qpcsecurity

QPC Security - Breakfast Bytes

Information technology security risk management

Author

qpcsecurity

Category

Technology

Podcast website

qpcsecurity.podbean.com

Latest episode

Jul 8, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

FTC SafeguardsRule, IRS requirements, and tax preparers 05.05.2023

The IRS regulations for tax preparers being compliant with the FTC Safeguards rule is specified to be enforced starting in June 2023. It is doubtful that the majority of tax preparers are adequately compliant. The IRS published information about this compliance requirement as far back as 2019. https://www.irs.gov/newsroom/heres-what-tax-professionals-should-know-about-creating-a-data-security-plan...

Methods to prevent business email compromise 31.03.2023
Business survival over the next decade 03.03.2023

What is the number one thing you can do as a consumer to protect yourself when dealing with tax preparers? Practical examples of what to ask for from your tax preparer and why. What are the total number of people that would have access to my records if I do business with you? You want me to sign a contract with you, terms and conditions that I have to abide by. If you are going to prepare my taxes...

PSA or ERP - paradigm and requirements analysis 19.02.2023

I get a lot of questions about PSAs, ERPs, and overall paradigms related to core business software. This podcast summarizes things you should be thinking about in your software selection process. After three years of investigating PSA and ERP options including spending a lot of money on software and payroll, the product we like is Odoo. Organizations using a PSA with add-ons approach are really mi...

Tech E&O and cyber insurance with Joe Brunsman 09.02.2023

Tech E&O and Cyber insurance with: Joe Brunsman of The Brunsgroup – Expert on Tech E&O and Cyber Insurance YouTube channel – Joseph Brunsman https://www.youtube.com/@JosephBrunsman https://www.thebrunsgroup.com/ Damage Control book https://www.thebrunsgroup.com/book2 Tech E&O and cyber MSP should have a tech E&O policy. They cover different things. What types of third-party claims will they cover?...

Implications of poor design on security - an example 03.02.2023

Google and how they do their technology Things that make security hard. This is not an exhaustive list of the implications of poor design on security. Covering that topic adequately would likely rival the size of War and Peace. This is a discussion of a tangible example to convey understanding of how technology selection directly correlates to an organizations’ ability to secure or secure their ov...

Dark web monitoring and avoiding FUD decisions 11.01.2023

Kathy Durfee – CEO & Founder of Tech House joined Felicia to discuss dark web breach monitoring Scenario: FUD report from a competitor Perceived: Multiple users in their environment were breached. Perceived proof was report with the listing of the users and the passwords and columns that the customers did not know what that data was. Good: Customer told their current IT service provider about the...

The relationship between proper data handling and real risk reduction 04.01.2023

Those who listened to the November 19th, 2022 podcast I did with breach attorney Spencer Pollock know that he stated that 90% of the breaches he was involved in over the prior 12-month period would have been non-reportable had the data been properly encrypted. https://qpcsecurity.podbean.com/e/what-you-must-do-in-order-to-prepare-for-a-breach/ (Review link above for attestation and regulatory enfo...

Understanding vCISO services and why you need them 30.11.2022

Recent question I got: What are the major changes that you have seen from security auditors in recent years and/or where do you see the audit process heading? Quick response: For the sake of a high level, automation is and will continue to be used. The size of the IT service provider is NOT a conveyance of their capabilities or capacity. Many 60 person MSPs are grossly incompetent. Some small team...

What you must do in order to prepare for a breach 19.11.2022

Breach attorney, Spencer Pollock joins Felicia for a vigorous discussion of what you must do in order to be prepared for an incident or breach. Learn from the breach attorney perspective.  Spencer is with the well-known firm McDonald Hopkins.  Policies preparation incident response plan tabletop exercises must get breach attorney involved before there is an incident determine your team in advance...

Information Security, Cybersecurity, and Everyone’s Responsibility 28.10.2022

What is information security versus cybersecurity? What are policies and why do we care? Isn't that IT's problem? Examples to learn from

Ripping apart cybersecurity insurance 12.10.2022

Special guest: Vince Gremillion – President and Founder of Restech: CISSP, CvCISO, GCIH Overview Travelers policy – requires MFA on switches. They require you comply with the intent of that. Recent Cowbell application did not require MFA! What is required is contingent upon the coverage you are asking for. Some suggestions: Never fill out an app for a client, not even partially MSP comms to a clie...

