By Chris Johnson
Educational sound bytes to help MSPs and their clients navigate Cyber Security. Cybersecurity maturity is a journey, don't go it alone. Interviews and guidance from fellow MSPs and other Industry experts.
Our goal is Secure Outcomes and together we can make a difference.
Our goal is Secure Outcomes and together we can make a difference.
Onboarding and Offboarding
In cybersecurity we don't spend as much time as we probably should in the area of onboarding and offboarding. Initiated by the HR department or in smaller companies perhaps handled by the company owner to bring in new employees and then of course when an employee exits the company what does that process look like. Is this process documented and is the workflow the same for onboarding as it is offboarding? This and many other questions associated with people and their role within a company as they are hired and what happens when they leave. Thanks to Joshua Smith of Reliaquest for walking me through his recent journey of leaving one company to take a new role with another.
September 27, 2022
Going Beyond RMM and MDM
A continued discussion on RMM and MDM tools. How they differ and how they overlap. In this ever evolving threat landscape they are both extremely important. In this episode Jim Harryman and I will review some of the historical reasons behind why we have them in our environments but we will really be focused on how they help us now and in the future as BYOD and Cloud computing factor in to our end user and device management.
September 20, 2022
Four Years Post Breach
Over the past two years I have gotten to know Brian Weiss and much of our conversation has revolved around how he continues to improve the security posture of his company. This is largely tied to an event that took place back in March of 2018 that crippled 1/2 of his then client base. In this milestone episode 100 we recap his journey when we checked in on him for episode one almost two years ago and how the world has changed in the last four years.
September 13, 2022
MDM, Not Just for Mobile Devices
As solution providers we spend a lot of time with different tools and services to support our clients. I sit down with Charles Love of ShowTech Solutions to discuss how RMM and MDM (DM) go hand in hand in managing the assets placed under our care.
September 07, 2022
Vulnerabilities and Exploits
Vulnerabilities and exploits happen to be very common in today's threat landscape and not all vulnerabilities are actionable. I sit down with Wes Spencer, of Fifth Wall, to provide insights to solution providers on how to communicate with their vendors and their clients in a way that is actionable and with credibility. As the saying goes, "You are either part of the problem or part of the solution."
August 30, 2022
Data Protection, a Moral Obligation
I think most of us would agree that protecting data is a very big part of the job as a Solution Provider. Joshua Smith and I tackle this conversation when it comes to the costs associated with protecting that data and what it means to lead and follow in an ever evolving threat landscape.
August 23, 2022
What are Integrator Groups?
As Solution providers (MSPs), a security first mindset can at times be difficult. We know that our responsibilities to our staff and clients is about reducing the probability of being an easy target. Cybersecurity isn't easy but it get's easier when you do it with others. Chad Holstead and I discuss what it means to be part of an integrator group that has agreed upon a set of standards or controls to improve their security posture.
August 16, 2022
Recap of Channelcon22
As we recover from a week in Chicago with our colleagues and friends I thought we should take a minute to recount some of the highlights. I sit down with Lenny Giller of Reliable Technology Services to get his perspective on MSP-Ignite Pre-day and some of the tracks we had an opportunity to attend. I think clearly the message is to get involved with CompTIA ISAO, get involved with the community and share with each other lessons learned. Cybersecurity is one step at a time.
August 09, 2022
Lessons from a CISO
The role of an MSP as trusted advisor or vCIO has evolved over the years and more recently it seems the added responsibility of security officer is added to the mix. In my conversation with Craig Buesing who is the CISO to the Secretary of State of Colorado, we spent a lot of time talking about cybersecurity is a collaboration. You can't do it by yourself and it is the collaboration and knowledge sharing that makes us all more secure.
August 02, 2022
Good, Better, Best
One week until ChannelCon and MSP-Ignite Pre-day. This week we have Dave Sobel, "Host of the Business of Tech Podcast." While Dave and I have been known to go down a few rabbit holes in past conversations, we manage in this episode to focus on three main points: Cyber Tax is a real thing and should be openly discussed with your clients, Tech Debt is a challenge for both vendors and MSPs, and victim blaming doesn't change what has happened.
July 26, 2022
Red Team + Blue Team = Purple Team
Table top exercises, Security Awareness Training, and vulnerability management are all ways that we look to improve our security posture. Join me as I talk to Kevin Ireland of Hack The Box regarding teaching your team to participate in red team exercises.
July 19, 2022
Economy of Scale
ChannelCon is right around the corner and we are still discussing the culture shift to a cybersecurity first mindset. I sit down with Joshua Smith of Varonis to talk about how culture shift and doing the right thing are same problem different scale. Whether you are a vendor or an MSP it still comes down to People, Process and Product (technology). We step you through four key steps to begin the shift within your organization.
July 12, 2022
Cybersecurity and Cannabis
With the theme of, "Doing the right thing," on our show I had the unique opportunity to sit down with Harry Brelsford to talk about the need for cybersecurity in the Cannabis dispensary vertical. While this is a very specific niche and is definitely not as mature as many other verticals it was an eye opener for me and I hope you will find opportunity for strength and maturity in cybersecurity. Harry very neatly breaks down security into three categories that really helps give perspective on areas to improve as we navigate our cybersecurity journey.
July 05, 2022
Is 2FA The Right Thing?
As we continue our discussion around "Doing the right thing", I sit down with Eric Hanson of Inland Productivity to specifically discuss 2FA. There are so many layers in any security stack but there always seems to be a lot to talk about when it turns to 2FA. Plenty of humor included in this episode!
June 28, 2022
Almost A Victim...
When doing the right thing could have turned out so different. I sit down with Jessica Millhiser of Systems Gal to discuss a recent event with one of her clients that could have turned out very differently. Business Operations is her specialty and what we found in our conversation is that if you aren't weaving cybersecurity into your business processes you are just asking for a breach.
