If you’re a managed security provider (MSP), managed security service provider (MSSP), virtual CISO, or a cybersecurity professional looking for insights and advice on ways to build bridges with your clients (or vice versa), look no further than Cyber for Hire | The Managed Security Podcast! Presented in partnership with MSSP Alert and ChannelE2E, Cyber for Hire, is a weekly 60-minute podcast (in two 30-minute segments) hosted by Ryan Morris, Principal Consultant at Morris Management Partner ...
…
continue reading
If you’re a managed security provider (MSP), managed security service provider (MSSP), virtual CISO, or a cybersecurity professional looking for insights and advice on ways to build bridges with your clients (or vice versa), look no further than Cyber for Hire | The Managed Security Podcast! Presented in partnership with MSSP Alert and ChannelE2E, Cyber for Hire, is a weekly 60-minute podcast (in two 30-minute segments) hosted by Ryan Morris, Principal Consultant at Morris Management Partner ...
…
continue reading
1
Endpoint Security: Entering the Era of AI and XDR. - CFH #30
12:56
12:56
Play later
Play later
Lists
Like
Liked
12:56
Endpoints are everywhere and come in many forms, and especially in today’s BYOD environment, it’s becoming increasingly difficult to maintain visibility and control over all of them. Unfortunately, rouge endpoints represent an enticing attack vendor for adversaries who are always looking for a way inside your network. But according to an August 202…
…
continue reading
1
How Managed Services Providers Can Exceed Evolving SecOps Expectations - Christopher Fielder - CFH #30
49:20
49:20
Play later
Play later
Lists
Like
Liked
49:20
The days of an MSSP or MSP being a security device babysitter are over. Clients expect more from your SOC, SIEM and SecOps offerings, and evolving attacks will demand more of you. It's time to level up -- but how does one upgrade from basic to top-tier services? According to our featured speaker, there are several key steps: more comprehensive, cro…
…
continue reading
1
Level Up: How Managed Services Providers Can Exceed Evolving SecOps Expectations - Christopher Fielder - CFH #30
36:34
36:34
Play later
Play later
Lists
Like
Liked
36:34
The days of an MSSP or MSP being a security device babysitter are over. Clients expect more from your SOC, SIEM and SecOps offerings, and evolving attacks will demand more of you. It's time to level up -- but how does one upgrade from basic to top-tier services? According to our featured speaker, there are several key steps: more comprehensive, cro…
…
continue reading
1
Sign Language: How to Write Effective Security Services Contracts - CFH #29
26:17
26:17
Play later
Play later
Lists
Like
Liked
26:17
There's a lot that goes into the creation of a managed services contract before the client ever puts their John Hancock on the dotted line. As an MSSP, you want to make sure that expectations, for both sides of the relationship are spelled out clearly and cogently. The language within must address key terms and stipulations related to payments, rol…
…
continue reading
1
Supply Chain Security: How Moving Accountability Upstream Helps & Hurts MSSPs - Dave Sobel - CFH #29
35:35
35:35
Play later
Play later
Lists
Like
Liked
35:35
One of the most significant takeaways of the White House's recently unveiled National Cybersecurity Strategy is the assertion that software developers, OEMs, and technology service providers must bear the brunt of the responsibility -- rather than end-users -- for keeping cyber environments secure. With the looming prospect of further legislation a…
…
continue reading
1
Supply Chain Security: How Moving Accountability Upstream Helps & Hurts MSSPs - Dave Sobel - CFH #29
1:01:46
1:01:46
Play later
Play later
Lists
Like
Liked
1:01:46
One of the most significant takeaways of the White House's recently unveiled National Cybersecurity Strategy is the assertion that software developers, OEMs, and technology service providers must bear the brunt of the responsibility -- rather than end-users -- for keeping cyber environments secure. With the looming prospect of further legislation a…
…
continue reading
Try as they might to keep their clients in compliance with privacy and security regulations, managed services providers are still at the mercy of the organizations they serve. Unfortunately, companies don't always follow the MSSP's or vCISO's advice on items like responsible data stewardship, privacy policies and breach notification. If an attack d…
…
continue reading
1
Balancing Dark Web Threat Intel: Fair Attention for MSSPs - Alex Holden - CFH #28
56:10
56:10
Play later
Play later
Lists
Like
Liked
56:10
Our guest for this segment spends his days where others dare not tread: the deep dark web. Here he collects information on cybercriminal activity that could be a precursor to major attack or evidence that one has already occurred. For companies that can't or won't conduct dark-web recon for themselves, outsourcing this threat intelligence service i…
…
continue reading
