Blog - Pivot Point Security

Services

CMMC Preparation

ISO 27001

SOC 2 Readiness

Virtual CISO (vCISO)

IoT Security

Network Security

Application Security

Vendor Due Diligence

SaaS Security

Business Continuity

Blockchain Security

SCA
Compliance

CMMC

NIST SP 800-218

CCPA

SOC 2

CIS CSC

PCI

FedRAMP

GLBA

NYDFS

GDPR

HIPAA

HITRUST

TISAX
Insights

Podcasts

Resources

Blog
About Pivot Point Security

About Us

Leadership

Jobs

Locations

Partner With Us

BLOG

Latest Blog

7 reasons why you should get cmmc certified ahead of the may 2023 rulemaking

7 Reasons Why You Should Get CMMC Certified Ahead of the May 2023 Rulemaking

Last Updated on March 27, 2023 With the May 2023 Cybersecurity Maturity Model Certification (CMMC) rulemaking now just weeks away,

Search our Blogs

Choose 1 or more topics below to expand your search:

Application Security Business Continuity Management CCPA Cloud Security Compliance Cybersecurity Cybersecurity Maturity Model Certification (CMMC) Disaster Recovery Ethical Hacking FedRamp GDPR Government Information Security Industry Trends InfoSec Risk Assessment InfoSec Strategies IoT Security ISMS Consulting ISO 22301 ISO 27001 Certification ISO 27701 Network Security NIST Penetration Testing Phishing Privacy Security Awareness Training SIEM SOC 2 Social Engineering Third Party Risk Management Uncategorized Vendor Due Diligence

pps blogs

Pros and Cons to a “Hybrid Approach” to Microsoft 365 Commercial and GCC/GCC High

Continue Reading

pps blogs

Why is Microsoft 365 GCC High “So Expensive”?

Continue Reading

pps blogs

The “Feature Factor” in Moving to Microsoft 365 GCC or GCC High

Continue Reading

pps blogs

How Long Does a Microsoft 365 “Government Cloud” Migration Take?

Continue Reading

pps blogs

3 Top Considerations for Migrating to a Microsoft 365 “Government Cloud”

Continue Reading

pps blogs

Should My Org Be on a Microsoft 365 “Government Cloud”?

Continue Reading

pps blogs

Should we be in Microsoft 365 GCC, GCC High, or Commercial?

Continue Reading

pps blog2

Will Implementing the New ISO 27001:2022 Control Set Improve Your ISMS?

Continue Reading

pps blog2

2 “Gotchas” to Avoid on Your Move to ISO 27001:2022

Continue Reading

pps blog2

3 Things Your ISO 27001:2022 Auditor Would Love to See in Your ISMS

Continue Reading

pps blog2

Benefits of Moving to ISO 27001:2022 ASAP

Continue Reading

pps blog2

ISO 27001:2022—How Does It Impact Related Standards?

Continue Reading

pps blog2

We’re Working Towards Certification to ISO 27001:2013—How Does ISO 27001:2022 Impact Us?

Continue Reading

pps blog2

When Will Auditors Be Ready to Certify ISO 27001:2022 Compliance?

Continue Reading

pps blog2

When Should You Move to ISO 27001:2022?

Continue Reading

ep.111 img

February 20, 2023

Need to Align Your Web App Security Program with NIST’s SSDF or ISO 27001? OWASP SAMM Can Help.

Continue Reading

ep.111 img

February 19, 2023

Don’t Dump Application Security on Your Developers

Continue Reading

ep.111 img

February 18, 2023

Web Application Security—How Mature Are Most Orgs Today?

Continue Reading

ep.111 img

February 17, 2023

How (Not) Good is Your Web App Security? OWASP SAMM Can Tell You.

Continue Reading

ep.111 img

February 16, 2023

Getting to “Secure by Design” with OWASP SAMM

Continue Reading

ep.111 img

February 15, 2023

What is OWASP SAMM and How Can It Elevate Your Application Security?

Continue Reading

tisax

February 10, 2023

The TISAX Audit Process: Here’s What to Expect

Continue Reading

tisax

February 9, 2023

TISAX and ISO 27001: How Do They Relate?

