The CyberCast podcast

Player FM - Internet Radio Done Right

four 年前前追加した

コンテンツは Andrew Morgan によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャストコンテンツは、Andrew Morgan またはそのポッドキャストプラットフォームパートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。

The Agile Brand with Greg Kihlström®

1
#669: It's already time to start planning for the holiday shopping season with Carey Cockrum, Cella by Randstad Digital 28:52

約 4 日前28:52

「あとで再生する」

リスト

気に入り

気に入った

28:52

Retailers are facing a rapidly evolving landscape where consumer expectations, AI advancements, and social media platforms like TikTok are redefining engagement. It feels like the holiday shopping season just ended, but when do retailers start planning for the next one, and some retailers already behind the curve for this season? Joining us today is Carey Cockrum, Director of Consulting at Cella by Randstad Digital, where she helps major brands and marketing teams optimize their strategies with data-driven insights, AI-powered content creation, and cutting-edge retail marketing trends. With the holidays just around the corner, she’s here to share what’s next for retail marketing, campaign optimization, and how brands can stay ahead in a hyper-competitive space. ABOUT CAREY COCKRUM Carey has been a part of the Creative Agency space for nearly 30 years. She has served as Designer, Creative Director, Creative Operations Lead and Agency Lead in both internal and external agencies (big and small). Carey has worked directly with C-suite stakeholders to understand organizational strategies that inform effective creative solutions. She is a bit of a data nerd and loves demonstrating results. Brands she’s supported include Fruit of the Loom, Wendy’s and Humana. In her free time, she enjoys going back to her creative roots through painting and drawing. She also spends her time improving upon the house she lives in today in Southern, MI - inside and out. RESOURCES Catch the future of e-commerce at eTail Boston, August 11-14, 2025. Register now: https://bit.ly/etailboston and use code PARTNER20 for 20% off for retailers and brands Don't Miss MAICON 2025, October 14-16 in Cleveland - the event bringing together the brights minds and leading voices in AI. Use Code AGILE150 for $150 off registration. Go here to register: https://bit.ly/agile150 Connect with Greg on LinkedIn: https://www.linkedin.com/in/gregkihlstrom Don't miss a thing: get the latest episodes, sign up for our newsletter and more: https://www.theagilebrand.show Check out The Agile Brand Guide website with articles, insights, and Martechipedia, the wiki for marketing technology: https://www.agilebrandguide.com The Agile Brand podcast is brought to you by TEKsystems. Learn more here: https://www.teksystems.com/versionnextnow The Agile Brand is produced by Missing Link—a Latina-owned strategy-driven, creatively fueled production co-op. From ideation to creation, they craft human connections through intelligent, engaging and informative content. https://www.missinglink.company…

The CyberCast

シリーズのホーム•Feed

The CyberCast is purpose built for MSPs, MSSPs and IT Practitioners.In each episode you will learn about a new security control, how it maps to the different frameworks, the impact it has, building a policy around it, how the threat actors exploit it - via MITRE ATT&CK - what you can do to defend against it - MITRE Shield, common mistakes or oversights made when implementing into their tech stack and trends.Sponsors:Datto - CIS Control 3 - Data ProtectionNetwrix - CIS Control 3 - Data ProtectionDuo - CIS Control - Multifactor Authentication

20 つのエピソード

#Tech #Andrew Morgan

The CyberCast

updated 約 1 年前

シリーズのホーム•Feed

20 つのエピソード

#Tech #Andrew Morgan

すべてのエピソード

The CyberCast

1
CIS Controls - Version 8.1 Update Overview 52:09

38 weeks前52:09

52:09

With the release of NIST Cybersecurity Framework 2.0, CIS felt strongly that an update to The Controls was necessary to crossmap to CSF 2.0. Specifically the strongest driver, was the release of the Govern function. Co-hosts : Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Brian Blakely : https://www.linkedin.com/in/bblakley/ Eric Woodard : https://www.linkedin.com/in/eric-woodard/ Sponsored by Right of Boom cybersecurity conference : https://www.rightofboom.com/…