June 21, 2022
As we continue the discussion surrounding,"Do The Right Thing" it was brought to my attention that I had something in a town hall that an MSP disagreed with. Join me as I sit down with Matt Horning of BlueTree Technology as we sort out our disagreement and align on a cybersecurity minimum that we agree is necessary for all of our clients.
June 14, 2022
Do The Right Thing (see something, say something.)
When you travel, especially when you fly, you see the statement plastered everywhere, "If you see something say something." You are told not to watch someone else's bags etc. Well, when it comes to cybersecurity is it really any different? Eric Hanson and I go through an exercise that looks at this concept applied to cybersecurity. Inconvenience, obstacles, or other anomalies if ignored allow us to continue to be efficient and get our jobs done. How do we balance and appropriately call out concerns or red flags while still doing our jobs?
June 08, 2022
Is Affordable Cybersecurity a Myth?
I have often wondered if we tend to lean towards insurance instead of doing a better job of prevention and protection because it just costs too much. I sit down with Ismael (Izzy) Amado of IT Ninjas to prove how affordable much of cybersecurity really is. Culture change is hard but at the root of cybersecurity, success is people and process. If you are struggling with getting clients or your own employees to take cybersecurity seriously then this episode might just help you push through.
May 31, 2022
Cyber Insurance World Is Changing
With insurance renewals coming for many school districts in July are you able to satisfy the questionnaires? There might be a few curveballs in this conversation. I sit down with Corey Munson of PC Matic to talk about some of the changes that are happening in the space. New requirements that now include specific vendors. New vendors to choose from, limit caps, etc. are all impacting the ability of Tech Directors to successfully answer all the questions.
May 24, 2022
I'm Responsible For What?
Ever had a client say, "I thought you were already doing that?" I recently had a challenge with a vendor product that I had provided an audit for the client to check the security controls and ensure the client had it optimized. The questions I ask Jim Harryman of Kinetic Technology Group are all around how to clearly understand what we are responsible for whether it is with our vendors or clients.
May 17, 2022
Configure and Implement Securely
What should we talk about this week? I have been back and forth with topics recently that involve getting started with cybersecurity and have moved into vendor management and other areas of focus that all revolve around one key theme... Reducing risks and protecting ourselves and our clients. Join me as I discuss with Charles Love of Showtech Solutions, configurations and implementation of products and services. Where does the responsibility of vendor stop and MSP responsibilities kick in. What is an appropriately secured implementation of O365 or really any product or service that your clients need and you have been tasked with implementing and managing. We don't go down any rabbit holes on this one!
May 11, 2022
We don't know what will happen tomorrow or the next day. We do however have responsibilities to our clients and our employees and there are things we can do to plan for events that we don't have control over. Join me with Steve Alexander of MSP-Ignite as we discuss how to plan so we don't end up in the knee-jerk scenario that so often is the first response.
May 03, 2022
Vendor Managment Challenges
As MSPs you are all dealing with managing or providing support services that involve working with 3rd party vendors. In this coversation Eric Hanson and I discuss the challenges of vendors where those who have authority to make decisions on critical infrastructure leave or are no longer in the role that would required them to manage that vendor relationship. This is not a new topic but is often an avoided topic as it pertains to MSPs working with Internet, cell phone and other vendors in supporting their clients.
April 26, 2022
Knee Jerk Reaction or Calculated Decision
Endless topics to discuss and yet we still find ourselves talking about many of the foundational things we should all be doing in our businesses. We can only be accountable for our own actions regardless of the decisions of our vendors or our peers. Who are the vendors I work with today and what happens if they are gone tomorrow? This and many other questions are discussed with Jim Harryman of Kinetic Technology Group. As we evaluate our vendors and the services we offer we discuss having a predefined plan that takes into account levels of urgency. In our case, we use the Defcon threat levels, and whatever model you use we are pretty confident that there really is a sit back and relax for any of the vendors we use for service delivery.
April 19, 2022
Cybersecurity: I'm Stuck
We all struggle with different areas of cybersecurity and there is no perfect solution. That being said we shouldn't get paralysis analysis either, it isn't new and it isn't going away. Most of us started implementing cybersecurity tools and services long before MSSPs existed and have in many cases satisfying controls of the different frameworks anywhere from 10% to 60% and didn't even know it. Join Jim Harryman of Kinetic Technology Group as we navigate areas in which MSPs can continue to improve their cybersecurity maturity.
April 12, 2022
Cybersecurity - How To Start.
The conversations and requests coming from MSPs is still about how to get started. Hopefully, this conversation will help you find your path. Join me as Charles Love and I navigate the getting started in Cybersecurity. Even if you have already started down the path of improving your cybersecurity posture there is always room to improve.
April 05, 2022
Even Small Municipalities need MSPs
Whether it is a small municipality, a school district, or even your local fire department, there is always a need for 3rd party resources. I sit down with Corey Munson of PCMatic to talk specifically about how MSPs can provide a huge benefit to small government entities. We aren't talking about addressing the basic print or internet connectivity issues but more about the challenges we all face in cybersecurity. Whether it is the mayor of a small town in rural Iowa or the one computer at city hall, we all need our devices maintained. There are a lot of great resources referenced in this episode and whether you focus on local government or not they are still relevant to your business. Thanks to MSP-Ignite for making this episode possible.
March 29, 2022
Why Are ISACs and ISAOs Important To Me?
Last week was CompTIA's Communities and Councils Forums and I thought who better to bring on to the podcast than Wayne Selk the new VP of CompTIA's ISAO. Join us as we break down the differences between ISACs and ISAOs and how MSPs can take advantage of what these different entities have to offer as we navigate cybersecurity.
March 22, 2022
Cybersecurity Maturity Starts With Leadership
I sit down with Stelios Valivonis of onShore Security to talk about cybersecurity and the need for dedicated leadership. People, Process, and Procedures are critical to any organizations quest to improve their cybersecurity posture. Stel and I step through some scenarios that we have seen together and some ideas on how to succeed with client resistance to change.