Continue Reading

tisax

February 8, 2023

TISAX Assessment Objectives, Levels, and Labels

Continue Reading

tisax

February 7, 2023

What is TISAX and Why Should We (as an Auto Industry Supplier) Care?

Continue Reading

tisax

February 6, 2023

Understanding TISAX (Trusted Information Security Assessment Exchange)

Continue Reading

109 0

February 3, 2023

Emerging Use Cases for Cyber Threat Intelligence

Continue Reading

109 0

February 3, 2023

How Does Cyber Threat Intelligence Relate to Attack Surface Management or Digital Risk Management?

Continue Reading

109 0

February 2, 2023

Still Think Your Org Has Nothing Hackers Want?

Continue Reading

109 0

February 2, 2023

Cybercrime Business Models and Supply Chains

Continue Reading

109 0

February 1, 2023

How Financially Motivated Cybercriminals Really Operate, and Why You (as an Org with Exploitable Assets) Should Care

Continue Reading

109 0

February 1, 2023

Understanding How Cybercriminals Operate Can Protect Your Business

Continue Reading

aws blog

January 26, 2023

What’s New and Exciting with AWS Security?

Continue Reading

aws blog

January 25, 2023

Public Cloud Consumers: Is Your Management Plane Secure?

Continue Reading

aws blog

January 25, 2023

What are the Most Important AWS Security Tools that Every Org Should Use?

Continue Reading

aws blog

January 25, 2023

Why Do So Many Orgs Stumble on Cloud Security?

Continue Reading

aws blog

January 25, 2023

Different Public Cloud Services Equal Different Shared Security Responsibilities with Your CSP

Continue Reading

aws blog

January 25, 2023

2 Top Security Problems that AWS Users Cause Themselves

Continue Reading

aws blog

January 25, 2023

AWS Cybersecurity Best Practices—From Amazon’s Security Solutions Architect

Continue Reading

blog 108 1

January 23, 2023

Cyber Insurance Considerations for DIB Orgs

Continue Reading

blog 108 1

January 23, 2023

Export Controlled Data: What is It and Why Should We (as a US Government Contractor) Care?

Continue Reading

blog 108 1

January 23, 2023

DIB Orgs: Here’s How to Avoid False Claims Act Sanction

Continue Reading

blog 108 1

January 23, 2023

Should You Voluntarily Disclose a CUI Incident or Data Breach?

Continue Reading

blog 108 1

January 23, 2023

CUI Basic and CUI Specified—What’s the Difference

Continue Reading

blog 108 1

January 23, 2023

Understanding the Legalities around Controlled Unclassified Information (CUI)

Continue Reading

pps blog

January 18, 2023

Security Staffing Moves for a Down Economy

Continue Reading

pps blog

January 18, 2023

Want to Work Smarter Not Harder in a Down Economy? Embrace Security Automation.

Continue Reading

pps blog

January 18, 2023

In a Down Economy, Ensure You’re Getting the Max from Security Investments

Continue Reading

pps blog

January 18, 2023

Why You Should Keep Making Needed Security Investments in a Down Economy

Continue Reading

piotblog1

January 18, 2023

Why Aligning Cybersecurity with Trusted Frameworks is More Important than Ever in a Down Economy

Continue Reading

piotblog1

January 17, 2023

A Cybersecurity Strategy is More Critical Than Ever in a Slow Economy

Continue Reading

piotblog1

January 17, 2023

John Verry’s Top 10 Ideas to Advance Security and Compliance Even in a Tight Economy

Continue Reading

pivot blog

January 13, 2023

CMMC Rulemaking Changes Again—What’s the Timeline Now?

Continue Reading

ep105.5

January 5, 2023

Leveraging OOTB “Policy as Code” for Cloud Security Posture Management

Continue Reading

ep105.4

January 5, 2023

Addressing False Positives and Alert Fatigue across Enterprise Security Tools

Continue Reading

ep105.3

January 5, 2023

Your Cloud Security Posture Needs Both Preventive and Detective/Corrective Components

Continue Reading

ep105.2

January 4, 2023

Governance as Code—Is It the Answer to Cloud-Native Security?

