In this monthly podcast for business executives and information security professionals, industry veterans Michael Markulec and Matthew Webster chat with guests about the latest cyber news, threats, and trends impacting small and medium businesses. Harbor’s proactive rather than reactive solutions help our clients develop the cybersecurity program necessary to take their organization to the next level. Harbor's innovative processes are based on industry-standard frameworks that are tailored to meet the needs of small and medium-sized businesses.
Matthew meets with Mary-Beth Macaluso, the CEO of Paynela, a company determined to stop the cost of medication from being a barrier of access for patients. Being a company founded just under a year ago, they discuss challenges and tips for starting a company in the cybersecurity sector, including the importance of finding a good partner to team up with and rely on.
Michael meets with Chris Hale, an IT expert and co-founder of Technology Response Team in Colorado. They discuss the importance of SMBs taking the steps to transition from managed services to managed security services. They also talk about staying ahead of emerging technologies being implemented by bad actors and Chris shares his thoughts on some tips to follow during October’s Cybersecurity Awareness Month.
Michael and Matthew meet to talk about the 20th year of Cybersecurity Awareness Month coming in October. They mention four simple steps both individuals and businesses can take to stay cyber-safe. They discuss recommendations including using multi-factor authentication, implementing a password manager, and give tips on how to create strong passwords.
Michael talks with David Abodunrin, who is the Cybersecurity Project Manager/Enterprise Agile Coach at Cybarik in Manchester, UK. They discuss all things information security, such as the cost of security, but also how essential it is to a business and how important awareness training is for every single employee at a company. They also explain why it’s not solely businesses that are susceptible to cyber attacks- individuals are just as vulnerable on their personal devices.
Michael talks with Laura Bell Main, an Application Security Specialist and the CEO of Safestack Academy. Safestack Academy works to educate software developers on how to incorporate security into their systems. In this episode, Michael and Laura discuss how often software teams should be testing their security and how implementing security can protect and benefit companies, individual employees, and clients. Laura also offers advice for companies wanting to keep their information secure with new technology emerging.
In this episode, Michael talks with Kingsley Hill, the Regional Director at Freeman Clarke. They delve into the role of fractional CIOs and CTOs in mid-market companies. They discuss how these technology experts provide valuable insights into understanding technological challenges and the emergence of new technologies like AI and increased computing power. They also talk about how to mitigate cyber risks for remote employees.
In this episode, Matthew is joined by Nishat Azam, Director of Compliance at Cypher LLC. They discuss a small business' journey to achieving CMMC compliance and becoming a C3PAO. Nishat provides valuable insights into the steps businesses must take to prepare for a CMMC audit and achieve certification, as well as general advice on navigating cybersecurity compliance.
In this podcast, Matthew interviews Nathan Hamiel, the Senior Director of Research at Kudelski Security, where they discuss various topics surrounding AI. They cover the areas of security, LLMs, and the social language of ChatGPT. Their discussion also includes privacy concerns such as intellectual property versus personal property, as well as Nathan's thoughts on how AI technology can be utilized in the short and long-term future.
Michael meets with Mark Phander, the Risk Adviser at CBIZ Borden Perlman. They talk about the rise in cyber insurance coverage for businesses, how cyber insurance and cybersecurity practices have evolved at CBIZ, and how clients and businesses have reacted in recent years to cyber policy changes. Mark describes why Multi-Factor-Authentication (MFA) is essential nowadays and which types of devices and accounts should be protected through MFA. They also talk about protecting your Personal Identifying Information (PII) and the process and importance of educating yourself on safe cyber practices.
Matthew talks to Nicholas Blank, the CEO of NBConsult, and Chris Goosen, Technology Consultant and Microsoft MVP about Zero Trust. They discuss its guiding principles, including what to do if a vendor contacts your business regarding Zero Trust. They also talk about the importance of using complex passwords, enabling MFA for Cloud Services, and Privilege Account Management as a business.
Check out the related links below with topics discussed in this episode:
Michael and Matthew are back after a holiday break to continue The Perfect Storm Podcast in 2023. They discuss possible upcoming trends in cybersecurity this year and current news circulating in the cyber field. They give advice about how to best protect your business’s data by choosing the right companies for insurance and third-party risk management. They also bring up AI chatbots becoming more popular and the importance of staying up to date on compliance certifications.
Matthew meets with security expert Lisa Lorenzin, a former Field CTO-AMS at Zscaler. They discuss the evolution of the modern workplace over the last few years, especially with the increase in remote workers. They focus on a variety of topics in the history and current state of remote work, including cloud-based security services, secure web gateway and proxy, and firewall and remote access VPNs, to name a few. They also talk about the future of remote work with the help of new cybersecurity technology.
Matthew talks with Richard Shapiro, the Chief Financial and Operating Officer at Sierra Canyon School in California. They discuss why it is vital to educate students and teachers on security practices and describe a class offered at Sierra Canyon that teaches students how to be cyber-safe. They also talk about how cybersecurity differs at schools from other organizations as well as the cost and benefit of implementing a security system to protect sensitive information.
