qpcsecurity

QPC Security - Breakfast Bytes

Information technology security risk management

Autor

qpcsecurity

Categoría

Technology

Web del podcast

qpcsecurity.podbean.com

Último episodio

8 de jul. de 2026

¿Dónde escuchar?

Podcasts en la app Replaio Radio Muy pronto

Los podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts

Descárgala en Google Play Instálala gratis Android 5 M+ de descargas · valoración de 4,8 iOS muy pronto

Episodios

How to achieve compliance for privileged account management 03.05.2022

Cybersecurity insurance requires MFA for all internal and external administrative access. How do you accomplish this? Examples of things you might access: switches firewalls servers printers workstations DNS hosting website hosting cloud management portals NAS BCDR appliances   There are many ways to solve this problem and they are all too long to post about here, so this is what this podcast is a...

API Security and external vulnerability scanning 01.04.2022

API Security is going to be the thing you need to be paying attention to in the next two years. Partner with an information security officer like QPC Security to get an internal and external vulnerability scanning plan in place for your organization. A lot of vulnerability management is not possible to do with tools. It takes experience and expertise that comes from 29 years of hard work.    A gre...

Working with a Breach Coach/Attorney - A Primer 29.03.2022

Cyberlaw podcast What needs to be pre-documented for the breach attorney to be effective? And in what format? What to do to protect yourself from outrageous fees? What to do in order to get proper service from a breach attorney? What are the advantages of having a pre-established relationship with a breach attorney? What positive outcomes arise from having pre-breach meetings with a breach attorne...

Avoiding real estate theft, deed theft, and related scams 03.03.2022

Check out dark patterns for scam awareness. https://www.darkpatterns.org/   Avoid the new movers mailing list Avoid putting real estate in your personal name Use a service like Abine DeleteMe Get a PO Box and stop having snail mail delivered as much as possible Subscribe to paperless billing as much as possible Harden your digital life Get off social media and stop sharing your life in public digi...

Attestation, scoring, evaluation, and business process in achieving improved cybersecurity posture and compliance 24.01.2022

Joy Beland joins Felicia to discuss: What Edwards Performance Solutions is doing in the CMMC training space Joy's team created the CMMC assessor textbook Many orgs have cybersecurity insurance enforcement for the first time ever Joy's extremely wise metaphor and perspective on cybersecurity insurance (15 mins) Transfer of risk and economic destruction DMARC, DKIM, SPF tuning What tools exist to he...

Integrated IT risk management - part 2 31.12.2021

Identity theft via insecure credit APIs Integrated IT risk management part 2

Assessments and Integrated IT Risk Management - Part 1 03.12.2021

Problems with and limitations in many assessments Many assessment report results from automated tools can be incomplete, incorrect, or pretzel talk What realistic expectations should you have from a paid and unpaid assessment There are certain security baselines simply so your organization can be insurable. There are certain security baselines in order for your organization to be serviceable by an...

Technical Debt - a whole new perspective 28.10.2021

10/28/2021 Cyber Matt Lee joins Felicia on Breakfast Bytes to talk about massive issues with technical debt. Senior Director of Security and Compliance at Pax8. You have to start with the right definitions. It’s not patch management, it is vulnerability management. You have to ZOOM in. Is your TPM up to date? Is your firmware up to date? Drivers, configurations, remove unpatchable software. Are yo...

Avoid cybersecurity insurance fraud 25.09.2021

How to avoid cybersecurity insurance fraud. If this happens to you, your claim will be denied and you will likely be uninsurable in the future including by other insurance providers. You have to be working with an extremely operationally mature ITSP with ISOs on staff or you probably will not be able to navigate this complexity. Great article showing a claims denial and then accompanying lawsuit f...

Why converged NOC and SOC are so critical to security efficacy 13.09.2021

Joining Felicia is Rui Lopes, Senior Technical Evangelist at WatchGuard Technologies. Rui was with Panda Security prior to the WatchGuard acquisition and has spent many years merging the technical with customer enablement at a level rarely seen. His efforts at WatchGuard are projects, partner support, and overall customer enablement of using the endpoint protection technology effectively. When I l...