Continue Reading

ep105.1

January 4, 2023

Security, Compliance and Governance in the Cloud—How Do They Relate?

Continue Reading

ep105

January 4, 2023

Dynamic Relationships between Governance, Security, and Compliance

Continue Reading

blog img

December 28, 2022

Is Your Board Prepared for the SEC’s New Cybersecurity Regulations?

Continue Reading

ep104v7

December 20, 2022

Is Attack Surface Management Right for SMBs?

Continue Reading

ep104v6

December 20, 2022

Factoring Third-Party Risk into Attack Surface Management

Continue Reading

ep104v5

December 19, 2022

How Much of Your Attack Surface is Beyond Your Visibility?

Continue Reading

ep104v4

December 19, 2022

Is It Still a Data Breach if the Data was Outside Your Infrastructure?

Continue Reading

ep104v3

December 19, 2022

How Do Assets Relate to Attack Surface Management?

Continue Reading

ep104v2

December 15, 2022

What is Digital Business Risk Management and Why is It So Valuable to Security Leaders?

Continue Reading

ep104v1.1

December 15, 2022

Is Digital Business Risk Management the Future of Attack Surface Management?

Continue Reading

November 23, 2022

Monitoring Security of Your Deployed Public Cloud Application

Continue Reading

November 22, 2022

Validating Security Within Your DevOps Pipeline

Continue Reading

CPRA Compliance

November 10, 2022

Time’s (Almost) Up for California Privacy Compliance

Continue Reading

November 21, 2022

Skills to Look for in Developers to Move Your Applications to the Cloud

Continue Reading

November 18, 2022

Should We Containerize Our Cloud-Based Application?

Continue Reading

November 17, 2022

Should You Outsource Managing Your App Along with Building It?

Continue Reading

November 16, 2022

Are There Any Simple Templates to Help Manage a Secure Web App in the Public Cloud?

Continue Reading

November 15, 2022

The Complexities of Deploying a Secure Application in the Cloud

Continue Reading

November 14, 2022

What are a New Privacy Lead’s Biggest Challenges? (From a Fortune 500 CPO)

Continue Reading

November 11, 2022

Tips from a Fortune 500 CPO on Automating Your Privacy Program

Continue Reading

November 10, 2022

Tackling the Legal Side of Privacy without Becoming a Lawyer

Continue Reading

November 9, 2022

How Does Physical Security Tie into Privacy?

Continue Reading

November 7, 2022

The New Intersection of Privacy and Security (from a Fortune 500 CPO)

Continue Reading

November 7, 2022

The Intersection of Privacy & Security

Continue Reading

pivot blog2 1

October 26, 2022

What Will It Take to Survive a Third-Party CMMC Level 2 Assessment?

Continue Reading

pivot blog

October 26, 2022

DIB Orgs: Here’s What’s Up with CMMC “Flowdown” and New Pressures from Primes

Continue Reading

Screen Shot 2022 10 25 at 12.23.00 PM

October 25, 2022

We Don’t Think We Need CMMC Level 2 but the Government Says We Do…

Continue Reading

Screen Shot 2022 10 25 at 11.54.34 AM

October 25, 2022

Should We Pursue a Voluntary CMMC Assessment?

Continue Reading

Screen Shot 2022 10 13 at 6.44.21 AM

October 24, 2022

Is There a Path for Non-US Companies to be CMMC Certified?

Continue Reading

Screen Shot 2022 10 25 at 9.43.00 AM

October 24, 2022

ISO 27001 Certified Orgs—Here’s the Latest on CMMC Reciprocity

Continue Reading

Updated FedRAMP Auth 1

October 24, 2022

House Approves Updated FedRAMP Authorization Act

Continue Reading

Screen Shot 2022 10 23 at 12.21.20 PM

October 21, 2022

Can SMBs Afford CMMC Level 2 Certification?

Continue Reading

Screen Shot 2022 10 23 at 12.07.57 PM

October 21, 2022

When Do We Need to Be CMMC 2.0 Certified?

