Best qpcsecurity Podcasts (2024)

1
Navigating the AI Frontier: Caution, Control, and Opportunity 28:29

8d ago28:29

28:29

Good morning, you're listening to Breakfast Bytes, and I'm Felicia King. Today's episode takes a deep dive into the world of artificial intelligence, offering a perspective that challenges the mainstream narrative. Instead of jumping on the AI bandwagon, we'll explore the importance of cautious engagement and risk management when dealing with this …

1
Understand implications of IT procurement using cabinets as an example 29:22

2M ago29:22

29:22

Felicia stressed the importance of informed decision-making in technology services and products, and the need for involving skilled professionals in decision-making processes. She also discussed the longevity of structural furniture, the challenges in network switch installation, and the need for a formal procurement process in the IT department. F…

1
What is zero trust cybersecurity? 28:52

3M ago28:52

28:52

Welcome to an insightful episode of Breakfast Bytes, featuring an in-depth discussion about Zero-Trust Cybersecurity, a vital approach to modern cybersecurity practices. Understand why this network layer protection strategy is essential to guard your business and residential networks against harmful threats. From a reflective analysis of the cybers…

1
Incident response and mitigating supply chain attacks 28:44

3M ago28:44

28:44

In this episode of Breakfast Bytes with Felicia King, we navigate the complex but crucial realm of cyber security. We explore the emerging menace of supply chain attacks and underscore the vital need for proactive incident response planning. Felicia reveals the staggering average cost of a cyber-attack, per employee and endpoint, and explains why s…

1
K12 Technology and Cybersecurity Challenges and Solutions 29:12

3M ago29:12

29:12

In today's episode of Breakfast Bytes, hosted by Felicia King, we delve into the pressing issue of cybersecurity in K-12 education with special guest, Chris Rule, a Technology Director with 25 years of experience. We discuss the urgent need for tangible action in this area and explore operational maturity practices like third-party information secu…

1
Practical example of how operational maturity improves productivity while reducing risk 28:20

3M ago28:20

28:20

In this episode of Breakfast Bytes, vCISO Felicia King of QPC Security uses an example of dark web data and how it can be leveraged. She describes how operational maturity in an organization can make that organization more competitive, lower risk, improve collaboration, improve culture and employee retention, while reducing risk. She explores why a…

1
Unlocking Strategic IT Investments and Information Security 1:16:18

4M ago1:16:18

1:16:18

"Unlocking Strategic IT Investments and Information Security: Expert Insights with Gina King" dives into the critical aspects of IT investments and infrastructure. Felicia King, host of 'Breakfast Bytes', engages in a captivating conversation with Gina King, a leading Chief Information Security Officer. The extensive dialogue sheds light on necessa…

1
Domain/DNS hosting, account ownership, security issues and TCO 58:52

4M ago58:52

58:52

Join us in this insightful episode of Breakfast Bytes with Felicia King, along with our guest Kyle Wentworth of the Wentworth Group. We delve into a balanced exploration of business needs vs IT security needs, demonstrating the magnitude of this issue with a case study of a massive spam operation hijacking over 8000 trusted brand domains. https://t…

1
Cyber Insurance versus Cyber Warranty 1:25:57

4M ago1:25:57

1:25:57

In today's episode of Breakfast Bytes, we are delighted to have Joe Brunsman from Brunsman Advisory Group as our special guest. Known for his extensive knowledge on the intersecting worlds of insurance and cybersecurity, Joe offers beneficial insights on the evolving sphere of insurance exclusions and how businesses can navigate these changes amids…

1
Demystifying IT Services and the Shared Responsibility Paradigm 33:45

5M ago33:45

33:45

Welcome to another eye-opening episode of Breakfast Bytes hosted by Felicia King. In this episode, we dissect prevalent misconceptions in the IT industry particularly regarding services like NOC, SOC, XDR, and SOAR. Explore the conundrum between cybersecurity checkbox exercises and the pivotal need for legitimate risk reduction efforts. Moreover, d…

1
How establishing requirements properly results in best outcomes 29:51

6M ago29:51

29:51

Felicia is joined by fellow CISO Dawn Montemayor, partner at PureCyber, which is a security minded business consulting firm. Learn from two CISOs about how vital it is to use operationally mature processes in requirements definitions in order to achieve effective outcomes while avoiding toxic behavior in complex entities. the importance of vulnerab…

1
Operational Maturity is required to have Information Security Risk Management 2:01:30

6M ago2:01:30

2:01:30

Felicia is joined by Laura Conrad, a Security Architect with 30 years of experience in enterprise environments. Laura currently reports directly to a CISO, and has been an integral part of the information security program at two large enterprises. Felicia has consulted with 26 large enterprises and numerous SMB organizations in the last 30 years. S…