Act now so your emails will still be deliverable 07.09.2021

NDAA 2021 legislation is forcing a gaps closure in SPF, DKIM, and DMARC. This stuff is really complicated. Get some seriously competent help. I don't think most ITSPs (IT service providers) have enough experience in managing this especially in light of the inclusions of marketing automation platforms on root domains. You cannot be driving a hole with a 20 lb sledgehammer through your email ingress...

Gaps in EDR/EPP paradigms and what to do about them 31.08.2021

Excellent and invigorating discussion on the gaps in EDR/EPP and what to do about them with Maxime Lamothe-Brassard, founder of LimaCharlie.io and Refraction Point. LimaCharlie avoiding tool proliferation avoiding the jedi mind trick of EPP identify gaps in a lot of EDR/EPPs challenges with outsourced SOC supply chain risk in toolset vendors paradigms around security tools and training

Kaseya VSA breach analysis 16.08.2021

Why the breach happened and what people could have done to prevent it. What Kaseya could have done differently. How to manage supply chain risk when your software vendor is not. Smart vendors use the experts in their customer base. People really need to have a major paradigm shift and look seriously at an RMM as being nearly the same as a nuclear launch code. Kaseya VSA Limited Disclosure | DIVD C...

Parsing out the risk issues associated with cloud technologies 06.08.2021

Improper use of cloud and the problems caused by improper pre-planning and risk assessment of improper use of cloud. Kim Nielsen, founder and President of Computer Technologies, Inc. cti-mi.com joins Felicia to discuss dangers and risk of improper use of cloud hosted technologies. Business risk vs security risk, must have an exit plan. Dangers of subscriptions.   Huge databases don't belong in the...

The REAL reason you cannot afford to have a cybersecurity incident 06.08.2021

I have been thinking for months about the latest challenges faced by organizations with regards to the increased cybersecurity risks, what is at stake, how unprepared they are, and how the cyber insurance companies are responding to the changing landscape. As I have had conversations with business decisions makers, they often think that they have little to risk. Many businesses feel that they are...

11 security vulnerabilities highlight the necessity of viable network layer security strategy 03.08.2021

Topics: facial recognition Systems with Windows Defender compromised 11 recent security vulnerabilities highlight the necessity of viable network layer security strategy https://www.msn.com/en-us/news/us/fbi-ice-find-state-driver-s-license-photos-are-a-gold-mine-for-facial-recognition-searches/ar-AADZk0d?li=BBnb7Kw https://www.newstarget.com/2019-07-29-americans-already-in-fbi-facial-recognition-d...

Real world examples of small business security compliance problems 03.08.2021

Real world examples of small business security compliance problems Originally aired 5/1/2020

Evaluate your purchases to see if they have UPnP and understand why you should not buy devices that use UPnP technology 03.08.2021

Evaluate your purchases to see if they have UPnP and understand why you should not buy devices that use UPnP technology Update on the Capital one data breach Adverse business impact and higher fees associated with subscription based software licensing versus perpetual Originally aired: 7/3/2020

How easy is it to not get hacked? 03.08.2021

How easy is it to not get hacked? Originally aired 9/4/2020

Location services issues and how it relates to personal physical security 03.08.2021

Location services issues and how it relates to personal physical security Originally aired 1/3/2020

Email security and cyber risk insurance 03.08.2021

Email security and cyber risk insurance Originally aired 10/11/2019

The dark side of smart cities 03.08.2021

The dark side of smart cities A clothing line designed to distract the panopticon Geofencing warrants Horror stories of hospital IN-security Originally aired 9/6/2019

Why bidding out IT jobs often fails 03.08.2021

Why many IT business decision makers make mistakes Over 25 years, bar none, the business decision makers that have regular meetings with us are vastly better decision makers. This directly leads to them saving money by not wasting money. Why bidding out IT jobs often fails

SIM Jacking 03.08.2021

Sim jacking More AWS data breaches affect hundreds of thousands of people Hacking using smart light bulbs IoT bricker MFA options https://simjacker.com/ https://www.sciencedaily.com/releases/2019/10/191023075139.htm Originally aired 11/1/2019

Vehicles and privacy issues 03.08.2021

Vehicles and privacy issues Originally aired 2/1/2020

Escucha el podcast QPC Security - Breakfast Bytes en Replaio

Radio y podcasts en una sola app - gratis y sin registro. Instálala hoy y no te pierdas el estreno

Descárgala en Google Play

Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos