The Perfect Storm

Fractional Compliance

Tue, 03 Mar 2026 17:03:06 GMT

Matt sits down with Sara Mirsky-Terranova of AE Consulting LLC to explore the growing demand for Fractional Compliance Officers and how small to mid-sized businesses—especially fintechs and banks—can leverage the fractional model to build strong, scalable compliance programs. Sara shares insights into how a fractional compliance role differs from a full-time hire or other outsourced solutions, highlighting the flexibility, cost-efficiency, and strategic value it provides. Drawing on her background in fintech and HIPAA compliance, Sara discusses how AE Consulting delivers tailored legal and compliance support to help organizations navigate complex regulatory environments while continuing to innovate and grow.

Episode 52: Michael Markulec & Matthew Webster

Fri, 23 Jan 2026 19:42:56 GMT

In this episode, Michael and Matthew discuss the evolving cybersecurity landscape and the growing challenges organizations face as threats continue to increase. They highlight how many businesses remain unprepared for modern cyber risks, despite the rising frequency and impact of attacks.

The conversation focuses on how security frameworks and compliance requirements are becoming more standardized, but compliance is still quite complex. Regulatory and contractual pressures are influencing business decisions, sometimes forcing organizations to reconsider which markets they operate in. The financial impact of cyber incidents is also emphasized, with breach costs continuing to rise. Cyber insurance is becoming more common and more expensive, with insurers placing greater emphasis on security maturity.

Episode 51: with Craig Sekowski & Ralph Pasquariello

Fri, 31 Oct 2025 17:45:44 GMT

n this episode, Michael speaks with Care Report founders Craig Sekowski and Ralph Pasquariello to examine the evolving role of cybersecurity insurance in today’s business landscape. Care Report specializes in converting cyber risk data into actionable financial intelligence, enabling organizations to make informed decisions about their exposure and resilience.

The discussion explores the key threats impacting SMBs, methods for quantifying financial risk, and how the value and coverage of cyber insurance policies can change over time. Listeners will gain practical insights into aligning cybersecurity strategy with financial risk management to better protect business operations and assets.

Episode 50: with Steven Laino

Thu, 28 Aug 2025 14:29:51 GMT

In this episode of The Perfect Storm, Matthew sits down with cybersecurity veteran Steven Laino, founder of Expert Infosec and former AWS consultant to Fortune 500 companies. They dive into the evolving world of cloud security, with a focus on how startups and SMBs can protect their environments through Cloud Security Posture Management (CSPM). Learn how CSPM helps prevent misconfigurations, strengthen compliance, and automate security—practical insights for any organization navigating the cloud.

Episode 49: with Michael and Matthew

Thu, 24 Jul 2025 14:48:14 GMT

This episode dives into the latest shifts in their own business, exploring the power of compliance automation tools and the importance of continuous risk. They also offer advice to small business owners navigating the complex tech world.

Episode 47: with Jeremy M. Deck

Fri, 26 Apr 2024 00:08:49 GMT

Michael meets with VP of Hub International, Jeremy M. Deck, MBA, on this episode of The Perfect Storm. With Jeremy’s vast experience as a Veteran, Consultant, Advisor, and Subject Matter Expert, he discusses risk management and how his company, Hub International, helps clients manage risk across commercial, benefits, and personal risk insurance products. They also talk about cybersecurity insurance and the different ways companies are protecting themselves from cyber attacks.

Episode 46: with Mary-Beth Macaluso

Thu, 16 Nov 2023 03:57:28 GMT

Matthew talks with Mary, the CEO of Paynela, a company determined to stop the cost of medication from being a barrier of access for patients. Being a company founded just under a year ago, they discuss challenges and tips for starting a company in the cybersecurity sector, including the importance of finding a good partner to team up with and rely on.

Episode 45: with Chris Hale

Wed, 11 Oct 2023 20:55:29 GMT

Michael meets with Chris Hale, an IT expert and co-founder of Technology Response Team in Colorado. They discuss the importance of SMBs taking the steps to transition from managed services to managed security services. They also talk about staying ahead of emerging technologies being implemented by bad actors and Chris shares his thoughts on some tips to follow during October’s Cybersecurity Awareness Month.

Episode 44: with Michael and Matthew

Thu, 28 Sep 2023 00:01:22 GMT

Michael and Matthew meet to talk about the 20th year of Cybersecurity Awareness Month coming in October. They mention four simple steps both individuals and businesses can take to stay cyber-safe. They discuss recommendations including using multi-factor authentication, implementing a password manager, and give tips on how to create strong passwords.