March 15, 2022
Going Beyond Cyber Insurance
There is no shortage of questions coming from Cyber Insurance providers that put an MSP in a difficult position to answer the questions truthfully and the intent of the questions. In this episode, I sit down with Aaron Frazier of American Technology Specialists to discuss how to approach this complex topic with clients and prospects to help satisfy specific questions through enabling technologies—as always, talking to Aaron with ATS is enlightening.
March 08, 2022
Encryption: At Rest & In Transit
Cyber insurance questionnaires are a dime a dozen these days, yet our ability to correctly answer the questions can still be daunting. A Yes/No question doesn't have a Yes/No Answer. You want to answer truthfully, and you also want to ensure that you get the coverage you need. Join me as I sit down with Jim Harryman of Kinetic Group to find some approaches to answering these questions that are both truthful and at the heart of the question's intent...
March 01, 2022
Over the years the role of an Account manager has evolved and taken on many different names (vcio, BSM, vCTO etc.). Today I sit down with Mike Stewart of Anchor Networks to discuss how much this role has changed. Cybersecurity plays a big role in planning and identifying gaps within a prospect or existing client that it can be a daunting endeavor. Join us as we provide some guidance for any vCIO to be successful in discussing cybersecurity with prospective and existing clients.
February 22, 2022
No Magic Bullet
We all no there is no magic bullet when it comes to cybersecurity but that doesn't mean it has to be complicated either. I sit down with Eric Hanson of Inland Productivity Solutions to talk about Incident Management, Incident Response and many more plans, policies and programs that are often reduced to acronyms that get very confusing. One of the key things we talk about is getting to the root of the questions our clients, insurance companies and our client's clients are asking before we try to give them an answer. I try not to pick favorite episodes but this topic was definitely top 10.
February 16, 2022
HIPAA Compliance And M&A
Each week we focus on cybersecurity and there is no shortage of topics. This week I sat down with Nelson Gomes of Medicus IT to discuss HIPAA compliance and Mergers and Acquisitions. As we onboard new clients or deal with clients who are going through M&A then you will definitely want to tune in. We talk about the need for Security Risk Assessments (SRA) and the risks associated with ingesting a new client.
February 09, 2022
Drinking From A Fire Hose?
Over the past few weeks, Governance, Business Basics, and Vendor Sprawl have had one standard and constant theme... We all feel like we are drinking from a firehose. We all know we need to focus on governance, risk, and compliance, but we all suffer paralysis analysis. Chad Holstead of BKS and I had a great discussion about getting started with cybersecurity governance. We are all drinking from the firehose; as our conversation progresses, we quickly conclude that we are better together than alone!
February 01, 2022
Tools with Intent
We have all implemented tools with the intent to solve or address all kinds of different challenges. After they have been implemented, are they working as expected? I sit down with Brian Weiss of ITECH Solutions to talk about just that. We covered a lot of ground regarding getting tools dialed in and where they need SOC services, and additional layers of security might require 3rd party resources. We also uncovered that not all clients make sense to onboard with today's threat landscape. Surprise..., but what about a client you discover isn't willing to change or has become a risk to your business or your other clients? What about when your client onboards a client of their own that introduces new risks?
January 27, 2022
Back To Basics
We recently started a journey down a path that talks about Governance for SMB, picking the right tools/software to run your MSP, and of course, don't forget you can only pick just one... This week I had the opportunity to sit down with Jessica Millhiser of J Mills Consulting to talk about business fundamentals. Almost all of our episodes have focused on Cybersecurity, and I had an aha moment over the weekend; you can't have a security-first mindset if you don't have the fundamentals dialed in. I read a post on Linkedin by none other than Jess and realized that we could really benefit from a reset, get "back to basics."
January 18, 2022
New MSP Perspectives on Cybersecurity
We often take for granted the products and services we use to help reduce overhead and Full-Time Resources (FTE). I sit down with Ismael Amado of IT Ninjas to talk about starting a new MSP right before a pandemic and how important a security-first approach is. Just because the products and services you use aren't associated with cybersecurity doesn't mean they don't directly impact your cybersecurity maturity.
January 11, 2022
Governance for SMB
Almost every time I do a security maturity assessment I find that companies are the least mature in Governance. The areas that seem to need the most attention are Policy and Compliance which is to be expected since that is the area we least like to focus on. In this episode, Sarah O'Kelley from onShore Security and I discuss the differences between governance and leadership and how cybersecurity plays into the leadership and health of an organization.
January 05, 2022
Three Pillars of Cybersecurity
As we prepare for 2022 and the opportunities and challenges it is sure to bring I thought we should take a minute to focus on people. Consumers vs employees, two sides of the same coin, but very different parameters placed on how they interact with the digital world. Join me as I discuss People, Processes, and products, and services with a focus on people. This is a bonus episode as we wrap up the year. Thanks to Joshua Smith of Varonis for taking the time out of his busy schedule to share. I'd also like to thank the MSP-Ignite and all of it's members who actively listen!
December 28, 2021
What To Do About Log4j
I think everyone at this point has heard someone talk about Log4j. Even my 8th grader has heard about it as it was featured on CNN10. This week we are doing a special episode featuring Ryan Weeks, in-house CISO for Datto. This is an episode that every MSP should listen to as it focuses on what MSPs should be doing as it pertains to log4j. How an MSP can be proactive and reduce their threat surface and more importantly create a culture within their company to build out vulnerability management and incident response plans to prepare for future vulnerabilities and exploits. A special thanks to MSP-Ignite for bringing Datto and Ryan Weeks on to this episode. It is always a privilege to get an hour with Ryan. I’d also like to thank all of the MSP-Ignite members who participated as we recorded this episode.
December 21, 2021
Do you ever wonder if you have too many layers in your security stack? Is it possible you have an overlap between one or more of your existing products? While Charles Love and I might have created more questions than answers I think you will find some great suggestions on how to ensure you are managing your security services stack well. Change is hard for all of us but in an evolving threat landscape, we need to be prepared for change!
