Felicia King is an internationally recognized CISO and considered to be one of the top network layer security strategists in the U.S. Since launching in 2004 on the WGTD network, her Breakfast Bytes podcast has focused on information security risk management and the issues business leaders need to be aware of to benefit from the challenges others have faced. Learn about the most effective approaches, what you can do to mitigate risk, and how to protect your most valuable assets, your data, a ...
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Navigating the AI Frontier: Caution, Control, and Opportunity
28:29
28:29
Play later
Play later
Lists
Like
Liked
28:29
Good morning, you're listening to Breakfast Bytes, and I'm Felicia King. Today's episode takes a deep dive into the world of artificial intelligence, offering a perspective that challenges the mainstream narrative. Instead of jumping on the AI bandwagon, we'll explore the importance of cautious engagement and risk management when dealing with this …
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Understand implications of IT procurement using cabinets as an example
29:22
29:22
Play later
Play later
Lists
Like
Liked
29:22
Felicia stressed the importance of informed decision-making in technology services and products, and the need for involving skilled professionals in decision-making processes. She also discussed the longevity of structural furniture, the challenges in network switch installation, and the need for a formal procurement process in the IT department. F…
…
continue reading
Welcome to an insightful episode of Breakfast Bytes, featuring an in-depth discussion about Zero-Trust Cybersecurity, a vital approach to modern cybersecurity practices. Understand why this network layer protection strategy is essential to guard your business and residential networks against harmful threats. From a reflective analysis of the cybers…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Incident response and mitigating supply chain attacks
28:44
28:44
Play later
Play later
Lists
Like
Liked
28:44
In this episode of Breakfast Bytes with Felicia King, we navigate the complex but crucial realm of cyber security. We explore the emerging menace of supply chain attacks and underscore the vital need for proactive incident response planning. Felicia reveals the staggering average cost of a cyber-attack, per employee and endpoint, and explains why s…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
K12 Technology and Cybersecurity Challenges and Solutions
29:12
29:12
Play later
Play later
Lists
Like
Liked
29:12
In today's episode of Breakfast Bytes, hosted by Felicia King, we delve into the pressing issue of cybersecurity in K-12 education with special guest, Chris Rule, a Technology Director with 25 years of experience. We discuss the urgent need for tangible action in this area and explore operational maturity practices like third-party information secu…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Practical example of how operational maturity improves productivity while reducing risk
28:20
28:20
Play later
Play later
Lists
Like
Liked
28:20
In this episode of Breakfast Bytes, vCISO Felicia King of QPC Security uses an example of dark web data and how it can be leveraged. She describes how operational maturity in an organization can make that organization more competitive, lower risk, improve collaboration, improve culture and employee retention, while reducing risk. She explores why a…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Unlocking Strategic IT Investments and Information Security
1:16:18
1:16:18
Play later
Play later
Lists
Like
Liked
1:16:18
"Unlocking Strategic IT Investments and Information Security: Expert Insights with Gina King" dives into the critical aspects of IT investments and infrastructure. Felicia King, host of 'Breakfast Bytes', engages in a captivating conversation with Gina King, a leading Chief Information Security Officer. The extensive dialogue sheds light on necessa…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Domain/DNS hosting, account ownership, security issues and TCO
58:52
58:52
Play later
Play later
Lists
Like
Liked
58:52
Join us in this insightful episode of Breakfast Bytes with Felicia King, along with our guest Kyle Wentworth of the Wentworth Group. We delve into a balanced exploration of business needs vs IT security needs, demonstrating the magnitude of this issue with a case study of a massive spam operation hijacking over 8000 trusted brand domains. https://t…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Cyber Insurance versus Cyber Warranty
1:25:57
1:25:57
Play later
Play later
Lists
Like
Liked
1:25:57