Episode 43: with David Abodunrin

Thu, 24 Aug 2023 00:55:53 GMT

Michael talks with David Abodunrin, who is the Cybersecurity Project Manager/Enterprise Agile Coach at Cybarik in Manchester, UK. They discuss all things information security, such as the cost of security, but also how essential it is to a business and how important awareness training is for every single employee at a company. They also explain why it’s not solely businesses that are susceptible to cyber attacks- individuals are just as vulnerable on their personal devices.

Episode 42: with Laura Bell Main

Thu, 13 Jul 2023 02:27:35 GMT

Michael talks with Laura Bell Main, an Application Security Specialist and the CEO of Safestack Academy. Safestack Academy works to educate software developers on how to incorporate security into their systems. In this episode, Michael and Laura discuss how often software teams should be testing their security and how implementing security can protect and benefit companies, individual employees, and clients. Laura also offers advice for companies wanting to keep their information secure with new technology emerging.

Episode 41: with Kingsley Hill

Fri, 09 Jun 2023 02:48:09 GMT

In this episode, Michael talks with Kingsley Hill, the Regional Director at Freeman Clarke. They delve into the role of fractional CIOs and CTOs in mid-market companies. They discuss how these technology experts provide valuable insights into understanding technological challenges and the emergence of new technologies like AI and increased computing power. They also talk about how to mitigate cyber risks for remote employees.

Episode 40: with Nishat Azam

Thu, 11 May 2023 02:54:25 GMT

In this episode, Matthew is joined by Nishat Azam, Director of Compliance at Cypher LLC. They discuss a small business' journey to achieving CMMC compliance and becoming a C3PAO. Nishat provides valuable insights into the steps businesses must take to prepare for a CMMC audit and achieve certification, as well as general advice on navigating cybersecurity compliance.

Episode 39: with Nathan Hamiel

Thu, 27 Apr 2023 03:30:30 GMT

In this podcast, Matthew interviews Nathan Hamiel, the Senior Director of Research at Kudelski Security, where they discuss various topics surrounding AI. They cover the areas of security, LLMs, and the social language of ChatGPT. Their discussion also includes privacy concerns such as intellectual property versus personal property, as well as Nathan's thoughts on how AI technology can be utilized in the short and long-term future.

Episode 38: with Mark Phander

Fri, 10 Mar 2023 03:48:49 GMT

Michael meets with Mark Phander, the Risk Adviser at CBIZ Borden Perlman. They talk about the rise in cyber insurance coverage for businesses, how cyber insurance and cybersecurity practices have evolved at CBIZ, and how clients and businesses have reacted in recent years to cyber policy changes. Mark describes why Multi-Factor-Authentication (MFA) is essential nowadays and which types of devices and accounts should be protected through MFA. They also talk about protecting your Personal Identifying Information (PII) and the process and importance of educating yourself on safe cyber practices.

Episode 37: with Nicholas Blank and Chris Goosen

Thu, 09 Feb 2023 04:38:29 GMT

Matthew talks to Nicholas Blank, the CEO of NBConsult, and Chris Goosen, Technology Consultant and Microsoft MVP about Zero Trust. They discuss its guiding principles, including what to do if a vendor contacts your business regarding Zero Trust. They also talk about the importance of using complex passwords, enabling MFA for Cloud Services, and Privilege Account Management as a business.

Episode 36: with Michael and Matthew

Thu, 26 Jan 2023 04:34:01 GMT

Michael and Matthew are back after a holiday break to continue The Perfect Storm Podcast in 2023. They discuss possible upcoming trends in cybersecurity this year and current news circulating in the cyber field. They give advice about how to best protect your business’s data by choosing the right companies for insurance and third-party risk management. They also bring up AI chatbots becoming more popular and the importance of staying up to date on compliance certifications.

Episode 35: with Lisa Lorenzin

Thu, 17 Nov 2022 02:03:06 GMT

Matthew meets with security expert Lisa Lorenzin, a former Field CTO-AMS at Zscaler. They discuss the evolution of the modern workplace over the last few years, especially with the increase in remote workers. They focus on a variety of topics in the history and current state of remote work, including cloud-based security services, secure web gateway and proxy, and firewall and remote access VPNs, to name a few. They also talk about the future of remote work with the help of new cybersecurity technology.

