Podcast appearances and mentions of wes spencer

Welcome to another episode of Evolved Radio Podcast! Today we have an insightful discussion lined up with cybersecurity expert Wes Spencer. We explore the critical need for governance and how cyber insurance is a catalyst for improved security practices in small businesses. We also touch on the hype cycle in the cybersecurity industry and the need to move beyond a tool-centric focus. We also discuss strategies for protecting our kids in the digital age, from screen time limits to open conversations about social media. Finally, we chat about the influence of private equity in the MSP market and if that is a net negative or positive. Wes is a bright mind in our industry and is also willing to speak honestly and openly. I really enjoyed this conversation, and I'm sure you will, too. Let's dive in. This episode is brought to you by Evolved Management Training Courses. Online courses specifically crafted for MSP needs. A Service Manager BootCamp course, a project manager for MSPs course, an MSP security fundamentals course, and an IT Documentation Done Right course.

In this episode of the SMBC podcast, we have three special cohost!   Host James sits with Alex Farling, Wes Spencer and Kyle Christensen of Empath.   https://www.empathmsp.com/   Tune in as we discuss the next big moves for Empath.    ---   Our upcoming events: Kernan Mastermind Roadshow Dec 7-8th, 2023 in Newport Beach CA –    http://bit.ly/kernanmastermind   https://kernanconsulting-mastermind.mykajabi.com/mastermind-event     Use code: EARLYBIRD   Jan 16-18th in Honolulu HI – MSSP Sales/Marketing workshop https://conference.fornixmarketing.com/hawaii-conference-3364   Our Social Links: https://www.linkedin.com/in/james-kernan-varcoach/ https://www.facebook.com/james.kernan https://www.facebook.com/karlpalachuk/ https://www.linkedin.com/in/karlpalachuk/ https://www.linkedin.com/in/amybabinchak/ https://www.facebook.com/amy.babinchak/    

Penetration testing is something that more companies and organizations should be considering a necessary expense. Pen Testing  is an important aspect of discovery and identifying potential critical vulnerabilities within your organizations external network, internal network, applications, or systems. They provide a valuable insight on how your digital and human assets perform.In this episode we review the criticality of scoping a Pen Test, along with differences between Pen Testing, Red Teaming and Vulnerability Assessment. Why should you choose one over the other and when would one proceed the other.Sponsored by: Hacket Cyber and post game interview with Founder James Carroll.  Hacket Cyber is a security consulting firm specializing in penetration testing, ethical hacking, and industry-leading cybersecurity services. Our offerings are purpose-built for the MSP, MSSP, and VAR channels.  https://hacketcyber.com/partner/James Carroll LinkedIn: https://www.linkedin.com/in/jchax/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

Wes Spencer is VP and Channel Chief for FifthWall Solutions, one of the largest cyber insurance brokers in the country. He has served as a senior executive and advisor from Fortune 500 to funded startups and was awarded the 2020 Cybersecurity Educator of the Year by the Cybersecurity Excellence Awards. He has served on multiple advisory committees with distinguished organizations such as American Banker, Sentinel One, and FS-ISAC., and currently serves on the Department of Homeland Security AIS advisory committee. --- Send in a voice message: https://podcasters.spotify.com/pod/show/virtual-ciso-moment/message

The biggest takeaway from CIS Control 17 is that planning and communication are critical when responding to an incident. The longer an intruder has access to your network, the more time they've had to embed themselves into your systems. Communicating with everyone involved can help limit the duration between attack and clean-up.Establish a program to develop and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare, detect, and quickly respond to an attack.Our sponsor: Exigence (https://www.exigence.io) is a multi-tenant, Incident Readiness, Incident Response platform, built for MSP/MSSPs. Drive new revenue streams and meet cyber insurance & regulatory requirements for Incident Response plans and tabletops. The Exigence platform gives you full control of critical incidents by uniquely addressing every aspect of the incident – turning an unstructured situation into one that is structured and easy to manage. ​ It coordinates all stakeholders and systems all the time, orchestrates complex workflows from trigger to resolution, simplifies the post-mortem, and always leverages lessons learned for doing it even better next time.Contact Noam here: noam@exigence.io Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/'

CIS Control 16 - Application Software SecurityThe way in which we interact with applications has changed dramatically over years. Organizations use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against it to bypass network security controls and compromise sensitive data.  NOTE: Crowdstrike notes that Cloud based attacks and initial access via these systems has increased 112%, therefore SaaS applications, their potential vulnerabilities and misconfigurations along with initial access are all being focused on by threat actors.**Jim Manico at minute 52:40 - do not miss!!**Our sponsor: Jim Manico, Founder of Manicode is considered the "Godfather" of the OWASP Top 10 and trains software development teams around the globe. His firm helps organizations building secure code and creates programs to address the primary cause of insecurity, which is the lack of secure software development practices. Contact Jim here: https://manicode.com/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/'

The attacks that make cyber insurance an absolute necessity for you and your clients keep ratcheting up—and so do the costs. Is there any end in sight for MSPs?Hear from cybersecurity expert Wes Spencer and insurance professional Chris Wilkerson on how we ended up in this wild cyber insurance market, where it goes from here, and most importantly, how you can get a handle on rising cyber insurance premiums in your MSP business. See the full transcript with resource links:https://www.syncromsp.com/podcast/001Love Workflow for MSPs? Leave us a review: https://www.lovethepodcast.com/workflow ---Workflow for MSPs is brought to you by Syncro, the integrated platform for running a profitable MSP. Enjoy PSA, RMM, and remote access in one affordable package. https://www.syncromsp.com

LastPass and the recent Rackspace Exchange incident are two prime examples of "why" this Control is Critical!!Develop a process to evaluate service providers who hold sensitive data, or are responsible for critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately.Identify your business needs and create a set of standards that can be used to grade services providers that are being proposed. Organize and monitor all services providers that are associated with your business. Keeping an inventory of all services providers will enable you to monitor them in case they update their policies. Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

Vulnerabilities and exploits happen to be very common in today's threat landscape and not all vulnerabilities are actionable. I sit down with Wes Spencer, of Fifth Wall, to provide insights to solution providers on how to communicate with their vendors and their clients in a way that is actionable and with credibility. As the saying goes, "You are either part of the problem or part of the solution."

In today's MSP Dispatch, we discuss T-Mobile partnering with SpaceX to provide satellite-powered network connectivity, MSP Legislation Today and Tomorrow, the new trend of Quiet Quitting. Plus, NetDragon Websoft appoints Robot as CEO, BCM One sends notification of email breach, and more! MSP Dispatch is your source for news, community events, and commentary in the MSP channel.  Hosted by: Tony Francisco and Ray Orsini Give us your feedback by emailing news@mspmedia.tv   0:00 Intro 2:39 Quiet Quitting or Setting Boundaries 8:47 T-Mobile partners with SpaceX to provide satellite-powered network connectivity 14:11 MSP Legislation Today and Tomorrow 19:37 Notable Mentions 22:39 Feedback 23:55 Community Events 25:32 Sign-off 26:31 Outtakes Story Links: Quiet Quitting or Setting Boundaries https://www.businessinsider.com/is-quiet-quitting-new-genz-tiktok-millennial-boomer-2022-8 https://www.businessinsider.com/quiet-quitting-job-limits-companies-manager-employee-unpaid-work-2022-8 https://www.youtube.com/watch?v=eLxbq6vnGFY T-Mobile partners with SpaceX to provide satellite-powered network connectivity https://siliconangle.com/2022/08/26/t-mobile-partners-spacex-provide-satellite-powered-network-connectivity/ MSP Legislation Today and Tomorrow https://www.msspalert.com/cybersecurity-guests/msp-regulations-what-legislation-exists-today-and-whats-on-the-horizon/ NetDragon Websoft appoints Robot as CEO? https://bitcoinist.com/metaverse-company-appoints-robot-as-ceo/ Learning to interact with the FBI with Special Agent in Charge Matthew J. DeSarno https://www.youtube.com/watch?v=3ORvoWJtBeU Learn more about the National Society of IT Service Providers: https://nsitsp.org/ Community Events: 8/30 @ 2:00 pm ET | What Have You Done for Me Lately: Communicating the value of Cybersecurity in your QBRs | Presented by Huntress and Lifecycle Insights 8/30 – 9/1 Virtual Event | Battle Royale PitchIT Presented by The Channel Program 9/1 @ 6:30 pm ET | The Tech Bar Podcast Ep. 42 with Reid Wellock, Wes Spencer and Luke Walker 9/2 @ 10:00 am ET | MSP Dispatch Week Wrap Up Presented by The MSP Media Network 9/2 @ 5:00 pm ET | 38 at 38 Ep. 4 featuring Mario Gallego Connect with our hosts:  Tony Francisco: https://www.linkedin.com/in/tonyjfrancisco/Ray Orsini: https://www.linkedin.com/in/rayorsini/ Be sure to follow us on social media:  Facebook: https://www.facebook.com/mspmediatv/ Twitter: https://twitter.com/mspmediatv LinkedIn: https://www.linkedin.com/company/mspmediatv/ Instagram: https://www.instagram.com/mspmediatv   Reddit: https://www.reddit.com/r/mspmedia Discord: https://discord.gg/Hc7b55cJPF