December 15, 2021
The Little Things
In our quest to provide the best services to our staff and our clients, it is easy to get caught up trying to solve very large problems. I think we are programmed that way as we like the feeling when we overcome those big challenges. I discuss with Jim Harryman of Kinetic Technology Group how what may seem insignificant or small can directly improve the cybersecurity posture of the infrastructure we are responsible for. Thanks to Eric Hanson of Inland Productivity Solution and a few other unnamed resources who inspired this discussion.
December 07, 2021
Why Peer Groups Matter
The month of November has focused on incremental changes that MSPs can make to improve their security posture. I sit down with Jay Tipton to discuss why joining a peer group is one of those incremental changes. If you know Jay you know he has been through a lot this last year. The combined consumption of energy drinks (cases) and countless hours (over 500) invested in recovering from ransomware has given Jay some great insights and wisdom to share with all MSPs.
November 30, 2021
You Can Only Pick Three
What if you could only pick three security products/services to include in your offering? I sit down with Charles Love of Showtech Solutions to discuss the three picks. Surprise alert... We don't pick the same three.
November 23, 2021
We are all dealing with objections when it comes to convincing our clients to take cybersecurity seriously. I sit down with Eric Hanson of Inland Productivity Solutions to discuss the opportunities and challenges of positioning cybersecurity products and services with new and existing clients. Join us as we address some of the top objections.
November 16, 2021
MSP Relevant Framework Adoption
Now that we are in week two of the cybersecurity program we thought it would be helpful for MSPs to have something that they can map their program too. I sit down with Jim Harryman of Kinetic Technology Group to discuss their journey to baseline security with SOC-2 and other frameworks that can help MSPs of all sizes be successful with their cybersecurity maturity journey. Our goals are to give any MSP a level of confidence with supporting evidence of their cybersecurity maturity growth.
November 10, 2021
Paralysis Analysis are commonplace among MSPs, Businesses large and small when it comes to taking on Cybersecurity. As we come off Cybersecurity awareness month we are tackling cybersecurity and incremental approach to implementing a cybersecurity program. Join me as I discuss a where to start approach with Charles Love of Showtech Solutions.
November 02, 2021
Ounce of Prevention = Pound of Cure
After we talked about the pre/post-boom I thought we should cover the security services side of being an MSP. Join me with Joshua Smith of Varonis as we talk about understanding what it is that we are trying to protect. Do we understand the risks? Are we talking to the right stakeholders? We are now in season two and just in time for the holidays... Do you know where your data is? Do you have the right tools in place? Thanks to our sponsor MSP-Ignite for making this episode and all of Cybersecurity month a reality!
October 26, 2021
What have you done to prepare for ransomware or other incidents that can cause repercussions that impact your business? Do you have a plan in place for post-boom or after an event has happened? This week I am joined again by Eric Hanson of Inland Productivity Solutions to discuss Protect and Detect. What are the tools and services in place for protecting yourself and your client?
October 19, 2021
Cybersecurity for SMB MSP
Businesses come in all shapes and sizes, and when it comes to cybersecurity, there is no one size fits all. I sit down with William Mulcahey of M6 Managed IT to discuss what it means as a smaller MSP. Some good questions, and while not all of the questions necessarily have answers any of us want to hear, hopefully, it gives some guidance on where to start.
October 12, 2021
Cyber Insurance. A no brainer!
Sitting down with Jeremiah Grossman of Bit Discovery and Jeffrey Smith of Cyber Risk Underwriters to talk about the need to have cyber insurance. What it covers and how relatively inexpensive it is compared to not having coverage at all. Advocating for everyone to buy insurance (cyber insurance). Knowing that the cost of insurance in many cases is far less expensive than trying to satisfy one more security control. Looking at the risk and probability will help you determine how much coverage you might need to buy. Requirements to get cyber insurance are becoming more significant. It is no longer just about the questions or questionnaire but it is now becoming more about seeing the evidence of security.
October 05, 2021
Hoodies vs Suits
A few weeks back I attended Blue Team Con in Chicago. Based on one fo the sessions that discussed the culture challenges and shortages of qualified candidates I asked the founders of Blue Team Con to join me to discuss the challenges of finding talent and what to look for. Why are hacker (hoodies) conferences always filled by young people? Why are other events that focus more on the blue team security defense side attended by those in business attire (suits) and seem to be an older age group? Thanks to Frank McGovern and Stel Valavanis, founders of Blueteamcon, for a great conversation.
September 28, 2021
Power is out... now what?
We recently talked about BCDR and making sure there is a plan in place that is communicated. It felt like we left a few things out so this week I sat down with Charles Love again to hash out some of the procedures. Join us as we discuss Tolerance, Expectations, and Categorical identifiers and how each have their own deliverables to ensure the best outcome for all involved. No internet for 15 minutes? No Power for 2 hours? What happens if the power is going to be out for 4 hours or all day? Just some of the scenarios we will discuss. Thanks Again to your sponsor ITPRO.TV
September 21, 2021
Business Continuity (BCDR)
I don't think there are any MSPs who aren't dealing with backups of data for their clients, whether it is for onsite data or cloud services it has become par for the course. In this episode I sit down with Charles Love of ShowTech Solutions to talk about pitfalls and obstacles we face with our clients when trying to appropriately size and position a BCDR solution. We even talk about the risks and security that go into deciding which vendors or solutions to use. CIS v8 Control 15 anyone? Thanks to ITPro.TV for making this episode possible.
September 18, 2021
Adding an "s" to MSP (Compliance and Me)
Security and Compliance go hand in hand, but we live in a world where cybersecurity obligations are still driven by what our clients might require of us. You don't have to become an MSSP to prioritize cybersecurity in our own businesses and our clients. We don't have to be experts in cybersecurity controls, but you need to participate and guide your clients on the controls they need to address. As you work towards or maybe have already added an "s" in MSsP, are you providing guidance and helping to provide evidence to support how to address security controls internally and with our clients. Brian Doyle of vCIOToolbox and I discuss this and other points brought to light as we address cybersecurity and the compliance control sets used to prove that security posture. Thanks to ITPRO.tv for being our sponsor.