In today's episode of Breakfast Bytes, we are delighted to have Joe Brunsman from Brunsman Advisory Group as our special guest. Known for his extensive knowledge on the intersecting worlds of insurance and cybersecurity, Joe offers beneficial insights on the evolving sphere of insurance exclusions and how businesses can navigate these changes amids…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Demystifying IT Services and the Shared Responsibility Paradigm
33:45
33:45
Play later
Play later
Lists
Like
Liked
33:45
Welcome to another eye-opening episode of Breakfast Bytes hosted by Felicia King. In this episode, we dissect prevalent misconceptions in the IT industry particularly regarding services like NOC, SOC, XDR, and SOAR. Explore the conundrum between cybersecurity checkbox exercises and the pivotal need for legitimate risk reduction efforts. Moreover, d…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
How establishing requirements properly results in best outcomes
29:51
29:51
Play later
Play later
Lists
Like
Liked
29:51
Felicia is joined by fellow CISO Dawn Montemayor, partner at PureCyber, which is a security minded business consulting firm. Learn from two CISOs about how vital it is to use operationally mature processes in requirements definitions in order to achieve effective outcomes while avoiding toxic behavior in complex entities. the importance of vulnerab…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Operational Maturity is required to have Information Security Risk Management
2:01:30
2:01:30
Play later
Play later
Lists
Like
Liked
2:01:30
Felicia is joined by Laura Conrad, a Security Architect with 30 years of experience in enterprise environments. Laura currently reports directly to a CISO, and has been an integral part of the information security program at two large enterprises. Felicia has consulted with 26 large enterprises and numerous SMB organizations in the last 30 years. S…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Managing the impact of changing IT service providers
29:43
29:43
Play later
Play later
Lists
Like
Liked
29:43
Felicia shares insights on the pitfalls of changing IT service providers or MSPs for both clients and the IT service providers themselves. This content is based upon a number of questions that other MSPs have posed to Felicia asking for advice as well as numerous first hand experiences on the subject. This podcast is primarily for IT service provid…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
CMMC and latest DoD memo implications and far reaching effects related to FedRAMP
29:25
29:25
Play later
Play later
Lists
Like
Liked
29:25
Special guest Tobias Musser of MNS Group generously shares with the Breakfast Bytes audience his wisdom and insight into what is a challenging and nuanced regulatory landscape that has far reaching business implications. https://mnsgroup.com/ A vigorous discussion of the implications of the latest DoD memo about DFARS 7012 FedRAMP or FedRAMP modera…
…
continue reading
Tom Dean of Consulting Adventures joins Felicia for part three of the analysis on mobile devices and the problems with them. OKTA breach, IT admin’s password getting stored in gmail password synced manager Two-way problems. Personal on business and business on personal Lack of clarity around device wipe, device use policies, apps running on devices…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Threats to mobile devices and how to manage them, part 2
29:47
29:47
Play later
Play later
Lists
Like
Liked
29:47
Part 2 of a series on threats to mobile devices and through mobile devices. Tactics and techniques to deal with those threats.Cohost: Tom Dean – Consulting Ventures Tom has decades in capital goods manufacturing industry (fortune 500 scale) Years of experience in marketing, sales & interfacing with independent dealers/distributors (small/medium sca…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Physical threats to mobile phones, SIM hijacking, out of band SMS, and Yubikeys
29:34
29:34
Play later
Play later
Lists
Like
Liked
29:34
Part 1 of a two-part series on threats to mobile devices and through mobile devices. Tactics and techniques to deal with those threats.Cohost: Tom Dean – Consulting Ventures Tom has decades in capital goods manufacturing industry (fortune 500 scale) Years of experience in marketing, sales & interfacing with independent dealers/distributors (small/m…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
How to analyze workloads and decide how they should be hosted
29:28
29:28
Play later
Play later
Lists
Like
Liked
29:28
The process of determining how workloads should be hosted is very complex and not a decision that should be abdicated to the IT service provider. Business decision-makers must be involved in those decisions as only they are able to define the key criteria that all other factors are dependent upon.By Felicia King
…
continue reading
![Artwork](/static/images/128pixel.png)
1