In today's MSP Dispatch, we discuss T-Mobile partnering with SpaceX to provide satellite-powered network connectivity, MSP Legislation Today and Tomorrow, the new trend of Quiet Quitting. Plus, NetDragon Websoft appoints Robot as CEO, BCM One sends notification of email breach, and more! MSP Dispatch is your source for news, community events, and commentary in the MSP channel.  Hosted by: Tony Francisco and Ray Orsini Give us your feedback by emailing news@mspmedia.tv   0:00 Intro 2:39 Quiet Quitting or Setting Boundaries 8:47 T-Mobile partners with SpaceX to provide satellite-powered network connectivity 14:11 MSP Legislation Today and Tomorrow 19:37 Notable Mentions 22:39 Feedback 23:55 Community Events 25:32 Sign-off 26:31 Outtakes Story Links: Quiet Quitting or Setting Boundaries https://www.businessinsider.com/is-quiet-quitting-new-genz-tiktok-millennial-boomer-2022-8 https://www.businessinsider.com/quiet-quitting-job-limits-companies-manager-employee-unpaid-work-2022-8 https://www.youtube.com/watch?v=eLxbq6vnGFY T-Mobile partners with SpaceX to provide satellite-powered network connectivity https://siliconangle.com/2022/08/26/t-mobile-partners-spacex-provide-satellite-powered-network-connectivity/ MSP Legislation Today and Tomorrow https://www.msspalert.com/cybersecurity-guests/msp-regulations-what-legislation-exists-today-and-whats-on-the-horizon/ NetDragon Websoft appoints Robot as CEO? https://bitcoinist.com/metaverse-company-appoints-robot-as-ceo/ Learning to interact with the FBI with Special Agent in Charge Matthew J. DeSarno https://www.youtube.com/watch?v=3ORvoWJtBeU Learn more about the National Society of IT Service Providers: https://nsitsp.org/ Community Events: 8/30 @ 2:00 pm ET | What Have You Done for Me Lately: Communicating the value of Cybersecurity in your QBRs | Presented by Huntress and Lifecycle Insights 8/30 – 9/1 Virtual Event | Battle Royale PitchIT Presented by The Channel Program 9/1 @ 6:30 pm ET | The Tech Bar Podcast Ep. 42 with Reid Wellock, Wes Spencer and Luke Walker 9/2 @ 10:00 am ET | MSP Dispatch Week Wrap Up Presented by The MSP Media Network 9/2 @ 5:00 pm ET | 38 at 38 Ep. 4 featuring Mario Gallego Connect with our hosts:  Tony Francisco: https://www.linkedin.com/in/tonyjfrancisco/Ray Orsini: https://www.linkedin.com/in/rayorsini/ Be sure to follow us on social media:  Facebook: https://www.facebook.com/mspmediatv/ Twitter: https://twitter.com/mspmediatv LinkedIn: https://www.linkedin.com/company/mspmediatv/ Instagram: https://www.instagram.com/mspmediatv   Reddit: https://www.reddit.com/r/mspmedia Discord: https://discord.gg/Hc7b55cJPF

