Your Security Is ALWAYS in Scope, Part 2 – Joseph Kirkpatrick – SCW #80

July 20, 2021

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor’s external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope. Visit for all the latest episodes!

Full Episode Show Notes

Your Security Is ALWAYS in Scope, Part 2


Joseph Kirkpatrick

Joseph Kirkpatrick - President at KirkpatrickPrice

As Founder and President of KirkpatrickPrice, Joseph Kirkpatrick leads the firm's specialization in thorough and efficient audits and penetration tests. Joseph has over 25 years of experience in information technology and cybersecurity. He holds CPA, CISSP, CISA, CGEIT, CRISC, and QSA certifications, specializing in data security, cybersecurity, IT governance, and regulatory compliance.


Jeff Man

Jeff Man - #HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems


Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon. Currently a Sr. InfoSec Consultant for Online Business Systems.

Josh Marpet

Josh Marpet - Executive Director at RM-ISAO


Executive Director, RM-ISAO Co-founder, MJM Growth IANS Faculty Blockchain Patent Holder MISTI Instructor Entrepreneurship Curmudgeon Board Member BSidesDE Board Member BSidesDC Ex-cop and Fireman

Kat Valentine

Kat Valentine - Compliance Free Agent (Consultant) at Osmosis Security


Getting her start with phones and computers at the early age of 6, Kat decided to put fear of success and failure aside to start Osmosis Security, a boutique security firm that supported her vision of what the professional hacker community should be focused on. Kat had humble beginnings and started her career working technical support for a local dial-up ISP in 1998. Since then, Kat worked in many different roles, from network voice engineer, vulnerability researcher to auditor, and is responsible for the secure and compliant design of several well-known cloud providers, payment providers, security platforms and end user applications, including the first compliance automation platform.

Scott Lyons

Scott Lyons - CEO at Red Lion


CEO at Red Lion


  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit to take the survey

  • Do you want to stay in the loop on all things Security Weekly? Visit to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

prestitial ad