In this bi-weekly podcast for business executives and information security professionals, industry veterans Michael Markulec and Matthew Webster chat with guests about the latest cyber news, threats, and trends impacting small and medium businesses. Harbor’s proactive rather than reactive solutions help our clients develop the cybersecurity program necessary to take their organization to the next level. Harbor's innovative processes are based on industry-standard frameworks that are tailored to meet the needs of small and medium-sized businesses.
Mike Dekock returns, in his third episode with The Perfect Storm Podcast, to discuss with Matthew what to look for in a SOC 2 report. They talk about requirements for SOC 2 that customers should be sure they include and go into further detail about each step of creating a SOC 2 report. Mike also explains how it could help customers to consider doing research on their auditor to be sure they include all the right information in their report.
Michael meets with Scott Schober, the President, and CEO of Berkeley Varitronics Systems. Scott is an expert in wireless security technology and is a best-selling author of numerous books on cybersecurity. They discuss Scott's role at the company in educating businesses on the importance of cybersecurity and how BV Systems is constantly developing tools and technologies to keep consumers and businesses safe from threats. They also talk about the fundamental issue of weak passwords.
Michael talks with Erick Burd, who is a Network Engineer at a large NJ University and Chairperson of the Hopewell Twp. Board of Fire Commissioners. Erick discusses the challenges faced within the IT department, such as the pandemic and budget limitations. They also talk about how security is part of all aspects of IT in Erick's workplace and bring up other topics like the Internet of things (IoT).
Michael meets with Jean-guy R. Lauture MPP, CG-CIO, the Assistant Township Administrator in the Technology Department for Bloomfield Township, NJ. Jean-guy talks about many of the projects within the township that the IT Department takes on. They discuss how different projects in the municipality require the help of IT, including keeping systems up-to-date and cyber-safe through phishing tests, and other specifics involving the private sector.
Matthew speaks with Luke Wegryn, the Co-founder of Pensive Security, about the company and how he started it. They discuss the main services provided, including cybersecurity penetration testing on web, mobile, and cloud devices. They also talk about when it is important to perform a pen test and mention Pensive Security's other consulting services that provide help to SMBs.
Matthew and Mike DeKock, the CEO of MJD Advisors, meet a second time to discuss preparation for SOC 2 (Service Organization Control 2) and audit certification. In this episode, they discuss cost, the differences between SOC type 1 and SOC type 2, and more about the certification process.
Michael meets with Matt Burch, the VP of ComportSecure. They talk about some of the services ComportSecure provides, including IT Solutions, Managed Services, and Cloud Services. They also discuss other cybersecurity topics such as BaaS (Backup as a Service), ransomware, and EDR solutions (Endpoint Detection and Response).
Matthew talks with Tim Erlin, the former VP of Tripwire and long-time security expert, about compliance with PCI (Payment Card Industry). They describe the importance of PCI compliance and how it can help protect against attacks such as credential theft. They also discuss the concept of zero-trust and Tim's future career in the security business.
Matthew meets with Mike DeKock, the Founder and CEO of MJD Advisors to talk all about SOC 2 (Service Organization Control 2). As his company specializes in SOC 2, Mike talks about how MJD Advisors helps explain the service to clients and how he guides them through the process. They also discuss how often some organizations should be doing a SOC 2 report versus the standard.
Matthew meets with Deborah Rose, the COO at Goalsetter. She explains how Goalsetter was founded, and how it helps teach children and families how to be financially healthy. They also talk about how that connects to cybersecurity and how banks and fintech differ.
Matthew talks with Alex, the VP Cyber Solutions Leader at Hylant, about cyber insurance. They discuss risk transfer programs and the importance of an incident response plan. They also mention the human risk factor and how employees can impact businesses, specifically through ransomware.
Michael meets with Elaine, the Chief Strategy Officer at Springboard IT, part of Springboard Media. They talk about how Springboard IT outsources help for businesses with Mac and iOS IT support. They also discuss other services Springboard IT provides as an MSP (Managed Service Provider), especially during the pandemic.
Matthew meets with Lynn Burns, the President of the nonprofit organization NCMS. They discuss how NCMS volunteers support and educate its 7,000 members on CMMC (Cybersecurity Maturity Model Certification) to protect CUI (controlled unclassified information). They talk about contractor security tips for government workers and the importance of protecting paper documents as well as digital.
Matthew talks with Matt Cerny, the Director of Information Security at Integra Life Sciences and long-time cyber expert. They discuss cyber encryption and the importance of educating employees in cyber safety. They also talk about being approachable cyber professionals so that employees feel comfortable asking for help.
Matthew talks with Julian Sylvestro, the Director of Insurance and Legal Verticals at Secureworks. They discuss the need for cybersecurity insurance and different types of coverage. They also talk about the assistance that Secureworks provides for its customers.