Matthew meets with David Lennon, the Director of Enterprise Solutions at FireMon. They talk about managing firewall rules, cyber threat maps, and the importance of having good cyber hygiene. They also discuss Firemon’s move to cloud security operations, specifically focusing on access control for users.
Matthew meets with Matt Hagovsky, the North American Sales Engineering VP for Cybereason. They discuss how Cybereason approaches endpoint attacks by distilling all alerts into one to help users map out their cyber vulnerabilities in a quicker and more useful way. They also talk about how detection endpoint response has advanced over the years and how cyber companies with different resources have adapted to these technologies. They mention the differences between MDR (Managed Detection & Response) and EDR (Endpoint Detection & Response) and how they could affect your choice of MSP (Market Service Provider).
Mike Dekock returns, in his third episode with The Perfect Storm Podcast, to discuss with Matthew what to look for in a SOC 2 report. They talk about requirements for SOC 2 that customers should be sure they include and go into further detail about each step of creating a SOC 2 report. Mike also explains how it could help customers to consider doing research on their auditor to be sure they include all the right information in their report.
Michael meets with Scott Schober, the President, and CEO of Berkeley Varitronics Systems. Scott is an expert in wireless security technology and is a best-selling author of numerous books on cybersecurity. They discuss Scott's role at the company in educating businesses on the importance of cybersecurity and how BV Systems is constantly developing tools and technologies to keep consumers and businesses safe from threats. They also talk about the fundamental issue of weak passwords.
Michael talks with Erick Burd, who is a Network Engineer at a large NJ University and Chairperson of the Hopewell Twp. Board of Fire Commissioners. Erick discusses the challenges faced within the IT department, such as the pandemic and budget limitations. They also talk about how security is part of all aspects of IT in Erick's workplace and bring up other topics like the Internet of things (IoT).
Michael meets with Jean-guy R. Lauture MPP, CG-CIO, the Assistant Township Administrator in the Technology Department for Bloomfield Township, NJ. Jean-guy talks about many of the projects within the township that the IT Department takes on. They discuss how different projects in the municipality require the help of IT, including keeping systems up-to-date and cyber-safe through phishing tests, and other specifics involving the private sector.
Matthew speaks with Luke Wegryn, the Co-founder of Pensive Security, about the company and how he started it. They discuss the main services provided, including cybersecurity penetration testing on web, mobile, and cloud devices. They also talk about when it is important to perform a pen test and mention Pensive Security's other consulting services that provide help to SMBs.
Matthew and Mike DeKock, the CEO of MJD Advisors, meet a second time to discuss preparation for SOC 2 (Service Organization Control 2) and audit certification. In this episode, they discuss cost, the differences between SOC type 1 and SOC type 2, and more about the certification process.
Michael meets with Matt Burch, the VP of ComportSecure. They talk about some of the services ComportSecure provides, including IT Solutions, Managed Services, and Cloud Services. They also discuss other cybersecurity topics such as BaaS (Backup as a Service), ransomware, and EDR solutions (Endpoint Detection and Response).
Matthew talks with Tim Erlin, the former VP of Tripwire and long-time security expert, about compliance with PCI (Payment Card Industry). They describe the importance of PCI compliance and how it can help protect against attacks such as credential theft. They also discuss the concept of zero-trust and Tim's future career in the security business.
Matthew meets with Mike DeKock, the Founder and CEO of MJD Advisors to talk all about SOC 2 (Service Organization Control 2). As his company specializes in SOC 2, Mike talks about how MJD Advisors helps explain the service to clients and how he guides them through the process. They also discuss how often some organizations should be doing a SOC 2 report versus the standard.
Matthew meets with Deborah Rose, the COO at Goalsetter. She explains how Goalsetter was founded, and how it helps teach children and families how to be financially healthy. They also talk about how that connects to cybersecurity and how banks and fintech differ.
Matthew talks with Alex, the VP Cyber Solutions Leader at Hylant, about cyber insurance. They discuss risk transfer programs and the importance of an incident response plan. They also mention the human risk factor and how employees can impact businesses, specifically through ransomware.
Michael meets with Elaine, the Chief Strategy Officer at Springboard IT, part of Springboard Media. They talk about how Springboard IT outsources help for businesses with Mac and iOS IT support. They also discuss other services Springboard IT provides as an MSP (Managed Service Provider), especially during the pandemic.
Matthew meets with Lynn Burns, the President of the nonprofit organization NCMS. They discuss how NCMS volunteers support and educate its 7,000 members on CMMC (Cybersecurity Maturity Model Certification) to protect CUI (controlled unclassified information). They talk about contractor security tips for government workers and the importance of protecting paper documents as well as digital.
Matthew talks with Matt Cerny, the Director of Information Security at Integra Life Sciences and long-time cyber expert. They discuss cyber encryption and the importance of educating employees in cyber safety. They also talk about being approachable cyber professionals so that employees feel comfortable asking for help.