Episode 34: with Richard Shapiro

Thu, 03 Nov 2022 11:44:10 GMT

Matthew talks with Richard Shapiro, the Chief Financial and Operating Officer at Sierra Canyon School in California. They discuss why it is vital to educate students and teachers on security practices and describe a class offered at Sierra Canyon that teaches students how to be cyber-safe. They also talk about how cybersecurity differs at schools from other organizations as well as the cost and benefit of implementing a security system to protect sensitive information.

Episode 33: with David Lennon

Thu, 20 Oct 2022 12:00:50 GMT

Matthew meets with David Lennon, the Director of Enterprise Solutions at FireMon. They talk about managing firewall rules, cyber threat maps, and the importance of having good cyber hygiene. They also discuss Firemon’s move to cloud security operations, specifically focusing on access control for users.

Episode 32: with Matt Hagovsky

Thu, 06 Oct 2022 12:00:42 GMT

Matthew meets with Matt Hagovsky, the North American Sales Engineering VP for Cybereason. They discuss how Cybereason approaches endpoint attacks by distilling all alerts into one to help users map out their cyber vulnerabilities in a quicker and more useful way. They also talk about how detection endpoint response has advanced over the years and how cyber companies with different resources have adapted to these technologies. They mention the differences between MDR (Managed Detection & Response) and EDR (Endpoint Detection & Response) and how they could affect your choice of MSP (Market Service Provider).

Episode 31: with Mike DeKock

Thu, 08 Sep 2022 16:57:07 GMT

Mike Dekock returns, in his third episode with The Perfect Storm Podcast, to discuss with Matthew what to look for in a SOC 2 report. They talk about requirements for SOC 2 that customers should be sure they include and go into further detail about each step of creating a SOC 2 report. Mike also explains how it could help customers to consider doing research on their auditor to be sure they include all the right information in their report.

Episode 30: with Scott Schober

Thu, 25 Aug 2022 15:10:12 GMT

Michael meets with Scott Schober, the President, and CEO of Berkeley Varitronics Systems. Scott is an expert in wireless security technology and is a best-selling author of numerous books on cybersecurity. They discuss Scott's role at the company in educating businesses on the importance of cybersecurity and how BV Systems is constantly developing tools and technologies to keep consumers and businesses safe from threats. They also talk about the fundamental issue of weak passwords.

Episode 29: with Erick Burd

Thu, 11 Aug 2022 20:14:05 GMT

Michael talks with Erick Burd, who is a Network Engineer at a large NJ University and Chairperson of the Hopewell Twp. Board of Fire Commissioners. Erick discusses the challenges faced within the IT department, such as the pandemic and budget limitations. They also talk about how security is part of all aspects of IT in Erick's workplace and bring up other topics like the Internet of things (IoT).

Episode 28: with Jean-guy Lauture

Thu, 28 Jul 2022 02:29:30 GMT

Michael meets with Jean-guy R. Lauture MPP, CG-CIO, the Assistant Township Administrator in the Technology Department for Bloomfield Township, NJ. Jean-guy talks about many of the projects within the township that the IT Department takes on. They discuss how different projects in the municipality require the help of IT, including keeping systems up-to-date and cyber-safe through phishing tests, and other specifics involving the private sector.

Episode 27: with Luke Wegryn

Thu, 14 Jul 2022 16:02:22 GMT

Matthew speaks with Luke Wegryn, the Co-founder of Pensive Security, about the company and how he started it. They discuss the main services provided, including cybersecurity penetration testing on web, mobile, and cloud devices. They also talk about when it is important to perform a pen test and mention Pensive Security's other consulting services that provide help to SMBs.

Episode 26: Mike DeKock

Thu, 30 Jun 2022 03:58:33 GMT

Matthew and Mike DeKock, the CEO of MJD Advisors, meet a second time to discuss preparation for SOC 2 (Service Organization Control 2) and audit certification. In this episode, they discuss cost, the differences between SOC type 1 and SOC type 2, and more about the certification process.

Episode 25: with Matt Burch

Thu, 16 Jun 2022 01:27:47 GMT

Michael meets with Matt Burch, the VP of ComportSecure. They talk about some of the services ComportSecure provides, including IT Solutions, Managed Services, and Cloud Services. They also discuss other cybersecurity topics such as BaaS (Backup as a Service), ransomware, and EDR solutions (Endpoint Detection and Response).

Episode 24: with Tim Erlin

Thu, 02 Jun 2022 15:18:17 GMT

Matthew talks with Tim Erlin, the former VP of Tripwire and long-time security expert, about compliance with PCI (Payment Card Industry). They describe the importance of PCI compliance and how it can help protect against attacks such as credential theft. They also discuss the concept of zero-trust and Tim's future career in the security business.