1
Equal Time? Ensuring Each MSSP Client Gets Their Fair Share of Attention - CFH #28
19:37
19:37
Play later
Play later
Lists
Like
Liked
19:37
Every MSSP customer is different in their own way. But they all deserve to remain secure from attacks. And so it's important that managed services providers don't play favorites to the point where certain clients eat up a disproportionate amount of time and resources. MSSPs must ensure that they are fairly and proportionally allocating their accoun…
…
continue reading
1
Patrolling the dark web: The challenges and opportunities of outsourced threat intel - Alex Holden - CFH #28
36:38
36:38
Play later
Play later
Lists
Like
Liked
36:38
Our guest for this segment spends his days where others dare not tread: the deep dark web. Here he collects information on cybercriminal activity that could be a precursor to major attack or evidence that one has already occurred. For companies that can't or won't conduct dark-web recon for themselves, outsourcing this threat intelligence service i…
…
continue reading
1
Non-compliant Clients: Righting the Ship Before Regulators Pounce - Brian Johnson - CFH #27
31:53
31:53
Play later
Play later
Lists
Like
Liked
31:53
Try as they might to keep their clients in compliance with privacy and security regulations, managed services providers are still at the mercy of the organizations they serve. Unfortunately, companies don't always follow the MSSP's or vCISO's advice on items like responsible data stewardship, privacy policies and breach notification. If an attack d…
…
continue reading
1
Beware FUD: Avoiding Fear Tactics when Selling Your Managed Services - CFH #27
28:10
28:10
Play later
Play later
Lists
Like
Liked
28:10
The consequences of a cyberattack can be devastating, and it does make sense for managed security services providers to impress on their current and prospective clients the risks of not investing in prevention and response. However, many cyber thought leaders believe that certain lines should not be crossed. Advice is one thing; fearmongering is an…
…
continue reading
1
M&A Integration Challenges & Alert Fatigue: MSSP Strategies for Client Escalation - Jim Broome - CFH #26
1:02:00
1:02:00
Play later
Play later
Lists
Like
Liked
1:02:00
Last year, ChannelE2E listed more than 1,000 merger and acquisition deals involving MSPs, MSSPs and other similar service provider organizations. Typically when any M&A deal occurs, there are bound to be redundancies and overlaps in services, tools and personnel. For MSSPs that find themselves in this situation, it's important to consolidate and in…
…
continue reading
1
M&A Madness: Overcoming MSSP Integration Challenges Following an Acquisition - Jim Broome - CFH #26
36:33
36:33
Play later
Play later
Lists
Like
Liked
36:33
Last year, ChannelE2E listed more than 1,000 merger and acquisition deals involving MSPs, MSSPs and other similar service provider organizations. Typically when any M&A deal occurs, there are bound to be redundancies and overlaps in services, tools and personnel. For MSSPs that find themselves in this situation, it's important to consolidate and in…
…
continue reading
1
Avoiding Security Monitoring Alert Fatigue: When Do You Escalate to Your Client? - CFH #26
25:33
25:33
Play later
Play later
Lists
Like
Liked
25:33
MSSP SOC analysts are often barraged with security alerts that pop up as anomalous activity is detected on clients' networks. Not all of these notifications are worth reporting and acting upon, but it takes only one overlooked incident to result in a full-fledged attack on the customer. This segment will look at the perennially challenging question…
…
continue reading
1
Generating Economies of Scale With Your MSSP Business Model - CFH #25
25:25
25:25
Play later
Play later
Lists
Like
Liked
25:25
Managed services providers know that investments in talent, tools and infrastructure can take a heavy financial toll. But as MSSPs continue to grow and take on more clients, they can hopefully achieve certain economies of scale such that their previous infusions of funds eventually pay for themselves. This session will look at the key investment ar…
…
continue reading
1
Risk Quantification & Optimization: Reducing the Randomness of Risk Response - Ira Winkler - CFH #25
38:21
38:21
Play later
Play later
Lists
Like
Liked
38:21
Risk isn't a static measurement. Threats like malware campaigns, vulnerabilities, human error and unreliable third-party partners can fluctuate in their severity depending on ever-changing circumstances. That's why knowing which risk is of highest priority at any given time can allow MSSPs to dynamically adjust their prevention and mitigation effor…
…
continue reading
1
Quantifying Risk & Optimizing Responses: Scaling Your MSSP for Reduced Randomness - Ira Winkler - CFH #25
1:03:40
1:03:40
Play later
Play later
Lists
Like
Liked
1:03:40
Risk isn't a static measurement. Threats like malware campaigns, vulnerabilities, human error and unreliable third-party partners can fluctuate in their severity depending on ever-changing circumstances. That's why knowing which risk is of highest priority at any given time can allow MSSPs to dynamically adjust their prevention and mitigation effor…
