Penetration testing is something that more companies and organizations should be considering a necessary expense. Pen Testing is an important aspect of discovery and identifying potential critical vulnerabilities within your organizations exte

CIS Control 17 - Incident Response Management - Sponsored by Exigence

Jun 2nd, 2023 53m 38s

The biggest takeaway from CIS Control 17 is that planning and communication are critical when responding to an incident. The longer an intruder has access to your network, the more time they’ve had to embed themselves into your systems. Communi

CIS Control 16 - Application Software Security - Sponsored by Manicode

Mar 14th, 2023 1h 6m

CIS Control 16 - Application Software SecurityThe way in which we interact with applications has changed dramatically over years. Organizations use applications in day-to-day operations to manage their most sensitive data and control access to

CIS Control 15 - Service Provider Management

Jan 22nd, 2023 1h 2m

LastPass and the recent Rackspace Exchange incident are two prime examples of "why" this Control is Critical!!Develop a process to evaluate service providers who hold sensitive data, or are responsible for critical IT platforms or processes, to

CIS Control 14 - Security Awareness and Skills Training - sponsored by Phin Security

Nov 9th, 2022 1h 17m

MSP/MSSPs should offer solutions to provide users with frequent security awareness training to increase its overall security posture. The information provided by the security awareness training should be relevant and provide insights into recen

CIS Control 13 - Network Monitoring and Defense - sponsor by ConnectWise

Sep 29th, 2022 1h 6m

Network monitoring and defense is one of only two controls that does not contain any Implementation Group 1 Safeguards in Controls version 8. This control is geared towards mature MSPs, MSSPs & organizations who have a mindset of continuous i

CIS Control 12 - Network Infrastructure Management - sponsored by Domotz!

Jul 7th, 2022 57m 28s

Abstract: Network Infrastructure Management - Establish, implement, and actively manage network devices, in order to prevent attackers from exploiting vulnerable network services and access points. Network infrastructure devices can be physical

CIS Control 11 - Data Recovery - sponsored by Datto!

May 24th, 2022 1h 4m

Abstract: Data loss can be a consequence of a variety of factors from malicious ransomware, threat actors using "Double Extortion" and exfiltration, human error and natural disasters like hurricanes. Regardless of the reason for data loss, we

CIS Control 10 - Malware Defenses - sponsored by Malwarebytes!

Apr 26th, 2022 48m 34s

Abstract: With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing your MSP and clients. Malware defenses must be able to operate in a dynamic environment through automation, timely a

CIS Control 9 - Email & Web Browser Protections - sponsored by Cisco Secure MSP

Mar 17th, 2022 56m 13s

Abstract: Web browsers and email clients are very common points of entry for attackers because of their direct interaction with users inside an organization. Content can be crafted to entice or spoof users into disclosing credentials, providin

CIS Control 8 - Audit Log Management - sponsored by Blackpoint Cyber

Feb 12th, 2022 59m 43s

Abstract: Log collection and analysis is critical for an organization's ability to detect malicious activity quickly. Sometimes audit logs are the only evidence of a successful attack. Attackers know that many organizations keep audit logs fo

CIS Control 7 - Continuous Vulnerability Management - sponsored by CyberCNS

Dec 22nd, 2021 54m 37s

Note we discuss Log4j as this is a very timely topic to this control. Abstract: Cyber defenders are constantly being challenged from attackers who are looking for vulnerabilities within their infrastructure to exploit and gain access. Defenders

CIS Control 6 - Access Control Management - sponsored by Appgate

Nov 23rd, 2021 52m 6s

Abstract: It is easier for an external or internal threat actor to gain unauthorized access to assets or data through using valid user credentials than through "hacking" the environment. There are many ways to covertly obtain access to user ac

CIS Control 5 - Account Management - sponsored by Keeper Security

Oct 19th, 2021 1h 4m

Abstract: There are many ways to covertly obtain access to user accounts, including: week passwords, accounts still valid after a user leaves the enterprise, dormant or lingering test accounts, shared accounts that have not been changed in mont

Control 4: Secure Configuration of Enterprise Assets - sponsored by ThreatLocker

Aug 26th, 2021 45m 36s

Abstract: Learn why the number one thing organizations can do to defend their networks against top attacks, is to implement secure configurations! Azure Breach (8/26/2021): According To Wiz who found the CosmosDB Vulnerability, they quote: "Da

Control 3: Data Protection (part 1) - Sponsored by Netwrix

Jul 9th, 2021 25m 16s

Abstract: CIS Control 3 is Data Protection and data is pretty much what's at stake for a high percentage of cyber attacks. Data is more valuable than oil and it fuels many organizations. Many of the baseline security recommendations from all o

Control 3: Data Protection (part 2) - Sponsored by Datto

Jul 9th, 2021 31m 15s

Control 1 & 2: Inventory Control of Enterprise Hardware & Software Assets - Sponsored by CyberCNS

Jun 9th, 2021 39m 34s

Abstract: There is a cybersecurity saying; “you can’t protect what you don’t know about.” Without visibility into your information assets, their value, where they live, how they relate to each other and who has access to them, any strategy for

Multifactor Authentication (MFA) - sponsored by Cisco Duo

May 11th, 2021 36m 19s

Google reports that Multifactor Authentication (MFA) prevents more than 96% of bulk phishing attempts and more than 76% of targeted attacks that are credential based.In this episode, learn how MFA maps to the different security frameworks, the

Rate