Episode 23: with Mike DeKock

Thu, 19 May 2022 07:50:02 GMT

Matthew meets with Mike DeKock, the Founder and CEO of MJD Advisors to talk all about SOC 2 (Service Organization Control). As his company specializes in SOC 2, Mike talks about how MJD Advisors helps explain the service to clients and how he guides them through the process. They also discuss how often some organizations should be doing a SOC 2 report versus the standard.

Episode 22: with Deb Rose

Thu, 21 Apr 2022 12:59:57 GMT

Matthew meets with Deborah Rose, the COO at Goalsetter. She explains how Goalsetter was founded, and how it helps teach children and families how to be financially healthy. They also talk about how that connects to cybersecurity and how banks and fintech differ.

Episode 21: with Alex Clark

Thu, 07 Apr 2022 14:13:50 GMT

Matthew talks with Alex, the VP Cyber Solutions Leader at Hylant, about cyber insurance. They discuss risk transfer programs and the importance of an incident response plan. They also mention the human risk factor and how employees can impact businesses, specifically through ransomware.

Episode 20: with Elaine Evans

Thu, 24 Mar 2022 04:29:43 GMT

Michael meets with Elaine, the Manager at Springboard IT, part of Springboard Media. They talk about how Springboard IT outsources help for businesses with Mac and iOS IT support. They also discuss other services Springboard IT provides as an MSP (Managed Service Provider), especially during the pandemic.

Episode 19: with Lynn Burns

Thu, 10 Mar 2022 00:27:57 GMT

Matthew meets with Lynn Burns, the President of the nonprofit organization NCMS. They discuss how NCMS volunteers support and educate its 7,000 members on CMMC (Cybersecurity Maturity Model Certification) to protect CUI (controlled unclassified information). They talk about contractor security tips for government workers and the importance of protecting paper documents as well as digital.

Episode 18: with Matt Cerny

Wed, 23 Feb 2022 15:31:50 GMT

Matthew talks with Matt Cerny, the Director of Information Security at Integra Life Sciences and long-time cyber expert. They discuss cyber encryption and the importance of educating employees in cyber safety. They also talk about being approachable cyber professionals so that employees feel comfortable asking for help.

Episode 17: with Julian Sylvestro

Wed, 09 Feb 2022 22:05:02 GMT

Matthew meets with Julian Sylvestro, the Director of Insurance and Legal Verticals at Secureworks. They discuss the need for cybersecurity insurance and different types of coverage. They also talk about the assistance that Secureworks provides for its customers.

Episode 16: with Jim Cavanagh

Wed, 26 Jan 2022 23:59:18 GMT

Matthew meets with Jim Cavanagh, the Owner and Principal Consultant of Executive Healthcare Consulting. Jim talks about his extensive career in IT and healthcare consulting and the challenges that healthcare workers have been facing during the pandemic. They also bring up the rise in ransomware and the use of cryptocurrency.

Episode 15: with Lee Sult

Thu, 13 Jan 2022 05:45:53 GMT

Matthew meets with Lee Sult, the General Manager at Corvid Cyberdefense to discuss cloud computing and cloud security. They also talk about the shared security model that cloud providers, such as Amazon Web Services (AWS), around the world implement in their security.

Episode 14: with Matthew and Michael

Thu, 30 Dec 2021 14:58:49 GMT

Matthew and Michael chat about cybersecurity trends over the last year and discuss upcoming trends to look out for in 2022. They talk about the future of CMMC, risk management, and security awareness training. They also mention Apache Log4j and its vulnerabilities in 2021 that could continue to cause issues in the new year.

Episode 13: with Loredana Niculae

Thu, 16 Dec 2021 13:50:49 GMT

Michael meets with Loredana Niculae, the CEO of NNC Services, which is a marketing company that provides strategies for IT companies and professional service companies. They discuss a few marketing strategies, such as marketing businesses to a specific persona and understanding your buyer. Loredana also explains how creating a space for a community of professionals to get together can benefit everyone and give opportunities to collaborate in a similar field.

Episode 12: with David Trapani

Thu, 02 Dec 2021 17:13:10 GMT

Michael talks with David Trapani, the owner of sales and training organization, Sandler Training. They discuss how changes in technology and cybersecurity regulations have affected sales processes. David also brings up the benefits of reinforcement training through security awareness.

