19 episodes

The CyberCast is purpose built for MSPs, MSSPs and IT Practitioners.In each episode you will learn about a new security control, how it maps to the different frameworks, the impact it has, building a policy around it, how the threat actors exploit it - via MITRE ATT&CK - what you can do to defend against it - MITRE Shield, common mistakes or oversights made when implementing into their tech stack and trends.Sponsors:Datto - CIS Control 3 - Data ProtectionNetwrix - CIS Control 3 - Data ProtectionDuo - CIS Control - Multifactor Authentication

The CyberCast Andrew Morgan

    • Technology
    • 4.7 • 15 Ratings

The CyberCast is purpose built for MSPs, MSSPs and IT Practitioners.In each episode you will learn about a new security control, how it maps to the different frameworks, the impact it has, building a policy around it, how the threat actors exploit it - via MITRE ATT&CK - what you can do to defend against it - MITRE Shield, common mistakes or oversights made when implementing into their tech stack and trends.Sponsors:Datto - CIS Control 3 - Data ProtectionNetwrix - CIS Control 3 - Data ProtectionDuo - CIS Control - Multifactor Authentication

    CIS Control 18 - Penetration Testing - Sponsored by Hacket Cyber

    CIS Control 18 - Penetration Testing - Sponsored by Hacket Cyber

    Penetration testing is something that more companies and organizations should be considering a necessary expense. Pen Testing  is an important aspect of discovery and identifying potential critical vulnerabilities within your organizations external network, internal network, applications, or systems. They provide a valuable insight on how your digital and human assets perform.

    In this episode we review the criticality of scoping a Pen Test, along with differences between Pen Testing, Red Teaming and Vulnerability Assessment. Why should you choose one over the other and when would one proceed the other.

    Sponsored by: Hacket Cyber and post game interview with Founder James Carroll.  Hacket Cyber is a security consulting firm specializing in penetration testing, ethical hacking, and industry-leading cybersecurity services. Our offerings are purpose-built for the MSP, MSSP, and VAR channels.  https://hacketcyber.com/partner/
    James Carroll LinkedIn: https://www.linkedin.com/in/jchax/

    Co-hosts:
    Ryan Weeks: https://www.linkedin.com/in/ryanweeks/
    Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/
    Wes Spencer: https://www.linkedin.com/in/wesspencer/

    • 1 hr 6 min
    CIS Control 17 - Incident Response Management - Sponsored by Exigence

    CIS Control 17 - Incident Response Management - Sponsored by Exigence

    The biggest takeaway from CIS Control 17 is that planning and communication are critical when responding to an incident. The longer an intruder has access to your network, the more time they’ve had to embed themselves into your systems. Communicating with everyone involved can help limit the duration between attack and clean-up.
    Establish a program to develop and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare, detect, and quickly respond to an attack.
    Our sponsor: Exigence (https://www.exigence.io) is a multi-tenant, Incident Readiness, Incident Response platform, built for MSP/MSSPs. Drive new revenue streams and meet cyber insurance & regulatory requirements for Incident Response plans and tabletops.
     
    The Exigence platform gives you full control of critical incidents by uniquely addressing every aspect of the incident – turning an unstructured situation into one that is structured and easy to manage. ​
     It coordinates all stakeholders and systems all the time, orchestrates complex workflows from trigger to resolution, simplifies the post-mortem, and always leverages lessons learned for doing it even better next time.
    Contact Noam here: noam@exigence.io

    Co-hosts:
    Ryan Weeks: https://www.linkedin.com/in/ryanweeks/
    Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/
    Wes Spencer: https://www.linkedin.com/in/wesspencer/
    '

    • 53 min
    CIS Control 16 - Application Software Security - Sponsored by Manicode

    CIS Control 16 - Application Software Security - Sponsored by Manicode

    CIS Control 16 - Application Software Security
    The way in which we interact with applications has changed dramatically over years. Organizations use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against it to bypass network security controls and compromise sensitive data.  NOTE: Crowdstrike notes that Cloud based attacks and initial access via these systems has increased 112%, therefore SaaS applications, their potential vulnerabilities and misconfigurations along with initial access are all being focused on by threat actors.