How a lack of understanding of business processes relates to adverse financial impact
29:37
29:37
Play later
Play later
Lists
Like
Liked
29:37
CTO Kyle Wentworth joins Felicia for a discussion about how businesses can avoid adverse financial impacts. Lack of understanding of the language of technology It changes so incredibly fast that it takes a sea of people who understand the pieces Complete perspective of how the business of technology should be run Understand what governance and comp…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Email security management and monitoring is critical
29:17
29:17
Play later
Play later
Lists
Like
Liked
29:17
Why it is critical to have an email security expert managing and monitoring email security configurations and delivery of email on an ongoing basis. Instructions from marketing automation platforms are not adequate. It matters A LOT what you are trying to do with email. Getting these items configured is an art form. Vendors are continually failing …
…
continue reading
Kyle Wentworth of Wentworth Consulting Group joined Felicia to compare/contrast three C-suite level IT/IS related roles. Kyle has 35 years of business experience and has been working on computers since 1976. He is a: Fractional CTO Business coach Business process modeler Kyle has a great resource on his website to help people understand the differe…
…
continue reading
Zero trust is not a product you buy. The problem that most organizations have is that they are still not doing the fundamentals well. CIS has a community defense model. I did a detailed webinar on it where I covered a lot of these fundamentals. https://www.qpcsecurity.com/2023/02/16/addressing-information-security-fundamentals-with-cis-and-communit…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
FTC SafeguardsRule, IRS requirements, and tax preparers
29:31
29:31
Play later
Play later
Lists
Like
Liked
29:31
The IRS regulations for tax preparers being compliant with the FTC Safeguards rule is specified to be enforced starting in June 2023. It is doubtful that the majority of tax preparers are adequately compliant. The IRS published information about this compliance requirement as far back as 2019. https://www.irs.gov/newsroom/heres-what-tax-professiona…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Methods to prevent business email compromise
29:30
29:30
Play later
Play later
Lists
Like
Liked
29:30
Methods to prevent business email compromise.By Felicia King
…
continue reading
What is the number one thing you can do as a consumer to protect yourself when dealing with tax preparers? Practical examples of what to ask for from your tax preparer and why. What are the total number of people that would have access to my records if I do business with you? You want me to sign a contract with you, terms and conditions that I have…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
PSA or ERP - paradigm and requirements analysis
50:03
50:03
Play later
Play later
Lists
Like
Liked
50:03
I get a lot of questions about PSAs, ERPs, and overall paradigms related to core business software. This podcast summarizes things you should be thinking about in your software selection process. After three years of investigating PSA and ERP options including spending a lot of money on software and payroll, the product we like is Odoo. Organizatio…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Tech E&O and cyber insurance with Joe Brunsman
1:00:32
1:00:32
Play later
Play later
Lists
Like
Liked
1:00:32
Tech E&O and Cyber insurance with: Joe Brunsman of The Brunsgroup – Expert on Tech E&O and Cyber Insurance YouTube channel – Joseph Brunsman https://www.youtube.com/@JosephBrunsman https://www.thebrunsgroup.com/ Damage Control book https://www.thebrunsgroup.com/book2 Tech E&O and cyber MSP should have a tech E&O policy. They cover different things.…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Implications of poor design on security - an example
29:15
29:15
Play later
Play later
Lists
Like
Liked
29:15
Google and how they do their technology Things that make security hard. This is not an exhaustive list of the implications of poor design on security. Covering that topic adequately would likely rival the size of War and Peace. This is a discussion of a tangible example to convey understanding of how technology selection directly correlates to an o…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Dark web monitoring and avoiding FUD decisions
1:50:09
1:50:09
Play later
Play later
Lists
Like
Liked
1:50:09
Kathy Durfee – CEO & Founder of Tech House joined Felicia to discuss dark web breach monitoring Scenario: FUD report from a competitor Perceived: Multiple users in their environment were breached. Perceived proof was report with the listing of the users and the passwords and columns that the customers did not know what that data was. Good: Customer…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