Episode 11: with John Britton

Thu, 18 Nov 2021 17:05:33 GMT

Matthew talks with John Britton about CMMC updates in John’s second episode of the Perfect Storm. John is the Technical Director for Corvid Cyberdefense, a partner of Harbor TG. They detail the changes in CMMC, from version 1.3 to the new 2.0 version, and discuss each level within the new version of the certification. John also describes CMMC versus NIST 800-171, and gives tips to small businesses about cybersecurity and preparing for cybersecurity certification.

Episode 10: with Evan Kennedy

Wed, 27 Oct 2021 22:46:51 GMT

Michael talks with Evan Kennedy, a security consultant here at Harbor Technology Group, about his nearly two years working at Harbor. They discuss Harbor’s approach to awareness training, including the two-prong curriculum for simulated phishing. Evan also details the difference between vulnerability scanning versus ethical hacking penetration testing and gives tips for SMBs on how to respond to simulated phishing emails.

Episode 9: with Johnny Lieberman and Zack Miller

Wed, 13 Oct 2021 15:05:57 GMT

Matthew has a discussion with Johnny Liberman and Zack Miller of Worklyn Partners, an investing and operating company they co-founded. They discuss how they created the company and their plan for creating a one-stop-shop provider of cybersecurity services for mid-market and SMB customers. With Matthew, they detail the many different security solutions advertised in the market -- XDR (Extended Detection and Response), EDR (Endpoint Detection and Response), and MDR (Managed Detection and Response) – and comment on trends they are seeing in the M&A market, especially with private equity firms growing more interested in the space.

Episode 8: with Anton Major

Wed, 06 Oct 2021 15:03:01 GMT

Matthew has a discussion with Anton Major, the Director of Technology at VelocIT, about what his job is like managing an organization’s IT as a Managed Service Provider (MSP). They talk about changes in the company and its clients during the pandemic, specifically how a hybrid work environment affects IT. Anton also brings up other topics such as cloud services and using a VPN, and gives tips for staying safe while working remotely.

Episode 7: with John Verry

Wed, 22 Sep 2021 22:29:18 GMT

Matthew has a discussion with John Verry, the CISO and Solutions Director at Pivot Point Security, about a number of services that Pivot Point Security provides. Some of the services they mention include individual IoT device penetration tests, organization vulnerability assessments, and ISO 27000 certification. John explains the positives of working with smaller businesses and the importance of meeting with a cybersecurity professional in order to be sure each organization is well-protected.

Episode 6: with John Britton

Wed, 08 Sep 2021 21:09:12 GMT

Matthew talks with John Britton, the Technical Director at Corvid Cyberdefense, to discuss a number of topics surrounding CMMC. John explains Corvid’s approach to helping its clients find the best time to implement a plan for CMMC as well as providing them with a strong and affordable cyber defense team.

Episode 5: with Tommy McDowell

Wed, 25 Aug 2021 20:02:09 GMT

This week, Michael meets with Tommy McDowell, the General Manager at Celerium. They talk about Celerium and its focus on supply chain cyber protection. Tommy gives tips for identifying sensitive information and protecting it through different security measures. Lastly, they discuss how CMMC has changed in the last couple of years and how Celerium can help prepare organizations to meet the new requirements.

Episode 4: with William Compton

Wed, 11 Aug 2021 21:57:41 GMT

Matthew meets with William Compton, the CIO at Integra Life Sciences, to talk about how Integra adapted to remote work during the pandemic. They also discuss the importance of being prepared both as an individual and as an organization for security testing, specifically email trust and being cyber safe on social media.

Episode 3: with Craig Sandman

Wed, 28 Jul 2021 17:52:19 GMT

Michael talks with Craig Sandman, the President and Founder at Symbol Security about security awareness and training for employees. They discuss how to avoid email phishing and malware attacks, credential theft, and other ways to avoid ransomware attacks and scams using Symbol Security’s training.

Episode 2: with Steve Budd

Wed, 14 Jul 2021 18:47:30 GMT

Matthew meets with Harbor's first guest, Steve Budd, the COO at MC3 to discuss employee phishing attacks, “evil-ware," and how virtual experiences at a small business have changed during the pandemic.

Introduction to The Perfect Storm

Fri, 25 Jun 2021 17:30:42 GMT

In this episode, cyber experts Michael and Matthew give an introduction to the podcast, as well as a description of Harbor Technology Group's services. They explain a range of services from cyber risk advisory to vCISO consulting to meet specific security requirements without putting a strain on your IT budget. Additionally, they talk about how these can allow businesses to make informed, fact-based decisions and manage cyber risk.