September 07, 2021
Power outages, slow internet, ransomware, and many other scenarios cause a finger to get pointed at someone. I know I have had a few fingers pointed at me and I know that I have also done my own share of finger pointing. In recent discussions with other MSPs I came to the following conclusion... Finger Pointing doesn't help! Eric Hanson of Inland Productivity and I sit down to discuss ways to reduce the finger pointing during crisis to get the client back online and working as quickly as possible.
August 31, 2021
Recent Breaches in the Media
With T-Mobile, AT&T, and now even Microsoft reporting breaches questions start to come up as to what can be done. Why is this happening? Don't these companies focus on securing our information? I have also noticed that many of the answers coming from these large companies is a bit cold and lacks any real empathy towards their customers who have now become potential victims. Join me as I discuss this with Chad Holstead from BKS and our take on what can be done as an MSP and how taking a proactive approach may prevent or at least reduce the impact on those compromised.
August 24, 2021
O365 Cybersecurity Tips and Tricks
We have all had an opportunity to work with a Microsoft product or two in our careers. This week I sit down with Charles Love to recap some recent O365 challenges we both faced and better prepared for future migrations, upgrades, and enhancements. Cybersecurity and O365 don't play nice out of the gate with each other, but that doesn't mean we can't get it locked down appropriately. We cover licenses and product types as pertains to different compliance frameworks and regulations. We discuss MX Records and DNS Monitoring, and we get into some of the security defaults that often get overlooked when an MSP onboard a client that already has O365 in place.
August 18, 2021
It seems we have covered different cybersecurity frameworks and the challenges MSPs face to become compliant, but until now we haven't talked specifically about HIPAA compliance. As an MSP you might find that you are a Business Associate and not knowing doesn't let you off the hook. Join Bryan Sullo and me as he fires questions about HIPAA compliance and I try to answer as many of them as I can. If we leave something out please let us know.
August 11, 2021
Cyber Insurance. Am I Covered?
It seems that more often than not we talk about Cyber Insurance. The last two episodes we talked specifically about risk and going back to December 2020, Episode 8, we talked about cyber insurance and ransomware with Frank Bauer of Vade Security. A recent voicemail from Eric Hansen of Inland Productivity Solutions prompted a discussion around Cyber Insurance. Here are the key discussion points: 1. Do I have enough insurance? 2. If I make a claim will my insurance company pay? 3. My clients don't have it so how does that impact my risk? These are just a few questions and as we explore the topic we ask you the listener to send in additional questions that we might answer on future episodes.
August 03, 2021
Last we we discussed client risk and even a bit about our own risks. Throughout our discussion I kept thinking we need a way to score our prospective or existing clients to help determine those that bring us more risk. There is one person I know that is meticulous in how he manages the onboarding process and so I am happy to say Charles Love is back to give us some tips on how to create a client or prospect scorecard.
July 27, 2021
Most of us can relate to a client grading system. We grade client's prompt bill payments, how they treat our techs, demands, or requests that sometimes seem outlandish or impossible. In our ever-changing world of managed services, we are now layering on security service offerings that have potential consequences that may include ourselves when declined. Join me this week as I sit down with Jim Harryman of Kinetic Technology Group to discuss client risk and how to address it. Our goal is that our listeners would see a path towards exiting a relationship with a client as a last resort (pertaining to cybersecurity). Jim has some great tips, and I think we would all agree that none of us want to see our clients succumb to ransomware or other threats due to refusing to implement cybersecurity recommendations.
July 21, 2021
If you haven't seen the NIST definition of Zero Trust then you have come to the right episode. I sit down with Bryan Sullo of Clock Tower Technologies to discuss what Zero Trust really means to those of us who operate in the realm of an MSP. As we go in circles on zero trust we begin to unpack the cybersecurity stack and compare it to balancing a checkbook. I'm not sure we have the full comprehensive answer so if you have ideas or suggestions related to this episode or a topic you would like us tackle in the future please send them to firstname.lastname@example.org Thanks to MSP-Ignite for helping us make this episode happen.
July 13, 2021
Do you ever feel like you aren't the expert? You are meeting with a prospect or an existing client, and you suddenly doubt your abilities... If you have ever been there and felt like you were just weren't good enough and what do the clients or prospects think when we don't have an answer. Join me as I sit down with Joshua Smith, former business partner, and a cybersecurity expert himself, as we navigate imposter Syndrome. This is a vulnerable episode as we admin some of our challenges early on in our careers and how we overcame our limitations to continue being the experts in the room with our prospects and clients. Expertise isn't a destination; it's a journey. Remember that imposter syndrome is self-inflicted. Thanks to MSP Ignite for helping us make this happen. Do you ever feel like you aren't the expert? You are meeting with a prospect or an existing client, and you suddenly doubt your abilities... If you have ever been there and felt like you were just weren't good enough and what do the clients or prospects think when we don't have an answer. Thanks to MSP Ignite for helping us make this happen.
July 06, 2021
Communication Etiquette and Protocols
Starting with Communication and what is appropriate? We will discuss the different types of communication and when they should be used to have effective communication. When to use Chat, when to use email, when to use phones, and text messaging. This leads us down the path for incident response and other more urgent communications are getting to the right person and read. I sit down this week with Matthew Schroeder a grad student at Lindenwood University to talk about communication protocols and how they should be used correctly to ensure that we get our messages to the appropriate party as quickly as possible. Thanks to our sponsor and partner MSP-Ignite for making this happen.