Continue Reading

pivot blog2

October 20, 2022

DIB Orgs: Here are Answers to Your Top CMMC Encryption and MFA Questions

Continue Reading

pivot blog1

October 20, 2022

Does My DIB Org Need a SIEM for CMMC Compliance

Continue Reading

Screen Shot 2022 10 20 at 9.49.35 AM

October 19, 2022

Your Top CMMC Questions Answered

Continue Reading

Screen Shot 2022 10 13 at 6.44.21 AM

October 14, 2022

SME InfoSec Leads: Here’s How to Kickstart a Privacy Program

Continue Reading

Screen Shot 2022 10 13 at 6.48.46 AM

October 17, 2022

How Automation Can Help Operationalize a Privacy Program

Continue Reading

Screen Shot 2022 10 13 at 6.37.29 AM

October 13, 2022

How Automation Can Help with Data Privacy Impact Assessment

Continue Reading

Screen Shot 2022 10 09 at 10.54.36 PM

October 12, 2022

SMEs: Do You Know Where All Your Customers’ Personal Data Resides?

Continue Reading

Screen Shot 2022 10 09 at 10.35.44 PM

October 11, 2022

SMEs: Are Your Customers Pushing You Towards a Privacy Program?

Continue Reading

Screen Shot 2022 10 09 at 10.29.05 PM

October 10, 2022

The Two Audiences For Privacy & How They Drive Data Collection

Continue Reading

Screen Shot 2022 10 07 at 4.01.43 PM

October 7, 2022

Is Cybersecurity Certification Worth the Effort?

Continue Reading

Screen Shot 2022 10 05 at 9.34.12 AM

October 6, 2022

Can Disaster Recovery and Business Continuity Help with Software Supply Chain Risk Assessment?

Continue Reading

Screen Shot 2022 10 05 at 9.29.59 AM

October 5, 2022

Can Cybersecurity Frameworks Help with Software Supply Chain Risk Management?

Continue Reading

Screen Shot 2022 10 04 at 3.16.48 AM

October 4, 2022

Supply Chain Risk Management and Third-Party Risk Management: What’s the Difference?

Continue Reading

Screen Shot 2022 10 03 at 6.55.29 PM

October 3, 2022

What is Software Supply Chain Risk Management and Why Should We (as an Org That Uses Software) Care?

Continue Reading

Pivot Point Blog Template 18

October 3, 2022

The FTC’s Intensified Prosecution of Deceptive Cybersecurity and Privacy Practices: Here’s What You Should Know

Continue Reading

Screen Shot 2022 09 30 at 10.44.54 AM

September 30, 2022

Unpacking Critical Elements of Supply Chain Risk Management

Continue Reading

Pivot Point Blog Template 17

September 30, 2022

PATCH Act Legislation Could Expand Medical Device Manufacturing Cybersecurity Regulations

Continue Reading

Pivot Point Blog Template 16

September 27, 2022

NIST Update on HIPAA Security Rule Can Help Your Org Reduce ePHI Risk Exposure

Continue Reading

Pivot Point Blog Template 14

September 19, 2022

OMB Mandates US Federal Agencies to Comply with NIST Guidance on Software Supply Chain Security

Continue Reading

Screen Shot 2022 08 08 at 7.09.45 AM

How Does the NIST Secure Software Development Framework (SSDF) Compare with OWASP SAMM, BSIMM, etc.?

Continue Reading

Screen Shot 2022 08 03 at 11.41.50 PM

What is the Software Development Lifecycle and Why is It Central to Software Security?

Continue Reading

Screen Shot 2022 07 27 at 8.31.55 PM

The Cyberspace Solarium Commission Report and CMMC—How Do They Connect?

Continue Reading

Screen Shot 2022 07 27 at 8.22.35 PM

We Need Public/Private Partnership to Fight the Cyber War We’re In

Continue Reading

Screen Shot 2022 07 27 at 4.48.15 PM

What is the Cyberspace Solarium Commission Report and Why Should I Care?

Continue Reading

Screen Shot 2022 07 21 at 10.05.44 PM

How Does DevOps Impact Your Database Security?