Matthew talks with Julian Sylvestro, the Director of Insurance and Legal Verticals at Secureworks. They discuss the need for cybersecurity insurance and different types of coverage. They also talk about the assistance that Secureworks provides for its customers.
Matthew meets with Jim Cavanagh, the Owner and Principal Consultant of Executive Healthcare Consulting. Jim talks about his extensive career in IT and healthcare consulting and the challenges that healthcare workers have been facing during the pandemic. They also bring up the rise in ransomware and the use of cryptocurrency.
Matthew meets with Lee Sult, the General Manager at Corvid Cyberdefense to discuss cloud computing and cloud security. They also talk about the shared security model that cloud providers, such as Amazon Web Services (AWS), around the world implement in their security.
Matthew and Michael chat about cybersecurity trends over the last year and discuss upcoming trends to look out for in 2022. They talk about the future of CMMC, risk management, and security awareness training. They also mention Apache Log4j and its vulnerabilities in 2021 that could continue to cause issues in the new year.
Michael meets with Loredana Niculae, the CEO of NNC Services, which is a marketing company that provides strategies for IT companies and professional service companies. They discuss a few marketing strategies, such as marketing businesses to a specific persona and understanding your buyer. Loredana also explains how creating a space for a community of professionals to get together can benefit everyone and give opportunities to collaborate in a similar field.
Michael talks with David Trapani, the owner of sales and training organization, Sandler Training. They discuss how changes in technology and cybersecurity regulations have affected sales processes. David also brings up the benefits of reinforcement training through security awareness.
Matthew talks with John Britton about CMMC updates in John’s second episode of the Perfect Storm. John is the Technical Director for Corvid Cyberdefense, a partner of Harbor TG. They detail the changes in CMMC, from version 1.3 to the new 2.0 version, and discuss each level within the new version of the certification. John also describes CMMC versus NIST 800-171, and gives tips to small businesses about cybersecurity and preparing for cybersecurity certification.
Michael talks with Evan Kennedy, a security consultant here at Harbor Technology Group, about his nearly two years working at Harbor. They discuss Harbor’s approach to awareness training, including the two-prong curriculum for simulated phishing. Evan also details the difference between vulnerability scanning versus ethical hacking penetration testing and gives tips for SMBs on how to respond to simulated phishing emails.
Matthew has a discussion with Johnny Lieberman and Zack Miller of Worklyn Partners, an investing and operating company they co-founded. They discuss how they created the company and their plan for creating a one-stop-shop provider of cybersecurity services for mid-market and SMB customers. With Matthew, they detail the many different security solutions advertised in the market -- XDR (Extended Detection and Response), EDR (Endpoint Detection and Response), and MDR (Managed Detection and Response) – and comment on trends they are seeing in the M&A market, especially with private equity firms growing more interested in the space.
Matthew has a discussion with Anton Major, the Director of Technology at VelocIT about what his job is like managing an organization’s IT as a Managed Service Provider (MSP). They talk about changes in the company and its clients during the pandemic, specifically how a hybrid work environment affects IT. Anton also brings up other topics such as VPNs and cloud services and gives tips for staying safe while working remotely.
Matthew has a discussion with John Verry, the CISO and Solutions Director at Pivot Point Security, about a number of services that Pivot Point Security provides. Some of the services they mention include individual IoT device penetration tests, full organization vulnerability assessments, and ISO 27000 certification. John explains the positives of working with smaller businesses and the importance of meeting with a cybersecurity professional in order to be sure each organization is well-protected.
Matthew talks with John Britton, the Technical Director at Corvid Cyberdefense to discuss a number of topics surrounding CMMC. John explains his role at Corvid and the company’s approach to helping their clients find the best time to implement a plan for CMMC as well as providing them with a strong and affordable cyber defense team.
This week, Michael meets with Tommy McDowell, the General Manager at Celerium. They talk about Celerium and its focus on supply chain cyber protection. Tommy gives tips for identifying sensitive information and protecting it through different security measures. Lastly, they discuss how CMMC has changed in the last couple of years and how Celerium can help prepare organizations to meet the new requirements.
Matthew meets with William Compton, the CIO at Integra Life Sciences, to talk about how Integra adapted to remote work during the pandemic. They also discuss the importance of being prepared both as an individual and as an organization for security testing, specifically email trust and being cyber safe on social media.
Michael talks with Craig Sandman, the President and Founder at Symbol Security about security awareness and training for employees. They discuss how to avoid email phishing and malware attacks, credential theft, and other ways to avoid ransomware attacks and scams using Symbol Security’s training.
In this episode, cyber experts Michael and Matthew give an introduction to the podcast, as well as a description of Harbor Technology Group's services. They explain a range of services from cyber risk advisory to vCISO consulting to meet specific security requirements without putting a strain on your IT budget. Additionally, they talk about how these can allow businesses to make informed, fact-based decisions and manage cyber risk.