…
continue reading
1
Defining Your Geographic Market: Stay Regional or Go Global? - CFH #24
36:46
36:46
Play later
Play later
Lists
Like
Liked
36:46
You’re a big fish in a pretty big pond. But there are vast oceans to explore. Do you test the waters or not? For MSSPs who have prospered regionally, there’s a lot to be considered before expanding into new geographical territories, especially international markets. Such as: business culture differences, market preferences, regulatory factors, lang…
…
continue reading
1
Going Passwordless: Preparing Your Clients for a Credentials-Free Future - Christine Owen - CFH #24
1:09:18
1:09:18
Play later
Play later
Lists
Like
Liked
1:09:18
It's been a big year for the passwordless movement, with tech giants Apple, Google and Microsoft supporting the FIDO Alliance's efforts to replace conventional credentials with passkey technology. Still, passwords have long been engrained into people's daily routines, so users may need some convincing to change their behaviors. And likewise, manage…
…
continue reading
1
Going Passwordless: Preparing Your Clients for a Credentials-Free Future - Christine Owen - CFH #24
32:37
32:37
Play later
Play later
Lists
Like
Liked
32:37
It's been a big year for the passwordless movement, with tech giants Apple, Google and Microsoft supporting the FIDO Alliance's efforts to replace conventional credentials with passkey technology. Still, passwords have long been engrained into people's daily routines, so users may need some convincing to change their behaviors. And likewise, manage…
…
continue reading
1
Optimizing Vendor Relationships: How to Get in Your Partners' Good Graces - CFH #23
16:17
16:17
Play later
Play later
Lists
Like
Liked
16:17
Obviously, managed security providers want to optimize their rapport with customers. But don't overlook the importance of fostering a mutually beneficial relationship with your cyber solution vendor partners as well. In this segment, we'll look at how MSSPs can best leverage their vendor agreements to ensure they're receiving top-notch, responsive …
…
continue reading
1
Managed IAM: The Quest for an Evolved Identity Experience - Bill Brenner - CFH #23
38:01
38:01
Play later
Play later
Lists
Like
Liked
38:01
Today marks the beginning of the Identiverse conference in Las Vegas, where leaders in security gather to discuss advancements in the world of identity and access management. For MSSPs that specialize in managed IAM services, it's important to stay on top of the latest trends, including those revealed in a series of reports and articles that CyberR…
…
continue reading
Today marks the beginning of the Identiverse conference in Las Vegas, where leaders in security gather to discuss advancements in the world of identity and access management. For MSSPs that specialize in managed IAM services, it's important to stay on top of the latest trends, including those revealed in a series of reports and articles that CyberR…
…
continue reading
1
Are MSSPs Snubbing Web Security? Why Websites Take a Back Seat to Network Needs - CFH #22
27:22
27:22
Play later
Play later
Lists
Like
Liked
27:22
It's understandable why many organizations' cyber investments heavily concentrate on protecting core networks and data centers from breaches and ransomware attacks. But let's not overlook the importance of ensuring that your website remains operational, especially when it directly drives revenue through sales or advertisements. Threats such as DDoS…
…
continue reading
1
Breaking Down the Board Room Barrier: Positioning the vCISO as a Key Business Voice - Don Pecha - CFH #22
32:06
32:06
Play later
Play later
Lists
Like
Liked
32:06
Infosec leaders shouldn't just be reporting to the board room to explain themselves when things go wrong. They should be a regular part of the strategic business discussions that take place inside a company's executive halls. That's true whether they're directly employed by the company or they're a contracted vCISO provided by an external managed s…
…
continue reading
Infosec leaders shouldn't just be reporting to the board room to explain themselves when things go wrong. They should be a regular part of the strategic business discussions that take place inside a company's executive halls. That's true whether they're directly employed by the company or they're a contracted vCISO provided by an external managed s…
…
continue reading
Risk assessment questionnaires are a standard practice when evaluating current or prospective third-party partners. And yet some folks may justifiably ask: How valuable are these questionnaires if there are no consequences for fudging your answers, or even outright lying? This session will examine common weaknesses and oversights in the third-party…
…
continue reading
1
Pricing Practices That Fit the Bill - CFH #21
34:34
34:34
Play later
Play later
Lists
Like
Liked
34:34