CISO Workflows 30.09.2022

Frank Raimondi, VP of Channel Development at IGI Cyber Labs IGI CyberLabs has a product called Nodeware which does continuous vulnerability assessment. PenLogic – regular penetration test – once a quarter deep dive heavy one and a monthly light test. CEO buyer’s journey Security velocity Risk scoring is part of security velocity Improve your cyber-hygiene – all small businesses Security 101 is inv...

Business Email Compromise 29.09.2022

Ken Dwight is “The Virus Doctor” – Business consultant and advisor to IT service providers and internal IT at many businesses who have come to him for his training, has his own direct clients. Ken conducts a monthly community meetings for alumni. He provides a list of curated items of current interest for discussion and resources, and has a featured topic which often includes another speaker to pr...

Vulnerability management with Felicia and Dan - Part 2 21.09.2022

This episode of Breakfast Bytes is Part 2 of a series where Felicia King and Dan Moyer of QPC Security continue their conversation on Vulnerability Management. Listen to Part 1 at https://qpcsecurity.podbean.com/e/vulnerability-management-part-1/ .  In today’s episode, Felicia and Dan discuss vulnerability management workflows, supply chain risk management, starting with security on the front end...

File integrity checks (hashing) versus communications or data encryption 21.09.2022

We have seen some really goofy cybersecurity insurance application questions. It is always best to not answer a question that is goofy, but instead to write an addendum that defines terms and explains the cybersecurity posture of an organization related to the topic. You need to try to figure what the insurance company was trying to evaluate rather than just answering their questions because their...

Vulnerability management that every business decision maker needs to know about - Part 1 13.09.2022

Felicia King and Dan Moyer of QPC Security talk about vulnerability management, patch management and all the things that business owners are generally not understanding adequately. As a result of that, you're being underserved, misled, and in some cases were lied to and ripped off. Ultimately, many business owners are refusing to pay for what they need for adequate risk management because they don...

Signs of insufficient networking knowledge 17.07.2022

Scenario 1 Phone VLAN on a switch and cross connected into a Firebox with desk phones, PCs, and printers in the environment Questions we actually got: On Monday, we send over the list of what switch ports are for printers, which are for PCs, and which are for desk phones. Technician says that two of the three phones are not working. We use our awesome switches to find out exactly where these other...

About Password Managers 16.07.2022

More than 80% of breaches occur due to credential theft. All organizations have compliance requirements to have org-owned password management systems and MFA enforcement on accounts used by employees and contractors. Some other needs which must be met are: Compliance attestation documentation Proper use of the best MFA method on a per resource basis Aligning business continuity objectives with cyb...

Requirements for premise hosted assets; cybersecurity, BCDR, and more 01.07.2022

You should not put things in the cloud unless you can secure them there at least as good as a highly competent professional would have if they had that asset on premise. Cloud hosted assets have additional risks. Counterparty risk Additional outage and accessibility risk You have less control You have less security over the human or governmental access to your content Zero 4th Amendment protection...

Virtual Patching, Telecom Fraud, Running VM Server on NAS 03.06.2022

I got a request to post this podcast from 12/1/2018 to podbean. Here it is.

Video management system appliance analysis 03.06.2022

Originally aired: 11/1/2018. I had a request to post this older podcast to Podbean, so here it is. VMS Appliance cost analysis between the "appliance" version and the "you get a real server" version. https://qualityplusconsulting.com/BBytes/QPCAnalysisOnAxisVideoRecorderServer.pdf

Why real server hardware is usually the most cost-effective option 03.06.2022

I got a request to publish a podcast I did a few years back on podbean, so here it is. Originally this was from 10/19/2018.   Usually there is no substitute for real server hardware. Attempts to pay less for server hardware almost always end up costing you more in the long-run. Windows 10 as of Build 1809 10/2/2018 has an IPv6 requirement. There are a bunch problems with that. We cover the option...

Resources for job candidates in cybersecurity - What you need to do to be employable 01.06.2022

Overview Listen to the podcast or the list of these resources may not make sense to you. You cannot secure what you cannot engineer, implement, maintain, and support. Security was always infused into IT if you did IT correctly. I know. I've been doing IT since 1993 and was programming in third grade. Security was ALWAYS part of a proper strategy.  I'm always trying to add to the team. But I find t...

Right-sized software 17.05.2022

Amazing interview with Colin Ruskin, CEO of WorkOptima, on the topic of right-sized software. Colin has an incredible talent at being able to distill the truth of something into a catchy and memorable tagline using spot on metaphors. Some highlights: Can I actually use the software and benefit from it? Floors versus software that grows with you All features all the time, but license it at the per-...

Listen to the QPC Security - Breakfast Bytes podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.