The CyberCast

1
CIS Control 18 - Penetration Testing - Sponsored by Hacket Cyber 1:06:26

2 years前1:06:26

1:06:26

Penetration testing is something that more companies and organizations should be considering a necessary expense. Pen Testing is an important aspect of discovery and identifying potential critical vulnerabilities within your organizations external network, internal network, applications, or systems. They provide a valuable insight on how your digital and human assets perform. In this episode we review the criticality of scoping a Pen Test, along with differences between Pen Testing, Red Teaming and Vulnerability Assessment. Why should you choose one over the other and when would one proceed the other. Sponsored by : Hacket Cyber and post game interview with Founder James Carroll. Hacket Cyber is a security consulting firm specializing in penetration testing, ethical hacking, and industry-leading cybersecurity services. Our offerings are purpose-built for the MSP, MSSP, and VAR channels. https://hacketcyber.com/partner/ James Carroll LinkedIn: https://www.linkedin.com/in/jchax/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…

The CyberCast

1
CIS Control 17 - Incident Response Management - Sponsored by Exigence 53:38

2 years前53:38

53:38

The biggest takeaway from CIS Control 17 is that planning and communication are critical when responding to an incident . The longer an intruder has access to your network, the more time they’ve had to embed themselves into your systems. Communicating with everyone involved can help limit the duration between attack and clean-up. Establish a program to develop and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare, detect, and quickly respond to an attack. Our sponsor : Exigence ( https://www.exigence.io ) is a multi-tenant, Incident Readiness, Incident Response platform, built for MSP/MSSPs. Drive new revenue streams and meet cyber insurance & regulatory requirements for Incident Response plans and tabletops. The Exigence platform gives you full control of critical incidents by uniquely addressing every aspect of the incident – turning an unstructured situation into one that is structured and easy to manage. It coordinates all stakeholders and systems all the time, orchestrates complex workflows from trigger to resolution, simplifies the post-mortem, and always leverages lessons learned for doing it even better next time. Contact Noam here : noam@exigence.io Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/ '…

The CyberCast

1
CIS Control 16 - Application Software Security - Sponsored by Manicode 1:06:54

2 years前1:06:54

1:06:54

CIS Control 16 - Application Software Security The way in which we interact with applications has changed dramatically over years. Organizations use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against it to bypass network security controls and compromise sensitive data. NOTE: Crowdstrike notes that Cloud based attacks and initial access via these systems has increased 112%, therefore SaaS applications, their potential vulnerabilities and misconfigurations along with initial access are all being focused on by threat actors. ** Jim Manico at minute 52:40 - do not miss!! ** Our sponsor : Jim Manico, Founder of Manicode is considered the "Godfather" of the OWASP Top 10 and trains software development teams around the globe. His firm helps organizations building secure code and creates programs to address the primary cause of insecurity, which is the lack of secure software development practices. Contact Jim here : https://manicode.com/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/ '…

The CyberCast

1
CIS Control 15 - Service Provider Management 1:02:48

2 years前1:02:48

1:02:48

LastPass and the recent Rackspace Exchange incident are two prime examples of "why" this Control is Critical!! Develop a process to evaluate service providers who hold sensitive data, or are responsible for critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately. Identify your business needs and create a set of standards that can be used to grade services providers that are being proposed. Organize and monitor all services providers that are associated with your business. Keeping an inventory of all services providers will enable you to monitor them in case they update their policies. Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…

The CyberCast

1
CIS Control 14 - Security Awareness and Skills Training - sponsored by Phin Security 1:17:30

2 years前1:17:30

1:17:30

MSP/MSSPs should offer solutions to provide users with frequent security awareness training to increase its overall security posture. The information provided by the security awareness training should be relevant and provide insights into recent security incidents. Training should also reiterate the necessity of using strong passwords, spotting and reporting phishing attacks, as well as properly handling personal information. Security awareness training should include frequent phishing tests. Phishing tests allow users to learn from their mistakes and utilize their training to spot actual phishing attacks. These phishing tests should be specially crafted for different departments within an enterprise. Specially crafted phishing tests are harder to detect and demonstrate the value of security awareness training. 👏 Special thanks to Phin Security for their sponsorship and interview . Connor Swalm : https://www.linkedin.com/in/connor-swalm/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…