A great many MSSP security professionals are truly passionate about making the digital world a safer place for businesses and their users. But at the end of the day, it is still a business, and good cybersecurity isn't free. And therein lies the strategy around pricing: What pricing models work best for your organization and appeal most to your cus…
…
continue reading
1
Removing the B.S. from Third-Party Risk Assessments - Merike Kaeo - CFH #21
37:48
37:48
Play later
Play later
Lists
Like
Liked
37:48
Risk assessment questionnaires are a standard practice when evaluating current or prospective third-party partners. And yet some folks may justifiably ask: How valuable are these questionnaires if there are no consequences for fudging your answers, or even outright lying? This session will examine common weaknesses and oversights in the third-party…
…
continue reading
What’s the best way to ensure operational resilience against cybercriminals’ tactics, techniques and procedures? Well, just rearrange the letters in TTP, and you get PPT: people, process and technology. This session will examine how organizations can score, benchmark and improve their cyber resilience through a combination of security processes, pr…
…
continue reading
1
Cultivating Operational Resilience Through People, Process & Technology - Pete Bowers - CFH #20
45:04
45:04
Play later
Play later
Lists
Like
Liked
45:04
What’s the best way to ensure operational resilience against cybercriminals’ tactics, techniques and procedures? Well, just rearrange the letters in TTP, and you get PPT: people, process and technology. This session will examine how organizations can score, benchmark and improve their cyber resilience through a combination of security processes, pr…
…
continue reading
1
Rehabilitating Your Reputation After a Security Setback - CFH #20
54:46
54:46
Play later
Play later
Lists
Like
Liked
54:46
The worst has happened. You failed to protect one or more managed services clients from a cyberattack. Maybe you were even infected yourself. Or perhaps a failed product launch or negative engagement with a customer has resulted in a scathing review. There are lots of ways an MSSP can wind up with a tattered reputation -- and sometimes they're not …
…
continue reading
The cyber talent shortage is well documented. Rather than just trying to outbid each other in a competitive job market, wouldn't it be nice if MSSPs were also able to build out their talent pipelines through professional development programs? This session will look at strategies for creating an assembly line of ready-to-go cyber professionals to ad…
…
continue reading
1
Work-from-Anywhere: Securing the Blurry Edges of Your Network - CFH #19
41:52
41:52
Play later
Play later
Lists
Like
Liked
41:52
In the last few years, many companies have found that their home offices and their internal on-prem networks are no longer always the central core around which their business operations revolve. Even with more employees returning to the office now, remote and hybrid workforce models are here to stay, thanks to an exponentially increased reliance on…
…
continue reading
1
Populating the Talent Pipeline Through Professional Development - Mike Hamilton - CFH #19
35:21
35:21
Play later
Play later
Lists
Like
Liked
35:21
The cyber talent shortage is well documented. Rather than just trying to outbid each other in a competitive job market, wouldn't it be nice if MSSPs were also able to build out their talent pipelines through professional development programs? This session will look at strategies for creating an assembly line of ready-to-go cyber professionals to ad…
…
continue reading
1
The RSA Conference: How to Stand Out on the Show Floor - CFH #18
49:09
49:09
Play later
Play later
Lists
Like
Liked
49:09
Jugglers! Magicians! Freebies! You can find plenty of commotion and distractions on the show floor at the RSA conference or any major cyber convention for that matter. If you're a managed security services provider trying to sell your wares, it can be a challenge to distinguish yourself amid all the noise and chaos of events like these. This segmen…
…
continue reading
Your favorite intelligence feeds are warning of several up-and-coming new campaigns that are victimizing companies much like your clients. Maybe they're even targeting MSSPs themselves. Now it's up to you to assess and prioritize these latest threats, and determine to what extent they require you to change your approach, institute additional safegu…
…
continue reading
1
Threat Intel Reports: How Reactionary Should You Be? - Juan Valencia - CFH #18
37:20
37:20
Play later
Play later
Lists
Like
Liked
37:20
Your favorite intelligence feeds are warning of several up-and-coming new campaigns that are victimizing companies much like your clients. Maybe they're even targeting MSSPs themselves. Now it's up to you to assess and prioritize these latest threats, and determine to what extent they require you to change your approach, institute additional safegu…
…
continue reading