1
Managing the impact of changing IT service providers 29:43

6M ago29:43

29:43

Felicia shares insights on the pitfalls of changing IT service providers or MSPs for both clients and the IT service providers themselves. This content is based upon a number of questions that other MSPs have posed to Felicia asking for advice as well as numerous first hand experiences on the subject. This podcast is primarily for IT service provid…

1
CMMC and latest DoD memo implications and far reaching effects related to FedRAMP 29:25

6M ago29:25

29:25

Special guest Tobias Musser of MNS Group generously shares with the Breakfast Bytes audience his wisdom and insight into what is a challenging and nuanced regulatory landscape that has far reaching business implications. https://mnsgroup.com/ A vigorous discussion of the implications of the latest DoD memo about DFARS 7012 FedRAMP or FedRAMP modera…

1
Why the ship has sailed on BYOD 29:38

8M ago29:38

29:38

Tom Dean of Consulting Adventures joins Felicia for part three of the analysis on mobile devices and the problems with them. OKTA breach, IT admin’s password getting stored in gmail password synced manager Two-way problems. Personal on business and business on personal Lack of clarity around device wipe, device use policies, apps running on devices…

1
Threats to mobile devices and how to manage them, part 2 29:47

8M ago29:47

29:47

Part 2 of a series on threats to mobile devices and through mobile devices. Tactics and techniques to deal with those threats.Cohost: Tom Dean – Consulting Ventures Tom has decades in capital goods manufacturing industry (fortune 500 scale) Years of experience in marketing, sales & interfacing with independent dealers/distributors (small/medium sca…

1
Physical threats to mobile phones, SIM hijacking, out of band SMS, and Yubikeys 29:34

9M ago29:34

29:34

Part 1 of a two-part series on threats to mobile devices and through mobile devices. Tactics and techniques to deal with those threats.Cohost: Tom Dean – Consulting Ventures Tom has decades in capital goods manufacturing industry (fortune 500 scale) Years of experience in marketing, sales & interfacing with independent dealers/distributors (small/m…

1
How to analyze workloads and decide how they should be hosted 29:28

10M ago29:28

29:28

The process of determining how workloads should be hosted is very complex and not a decision that should be abdicated to the IT service provider. Business decision-makers must be involved in those decisions as only they are able to define the key criteria that all other factors are dependent upon.By Felicia King

1
How a lack of understanding of business processes relates to adverse financial impact 29:37

11M ago29:37

29:37

CTO Kyle Wentworth joins Felicia for a discussion about how businesses can avoid adverse financial impacts. Lack of understanding of the language of technology It changes so incredibly fast that it takes a sea of people who understand the pieces Complete perspective of how the business of technology should be run Understand what governance and comp…

1
Email security management and monitoring is critical 29:17

12M ago29:17

29:17

Why it is critical to have an email security expert managing and monitoring email security configurations and delivery of email on an ongoing basis. Instructions from marketing automation platforms are not adequate. It matters A LOT what you are trying to do with email. Getting these items configured is an art form. Vendors are continually failing …

1
CISO, CTO, CIO, what’s the difference? 29:37

1y ago29:37

29:37

Kyle Wentworth of Wentworth Consulting Group joined Felicia to compare/contrast three C-suite level IT/IS related roles. Kyle has 35 years of business experience and has been working on computers since 1976. He is a: Fractional CTO Business coach Business process modeler Kyle has a great resource on his website to help people understand the differe…

1
Zero trust fundamentals 29:34

1y ago29:34

29:34

Zero trust is not a product you buy. The problem that most organizations have is that they are still not doing the fundamentals well. CIS has a community defense model. I did a detailed webinar on it where I covered a lot of these fundamentals. https://www.qpcsecurity.com/2023/02/16/addressing-information-security-fundamentals-with-cis-and-communit…

1
FTC SafeguardsRule, IRS requirements, and tax preparers 29:31

1y ago29:31

29:31

The IRS regulations for tax preparers being compliant with the FTC Safeguards rule is specified to be enforced starting in June 2023. It is doubtful that the majority of tax preparers are adequately compliant. The IRS published information about this compliance requirement as far back as 2019. https://www.irs.gov/newsroom/heres-what-tax-professiona…

1
Methods to prevent business email compromise 29:30

1+ y ago29:30

29:30

Methods to prevent business email compromise.By Felicia King

1
Business survival over the next decade 29:30

1+ y ago29:30

29:30

What is the number one thing you can do as a consumer to protect yourself when dealing with tax preparers? Practical examples of what to ask for from your tax preparer and why. What are the total number of people that would have access to my records if I do business with you? You want me to sign a contract with you, terms and conditions that I have…