Continue Reading

Screen Shot 2022 07 21 at 9.47.49 PM

How Moving to the Cloud Impacts Your Database Security

Continue Reading

Screen Shot 2022 07 18 at 7.45.58 AM

3 Reasons Why Database Security is Undervalued

Continue Reading

Screen Shot 2022 07 18 at 7.37.02 AM

5 Top Database Risks You Didn’t Know You Had

Continue Reading

Screen Shot 2022 07 18 at 7.31.09 AM

Confronting the Wild West of Database Security

Continue Reading

Screen Shot 2022 07 18 at 7.24.09 AM

The Argument for More Board-Level Cybersecurity Expertise

Continue Reading

Screen Shot 2022 07 14 at 6.36.54 AM

What is “Secure By Default” and How Do We Get There?

Continue Reading

Screen Shot 2022 07 14 at 6.30.17 AM

Looking Beyond Trusted Frameworks to Achieve Robust Cybersecurity

Continue Reading

Screen Shot 2022 07 13 at 6.53.22 AM

Bridging the Gap Between Cybersecurity and the Business World

Continue Reading

Screen Shot 2022 07 08 at 7.09.23 AM

Does Your Cyber Liability Insurance Fit with Your Total Insurance Coverage?

Continue Reading

Screen Shot 2022 07 08 at 7.05.24 AM

3 Top Reasons Why an Attorney Should Review Your Cyber Liability Insurance Policy

Continue Reading

Screen Shot 2022 07 08 at 6.52.02 AM

Are Cyber Liability Insurance Companies (Entirely) to Blame for Today’s Onerous Premiums

Continue Reading

Screen Shot 2022 07 08 at 6.39.33 AM

Why Cyber Liability Insurance Has Become the “Wild West”

Continue Reading

Screen Shot 2022 07 07 at 12.50.10 AM

Legal and Infosec Strategies to Deal with Exploding Cyber Liability Insurance Premiums

Continue Reading

Pivot Point Blog Template 13

September 1, 2022

DIB Orgs: Time is Almost Up for DFARS and NIST 800-171 Compliance

Continue Reading

Screen Shot 2022 08 28 at 3.41.35 PM

August 26, 2022

What is the OWASP Software Assurance Maturity Model (SAMM) and Why Should We (as an Org That Develops Software) Care?

Continue Reading

Screen Shot 2022 08 28 at 3.35.40 PM

August 26, 2022

Applying the OWASP Software Assurance Maturity Model (SAMM) in Your Environment

Continue Reading

Screen Shot 2022 08 28 at 3.28.30 PM

August 30, 2022

OWASP SAMM’s 5 Business Functions Unpacked

Continue Reading

Screen Shot 2022 08 28 at 3.22.37 PM

August 29, 2022

BSIMM and OWASP SAMM Compared

Continue Reading

Screen Shot 2022 08 28 at 3.17.02 PM

August 29, 2022

Using OWASP’s Software Assurance Maturity Model (SAMM) and Application Security Verification Standard (ASVS) Together

Continue Reading

Screen Shot 2022 08 25 at 11.49.11 AM

August 25, 2022

Breaking Down the Latest in Software Security Standards & the Impact on SaaS Businesses

Continue Reading

Screen Shot 2022 08 22 at 9.27.44 AM

August 23, 2022

Top Use Cases for Continuous API Security

Continue Reading

Screen Shot 2022 08 22 at 9.22.54 AM

August 22, 2022

What is Continuous API Scanning and Why Should We (as App Developers) Care?

Continue Reading

Screen Shot 2022 08 22 at 8.11.26 AM

August 22, 2022

What are the Financial Benefits of API-Level Security?

Continue Reading

Screen Shot 2022 08 18 at 8.24.59 PM

August 19, 2022

How Does an API-First Architecture Affect Your App Attack Surface?

Continue Reading

Screen Shot 2022 08 18 at 8.20.16 PM

August 19, 2022

Application Security and API Security are Becoming Synonymous—Are You Ready?

