Sponsor: Tandem Cyber Solutions

https://tandemcybersolutions.com/csuitecyber/

___________________________________

Description

In this episode of the C-Suite Cyber Podcast, hosts AJ and Mike discuss emerging cybersecurity threats, the role of managed service providers (MSPs), and the challenges faced by businesses in maintaining compliance. They introduce guest Tyler York, owner of WYRE Technology, who shares insights on the services provided by MSPs, the importance of understanding client needs, and the dynamics of different industries. The conversation also touches on the impact of regulation on cybersecurity practices and the difficulties of scaling operations within an MSP.

WYRE Technology

https://wyretechnology.com/Tyler Yorkhttps://www.linkedin.com/in/tyleratwyre/

___________________________________

Let's connect!

LinkedIn https://www.linkedin.com/company/c-suite-cyber-podcast

X https://x.com/suite_cybe82537

Instagram https://www.instagram.com/csuitecyberpodcast/

TikTok www.tiktok.com/@c_suite_cyber_podcast

Discord https://discord.gg/ftZcs5h2

___________________________________

Keywords

cybersecurity, managed service provider, compliance, IT services, cybersecurity threats, industry insights, MSP challenges, cybersecurity trends, C-suite executives, technology solutions, sales, hiring, training, reputation, cybersecurity, trust, vulnerabilities, character, legacy code, power generation, MFA, penetration testing, cybersecurity, vulnerability assessment, ethical hacking, physical security, MSP security, risk management, user training, cyber insurance, MFA, cybersecurity, risk assessment, cyber insurance, MSP regulations, AI in cybersecurity, client priorities, education security, endpoint protection, security controls

Sponsor: Tandem Cyber Solutions

For all your pen testing needs, check them out at https://tandemcybersolutions.com/csuitecyber/

Summary

In this episode of the C-suite cyber podcast, hosts AJ and Mike engage with Keith, a seasoned cybersecurity professional with a rich background in law enforcement and military service. The conversation explores Keith's journey from a police officer to a cybersecurity expert, discussing the skills and mindset required for success in the field. They delve into the differences between traditional forensics and cybersecurity, the importance of continuous learning, and the dynamics of teaching and learning in the cybersecurity space. The episode also highlights key recommendations for executives regarding cybersecurity practices, the significance of regular penetration testing, and the collaborative nature of effective cybersecurity solutions. In this conversation, the hosts discuss various aspects of cybersecurity, emphasizing the importance of teamwork, user education, and the challenges of maintaining security in a cost-effective manner. They explore the risks associated with passwords, the significance of live interactions for community engagement, and the adventures in nature that highlight risk assessment. The conversation also touches on the vulnerabilities in government cybersecurity, the concerns surrounding SaaS and API security, and the critical role of maintenance personnel in safeguarding systems.

Chapters

00:00 Introduction to the C-Suite Cyber Podcast

02:25 Keith's Background: From Military to Cybersecurity

06:08 The Differences Between Police Work and Cyber Forensics

07:31 Learning and Teaching Cybersecurity

13:35 The Journey into Offensive Security

15:05 First Success in Hacking: A Memorable Experience

16:45 The Importance of Persistence in Cybersecurity

19:48 Personal Introductions and Career Paths

25:29 Pen Testing Insights: Recommendations for Executives

27:43 The Importance of Regular Vulnerability Scanning

28:36 Cost-Effectiveness of Proactive Security Measures

32:04 Team Effort in Cybersecurity

39:49 Future Plans: Community Engagement

42:24 Travel Recommendations

47:29 Exploring Croatia: A Romantic Adventure

48:36 Bitcoin ATMs: A New Trend?

49:43 In The Comments Section

52:05 Treasury Security Breach: Understanding the Risks

58:23 API Security: The Overlooked Vulnerability

01:04:16 SaaS Security: Trusting Third-Party Vendors

01:09:20 The Human Element: Risks in Cybersecurity

01:10:05 Summary

Keywords

cybersecurity, penetration testing, law enforcement, hacking, compliance, executive recommendations, cybersecurity education, problem solving, offensive security, defensive security, cybersecurity, password security, team effort, SaaS security, API security, risk assessment, outdoor adventures, live interactions, government cybersecurity, vendor risks

In this episode ofC-suite Cyber, we dive into the critical role of quality assurance in cybersecurity. From distinguishing QA vs. QC to overcoming challenges in training, standards, and playbook development, we explore how organizations can foster a culture of learning and continuous improvement. Topics include AI's potential, the talent shortage, critical thinking, and balancing chaos with productivity in high-stress environments.

In this episode of the C-suite cyber podcast, hosts AJ and Mike delve into the complexities of hiring in the cybersecurity field. They share personal experiences of both good and bad hires, emphasizing the importance of technical knowledge, cultural fit, and leadership in building effective teams. The conversation also touches on the challenges of rotational programs, employee retention strategies, and the significance of understanding employee motivations. Through anecdotes and insights, the hosts aim to equip executives with the knowledge to make informed hiring decisions that positively impact their organizations.Chapters

00:00 Introduction to C-Suite Cyber Podcast

01:12 The Importance of Hiring in Cybersecurity

02:20 Nightmares of Bad Hires

10:41 Case Studies of Hiring Mistakes

15:09 The Role of Intelligence in Cybersecurity

19:16 Effective Communication in Cybersecurity

28:53 Building a Supportive Team Culture

31:40 The Value of Rotational Programs

31:58 Training and Productivity in Early Career Roles

34:14 The Challenges of Hiring and Retaining Talent

38:02 The Importance of Culture and Motivation in Retention

40:48 Employee Motivations

43:45 Certification and Qualification in Cybersecurity Roles

51:00 Leadership and Talent Development Strategies

01:01:32 Navigating Politics and Team Dynamics

01:04:23 The Importance of Leadership in Team Success

01:05:42 Hiring Practices: Quality Over Quantity

01:07:17 The Role of AI in Cybersecurity

01:11:30 Building Effective Security Operations Centers (SOCs)