1
PSA or ERP - paradigm and requirements analysis 50:03

1+ y ago50:03

50:03

I get a lot of questions about PSAs, ERPs, and overall paradigms related to core business software. This podcast summarizes things you should be thinking about in your software selection process. After three years of investigating PSA and ERP options including spending a lot of money on software and payroll, the product we like is Odoo. Organizatio…

1
Tech E&O and cyber insurance with Joe Brunsman 1:00:32

1+ y ago1:00:32

1:00:32

Tech E&O and Cyber insurance with: Joe Brunsman of The Brunsgroup – Expert on Tech E&O and Cyber Insurance YouTube channel – Joseph Brunsman https://www.youtube.com/@JosephBrunsman https://www.thebrunsgroup.com/ Damage Control book https://www.thebrunsgroup.com/book2 Tech E&O and cyber MSP should have a tech E&O policy. They cover different things.…

1
Implications of poor design on security - an example 29:15

1+ y ago29:15

29:15

Google and how they do their technology Things that make security hard. This is not an exhaustive list of the implications of poor design on security. Covering that topic adequately would likely rival the size of War and Peace. This is a discussion of a tangible example to convey understanding of how technology selection directly correlates to an o…

1
Dark web monitoring and avoiding FUD decisions 1:50:09

1+ y ago1:50:09

1:50:09

Kathy Durfee – CEO & Founder of Tech House joined Felicia to discuss dark web breach monitoring Scenario: FUD report from a competitor Perceived: Multiple users in their environment were breached. Perceived proof was report with the listing of the users and the passwords and columns that the customers did not know what that data was. Good: Customer…

1
The relationship between proper data handling and real risk reduction 29:35

1+ y ago29:35

29:35

Those who listened to the November 19th, 2022 podcast I did with breach attorney Spencer Pollock know that he stated that 90% of the breaches he was involved in over the prior 12-month period would have been non-reportable had the data been properly encrypted. https://qpcsecurity.podbean.com/e/what-you-must-do-in-order-to-prepare-for-a-breach/ (Rev…

1
Understanding vCISO services and why you need them 29:28

1+ y ago29:28

29:28

Recent question I got: What are the major changes that you have seen from security auditors in recent years and/or where do you see the audit process heading? Quick response: For the sake of a high level, automation is and will continue to be used. The size of the IT service provider is NOT a conveyance of their capabilities or capacity. Many 60 pe…

1
What you must do in order to prepare for a breach 39:24

1+ y ago39:24

39:24

Breach attorney, Spencer Pollock joins Felicia for a vigorous discussion of what you must do in order to be prepared for an incident or breach. Learn from the breach attorney perspective. Spencer is with the well-known firm McDonald Hopkins. Policies preparation incident response plan tabletop exercises must get breach attorney involved before ther…

1
Information Security, Cybersecurity, and Everyone’s Responsibility 29:21

1+ y ago29:21

29:21

What is information security versus cybersecurity? What are policies and why do we care? Isn't that IT's problem? Examples to learn fromBy Felicia King

1
Ripping apart cybersecurity insurance 58:33

2y ago58:33

58:33

Special guest: Vince Gremillion – President and Founder of Restech: CISSP, CvCISO, GCIH Overview Travelers policy – requires MFA on switches. They require you comply with the intent of that. Recent Cowbell application did not require MFA! What is required is contingent upon the coverage you are asking for. Some suggestions: Never fill out an app fo…

1
CISO Workflows 47:26

2y ago47:26

47:26

Frank Raimondi, VP of Channel Development at IGI Cyber Labs IGI CyberLabs has a product called Nodeware which does continuous vulnerability assessment. PenLogic – regular penetration test – once a quarter deep dive heavy one and a monthly light test. CEO buyer’s journey Security velocity Risk scoring is part of security velocity Improve your cyber-…

1
Business Email Compromise 49:33

2y ago49:33

49:33

Ken Dwight is “The Virus Doctor” – Business consultant and advisor to IT service providers and internal IT at many businesses who have come to him for his training, has his own direct clients. Ken conducts a monthly community meetings for alumni. He provides a list of curated items of current interest for discussion and resources, and has a feature…

1
Vulnerability management with Felicia and Dan - Part 2 54:58

2y ago54:58

54:58

This episode of Breakfast Bytes is Part 2 of a series where Felicia King and Dan Moyer of QPC Security continue their conversation on Vulnerability Management. Listen to Part 1 at https://qpcsecurity.podbean.com/e/vulnerability-management-part-1/. In today’s episode, Felicia and Dan discuss vulnerability management workflows, supply chain risk mana…

