Security Lessons from a Microsoft Veteran
May 12, 2026
Dive into the evolving world of cybersecurity and compliance with Bruno Lecoq and Brandon Lecoq. This episode uncovers the reality of securing your organization using a streamlined Microsoft approach and why proper implementation takes dedication. Discover the hidden risks of ignoring basic security protocols and how continuous monitoring can protect your business from unseen threats.
Join Bruno and Brandon Lecoq for a detailed conversation on building resilient security programs and navigating the complex world of CMMC and SOC 2 frameworks. Bruno shares the foundational story behind BEMO and his transition from a twenty-year career at Microsoft to creating a cybersecurity powerhouse for SMBs. Throughout this episode, we unpack the sheer volume of daily threats facing organizations and how a dedicated Security Operations Center filters through tens of thousands of logs to identify risks.
The discussion explores why a unified Microsoft approach heavily reduces complexity and accelerates your timeline for audit readiness. You will also learn the truth about compliance timelines and why those offering certificates in a few weeks are putting your business in serious danger.
From the absolute necessity of enforcing multifactor authentication for admin accounts to understanding why your managed service provider falls under the scope of your external audit, this episode provides a comprehensive roadmap for protecting your business.
What You’ll Learn:
- The benefits of adopting a Microsoft-centric security strategy
- How Microsoft Secure Score acts as an indicator of audit readiness
- The process of filtering thousands of daily security logs through a SOC
- Why implementing MFA is a non-negotiable step for safeguarding accounts
- How to verify your MSP's qualifications for CMMC audits
Episode Chapters:
00:00 Introduction
01:07 Leaving Microsoft to build BEMO
05:32 Choosing a Microsoft-centric approach
13:51 Azure Sentinel and SOC reporting
16:41 Tracking Microsoft Secure Score
18:36 Why compliance timelines vary
20:50 The dangers of cheap compliance
25:20 Enforcing MFA for administrators
28:29 Processing daily security logs
34:38 Building your policy framework
45:41 Understanding CMMC certifications
Quotes:
"I always said I owe my life to Microsoft. I worked 20 years there, and now we are BEMO. We are a Microsoft partner and one of their top 100 cybersecurity partners in the world."
"Half of the company doesn't have an admin with no MFA, and you're like, okay. That's it. So easy to work."
"I welcome the third-party assessor because I want to validate that my system is as good as I can do it. I can never guarantee 100% security, but I know our Secure Score is high, and someone outside checked what we did."
Connect with the team:
👉 Bruno Lecoq on LinkedIn: https://www.linkedin.com/in/brunolecoq/
👉 Brandon Lecoq on LinkedIn: https://www.linkedin.com/in/brandon-lecoq
👉 BEMO Website: https://www.bemopro.com/
👉 Brandon Lecoq on LinkedIn: https://www.linkedin.com/in/brandon-lecoq
👉 BEMO Website: https://www.bemopro.com/
Trust Issues is handcrafted by our friends over at: fame.so