a framework on it's own has taken on safeguards from multiple frameworks to give direction and a path toward cybersecurity maturity.

There is still a mindset in our industry that says, " You are too small to need X." With the experiences shared by Sarah Goffman of TCE Communications, we cover the necessity of firewalls, Endpoint protection, and other security components that are necessary for today's threat landscape.  Great conversation and I think a big opportunity to educate prospective and existing clients on the threat landscape.

I sit down with Kevin McDonald of Alvaka to talk about the three main scam types out there and what they look like.  While we might not be able to prevent all threat actors from prevailing, we can make it more difficult and in many cases, our quick actions can reduce the likelihood of someone else falling victim to the same attack.  If it is too good to be true then it probably is!

So this episode is not about Lastpass specifically but about Password Hygiene and best practices around securing your credentials. We talk about the better-than-nothing model and even some unconventional ideas around password management.  Hopefully this conversation with Eric Hanson of Inland Productivity Solutions will give you some ideas on how to talk about better passwords and the necessity of password management with your clients.

Not to follow in everyone's footsteps on predictions... I waited to publish until January 3rd 2023.  I had an opportunity to sit with Steve Alexander, Facilitator and founder of MSP-Ignite, to talk about his hope and predictions for MSP-Ignite members.  I threw in a few of my own just to push some buttons but I think you will find some surprises in this episode.  Please contact me if we missed something or if you have an idea for the next show topic!.

Looking back on 2022 with Joshua Smith of Reliaquest and Charles Love of ShowTech Solutions on looking back on the highs and lows of 2022 and what we hope for in 2023.

I brought Jim Harryman back to finish the conversation on policies and controls.  We left out a few key pieces. 

Whether you have decided to get prepared for an ISO, SOC2, or other audit can be a daunting task.  Listen to the journey and all of it's ups and downs that Jim Harryman goes through to get a SOC2 certification and all of the different things done to prepare.

The impact of an incident is often unknown until we enter into the aftermath.  How it happened can't always be answered but the goal post incident is to determine what can be done to prevent this in the future.  How do we prepare to reduce the impact of a future event when we don't know in advance what that event might be?  Join me as Chad Holstead and I revisit an all to recent event and how his team was able to piece together the events that led up to a user in the client company having their identity compromised with O365.  I learned a lot on this one and i hope you learn something from Chad's experience as well.

How do we create better relationships between vendors and solution providers? How do we get vendors to lean into their partner success?  How do I build confidence in those relationships? This and more as I sit down with Kevin Lancaster of Channel Program.

We spend a lot of time and energy to protect our businesses and our client's businesses from threat actors, natural disasters and even user error.  I'm pretty sure we don't spend enough time focusing on the backups of the data that we are trying to protect.  Join me as I sit down with W. Curtis Preston of Druva to discuss his passion around business continuity and backups.   Be sure to listen for the URL thrown out to download a free ebook, "Modern Data Protection. (an O'Reilly publication)"

Risk has been at the top of mind for several episodes as of late.  So much so that it seems to show up in my Flipboard news feed and suddenly a LinkedIn post popped up by David Schultis, of Red Panda, talking about Risk to UNLV students.  Join us for a conversation around Risk and educating people who often are the risk.

Within every MSP we have roles that involve Account Management and in some cases have even evolved the title to vCIO or other name.  The challenge in many cases is how to charge for this role? Should it be a standalone service offering? Is it just the tip of the spear or the whole spear?  I sit down with Brian Doyle of vCIOToolbox.com to discuss this challenge and opportunity as it pertains to how we provide advisory services both internally and to our clients.

In talking about risk we often don't address risk management plans at all.  In this episode I discuss with Jim Harryman of Kinetic Technology Group, all things risk.  It often starts with a Risk Assessment and we step through what that might look like and how to begin building out a plan within your organization.

I always have wondered why we assume our end users know how to use the technology we provide them.  The age old argument of 10% of the product's capability is actually used.  I sit down with Charles Love to talk about all the interesting things that go on behind the scenes with end users.  We spend a lot of time on a specific vendor or two but these are just to provide good examples.

I couldn't let it go... The browser or browsers have the potential to be the trojan horse.  I sit down with Jim Harryman of Kinetic Group to discuss what we can do within the browser to ensure a more secure posture with resources to protect the user experience.  If you remember in part one of, "Zero Trust Your Browser" we talked about how much power the browser has.  In this episode we focus on reining it in.

You can't secure others if you don't first secure yourself.  Security should be just as important at home as it is at work and you take responsibility for your actions.   I sit down with Scott Augenbaum to discuss what is in his book, "The Secret to Cybersecurity." Spoiler alert there is no secret.  We have a great conversation and I think everyone who listens will find some takeaways that will cost little to nothing to implement.

Regardless of which browser(s) you use how often do you patch them.  Do you maintain the extensions and restrict what is and isn't sync'd.  I sit down with Kenneth May of Swift Chip to discuss how we need to do a better job creating whitelist/blacklist on apps within the browser. Educate the end user on the vulnerabilities created by adding extensions or not relaunching the browser when updates are pending.  It is Cybersecurity month and I think you will find this episode will give you some serious food for thought.