1
File integrity checks (hashing) versus communications or data encryption 29:51

2y ago29:51

29:51

We have seen some really goofy cybersecurity insurance application questions. It is always best to not answer a question that is goofy, but instead to write an addendum that defines terms and explains the cybersecurity posture of an organization related to the topic. You need to try to figure what the insurance company was trying to evaluate rather…

1
Vulnerability management that every business decision maker needs to know about - Part 1 1:03:15

2y ago1:03:15

1:03:15

Felicia King and Dan Moyer of QPC Security talk about vulnerability management, patch management and all the things that business owners are generally not understanding adequately. As a result of that, you're being underserved, misled, and in some cases were lied to and ripped off. Ultimately, many business owners are refusing to pay for what they …

1
Signs of insufficient networking knowledge 32:16

2y ago32:16

32:16

Scenario 1 Phone VLAN on a switch and cross connected into a Firebox with desk phones, PCs, and printers in the environment Questions we actually got: On Monday, we send over the list of what switch ports are for printers, which are for PCs, and which are for desk phones. Technician says that two of the three phones are not working. We use our awes…

1
About Password Managers 33:26

2y ago33:26

33:26

More than 80% of breaches occur due to credential theft. All organizations have compliance requirements to have org-owned password management systems and MFA enforcement on accounts used by employees and contractors. Some other needs which must be met are: Compliance attestation documentation Proper use of the best MFA method on a per resource basi…

1
Requirements for premise hosted assets; cybersecurity, BCDR, and more 29:35

2y ago29:35

29:35

You should not put things in the cloud unless you can secure them there at least as good as a highly competent professional would have if they had that asset on premise. Cloud hosted assets have additional risks. Counterparty risk Additional outage and accessibility risk You have less control You have less security over the human or governmental ac…

1
Virtual Patching, Telecom Fraud, Running VM Server on NAS 29:19

2y ago29:19

29:19

I got a request to post this podcast from 12/1/2018 to podbean. Here it is.By Felicia King

1
Video management system appliance analysis 29:47

2y ago29:47

29:47

Originally aired: 11/1/2018. I had a request to post this older podcast to Podbean, so here it is. VMS Appliance cost analysis between the "appliance" version and the "you get a real server" version. https://qualityplusconsulting.com/BBytes/QPCAnalysisOnAxisVideoRecorderServer.pdfBy Felicia King

1
Why real server hardware is usually the most cost-effective option 29:41

2y ago29:41

29:41

I got a request to publish a podcast I did a few years back on podbean, so here it is. Originally this was from 10/19/2018. Usually there is no substitute for real server hardware. Attempts to pay less for server hardware almost always end up costing you more in the long-run. Windows 10 as of Build 1809 10/2/2018 has an IPv6 requirement. There are …

1
Resources for job candidates in cybersecurity - What you need to do to be employable 29:02

2y ago29:02

29:02

Overview Listen to the podcast or the list of these resources may not make sense to you. You cannot secure what you cannot engineer, implement, maintain, and support. Security was always infused into IT if you did IT correctly. I know. I've been doing IT since 1993 and was programming in third grade. Security was ALWAYS part of a proper strategy. I…

1
Right-sized software 1:11:27

2y ago1:11:27

1:11:27

Amazing interview with Colin Ruskin, CEO of WorkOptima, on the topic of right-sized software. Colin has an incredible talent at being able to distill the truth of something into a catchy and memorable tagline using spot on metaphors. Some highlights: Can I actually use the software and benefit from it? Floors versus software that grows with you All…

1
How to achieve compliance for privileged account management 29:35

2y ago29:35

29:35

Cybersecurity insurance requires MFA for all internal and external administrative access. How do you accomplish this? Examples of things you might access: switches firewalls servers printers workstations DNS hosting website hosting cloud management portals NAS BCDR appliances There are many ways to solve this problem and they are all too long to po…

1
API Security and external vulnerability scanning 29:00

2+ y ago29:00

29:00

API Security is going to be the thing you need to be paying attention to in the next two years. Partner with an information security officer like QPC Security to get an internal and external vulnerability scanning plan in place for your organization. A lot of vulnerability management is not possible to do with tools. It takes experience and experti…

1
Working with a Breach Coach/Attorney - A Primer 47:02

2+ y ago47:02

47:02

Cyberlaw podcast What needs to be pre-documented for the breach attorney to be effective? And in what format? What to do to protect yourself from outrageous fees? What to do in order to get proper service from a breach attorney? What are the advantages of having a pre-established relationship with a breach attorney? What positive outcomes arise fro…

Podcasts Worth a Listen

Qpcsecurity Podcasts

Podcasts Worth a Listen

Quick Reference Guide