In today's MSP Dispatch, we discuss how MSP Marketplaces are changing channel dynamics for solution and service providers, the prospect of Microsoft offering NCE relief and the SolarWinds hackers gaining access to the powerful ‘MagicWeb” authentication bypass. Plus, more lessons in dealing with Ransomware, Plex's data breach, Duck Duck Go's new email protection service, and more. MSP Dispatch is your source for news, community events, and commentary in the MSP channel.  Hosted by: Tony Francisco and Ray Orsini Give us your feedback by emailing news@mspmedia.tv   0:00 Intro 2:17 How MSP Marketplaces are Changing Channel Dynamics for Solution and Service Providers 7:52 Microsoft will Offer NCE Relief in October 13:48 Microsoft: SolarWinds hackers gain powerful 'MagicWeb' authentication bypass 19:48 Notable Mentions 24:02 Feedback 24:24 Community Events 26:31 Sign-off 28:02 Outtakes Story Links: Capitol Drops ‘Virtual Rapper' FN Meka After Backlash Over Stereotypes https://www.nytimes.com/2022/08/23/arts/music/fn-meka-dropped-capitol-records.html How MSP Marketplaces are Changing Channel Dynamics for Solution and Service Providers https://www.msptoday.com/topics/msp-today/articles/453296-how-msp-marketplaces-changing-channel-dynamics-solution-service.htm Microsoft will Offer NCE Relief in October https://www.crn.com/news/cloud/microsoft-will-offer-nce-relief-in-october-pax8-s-nick-heddy Microsoft: SolarWinds hackers gain powerful 'MagicWeb' authentication bypass https://www.zdnet.com/article/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass/ Notable Mentions: This Company Paid a Ransom Demand. Hackers Leaked its Data Anyway https://www.zdnet.com/article/this-company-paid-a-ransom-demand-hackers-leaked-its-data-anyway/ Plex Warns Users to Reset Passwords after a Data Breach https://www.bleepingcomputer.com/news/security/plex-warns-users-to-reset-passwords-after-a-data-breach/ Anyone can Sign Up for DuckDuckGo's Privacy-Protecting @duck.com Email Address https://www.theverge.com/2022/8/25/23318759/duckduckgo-email-protection-service-available-everyone-open-beta Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html Community Events: 8/30 @ 10:00 am ET | MSP Dispatch Presented by The MSP Media Network 8/30 @ 2:00 pm ET | What Have You Done for Me Lately: Communicating the value of Cybersecurity in your QBRs | Presented by Huntress and Lifecycle Insights 8/30 – 9/1 Virtual Event | Battle Royale PitchIT Presented by The Channel Program 9/1 @ 6:30 pm ET | The Tech Bar Podcast Ep. 42 with Reid Wellock, Wes Spencer and Luke Walker 9/2 @ 10:00 am ET | MSP Dispatch Week Wrap Up Presented by The MSP Media Network 9/2 @ 5:00 pm ET | 38 at 38 Ep. 4 featuring Mario Gallego Connect with our hosts:  Tony Francisco: https://www.linkedin.com/in/tonyjfrancisco/Ray Orsini: https://www.linkedin.com/in/rayorsini/ Be sure to follow us on social media:  Facebook: https://www.facebook.com/mspmediatv/ Twitter: https://twitter.com/mspmediatv LinkedIn: https://www.linkedin.com/company/mspmediatv/ Instagram: https://www.instagram.com/mspmediatv   Reddit: https://www.reddit.com/r/mspmedia Discord: https://discord.gg/Hc7b55cJPF

In today's MSP Dispatch, we discuss how MSP Marketplaces are changing channel dynamics for solution and service providers, the prospect of Microsoft offering NCE relief and the SolarWinds hackers gaining access to the powerful ‘MagicWeb” authentication bypass. Plus, more lessons in dealing with Ransomware, Plex's data breach, Duck Duck Go's new email protection service, and more. MSP Dispatch is your source for news, community events, and commentary in the MSP channel.  Hosted by: Tony Francisco and Ray Orsini Give us your feedback by emailing news@mspmedia.tv   0:00 Intro 2:17 How MSP Marketplaces are Changing Channel Dynamics for Solution and Service Providers 7:52 Microsoft will Offer NCE Relief in October 13:48 Microsoft: SolarWinds hackers gain powerful 'MagicWeb' authentication bypass 19:48 Notable Mentions 24:02 Feedback 24:24 Community Events 26:31 Sign-off 28:02 Outtakes Story Links: Capitol Drops ‘Virtual Rapper' FN Meka After Backlash Over Stereotypes https://www.nytimes.com/2022/08/23/arts/music/fn-meka-dropped-capitol-records.html How MSP Marketplaces are Changing Channel Dynamics for Solution and Service Providers https://www.msptoday.com/topics/msp-today/articles/453296-how-msp-marketplaces-changing-channel-dynamics-solution-service.htm Microsoft will Offer NCE Relief in October https://www.crn.com/news/cloud/microsoft-will-offer-nce-relief-in-october-pax8-s-nick-heddy Microsoft: SolarWinds hackers gain powerful 'MagicWeb' authentication bypass https://www.zdnet.com/article/microsoft-solarwinds-hackers-gain-powerful-magicweb-authentication-bypass/ Notable Mentions: This Company Paid a Ransom Demand. Hackers Leaked its Data Anyway https://www.zdnet.com/article/this-company-paid-a-ransom-demand-hackers-leaked-its-data-anyway/ Plex Warns Users to Reset Passwords after a Data Breach https://www.bleepingcomputer.com/news/security/plex-warns-users-to-reset-passwords-after-a-data-breach/ Anyone can Sign Up for DuckDuckGo's Privacy-Protecting @duck.com Email Address https://www.theverge.com/2022/8/25/23318759/duckduckgo-email-protection-service-available-everyone-open-beta Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts https://thehackernews.com/2022/08/google-uncovers-tool-used-by-iranian.html Community Events: 8/30 @ 10:00 am ET | MSP Dispatch Presented by The MSP Media Network 8/30 @ 2:00 pm ET | What Have You Done for Me Lately: Communicating the value of Cybersecurity in your QBRs | Presented by Huntress and Lifecycle Insights 8/30 – 9/1 Virtual Event | Battle Royale PitchIT Presented by The Channel Program 9/1 @ 6:30 pm ET | The Tech Bar Podcast Ep. 42 with Reid Wellock, Wes Spencer and Luke Walker 9/2 @ 10:00 am ET | MSP Dispatch Week Wrap Up Presented by The MSP Media Network 9/2 @ 5:00 pm ET | 38 at 38 Ep. 4 featuring Mario Gallego Connect with our hosts:  Tony Francisco: https://www.linkedin.com/in/tonyjfrancisco/Ray Orsini: https://www.linkedin.com/in/rayorsini/ Be sure to follow us on social media:  Facebook: https://www.facebook.com/mspmediatv/ Twitter: https://twitter.com/mspmediatv LinkedIn: https://www.linkedin.com/company/mspmediatv/ Instagram: https://www.instagram.com/mspmediatv   Reddit: https://www.reddit.com/r/mspmedia Discord: https://discord.gg/Hc7b55cJPF