Who won the Super Bowl this year? Everyone did, in the sense that there were no major cyberattacks that disrupted the flow of the "Big Game" -- unlike, for instance the Pyeongchang Olympics, where ticket distribution was affected on the night of the Opening Ceremonies. For contracted cybersecurity services providers, protecting a prestigious one-of…
…
continue reading
1
Go Broad or Stay Specialized With Your Services? The Quality vs. Quantity Debate - CFH #17
43:36
43:36
Play later
Play later
Lists
Like
Liked
43:36
It's a tough call for MSSPs: Be really good at a small subset of services, which potentially limits your customer base? Or become a jack of all trades, but potentially stretch your resources thin and risk the possibility that you won't be able to truly master any of your specializations? This session will hopefully help cyber service providers find…
…
continue reading
1
The Game Within the Game: Securing the Super Bowl & Other Large Gatherings - Michael Smith - CFH #17
44:19
44:19
Play later
Play later
Lists
Like
Liked
44:19
Who won the Super Bowl this year? Everyone did, in the sense that there were no major cyberattacks that disrupted the flow of the "Big Game" -- unlike, for instance the Pyeongchang Olympics, where ticket distribution was affected on the night of the Opening Ceremonies. For contracted cybersecurity services providers, protecting a prestigious one-of…
…
continue reading
1
The Biggest Zero Trust Architecture Gaps You Need to Fill. - CFH #16
48:16
48:16
Play later
Play later
Lists
Like
Liked
48:16
Creating a zero-trust architecture is a gradual process that starts with understanding precisely what you need to implement a “never trust, always verify” approach within your extended organization. Rather than materializing all at once, organizations often develop a ZTA in phases over time. However, during this maturation process, gaps in zero-tru…
…
continue reading
1
How to Organize Your Managed Services Taxonomy & Excel in Key Categories - Craig Robinson - CFH #16
41:58
41:58
Play later
Play later
Lists
Like
Liked
41:58
Having a clear and cogent taxonomy that classifies your managed cyber services into distinct buckets or categories is an important step for MSSPs looking to define and differentiate their market offerings to clients. Customers can refer to your taxonomy to better understand your scope of services and ensure they don’t leave gaps in their security p…
…
continue reading
Having a clear and cogent taxonomy that classifies your managed cyber services into distinct buckets or categories is an important step for MSSPs looking to define and differentiate their market offerings to clients. Customers can refer to your taxonomy to better understand your scope of services and ensure they don’t leave gaps in their security p…
…
continue reading
1
What’s Fueling Growth for MSSPs Today? - Jessica C. Davis - CFH #15
33:46
33:46
Play later
Play later
Lists
Like
Liked
33:46
What are the market trends that are driving growth and changes in the managed security service provider market? MSSPAlert.com, an affiliate of Cyber for Hire, does an annual survey of MSSPs to find out about growth trends, technology providers, different types of incidents they see in their work with small and mid-sized businesses, and other inform…
…
continue reading
What are the market trends that are driving growth and changes in the managed security service provider market? MSSPAlert.com, an affiliate of Cyber for Hire, does an annual survey of MSSPs to find out about growth trends, technology providers, different types of incidents they see in their work with small and mid-sized businesses, and other inform…
…
continue reading
1
Cybersecurity in the Age of Generative AI - CFH #15
40:35
40:35
Play later
Play later
Lists
Like
Liked
40:35
ChatGPT and all of its competitors are not just text generators, they are also powerful tools that can be used for good or for evil in the realm of cybersecurity. • What are the implications for MSSPs in the scope of their own services as well as the threat vectors for clients? • What are the applications of generative AI for hackers and threat act…
…
continue reading
1
Adopting the CIS Controls Framework: The Biggest Benefits & Challenges - Joe Alapat, Matt Miller - CFH #14
36:04
36:04
Play later
Play later
Lists
Like
Liked
36:04
Now in its eighth iteration, the Center for Internet Security's Critical Security Controls (CIS Controls) framework provides organizations with 18 categories of high-priority best practices that they can follow in order to improve their cyber hygiene, while remaining in step with key regulations. In this segment, we'll look at what MSSPs and their …
…
continue reading
Now in its eighth iteration, the Center for Internet Security's Critical Security Controls (CIS Controls) framework provides organizations with 18 categories of high-priority best practices that they can follow in order to improve their cyber hygiene, while remaining in step with key regulations. In this segment, we'll look at what MSSPs and their …
…
continue reading