June 29, 2021
Gas Prices and Meat Shortages
As the podcast series has grown to more than 30 episodes it is starting to feel like Deja vu. We have topics to choose from that will likely go on indefinitely but is there a pattern to this madness as we work together to go on the offensive. The threat actors are still getting away with huge ransoms tied to poorly implemented configurations, protections not properly installed alongside people who still click on the link or use weak passwords. Join me this week with the return of Eric Hanson of Inland Productivity Solutions as we talk about why it's different this time. Finally, we have a breach or a series of breaches that everyone is paying attention to. If we can reduce our client's risk we can reduce our own risk. We have to take responsibility and accountability for our data in order to see real change. Cybersecurity is a shared responsibility. Our Cyber insurance companies are asking questions about our security posture before they will continue coverage. What is needed to get our clients to recognize their risks that in turn is our risk? It's time to get brutally honest with our clients. Thanks to our sponsor and partner MSP-Ignite for making this happen.
June 22, 2021
Hope For Ransomware
Is there hope in the fight against ransomware? In this week's episode, I sit down with Greg Edwards of CryptoStopper to discuss ransomware and other exciting topics. It is long past due that we get proactive and take the fight to the bad guys. There is hope and it isn't a single product or service but more an approach. If you haven't met Greg Edwards you are in for a treat as he talks about his journey as an MSP fighting what seemed like a losing battle with ransomware and how a change in how they approach the fight isn't out of reach for the rest of us. Thanks Again to our partner and sponsor MSP-Ignite.
June 15, 2021
Do you Know Your Client (KYC)
Recently Common Controls Framework put out a survey that asked respondents questions about how well they know the people in their client's companies and the people that work there. I thought I would really like to understand what went behind the questions and what the survey results looked like... So I reached out to Dorian Cougias, CEO and founder of Common Controls Framework. After several conversations about the schemas and research that goes into a KYC exercise, we were able to put together this episode that focuses on the importance of KNowing Your Client. Join me this week as Dorian and I go on a journey down the rabbit hole of who people are underneath the surface and not just what they listed or didn't list on their resume or LinkedIn profile. This episode focus on the need for answers to these two questions: 1. What is your client's truth posture? 2. What is your client's security posture? Thanks again to our partner and sponsor, MSP-Ignite, for making this happen.
June 08, 2021
Performing Tabletop Exercises
A recent post on Linkedin asked whether you do Table Top Exercises internally or with your clients? It hit me right between the eyes. We talk about the need to do them, and I am guilty of not getting past the conversation stage, so I decided to sit down with the guy who posted the question. Join me this week as I sit down with Art Gross of Breach Secure Now to talk about tabletop exercises and how we don't have to make it complicated.
June 01, 2021
Student Perspective on Cybersecurity
This week I sit down with a former student, Matthew Schroeder, to talk about his take on cybersecurity. What inspired him to pursue a path in cybersecurity and the opportunities that await. While we do go down a rabbit hole or two, it is important to know that we are really focused on sharing our cybersecurity passions and answering some questions around automation and people. Did I mention people? Thanks again to our sponsor Pinpoint Solutions, LLC, and our partner MSP-Ignite for making this happen.
May 26, 2021
Privacy, Consumerism and SASE
People and Privacy, From one office of twenty or thirty employees to twenty offices of one employee per home office. 2020 was difficult for all of us as we adapted to new working conditions both at home (most of us) and at the office or school, where you might have to follow vastly different protocols to stay safe. This week I am joined by Raffi Jamgotchian of Triada Networks to talk about privacy and an increasing request for Secure Access Service Edge (SASE). We uncover that while security in the workplace is paramount, its privacy on the consumer side is really at the core. End users love checking their email on their personal phones as it's convenient but try getting them to install a 2FA app on their phone, and now you are trying to get them to submit to an Orwellian workplace. Thanks again to our sponsor Pinpoint Solutions, LLC, and our partner MSP-Ignite for making this happen.
May 18, 2021
Security Awareness Training
Over the past twenty-plus episodes, we inevitably get around to talking about people. In episode 22, "Cybersecurity Still Comes Down To People", only reinforces the need to hear what my guest, Craig Taylor of Cyberhoot has to say. We talk about educating the unwilling when it comes to cybersecurity but it is so much bigger than that. Join us as we discuss the finer points of vendors who provide products that aren't set to a security state as a default, Frameworks that might include the need to protect data and provide training to staff but don't think it's important enough to be number one priority. Thanks again to our sponsor Pinpoint Solutions, LLC, and our partner MSP-Ignite for making this happen.
May 11, 2021
Evaluating Vendors (Part 2 of 2)
Last week we talked about vendor evaluation from an MSP perspective and this week we talk about it from a client or end-user perspective. Join me as I sit down with Jon Munford of New London Community School District to continue the vendor evaluation discussion. It may come as no surprise but there are three checklist times that are an exact match with last week's episode. Thanks again to our sponsor Pinpoint Solutions, LLC, and our partner MSP-Ignite for making this happen.
May 04, 2021
Evaluating Vendors (Part 1 of 2)
In this two-part series we are taking a look at vendor evaluation from the perspective of an MSP and then next week we will look at it from the perspective of a client. While checklists are important one thing that comes up frequently is to make sure that when evaluating a vendor that you are in the right state of mind. What problems are you trying to solve? Is this a need or a want? Join me once again as I welcome Charles Love to this episode as we unpack evaluating vendors and their approach to confidentiality, integrity, and accessibility. A big thanks to our sponsor, PC Matic, Endpoint Security built on a zero-trust/default deny philosophy, allowing only trusted sources and blocking all the rest. Lightweight, simple to deploy, easy to manage & compatible with all major antivirus products. Find out more about PC Matic by visiting PCMatic.com/msp/.
April 27, 2021
An Emerging Pattern.