In today's MSP Dispatch, we welcome special guest Wes Spencer of FifthWall Solutions to discuss the pitfalls of CyberSecurity insurance, plus we cover the new USB Rubber Duckies, what's wrong with VPNs on iOS, and more. MSP Dispatch is your source for news, community events, and commentary in the MSP channel.  Hosted by: Tony Francisco and Ray Orsini Give us your feedback by emailing news@mspmedia.tv   0:00 Intro 2:07 Rubber Duckies are Back 7:11 PC Store Told It Can't Claim Full Cyber-Crime Insurance 8:00 Wes Spencer Interview 12:43 iOS VPN Apps are Broken 19:48 Notable Mentions 21:03 Feedback 22:13 Community Events 24:04 Sign-off 25:06 Outtakes Story Links: Rhythm Nation music video resonance 5400 RPM drives https://devblogs.microsoft.com/oldnewthing/20220816-00/?p=106994 The new USB Rubber Ducky is more dangerous than ever https://www.theverge.com/23308394/usb-rubber-ducky-review-hack5-defcon-duckyscript PC Store Told It Can't Claim Full #Cyber-Crime Insurance after Social-Engineering Attack https://www.theregister.com/2022/08/16/social_engineering_cyber_crime_insurance/ Partner First | How to Leverage Cyber Insurance as a Risk Manager https://www.youtube.com/watch?v=taiPneoCJBE iOS VPN apps are broken, says security researcher, and Apple has known for years https://9to5mac.com/2022/08/18/ios-vpn-apps/ Update Chrome now to patch actively exploited zero-day (similar story as the one above) https://arstechnica.com/information-technology/2022/08/update-chrome-now-to-patch-actively-exploited-zero-day/ TechCrunch launches TheTruthSpy #spyware lookup tool https://techcrunch.com/2022/08/17/thetruthspy-spyware-lookup-tool/ Community Events: 8/21 - 8/23 In Person Event | XChange: Denver, CO 8/23 @ 10:00 am ET | MSP Dispatch Presented by The MSP Media Network 8/23 - 8/24 In Person Event | ASCII Success Summit: Miami, FL 8/24 - 8/25 In Person Event | 7FigureMSP Live Event: Charlotte, NC 8/26 @ 10:00 am ET | MSP Dispatch Week Wrap Up Presented by The MSP Media Network Connect with our hosts:  Tony Francisco: https://www.linkedin.com/in/tonyjfrancisco/Ray Orsini: https://www.linkedin.com/in/rayorsini/ Connect with our special guest, Wes Spencer of FifthWall Solutions: https://www.linkedin.com/in/wesspencer/ https://www.youtube.com/c/WesSpencer Be sure to follow us on social media:  Facebook: https://www.facebook.com/mspmediatv/ Twitter: https://twitter.com/mspmediatv LinkedIn: https://www.linkedin.com/company/mspmediatv/ Instagram: https://www.instagram.com/mspmediatv   Reddit: https://www.reddit.com/r/mspmedia Discord: https://discord.gg/Hc7b55cJPF