    **Jim Manico at minute 52:40 - do not miss!!**

    Our sponsor: Jim Manico, Founder of Manicode is considered the "Godfather" of the OWASP Top 10 and trains software development teams around the globe. His firm helps organizations building secure code and creates programs to address the primary cause of insecurity, which is the lack of secure software development practices.
    Contact Jim here: https://manicode.com/

    Co-hosts:
    Ryan Weeks: https://www.linkedin.com/in/ryanweeks/
    Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/
    Wes Spencer: https://www.linkedin.com/in/wesspencer/
    '

    • 1 hr 6 min
    CIS Control 15 - Service Provider Management

    CIS Control 15 - Service Provider Management

    LastPass and the recent Rackspace Exchange incident are two prime examples of "why" this Control is Critical!!

    Develop a process to evaluate service providers who hold sensitive data, or are responsible for critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately.

    Identify your business needs and create a set of standards that can be used to grade services providers that are being proposed. 
    Organize and monitor all services providers that are associated with your business. Keeping an inventory of all services providers will enable you to monitor them in case they update their policies. 
    Co-hosts:
    Ryan Weeks: https://www.linkedin.com/in/ryanweeks/
    Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/
    Wes Spencer: https://www.linkedin.com/in/wesspencer/

    • 1 hr 2 min
    CIS Control 14 - Security Awareness and Skills Training - sponsored by Phin Security

    CIS Control 14 - Security Awareness and Skills Training - sponsored by Phin Security

    MSP/MSSPs should offer solutions to provide users with frequent security awareness training to increase its overall security posture. The information provided by the security awareness training should be relevant and provide insights into recent security incidents. Training should also reiterate the necessity of using strong passwords, spotting and reporting phishing attacks, as well as properly handling personal information. 
    Security awareness training should include frequent phishing tests. Phishing tests allow users to learn from their mistakes and utilize their training to spot actual phishing attacks. These phishing tests should be specially crafted for different departments within an enterprise. Specially crafted phishing tests are harder to detect and demonstrate the value of security awareness training.
    👏Special thanks to Phin Security for their sponsorship and interview.

    Connor Swalm: https://www.linkedin.com/in/connor-swalm/

    Co-hosts:
    Ryan Weeks: https://www.linkedin.com/in/ryanweeks/
    Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/
    Wes Spencer: https://www.linkedin.com/in/wesspencer/

    • 1 hr 17 min
    CIS Control 13 - Network Monitoring and Defense - sponsor by ConnectWise

    CIS Control 13 - Network Monitoring and Defense - sponsor by ConnectWise

    Network monitoring and defense is one of only two controls that does not contain any Implementation Group 1 Safeguards in Controls version 8.  This control is geared towards mature MSPs, MSSPs & organizations who have a mindset of  continuous improvement  that involves people, process, and technology.  Service providers  need a well-trained staff that executes on their network monitoring, detection, logging, correlation of events in order to thwart malicious attacks.

    👏Special thanks for ConnectWise sponsorship and interview.

    Drew Sanford: https://www.linkedin.com/in/drewsanford/

    Co-hosts:
    Ryan Weeks: https://www.linkedin.com/in/ryanweeks/
    Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/
    Wes Spencer: https://www.linkedin.com/in/wesspencer/

    • 1 hr 6 min

Customer Reviews

4.7 out of 5
15 Ratings

15 Ratings

LukesLove ,

Every MSP needs to listen to this.

The title says it all.

Jiggity JMart ,

Excellent

Great podcast for the folks in the MSP space! Heck of a host too.

Top Podcasts In Technology

Lex Fridman Podcast
Lex Fridman
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Dwarkesh Podcast
Dwarkesh Patel
TED Radio Hour
NPR
Acquired
Ben Gilbert and David Rosenthal
Hard Fork
The New York Times