In cybersecurity we don't spend as much time as we probably should in the area of onboarding and offboarding.  Initiated by the HR department or in smaller companies perhaps handled by the company owner to bring in new employees and then of course when an employee exits the company what does that process look like.  Is this process documented and is the workflow the same for onboarding as it is offboarding? This and many other questions associated with people and their role within a company as they are hired and what happens when they leave.  Thanks to Joshua Smith of Reliaquest for walking me through his recent journey of leaving one company to take a new role with another.

A continued discussion on RMM and MDM tools.  How they differ and how they overlap.  In this ever evolving threat landscape they are both extremely important.  In this episode Jim Harryman and I will review some of the historical reasons behind why we have them in our environments but we will really be focused on how they help us now and in the future as BYOD and Cloud computing factor in to our end user and device management.

Over the past two years I have gotten to know Brian Weiss and much of our conversation has revolved around how he continues to improve the security posture of his company.  This is largely tied to an event that took place back in March of 2018 that crippled 1/2 of his then client base.  In this milestone episode 100 we recap his journey when we checked in on him for episode one almost two years ago and how the world has changed in the last four years.

As solution providers we spend a lot of time with different tools and services to support our clients.  I sit down with Charles Love of ShowTech Solutions to discuss how RMM and MDM (DM) go hand in hand in managing the assets placed under our care.

Vulnerabilities and exploits happen to be very common in today's threat landscape and not all vulnerabilities are actionable.  I sit down with Wes Spencer, of Fifth Wall, to provide insights to solution providers on how to communicate with their vendors and their clients in a way that is actionable and with credibility.  As the saying goes, "You are either part of the problem or part of the solution."

I think most of us would agree that protecting data is a very big part of the job as a Solution Provider.  Joshua Smith and I tackle this conversation when it comes to the costs associated with protecting that data and what it means to lead and follow in an ever evolving threat landscape.

As Solution providers (MSPs), a security first mindset can at times be difficult.  We know that our responsibilities to our staff and clients is about reducing the probability of being an easy target.  Cybersecurity isn't easy but it get's easier when you do it with others.  Chad Holstead and I discuss what it means to be part of an integrator group that has agreed upon a set of standards or controls to improve their security posture.

As we recover from a week in Chicago with our colleagues and friends I thought we should take a minute to recount some of the highlights.  I sit down with Lenny Giller of Reliable Technology Services to get his perspective on MSP-Ignite Pre-day and some of the tracks we had an opportunity to attend.  I think clearly the message is to get involved with CompTIA ISAO, get involved with the community and share with each other lessons learned.  Cybersecurity is one step at a time.

The role of an MSP as trusted advisor or vCIO has evolved over the years and more recently it seems the added responsibility of security officer is added to the mix.  In my conversation with Craig Buesing who is the CISO to the Secretary of State of Colorado, we spent a lot of time talking about cybersecurity is a collaboration.  You can't do it by yourself and it is the collaboration and knowledge sharing that makes us all more secure.

One week until ChannelCon and MSP-Ignite Pre-day.  This week we have Dave Sobel, "Host of the Business of Tech Podcast." While Dave and I have been known to go down a few rabbit holes in past conversations, we manage in this episode to focus on three main points: Cyber Tax is a real thing and should be openly discussed with your clients, Tech Debt is a challenge for both vendors and MSPs, and victim blaming doesn't change what has happened.

Table top exercises, Security Awareness Training, and vulnerability management are all ways that we look to improve our security posture. Join me as I talk to Kevin Ireland of Hack The Box regarding teaching your team to participate in red team exercises.

ChannelCon is right around the corner and we are still discussing the culture shift to a cybersecurity first mindset.  I sit down with Joshua Smith of Varonis to talk about how culture shift and doing the right thing are same problem different scale. Whether you are a vendor or an MSP it still comes down to People, Process and Product (technology). We step you through four key steps to begin the shift within your organization.

With the theme of, "Doing the right thing," on our show I had the unique opportunity to sit down with Harry Brelsford to talk about the need for cybersecurity in the Cannabis dispensary vertical.  While this is a very specific niche and is definitely not as mature as many other verticals it was an eye opener for me and I hope you will find opportunity for strength and maturity in cybersecurity.  Harry very neatly breaks down security into three categories that really helps give perspective on areas to improve as we navigate our cybersecurity journey.

As we continue our discussion around "Doing the right thing", I sit down with Eric Hanson of Inland Productivity to specifically discuss 2FA.  There are so many layers in any security stack but there always seems to be a lot to talk about when it turns to 2FA.  Plenty of humor included in this episode!

When doing the right thing could have turned out so different.  I sit down with Jessica Millhiser of Systems Gal to discuss a recent event with one of her clients that could have turned out very differently.  Business Operations is her specialty and what we found in our conversation is that if you aren't weaving cybersecurity into your business processes you are just asking for a breach.

As we continue the discussion surrounding,"Do The Right Thing" it was brought to my attention that I had something in a town hall that an MSP disagreed with.  Join me as I sit down with Matt Horning of BlueTree Technology as we sort out our disagreement and align on a cybersecurity minimum that we agree is necessary for all of our clients.