01:16:30 The Challenges of Breaking into Cybersecurity

01:20:38 Leveraging Technology for Efficiency

01:24:08 The Consequences of Poor Hiring Decisions

01:28:09 The Value of Trust and Communication in Leadership

01:31:02 Strategizing for Cybersecurity Success

Sponsor:Tandem Cyber Solutions

Free Vendor Check List from Tandem

Summary

In this episode of the C-suite cyber podcast, Anthony Jirouschek and Mike discuss the intricacies of penetration testing, including its definition, methodologies, and the importance of understanding the risks involved. They delve into the scoping of penetration tests, the frameworks that guide them, and how organizations can determine their readiness for such assessments. The conversation also covers how to find a reputable penetration testing company and the potential pitfalls of outsourcing these services.

Keywords

penetration testing, cybersecurity, vulnerability assessment, red teaming, security compliance, risk management, security frameworks, pen test readiness, security maturity, penetration testing companies, penetration testing, cybersecurity, service providers, compliance, auto dealerships, hacker mindset, team collaboration, Tandem Cyber Solutions

Chapters

00:00 Introduction to Penetration Testing

01:59 Understanding Penetration Testing vs. Vulnerability Scanning

04:36 Exploitation and Vulnerabilities Explained

06:32 Scoping a Pen Test: Assumed Breach vs. External Testing

17:27 Frameworks and Methodologies in Pen Testing

26:06 When to Consider a Penetration Test

32:27 Maturity Levels and Readiness for Pen Testing

41:38 The Importance of Patch Management

44:24 Finding a Good Penetration Testing Company

52:22 Trusting Your Penetration Testing Consultant

59:34 Understanding Service Providers vs. Penetration Tests

01:06:48 Hiring a Hacker's Mindset

01:13:42 The Challenges of Leadership and Communication

01:19:31 Understanding Compliance Regulations

01:30:13 The Unique Value of Tandem Cyber Solutions

Sponsor:Tandem Cyber Solutions

In this episode, the hosts delve into the critical topics of vulnerabilities and exploits in cybersecurity. They discuss the definitions and differences between vulnerabilities and exploits, the importance of identifying vulnerabilities within organizations, and the essential role of patch management. Real-world examples, including the SolarWinds attack and SQL injection vulnerabilities, are explored to illustrate the impact of these issues. The conversation also highlights the significance of threat intelligence in understanding and mitigating risks in cybersecurity.Chapters

00:00 Introduction to Vulnerabilities and Exploits

01:32 Understanding Vulnerabilities: Definitions and Examples

09:13 Identifying Vulnerabilities: Tools and Techniques

14:29 Patch Management: Importance and Best Practices

17:29 Real-World Examples of Vulnerabilities and Exploits

28:23 Understanding the SolarWinds Attack

32:06 Exploring the MoveIt Vulnerability

37:29 The Role of Threat Intelligence

40:04 The Pyramid of Pain in Cybersecurity

43:23 Threat Intel

50:27 Utilizing Shodan for Vulnerability Discovery

57:36 Understanding Vulnerability Scans and Exploits

01:04:40 The Impact of Eternal Blue and Vulnerability Management

01:14:57 Navigating Privilege Escalation Techniques

01:21:59 Exploiting LLMNR Poisoning for Network Access

01:27:51 Exploit Techniques and Real-World Applications

01:31:21 Understanding Log4Shell Vulnerability

01:36:12 The Impact of Dependencies on Vulnerability Management

01:41:42 ProxyShell and Microsoft Vulnerabilities

01:52:09 The Importance of Patch Management

* We are not lawyers or finance people. Go see a professional for specific advice on your situation.

Sponsor: Tandem Cyber Solutions

Your go to penetration testing partner

https://tandemcybersolutions.com/csuitecyber/

In this episode of the C-suite Cyber Podcast, hosts Anthony Jirouschek and Mike discuss the critical aspects of choosing vendors for cybersecurity solutions. They emphasize the importance of having clear requirements, understanding vendor maturity, and the necessity of thorough testing and comparison of products. The conversation also delves into contract negotiation, highlighting the need for clarity on responsibilities and security implications. Finally, they explore best practices for implementation to ensure successful integration of security solutions. Chapters

00:00 Introduction to C-Suite Cyber Podcast

01:28 Choosing the Right Vendors

09:46 Testing and Comparing Security Products

21:46 Understanding Contracts and SLAs

34:15 Implementation Strategies for Security Solutions

56:10 Implementation and Testing of Security Tools

01:02:44 Understanding Adversaries and Security Measures

01:06:00 Vendor Risks and Dangers

01:14:23 Ethics in Security Research and Reporting

01:24:59 Privacy and Trust in Technology

01:37:08 Final Thoughts on Security Practices

Other Links

The Gili Ra'anan model

Petya Ransomware Outbreak Originated in Ukraine via Tainted Accounting Software

Wargames: Analyzing the Act of War Exclusion in Insurance Coverage and Its Implications for Cybersecurity Policy

Darknet Diaries EP77: Olympic DestroyerHacktivist Entity USDoD Claims to Have Leaked CrowdStrike’s Threat Actor List