The relationship between proper data handling and real risk reduction
29:35
29:35
Play later
Play later
Lists
Like
Liked
29:35
Those who listened to the November 19th, 2022 podcast I did with breach attorney Spencer Pollock know that he stated that 90% of the breaches he was involved in over the prior 12-month period would have been non-reportable had the data been properly encrypted. https://qpcsecurity.podbean.com/e/what-you-must-do-in-order-to-prepare-for-a-breach/ (Rev…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Understanding vCISO services and why you need them
29:28
29:28
Play later
Play later
Lists
Like
Liked
29:28
Recent question I got: What are the major changes that you have seen from security auditors in recent years and/or where do you see the audit process heading? Quick response: For the sake of a high level, automation is and will continue to be used. The size of the IT service provider is NOT a conveyance of their capabilities or capacity. Many 60 pe…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
What you must do in order to prepare for a breach
39:24
39:24
Play later
Play later
Lists
Like
Liked
39:24
Breach attorney, Spencer Pollock joins Felicia for a vigorous discussion of what you must do in order to be prepared for an incident or breach. Learn from the breach attorney perspective. Spencer is with the well-known firm McDonald Hopkins. Policies preparation incident response plan tabletop exercises must get breach attorney involved before ther…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Information Security, Cybersecurity, and Everyone’s Responsibility
29:21
29:21
Play later
Play later
Lists
Like
Liked
29:21
What is information security versus cybersecurity? What are policies and why do we care? Isn't that IT's problem? Examples to learn fromBy Felicia King
…
continue reading
Special guest: Vince Gremillion – President and Founder of Restech: CISSP, CvCISO, GCIH Overview Travelers policy – requires MFA on switches. They require you comply with the intent of that. Recent Cowbell application did not require MFA! What is required is contingent upon the coverage you are asking for. Some suggestions: Never fill out an app fo…
…
continue reading
Frank Raimondi, VP of Channel Development at IGI Cyber Labs IGI CyberLabs has a product called Nodeware which does continuous vulnerability assessment. PenLogic – regular penetration test – once a quarter deep dive heavy one and a monthly light test. CEO buyer’s journey Security velocity Risk scoring is part of security velocity Improve your cyber-…
…
continue reading
Ken Dwight is “The Virus Doctor” – Business consultant and advisor to IT service providers and internal IT at many businesses who have come to him for his training, has his own direct clients. Ken conducts a monthly community meetings for alumni. He provides a list of curated items of current interest for discussion and resources, and has a feature…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Vulnerability management with Felicia and Dan - Part 2
54:58
54:58
Play later
Play later
Lists
Like
Liked
54:58
This episode of Breakfast Bytes is Part 2 of a series where Felicia King and Dan Moyer of QPC Security continue their conversation on Vulnerability Management. Listen to Part 1 at https://qpcsecurity.podbean.com/e/vulnerability-management-part-1/. In today’s episode, Felicia and Dan discuss vulnerability management workflows, supply chain risk mana…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
File integrity checks (hashing) versus communications or data encryption
29:51
29:51
Play later
Play later
Lists
Like
Liked
29:51
We have seen some really goofy cybersecurity insurance application questions. It is always best to not answer a question that is goofy, but instead to write an addendum that defines terms and explains the cybersecurity posture of an organization related to the topic. You need to try to figure what the insurance company was trying to evaluate rather…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Vulnerability management that every business decision maker needs to know about - Part 1
1:03:15
1:03:15
Play later
Play later
Lists
Like
Liked
1:03:15
Felicia King and Dan Moyer of QPC Security talk about vulnerability management, patch management and all the things that business owners are generally not understanding adequately. As a result of that, you're being underserved, misled, and in some cases were lied to and ripped off. Ultimately, many business owners are refusing to pay for what they …
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Signs of insufficient networking knowledge
32:16
32:16
Play later
Play later
Lists
Like
Liked
32:16