Join Reid Wellock and Wes Spencer of Fithwall Solutions alongside our host Ray Orsini as they discuss how an MSP tackles the areas of risk that surround their daily work. How should an MSP perceive cyber liability when helping their client complete insurance applications? What are the Do's and Don't-You-Dare's of entering the cyber insurance process with your clients? We'll dive into all these questions and more to help MSPs own risk management and bring on the right insurance partners. The event will be hosted live on August 18th at 1:00 pm EST on our YouTube Channel and Facebook Page! Be sure to follow our guests on LinkedIn and ask some questions for the event! Reid Wellock: https://www.linkedin.com/in/reid-wellock-020714b/ Wes Spencer: https://www.linkedin.com/in/wesspencer/

Join Reid Wellock and Wes Spencer of Fithwall Solutions alongside our host Ray Orsini as they discuss how an MSP tackles the areas of risk that surround their daily work. How should an MSP perceive cyber liability when helping their client complete insurance applications? What are the Do's and Don't-You-Dare's of entering the cyber insurance process with your clients? We'll dive into all these questions and more to help MSPs own risk management and bring on the right insurance partners. The event will be hosted live on August 18th at 1:00 pm EST on our YouTube Channel and Facebook Page! Be sure to follow our guests on LinkedIn and ask some questions for the event! Reid Wellock: https://www.linkedin.com/in/reid-wellock-020714b/ Wes Spencer: https://www.linkedin.com/in/wesspencer/

Abstract: Log collection and analysis is critical for an organization's ability to detect malicious activity quickly.  Sometimes audit logs are the only evidence of a successful attack.  Attackers know that many organizations keep audit logs for compliance purposes, but rarely analyze them.   Due to poor log analysis processes, attackers sometimes control victim machines for months or years without anyone in the target organization knowing.  In this episode, learn about using logs in incident management, analyzing what to log and the numerous factors to establish a successful audit log management process.Sponsor: Blackpoint Cyber interview with Travis Brittain, Director of Product Enablement. Logging & Compliance: https://blackpointcyber.com/logic/Travis Brittain: https://www.linkedin.com/in/tbrittain/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

Note we discuss Log4j as this is a very timely topic to this control. Abstract: Cyber defenders are constantly being challenged from attackers who are looking for vulnerabilities within their infrastructure to exploit and gain access. Defenders must have timely threat information available to them about: software updates, patches, security advisories, threat bulletins, etc., and they should regularly review their environment to identify these vulnerabilities before the attackers do. Understanding and managing vulnerabilities is a continuous activity, requiring focus of time, attention, and resources. Sponsor: CyberCNS interview with Shiva Shankar, CTO & Founder at minute 45:22.Learn more here: https://www.cybercns.com/ (free trial)Shiva Shankar: https://www.linkedin.com/in/shivashankarj/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

Abstract: It is easier for an external or internal threat actor to gain unauthorized access to assets or data through using valid user credentials than through "hacking" the environment.  There are many ways to covertly obtain access to user accounts, including: week passwords, accounts still valid after a user leaves the organization, dormant or lingering test accounts, shared accounts that have not been changed in months or years, service accounts embedded in applications for scripts, a user having the same password as the one they use for an online account which was compromised in a public password dump.  Listen as our hosts break down the people, process and technology to implement effective and secure account management.Sponsor: Appgate interview with Tina Gravel, SVP Channels and Alliances at minute 37:20. Learn more here: https://www.appgate.com/ Tina Gravel: https://www.linkedin.com/in/tinagravel/Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

Abstract: There are many ways to covertly obtain access to user accounts, including: week passwords, accounts still valid after a user leaves the enterprise, dormant or lingering test accounts, shared accounts that have not been changed in months or years, service accounts embedded  in applications for scripts, a user having the same password  as one they used for an online account.  Learn how CIS Control 5 can mitigate some of the most common ways  credentials are compromised.Sponsor: Keeper Security interview with Marcia Dempster, Sr. Director of Channel Sales at minute 48:21.  Learn more here: https://www.keepersecurity.com/Marcia Dempster: https://www.linkedin.com/in/marcia-dempster-03280914/Sponsor: CIS CIS-CAT (https://learn.cisecurity.org/cis-cat-lite)Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