The CyberCast

1
CIS Control 13 - Network Monitoring and Defense - sponsor by ConnectWise 1:06:16

3 years前1:06:16

1:06:16

Network monitoring and defense is one of only two controls that does not contain any Implementation Group 1 Safeguards in Controls version 8. This control is geared towards mature MSPs, MSSPs & organizations who have a mindset of continuous improvement that involves people, process, and technology. Service providers need a well-trained staff that executes on their network monitoring, detection, logging, correlation of events in order to thwart malicious attacks. 👏 Special thanks for ConnectWise sponsorship and interview . Drew Sanford : https://www.linkedin.com/in/drewsanford/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…

The CyberCast

1
CIS Control 12 - Network Infrastructure Management - sponsored by Domotz! 57:28

3 years前57:28

57:28

Abstract : Network Infrastructure Management - Establish, implement, and actively manage network devices, in order to prevent attackers from exploiting vulnerable network services and access points. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped from manufacturers with “default” configuration settings and passwords that, if deployed as-is, can significantly weaken an organization’s network infrastructure. Even if network devices are hardened with non-default configurations and strong passwords, over time these devices will be targeted by new vulnerabilities that are discovered by security researchers. MSPs should ensure that their teams implementing and operating the network infrastructure have processes and procedures in place that include capabilities for having a secure network infrastructure. 👏 Special thanks for Domotz sponsorship and interview . ONLY $21 per Network!! Incredible for MSP COGS!! Key areas Domotz helps MSPs : Control 1 | Continuous Discovery of new devices | checking for default passwords | Alerting on changes (ports, protocols, configurations) | being able to revert back (backup) | logging and auditing of changes and much more!! 🙌 JB Fowler : https://www.linkedin.com/in/jb-fowler-1302023/ & Giancarlo Fanelli https://www.linkedin.com/in/giancarlofanelli/ 👉 Domotz's Security Standards : https://www.domotz.com/knowledge-base/Domotz-Security-Standards-2021-March.pdf Domotz MSP : https://www.domotz.com/msp.php Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…

The CyberCast

1
CIS Control 11 - Data Recovery - sponsored by Datto! 1:04:20

3 years前1:04:20

1:04:20

Abstract : Data loss can be a consequence of a variety of factors from malicious ransomware, threat actors using "Double Extortion" and exfiltration, human error and natural disasters like hurricanes. Regardless of the reason for data loss, we need to have a process established (RPO/RTO) to recover our data. Key Takeaways for Control 11 Prioritize your data and come up with a data recovery plan. Protect your backed up data. (See Control 3: Data Protection.) Practice and Test restoring your data. Restore your data after any compromise. 👉 Datto's BCDR Resource Center : https://www.datto.com/resources?page=4&categories=BCDR 🙌 Rob Rae: https://www.linkedin.com/in/robtrae/ - special thanks for Datto's sponsorship and interview. Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…

The CyberCast

1
CIS Control 10 - Malware Defenses - sponsored by Malwarebytes! 48:34

3 years前48:34

48:34

Abstract : With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing your MSP and clients. Malware defenses must be able to operate in a dynamic environment through automation, timely and rapid updating, and integrate with other processes like vulnerability management and incident response. Anti-Malware technologies have become an after thought in many organizations, a technology that they’ve always had, always used, and never really thought about. Effective malware protection includes traditional endpoint malware prevention and detection suites, along with enrichment from vendor, vulnerability or threat data. 👉 MSP Partner Growth Program : https://www.malwarebytes.com/partners/managed-service-providers - email Roane Tucker for assistance - rtucker@malwarebytes.com. 🙌 Claudio Tosi : https://www.linkedin.com/in/claudiotosi/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…