Scenario 1 Phone VLAN on a switch and cross connected into a Firebox with desk phones, PCs, and printers in the environment Questions we actually got: On Monday, we send over the list of what switch ports are for printers, which are for PCs, and which are for desk phones. Technician says that two of the three phones are not working. We use our awes…
…
continue reading
More than 80% of breaches occur due to credential theft. All organizations have compliance requirements to have org-owned password management systems and MFA enforcement on accounts used by employees and contractors. Some other needs which must be met are: Compliance attestation documentation Proper use of the best MFA method on a per resource basi…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Requirements for premise hosted assets; cybersecurity, BCDR, and more
29:35
29:35
Play later
Play later
Lists
Like
Liked
29:35
You should not put things in the cloud unless you can secure them there at least as good as a highly competent professional would have if they had that asset on premise. Cloud hosted assets have additional risks. Counterparty risk Additional outage and accessibility risk You have less control You have less security over the human or governmental ac…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Virtual Patching, Telecom Fraud, Running VM Server on NAS
29:19
29:19
Play later
Play later
Lists
Like
Liked
29:19
I got a request to post this podcast from 12/1/2018 to podbean. Here it is.By Felicia King
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Video management system appliance analysis
29:47
29:47
Play later
Play later
Lists
Like
Liked
29:47
Originally aired: 11/1/2018. I had a request to post this older podcast to Podbean, so here it is. VMS Appliance cost analysis between the "appliance" version and the "you get a real server" version. https://qualityplusconsulting.com/BBytes/QPCAnalysisOnAxisVideoRecorderServer.pdfBy Felicia King
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Why real server hardware is usually the most cost-effective option
29:41
29:41
Play later
Play later
Lists
Like
Liked
29:41
I got a request to publish a podcast I did a few years back on podbean, so here it is. Originally this was from 10/19/2018. Usually there is no substitute for real server hardware. Attempts to pay less for server hardware almost always end up costing you more in the long-run. Windows 10 as of Build 1809 10/2/2018 has an IPv6 requirement. There are …
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Resources for job candidates in cybersecurity - What you need to do to be employable
29:02
29:02
Play later
Play later
Lists
Like
Liked
29:02
Overview Listen to the podcast or the list of these resources may not make sense to you. You cannot secure what you cannot engineer, implement, maintain, and support. Security was always infused into IT if you did IT correctly. I know. I've been doing IT since 1993 and was programming in third grade. Security was ALWAYS part of a proper strategy. I…
…
continue reading
Amazing interview with Colin Ruskin, CEO of WorkOptima, on the topic of right-sized software. Colin has an incredible talent at being able to distill the truth of something into a catchy and memorable tagline using spot on metaphors. Some highlights: Can I actually use the software and benefit from it? Floors versus software that grows with you All…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
How to achieve compliance for privileged account management
29:35
29:35
Play later
Play later
Lists
Like
Liked
29:35
Cybersecurity insurance requires MFA for all internal and external administrative access. How do you accomplish this? Examples of things you might access: switches firewalls servers printers workstations DNS hosting website hosting cloud management portals NAS BCDR appliances There are many ways to solve this problem and they are all too long to po…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
API Security and external vulnerability scanning
29:00
29:00
Play later
Play later
Lists
Like
Liked
29:00
API Security is going to be the thing you need to be paying attention to in the next two years. Partner with an information security officer like QPC Security to get an internal and external vulnerability scanning plan in place for your organization. A lot of vulnerability management is not possible to do with tools. It takes experience and experti…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Working with a Breach Coach/Attorney - A Primer
47:02
47:02
Play later
Play later
Lists
Like
Liked
47:02
Cyberlaw podcast What needs to be pre-documented for the breach attorney to be effective? And in what format? What to do to protect yourself from outrageous fees? What to do in order to get proper service from a breach attorney? What are the advantages of having a pre-established relationship with a breach attorney? What positive outcomes arise fro…
…
continue reading