Abstract:  Learn why the number one thing organizations can do to defend their networks against top attacks, is to implement secure configurations! Azure Breach (8/26/2021): According To Wiz who found the CosmosDB Vulnerability, they quote: "Database exposures have become alarmingly common in recent years as more companies move to the cloud, and the culprit is usually a misconfiguration in the customer's environment."   https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databasesSponsor: ThreatLocker interview with CEO, Danny Jenkins at minute 31:58.  Learn more here: https://www.threatlocker.com/Sponsor: CIS CIS-CAT (https://learn.cisecurity.org/cis-cat-lite)Co-hosts:Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/

In this episode, I was joined by Andrew Morgan, founder at The Cyber Nation, and Rachel Rovegno, sales business development manager at Cisco. The Cyber Nation is a community built specifically for MSPs and MSSPs. Andrew is a cybersecurity focused solution strategist who has worked previously at ConnectWise, Logic Monitor and TruMethods. Rachel is responsible for leading the global orchestration and execution of Cisco's partner managed services and security go to market strategy. We talked about the current cybersecurity market for MSPs, and the two types of MSP Andrew has identified. Rachel explained how Cisco work to keep their clients safe, and the importance of community. We also discussed the way cybersecurity has changed in recent years, the questions MSPs should ask their vendor partners, and what opportunities cybersecurity presents to MSPs. Mentioned in This Episode https://www.thecybernation.com/feed (The Cyber Nation) https://www.cisco.com/ (Cisco) The CyberCall https://www.thecybercast.com/ (The CyberCast) https://www.crowdcast.io/e/threat-modeling-workshop (Threat Modeling Workshop) https://wildwesthackinfest.com/antisyphon// (Black Hills Information Security Training) https://www.linkedin.com/in/wesspencer/ (Wes Spencer) https://www.linkedin.com/in/ryanweeks/ (Ryan Weeks) https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ (Phyllis Lee) https://www.linkedin.com/in/kelvintegelaar/ (Kelvin Tigelaar) https://www.linkedin.com/in/johnhammond010/ (John Hammond)

Security continues to be a top priority for MSPs. On our latest podcast, Wes Spencer hosts a panel with ConnectWise Invent vendors Bitdefender, Third Wall and Traceless to discuss the evolution of ransomware tools, tactics and procedures. We will cover third party risk, tactics threat actors employ, zero trust and how an MSP can build maturity in cyber resilience.

This content was recorded at IT Nation Secure in June 2021. Listen as our panel of cybersecurity experts, including Jay Ryerse, Wayne Selk, Drew Sanford, and Wes Spencer, take questions from a live audience and discuss why a cybersecurity risk assessment is essential for MSPs. Hint: cybersecurity is not just about the tools you're using!

Abstract: CIS Control 3 is Data Protection and data is pretty much what's at stake for a high percentage of cyber attacks.  Data is more valuable than oil and it fuels many organizations.   Many of the baseline security recommendations from all of the security frameworks out there now recommend, or REQUIRE if you're in a regulated industry such as healthcare, that certain things like full disk encryption are simply put into place no matter your risk profile.  Much of what's in the Data Protection Control represents the modern reality of cybersecurity.Note: we split up Data Protection into two shorter podcasts (about 20 minutes each) and therefore, you will see a "part 1 & part 2". Part 2 focuses in depth into CIS Control 3 and the Safeguards 3 - 7 (formerly called sub controls).Co-hosts in part 2 are: Ryan Weeks, CISO of Datto and Wes Spencer, CISO of Perch Security.Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Wes Spencer: https://www.linkedin.com/in/wesspencer/Sponsor: Datto - https://www.datto.com/Rob Rae, SVP of Business Development: https://www.linkedin.com/in/robtrae/DattoCon: https://seattle.dattocon.com/

Cybersecurity can be overwhelming leaving many IT Service Providers wondering ‘Have I done enough?' or even ‘Where do I start?'. Ryan has a very informative conversation with John Hammond, Sr. Security Researcher at Huntress, Shane Cooper, Solutions Consulting Manager at Webroot and Wes Spencer, VP & External CISO with Connectwise where they break down and unpack what is required to initiating a solid cybersecurity posture and culture. ‘An MSP's job is about being an ambassador of cybersecurity for their clients' states Wes. The constant headlines these days need to act as continual wake up calls for IT Service Providers to ensure both they and their customers are effectively secured.