Having gaps in your cybersecurity is inevitable, but plugging gaps with products and services doesn't necessarily make you more secure. It may put your business at a greater risk of compromise. I had the opportunity to sit down this week with Rick Mischka of Short Arm Solutions and one of The Cyber Pro Podcast hosts to talk about some of the emerging trends from the many interviews on their show that focuses on 10-12 questions about cybersecurity. There was one consistent pattern that emerged... People making decisions that have a significant impact on their companies, but because we have become so desensitized to password compromise, breaches with big companies splashing headlines in the media, and our desire for convenience and comfort. Lots of ideas, and you can bet that Rick will be back on a future show. A big thanks to our sponsor, PC Matic, Endpoint Security built on a zero-trust/default deny philosophy, allowing only trusted sources and blocking all the rest. Lightweight, simple to deploy, easy to manage & compatible with all major antivirus products. Find out more about PC Matic by visiting PCMatic.com/msp/.
April 20, 2021
Policies are a hot topic as insurance companies ask to see them, clients of clients ask to see them and even our peers are asking to see what policies we might have in place. Join me this week as I sit down with Joe Ambrosole of Net Connect as we discuss the importance of having policies and how to overcome some of the biggest obstacles as we work through them to get employees' and even clients' buy-in. A big thanks to our sponsor PC Matic, Endpoint Security built on a zero-trust/default deny philosophy, allowing only trusted sources and blocking all the rest. Lightweight, simple to deploy, easy to manage & compatible with all major antivirus products. Find out more about PC Matic by visiting PCMatic.com/msp/.
April 13, 2021
Protected and Secured
Sitting down with Marcus J. Ranum, Author of "The Myth of Homeland Security" and credited with a number of innovations in firewalls and intrusion detection systems, as well as being a co-founder at Tenable. We take a look at some of his predictions that date back to 2004 and earlier. We also look at Cybersecurity through the lens of reliable systems. If the system can be relied on then one would argue that it is probably secure. Ultimately it comes down to a properly motivated Systems Administrator who is focused on solving root problems and not just adding another layer of proverbial Duct tape. A big thanks to our sponsor PC Matic, Endpoint Security built on a zero-trust/default deny philosophy, allowing only trusted sources and blocking all the rest. Lightweight, simple to deploy, easy to manage & compatible with all major antivirus products. Find out more about PC Matic by visiting PCMatic.com/msp/.
April 06, 2021
Vulnerability Assessment or Penetration Test?
Whether you are required to adhere to regulatory compliance or have voluntarily picked a framework to map your cybersecurity strategy and you inevitably come to crossroads with a vulnerability assessment or a penetration test. Join me this week as I sit down with Kenneth May of Swift Chip Inc. as we dissect when it is appropriate to go beyond a vulnerability assessment. The repercussions of a penetration test when a policy or guideline is not in place. If you are wondering about vulnerability assessments and penetration tests and how to determine when you should execute one or both then this episode is for you.
March 30, 2021
Cybersecurity Comes Down To People
LinkedIn as a social networking platform is an extremely powerful tool. I was given some advice recently, by Corey Munson of PC Matic that I should connect with ProCircular. I followed Corey's advice and randomly selected an employee to connect with. I managed to connect with the founder Aaron Warner and it was a podcast at first chat. We discuss in this episode everything from the Microsoft Exchange hack to Mass spectrometers. You don't want to miss this episode as we highlight several key opportunities for MSPs that don't require financial investments to make a reality. Thanks again to our sponsor Pinpoint Solutions, LLC, and our partner MSP-Ignite for making this happen.
March 23, 2021
Cybersecurity Solutions Still Alienate The SMB
In this week's episode, I sit down with Stel Valavanis of onShore Security to discuss Cybersecurity tools and solutions from the perspective of an MSP. Stel brings a lot of insight as he has been an MSP who focused on the SMB and now an MSSP focused on the Mid-market and enterprise. We take a look at the challenges and potential opportunities in the SMB space, we find that there is still hope, as it is not all doom and gloom. While we don't have all the answers to bring the SMB into the fold we do find some areas that an MSP can put some energy into and see results.
March 16, 2021
Transitioning to MSSP or MSsP
One MSP’s journey and transformation into an MSSP or as I like to call it MSsP. Join me as I sit down with Chad Lauderbach of Be Structured Technology Group and hear first hand what it takes.
March 09, 2021
Defining The Why...
We have talked about compliance and frameworks. We have talked about products and services and the gaps they fill to improve our security posture. We have even spent time mapping those products and services to the controls they satisfy but, have we defined the why (knowing the risks) which is where it all needs to start. Join me as I sit down with James Bowers of Input Output as we talk through the why.
March 02, 2021
The Great America Recovery
For the first time in the MSP 1337 podcast series, I get to sit down with a friend and colleague from across the pond. An opportunity not to be missed as I sit down with Ian Trump-Thorpe to discuss the Great America Recovery. 2020 Was awful for many of us and as we roll into spring 2021 there is a definite opportunity to rebuild our infrastructure. Join Ian and me as we take a look at the past, present, and future of cybersecurity and how it impacts the MSP. Thanks to our sponsor vCIOToolbox.com for making this episode possible.
February 23, 2021
NIST Domains: MSPs Strengths and Weaknesses Across The Five Domains
MSPs have always provided to their clients' products and services that fall into the domains of Detection and Protection as well as Identification. That said, there are two categories in the NIST domain that have often been given little to no attention... Respond and Recover. Join me this week with Steve Alexander of MSP Ignite to discuss the finer points of Response and Recover.
February 16, 2021
Evolution of an MSP: From Infrastructure to End Users
The past decade and beyond the MSP has always been about managing the technology infrastructure of their clients. As the evolution of an MSP has gone from a business model that was largely break-fix has become over time a per-user model. Our products and services have largely been tied to enabling our clients to do what they do best. In more recent years it has become increasingly tied to adding protective layers for our client's employees through products and services ranging from VPNs and 2FA all the way out to policies and procedures. What used to be about protecting the employees from themselves, from bad hardware, bad software, etc. Is now about monitoring what they do, where they go, when they do it, and yes how. Join me this week with Jim Lippie of SaaS Alerts as we look at the past to better understand the future of MSPs providing security services to their clients.