The CyberCast

1
CIS Control 9 - Email & Web Browser Protections - sponsored by Cisco Secure MSP 56:13

3 years前56:13

56:13

Abstract : Web browsers and email clients are very common points of entry for attackers because of their direct interaction with users inside an organization. Content can be crafted to entice or spoof users into disclosing credentials, providing sensitive data, or providing an open channel to allow attackers to gain access, thus increasing risk to your MSP or client's business. Since email and web are the main means that users interact with external and untrusted users and environments, these are prime targets for both malicious code and social engineering. 😎 Cisco Secure MSP Interview : with Steve Steinberg, Sales Engineer for Cisco Umbrella. 👉 Cisco Secure Managed Service Provider : https://www.cisco.com/c/en/us/products/security/secure-msp-center.html 🙌 Steve Steinberg : https://www.linkedin.com/in/stevesteinberg/ Interested in learning more: msp@cisco.com Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…

The CyberCast

1
CIS Control 8 - Audit Log Management - sponsored by Blackpoint Cyber 59:43

3 years前59:43

59:43

Abstract : Log collection and analysis is critical for an organization's ability to detect malicious activity quickly. Sometimes audit logs are the only evidence of a successful attack. Attackers know that many organizations keep audit logs for compliance purposes, but rarely analyze them. Due to poor log analysis processes, attackers sometimes control victim machines for months or years without anyone in the target organization knowing. In this episode, learn about using logs in incident management, analyzing what to log and the numerous factors to establish a successful audit log management process. S ponsor : Blackpoint Cyber interview with Travis Brittain, Director of Product Enablement. Logging & Compliance : https://blackpointcyber.com/logic/ Travis Brittain: https://www.linkedin.com/in/tbrittain/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…

The CyberCast

1
CIS Control 7 - Continuous Vulnerability Management - sponsored by CyberCNS 54:37

3 years前54:37

54:37

Note we discuss Log4j as this is a very timely topic to this control. Abstract : Cyber defenders are constantly being challenged from attackers who are looking for vulnerabilities within their infrastructure to exploit and gain access. Defenders must have timely threat information available to them about: software updates, patches, security advisories, threat bulletins, etc., and they should regularly review their environment to identify these vulnerabilities before the attackers do. Understanding and managing vulnerabilities is a continuous activity, requiring focus of time, attention, and resources. S ponsor : CyberCNS interview with Shiva Shankar, CTO & Founder at minute 45:22. Learn more here: https://www.cybercns.com/ (free trial) Shiva Shankar: https://www.linkedin.com/in/shivashankarj/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…

The CyberCast

1
CIS Control 6 - Access Control Management - sponsored by Appgate 52:06

3 years前52:06

52:06

Abstract : It is easier for an external or internal threat actor to gain unauthorized access to assets or data through using valid user credentials than through "hacking" the environment. There are many ways to covertly obtain access to user accounts, including: week passwords, accounts still valid after a user leaves the organization, dormant or lingering test accounts, shared accounts that have not been changed in months or years, service accounts embedded in applications for scripts, a user having the same password as the one they use for an online account which was compromised in a public password dump. Listen as our hosts break down the people, process and technology to implement effective and secure account management. S ponsor : Appgate interview with Tina Gravel, SVP Channels and Alliances at minute 37:20. Learn more here: https://www.appgate.com/ Tina Gravel: https://www.linkedin.com/in/tinagravel/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…

The CyberCast

1
CIS Control 5 - Account Management - sponsored by Keeper Security 1:04:31

4 years前1:04:31

1:04:31

Abstract : There are many ways to covertly obtain access to user accounts, including: week passwords, accounts still valid after a user leaves the enterprise, dormant or lingering test accounts, shared accounts that have not been changed in months or years, service accounts embedded in applications for scripts, a user having the same password as one they used for an online account. Learn how CIS Control 5 can mitigate some of the most common ways credentials are compromised. S ponsor : Keeper Security interview with Marcia Dempster, Sr. Director of Channel Sales at minute 48:21. Learn more here: https://www.keepersecurity.com/ Marcia Dempster: https://www.linkedin.com/in/marcia-dempster-03280914/ Sponsor : CIS CIS-CAT (https://learn.cisecurity.org/cis-cat-lite) Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…