Cybersecurity can be overwhelming leaving many IT Service Providers wondering ‘Have I done enough?' or even ‘Where do I start?'. Ryan has a very informative conversation with John Hammond, Sr. Security Researcher at Huntress, Shane Cooper, Solutions Consulting Manager at Webroot and Wes Spencer, VP & External CISO with Connectwise where they break down and The post Cybersecurity Adoption appeared first on IOT Security Services Association.

Abstract: There is a cybersecurity saying; “you can't protect what you don't know about.”  Without visibility into your information assets, their value, where they live, how they relate to each other and who has access to them, any strategy for protection would be inherently incomplete and ineffective.Note sponsors are at the end at minute 28:30 The Why might an MSP want to listen?  Most MSPs only capture 50% of the assets on a client's network.Min 2:30 - 8:46 (Ryan Weeks, CISO of Datto discusses)Importance of asset management.What defines an asset.What defines good asset management.What are common assets missed in an MSPs inventory.Min 8:47 - 16:06  (Wes Spencer, CISO of Perch Security)The repercussions of poor asset management.Importance of Asset Management, as it pertains to Incident Response.How asset management help with IR plans & Tabletops.Min 16:08 - 23:05 (Brian Blakely, Fractional CISO of Cosant Cybersecurity)What your policy statement should include.Learn the importance of Data Flow Diagrams (DFDs).Control objectives and standards MSPs need to consider.Asset considerations on the Right & Left side of "Boom".Min 23:06 - 28:30 (Phyllis Lee, Sr. Director of Controls for CIS)Why CIS and most frameworks start with asset management.The progression of sub-controls as an organization moves from IG1 - IG3 in CIS.What actionable steps should MSPs take to successfully implement Control 1 & 2.Sponsors:Center for Internet Security:  Phyllis Lee (28:30 - 30:58)CSAT Pro - learn more here: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/Netalytics Security:Shiva Shankar (31:00 - 38:50)CyberCNS: https://www.cybercns.com/

Wes Spencer is a nationally recognized technology in Cybersecurity expert. His passion is in creating funny videos that help conveying important messages to users in the cybersecurity space. A full-time CISO in the recent past who's transitioned into the vendor's seat, Wes is able to provide some unique perspective about cybersecurity challenges, relationship management with vendor (given he's also a vendor now himself), and the importance of peer network and a strong community. Wes is one of those practitioners who are very well known in the industry, thanks to his various speaking engagements and collaboration with his peers.

Mike Riggs, VP Strategy - Perch, Wes Spencer, External CISO, and special guest Tim Fournet, CISO, RADER, tackle the assumed breach mentality, the philosophy behind it, how to build it into your stack, and how to sell it to your customers. After listening, don't forget to check out Sounil Yu and the Eras of Cybersecurity that Wes mentioned!

Google reports that Multifactor Authentication (MFA) prevents more than 96% of bulk phishing attempts and more than 76% of targeted attacks that are credential based.In this episode, learn how MFA maps to the different security frameworks, the impact it has, building a policy around it, how the threat actors exploit it - via MITRE ATT&CK - what you can do to defend against it - MITRE Shield, common mistakes or oversights made when implementing into their tech stack and trends.Note: Sponsors Cisco Duo and Center for Internet Security (CIS) are at the end of the episode starting at minute 26:00.msp@duo.com to sign up for Duo NFR.https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/andrew@thecybernation.com - Andrew Morgan (host)Co-hosts: Ryan Weeks: https://www.linkedin.com/in/ryanweeks/Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/Wes Spencer: https://www.linkedin.com/in/wesspencer/ Brian Blakely: https://www.linkedin.com/in/bblakley/Consant Cybersecurity: https://cosant.com/

Wes Spencer, VP External CISO Product Management at Perch Security a Connectwise Solution sits down with Brian to discuss the evolution of the bad guys since 2018 when they first discovered MSPs. What Wes refers to as ‘Buffalo Jumping' and how they are leveraging this as their attack vector. He clarifies the focus on Ransomware when really it should be on the breach itself and ransomware is simply the result or payload of full unfettered access to your network…The payload and associated cost to businesses are growing exponentially with exfiltration now standard practice with the bad guys.

Wes Spencer, VP External CISO Product Management at Perch Security a Connectwise Solution sits down with Brian to discuss the evolution of the bad guys since 2018 when they first discovered MSPs. What Wes refers to as ‘Buffalo Jumping’ and how they are leveraging this as their attack vector. He clarifies the focus on Ransomware The post Buffalo Jumping appeared first on IOT Security Services Association.