February 09, 2021
Navigating a Terrain Unlike Any Other
A brief trip down memory lane to simpler times... Looking back 3-5 years we took on the likes of ransomware and malware with additional tools and products that made us look, dare I say, pretty good to our clients in keeping them safe as we avoided paying ransoms by recovering from backups or preventing the spread to the rest of the client's network or even warding off would-be attackers. Fast forward and 2020 seemed to take many MSPs and their clients by surprise. Join me this week with Bryan Sullo of Clock Tower Technology as we discuss how our clients and prospects are bringing the questions and concerns to us rather than us taking our concerns and security plans to them.
February 03, 2021
Don't Drink From The Same Cup
When drinking from the same cup or bowl doesn't make sense. Adding redundancy and capacity in the event there is an outage, not so much for your client but for you, the MSP. This week we welcome back Eric Hanson of Inland Productivity as we discuss different options for redundancy.
January 26, 2021
Getting Started with CIS Top 20
I recently had an opportunity to sit down with a long-time friend and colleague, Jason LeDuc of AccessIT Group, and discuss CIS Top 20 and a walk-through of the critical 6. We spend a few minutes on each control, and that while there is no "easy button," it doesn't mean this has to be difficult. Stay tuned through the end to hear about which control is as important, if not more important, than all the other controls!
January 20, 2021
Cybersecurity in K12
This week I had an opportunity to sit down with Corey Muson of PC Matic and talk about Cybersecurity in the K12 space. MSPs have a huge opportunity to come into the K12 space and help the Tech Directors and other K12 staff navigate a space that is uncharted territory for many. Join us as we share insights and opportunities to help K12 staff defend against the threat actors who are now targeting this demographic.
January 12, 2021
Co-Managed IT and Educating the Unwilling
It is 2021 and we are jumping right in with a conversation focused on co-managed IT and an idea that says we have to educate the unwilling. We aren't as important as we would like to think we are and our clients and prospective clients hate it when we use fear to sell anything, let alone cybersecurity. I am joined again by Eric Hanson of Inland Productivity as well as a new guest Bob Coppedge of Co-Managed IT.
January 05, 2021
MSP, MSSP or MSsP...
Each Week we talk about a different area of Cybersecurity and how it pertains to an MSP. This week I discuss with Eric Hansen of Inland Productivity what it means to position and sell security services, The number of dashboards or panes of glass we find ourselves trying to consolidate, and whether or not that is a good idea. Last, we talk about how each of these areas put an MSP in a position of asking one simple question... do I stay an MSP or become an MSSP? I think we have come to the conclusion that all MSPs need to add a lower case "s" as all need to be focused on Security Services as a part of your stack but that doesn't mean you have to change who you are!
December 22, 2020
Vendor and MSP Alignment
In this episode, I explore with Colin Knox of Gradient what it means to have alignment with our vendors. That not all of our vendors are a good fit for every client. Last but not least make sure that your clients know who your vendors are. That if something happens it isn't just you left holding the bag.
December 15, 2020
Ransomware and Insurance
What is the correlation between Insurance and Ransomware? Are Insurance companies and Threat Actors in cahoots? Find out as we explore the challenges faced by MSPs. I am joined this week by Frank Bauer of Vade Secure and together we journey back to the days of Zenith and the earlier days or less challenge days of being an MSP when it comes to security. Insurance was loosely goosey and largely anyone could get insurance. Shout out to Mike Semel and his timely article ""MSP Sued" with some relevant tips to avoiding the ransomware nightmares and making sure you will have the coverage you need from your insurance provider.
December 08, 2020
Shiny Objects Part 2
What does 1337 mean? How did MSP 1337 come about? and more of shiny object syndrome. Join me with our returning guest Joshua Smith as we talk about the mistakes we made when we ran Untangled Solutions and how to avoid our pitfalls as you evaluate Security solutions to implement in your organization.
December 02, 2020
Shiny Object Syndrome
As a former MSP and a consultant to many MSP and MSSPs I wanted to take a few minutes to talk about "Shiny Object Syndrome". Many of you who know me know that I have always struggled with what I refer to as the shiny object syndrome which can cause some serious company problems and while historically it was tied more to business improvements and solving problems I didn't know existed until I found that shiny object. Today it's a bit different as the shiny objects are tied more to the idea that there is a tool, widget, service of some kind that can help me and you the listener become better at security. We will talk about SIEMs, SOC as a service, and other tools and widgets that might be a great fit but at what cost. Do I have the resources to implement? Is it replacing something that already does it? Does it overlapping with another product but I need to keep both? These questions and many more... Together we will step through how to make decisions in a space that is evolving faster than we can keep up with scalpel-like tools and services showing up every day.
November 24, 2020
Almost every MSP I have ever talked to has dealt with change control but very few have a change control plan. The feedback is often tied to lack of caring on the part of the clients or it slows us down and prevents us from getting the changes done in a timely manner. Join me on this episode with C2 Computer Services where I talk with Craig Lojewski in a discussion around how one client demanded Change Control Plan for all changes and it led to the implementation across all clients for any change that had impact to infrastructure.
November 18, 2020
How do you secure your assets if you don't know what assets you have? Join us today as we talk to Lenny Giller of RTS and discuss implementing CIS Top 20 Control one that focuses entirely on Hardware Asset Management (HAM).
November 10, 2020
With work from home becoming the new normal how do we ensure that we have secured the endpoint. What was once an office of 20 employees might now be 20 offices of 1. Let's explore some tips and recommended best practices to keep what's important secured in a manner that doesn't overburden IT.
November 04, 2020
In this episode, we will be discussing the woes of getting phished. How to educate your staff and clients about phishing so that they don't get hooked by those looking to inflict damage to the company or person.
October 27, 2020
Recovering From a Ransomware Breach
In this Episode we will be chatting with CEO Brian Weiss of ITECH Solutions about a fateful day in 2018 that changed his MSP forever.
October 20, 2020
October 19, 2020
October 19, 2020