Continue Reading

Screen Shot 2022 08 18 at 12.40.12 PM

August 18, 2022

What You Need to Know about APIs and API Security

Continue Reading

Screen Shot 2022 08 12 at 7.03.26 AM

August 12, 2022

Aligning Security with Business Goals to Create More Value

Continue Reading

Screen Shot 2022 08 11 at 12.21.11 PM

August 12, 2022

The “Value Creation” Side of Return on Security Investment (ROSI) Estimates

Continue Reading

Screen Shot 2022 08 10 at 5.53.05 PM

August 11, 2022

A Risk-Based Approach to Calculating Return on Security Investment (ROSI)

Continue Reading

Screen Shot 2022 08 10 at 5.35.59 PM

August 11, 2022

Return on Security Investment (ROSI): What is It and How Do You Calculate It?

Continue Reading

Screen Shot 2022 08 10 at 5.26.01 PM

August 10, 2022

How to Measure the Value of Information Security

Continue Reading

Screen Shot 2022 08 08 at 7.04.52 AM

What’s the Effort to Align Your Dev with the NIST Secure Software Development Framework (SSDF)?

Continue Reading

Pivot Point Blog Template 12

Making the Most of the CMMC Assessment Guidance from the CyberAB

Continue Reading

Screen Shot 2022 08 03 at 11.54.09 PM

Here’s Why Software Vendors Should Align with the SSDF Whether Mandated or Not

Continue Reading

Screen Shot 2022 08 03 at 11.50.49 PM

Why Does the USG Think We Need the NIST Secure Software Development Framework (SSDF)?

Continue Reading

Screen Shot 2022 08 03 at 11.45.51 PM

What is the NIST Secure Software Software Development Framework and Why Should We (as a Software Vendor) Care?

Continue Reading

Screen Shot 2022 08 03 at 8.52.55 AM

What NIST’s Secure Software Development Framework Means to You

Continue Reading

Screen Shot 2022 07 26 at 8.29.00 AM

US Gov. Cybersecurity Roadmap: Where it came from and Where is it Going?

Continue Reading

Screen Shot 2022 07 27 at 9.18.01 PM

US Government Threat Intelligence Programs: Where Are They Headed?

Continue Reading

Screen Shot 2022 07 27 at 8.37.40 PM

Recent White Papers from the Cyber Solarium Commission—What is Their Purpose?

Continue Reading

Screen Shot 2022 07 27 at 8.44.58 PM

What is the Cyberspace Solarium Commission 2.0 Project and Why Should I (as a US Citizen) Care?

Continue Reading

Screen Shot 2022 07 27 at 5.04.42 PM

What is Continuity of the Economy Planning and Why Should I (as a US Citizen) Care?

Continue Reading

Screen Shot 2022 07 21 at 9.58.07 PM

Your Database Attack Surface is Bigger than You Think

Continue Reading

Screen Shot 2022 07 14 at 6.42.14 AM

The Strategy Behind the Gula Tech Adventures Portfolio

Continue Reading

Screen Shot 2022 07 14 at 6.46.59 AM

Why Philanthropy is Important in Cybersecurity

Continue Reading

Screen Shot 2022 07 14 at 6.24.56 AM

How Do You Know If Your Business is Really Secure?

Continue Reading

Screen Shot 2022 07 11 at 6.17.23 AM

What is a Breach Counselor and Why Do We (as an Org with Cyber Liability Insurance) Care?

Continue Reading

Screen Shot 2022 07 11 at 6.12.44 AM

Do You Know Your Cyber Liability Insurance Obligations?

Continue Reading

Screen Shot 2022 06 30 at 9.59.41 AM

CMMC 2.0: Is Certification Worth the Cost and Risk?

Continue Reading

Screen Shot 2022 06 30 at 9.54.18 AM

CMMC 2.0: Choose Your Registered Provider Organization Carefully

Continue Reading

Screen Shot 2022 06 28 at 7.25.06 AM

CMMC 2.0: DoD Emphasizes “Nothing Has Changed” (So Why Aren’t You Ready?)

Continue Reading

Pivot Point Blog Template 11

CFIUS Cybersecurity Considerations: Here’s What You Need to Know

Continue Reading

Screen Shot 2022 06 27 at 6.59.58 AM

CMMC 2.0: DoD Clarifies Rollout Schedule and More

Continue Reading

Pivot Point Blog Template 10

Benefits of Categorizing NIST 800-171 Requirements as Technical Versus Nontechnical

Continue Reading

Screen Shot 2022 06 24 at 7.22.57 AM

Important Clarifications on CMMC v2 from CMMC Day May 9, 2022

Continue Reading

Screen Shot 2022 06 16 at 5.09.25 PM

What Really Drives Innovation in Cybersecurity?