Matthew meets with Jim Cavanagh, the Owner and Principal Consultant of Executive Healthcare Consulting. Jim talks about his extensive career in IT and healthcare consulting and the challenges that healthcare workers have been facing during the pandemic. They also bring up the rise in ransomware and the use of cryptocurrency.
Matthew meets with Lee Sult, the General Manager at Corvid Cyberdefense to discuss cloud computing and cloud security. They also talk about the shared security model that cloud providers, such as Amazon Web Services (AWS), around the world implement in their security.
Matthew and Michael chat about cybersecurity trends over the last year and discuss upcoming trends to look out for in 2022. They talk about the future of CMMC, risk management, and security awareness training. They also mention Apache Log4j and its vulnerabilities in 2021 that could continue to cause issues in the new year.
Michael meets with Loredana Niculae, the CEO of NNC Services, which is a marketing company that provides strategies for IT companies and professional service companies. They discuss a few marketing strategies, such as marketing businesses to a specific persona and understanding your buyer. Loredana also explains how creating a space for a community of professionals to get together can benefit everyone and give opportunities to collaborate in a similar field.
Michael talks with David Trapani, the owner of sales and training organization, Sandler Training. They discuss how changes in technology and cybersecurity regulations have affected sales processes. David also brings up the benefits of reinforcement training through security awareness.
Matthew talks with John Britton about CMMC updates in John’s second episode of the Perfect Storm. John is the Technical Director for Corvid Cyberdefense, a partner of Harbor TG. They detail the changes in CMMC, from version 1.3 to the new 2.0 version, and discuss each level within the new version of the certification. John also describes CMMC versus NIST 800-171, and gives tips to small businesses about cybersecurity and preparing for cybersecurity certification.
Michael talks with Evan Kennedy, a security consultant here at Harbor Technology Group, about his nearly two years working at Harbor. They discuss Harbor’s approach to awareness training, including the two-prong curriculum for simulated phishing. Evan also details the difference between vulnerability scanning versus ethical hacking penetration testing and gives tips for SMBs on how to respond to simulated phishing emails.
Matthew has a discussion with Johnny Lieberman and Zack Miller of Worklyn Partners, an investing and operating company they co-founded. They discuss how they created the company and their plan for creating a one-stop-shop provider of cybersecurity services for mid-market and SMB customers. With Matthew, they detail the many different security solutions advertised in the market -- XDR (Extended Detection and Response), EDR (Endpoint Detection and Response), and MDR (Managed Detection and Response) – and comment on trends they are seeing in the M&A market, especially with private equity firms growing more interested in the space.
Matthew has a discussion with Anton Major, the Director of Technology at VelocIT about what his job is like managing an organization’s IT as a Managed Service Provider (MSP). They talk about changes in the company and its clients during the pandemic, specifically how a hybrid work environment affects IT. Anton also brings up other topics such as VPNs and cloud services and gives tips for staying safe while working remotely.
Matthew has a discussion with John Verry, the CISO and Solutions Director at Pivot Point Security, about a number of services that Pivot Point Security provides. Some of the services they mention include individual IoT device penetration tests, full organization vulnerability assessments, and ISO 27000 certification. John explains the positives of working with smaller businesses and the importance of meeting with a cybersecurity professional in order to be sure each organization is well-protected.
Matthew talks with John Britton, the Technical Director at Corvid Cyberdefense to discuss a number of topics surrounding CMMC. John explains his role at Corvid and the company’s approach to helping their clients find the best time to implement a plan for CMMC as well as providing them with a strong and affordable cyber defense team.
This week, Michael meets with Tommy McDowell, the General Manager at Celerium. They talk about Celerium and its focus on supply chain cyber protection. Tommy gives tips for identifying sensitive information and protecting it through different security measures. Lastly, they discuss how CMMC has changed in the last couple of years and how Celerium can help prepare organizations to meet the new requirements.
Matthew meets with William Compton, the CIO at Integra Life Sciences, to talk about how Integra adapted to remote work during the pandemic. They also discuss the importance of being prepared both as an individual and as an organization for security testing, specifically email trust and being cyber safe on social media.
Michael talks with Craig Sandman, the President and Founder at Symbol Security about security awareness and training for employees. They discuss how to avoid email phishing and malware attacks, credential theft, and other ways to avoid ransomware attacks and scams using Symbol Security’s training.
In this episode, cyber experts Michael and Matthew give an introduction to the podcast, as well as a description of Harbor Technology Group's services. They explain a range of services from cyber risk advisory to vCISO consulting to meet specific security requirements without putting a strain on your IT budget. Additionally, they talk about how these can allow businesses to make informed, fact-based decisions and manage cyber risk.