Your Security Is ALWAYS in Scope, Part 1 – Joseph Kirkpatrick – SCW #80 | SC Media
Compliance

Your Security Is ALWAYS in Scope, Part 1 – Joseph Kirkpatrick – SCW #80

July 20, 2021

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor’s external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Your Security Is ALWAYS in Scope, Part 1

Guests

Joseph Kirkpatrick

Joseph Kirkpatrick - President at KirkpatrickPrice

As Founder and President of KirkpatrickPrice, Joseph Kirkpatrick leads the firm's specialization in thorough and efficient audits and penetration tests. Joseph has over 25 years of experience in information technology and cybersecurity. He holds CPA, CISSP, CISA, CGEIT, CRISC, and QSA certifications, specializing in data security, cybersecurity, IT governance, and regulatory compliance.

Hosts

Jeff Man

Jeff Man - #HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

@MrJeffMan

Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon. Currently a Sr. InfoSec Consultant for Online Business Systems.

Josh Marpet

Josh Marpet - Executive Director at RM-ISAO

@quadling

Executive Director, RM-ISAO Co-founder, MJM Growth IANS Faculty Blockchain Patent Holder MISTI Instructor Entrepreneurship Curmudgeon Board Member BSidesDE Board Member BSidesDC Ex-cop and Fireman

Kat Valentine

Kat Valentine - Compliance Free Agent (Consultant) at Osmosis Security

@kjvalentine

Getting her start with phones and computers at the early age of 6, Kat decided to put fear of success and failure aside to start Osmosis Security, a boutique security firm that supported her vision of what the professional hacker community should be focused on. Kat had humble beginnings and started her career working technical support for a local dial-up ISP in 1998. Since then, Kat worked in many different roles, from network voice engineer, vulnerability researcher to auditor, and is responsible for the secure and compliant design of several well-known cloud providers, payment providers, security platforms and end user applications, including the first compliance automation platform.

Scott Lyons

Scott Lyons - CEO at Red Lion

@Csp3r

CEO at Red Lion

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

  • In our July 22nd technical training at 11 AM ET, learn how Guided-SaaS NDR Enables Rapid Response. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

prestitial ad