Continue Reading

Screen Shot 2022 06 16 at 5.01.59 PM

Are We More or Less Secure than 20 Years Ago?

Continue Reading

Screen Shot 2022 06 15 at 8.53.16 PM

Investors are Targeting These Emerging Cybersecurity Areas

Continue Reading

Screen Shot 2022 06 15 at 8.23.15 PM

3 Different Types of Private Equity Firms Explained

Continue Reading

Screen Shot 2022 06 14 at 12.28.24 AM

5 Top Criteria for Venture Capitalists Evaluating Tech Companies

Continue Reading

Screen Shot 2022 06 14 at 12.22.37 AM

The Past, Present and Future of Cybersecurity From the Viewpoint of a Venture Capitalist

Continue Reading

Pivot Point Blog Template

What is OWASP SAMM and Why Should We (as an Org that Develops Software) Care?

Continue Reading

Screen Shot 2022 06 07 at 10.02.27 AM

How Attack Surface Management Calculates Attack Paths

Continue Reading

Screen Shot 2022 06 07 at 9.57.11 AM

How Does Attack Surface Management Connect with Patch Management?

Continue Reading

Screen Shot 2022 06 06 at 2.42.15 PM

Top Scenarios for Implementing Attack Surface Management

Continue Reading

Screen Shot 2022 06 06 at 2.24.44 PM

NopSec’s Vision for Attack Surface Management

Continue Reading

Screen Shot 2022 06 03 at 7.02.25 AM

Attack Surface Management: Should It Cover Configuration Management?

Continue Reading

Screen Shot 2022 06 03 at 6.56.17 AM

What is Attack Surface Management and Why Should We (as an Org with Vulnerabilities) Care?

Continue Reading

Screen Shot 2022 06 02 at 11.09.36 PM

Understanding Attack Surface Management

Continue Reading

Pivot Point Blog Template 8

Protecting CUI Nonfederal Organizations

Continue Reading

Heres What State of the Art Entryway Security Looks Like

Here’s What State-of-the-Art Entryway Security Looks Like

Continue Reading

Screen Shot 2022 05 26 at 12.52.34 PM

Does My Business Need Better Entryway Security?

Continue Reading

Picture1 2

Why Physical Security and Cybersecurity are Converging

Continue Reading

Picture1 1

The Convergence of Physical & Cybersecurity

Continue Reading

CMMC 2.0 Level 3 Certification Whats Up with That for MSPsMSSPs

CMMC 2.0 Level 3 Certification: What’s Up with That for MSPs/MSSPs?

Continue Reading

MSPsMSSPs Heres the Latest CMMCNIST 800 171 Compliance Timeline

MSPs/MSSPs: Here’s the Latest CMMC/NIST 800-171 Compliance Timeline

Continue Reading

Why MSPsMSSPs Should Develop a Shared Responsibility Matrix

Why MSPs/MSSPs Should Develop a Shared Responsibility Matrix

Continue Reading

When is an MSPMSSP a CSP for CUI Protection Purposes

When is an MSP/MSSP a CSP for CUI Protection Purposes?

Continue Reading

MSPsMSSPs Are You Subject to Flowdown CUI Protection Requirements

MSPs/MSSPs: Are You Subject to “Flowdown” CUI Protection Requirements?

Continue Reading

Pivot Point Blog Template 7

CMMC Compliance for MSPs/MSSPs: Taking a “Cross-Client” Approach

Continue Reading

CMMC Compliance for MSPsMSSPs 3 Shared Responsibility Angles 1 1

CMMC Compliance for MSPs/MSSPs: 3 Shared Responsibility Angles

Continue Reading

Pivot Point Blog Template 5

What New CMMC Guidance Means for MSPs and MSSPs

Continue Reading

Screen Shot 2022 05 10 at 7.07.52 AM

Got Hardcopy CUI? NIST SP 800-171 Requirements Apply.

Continue Reading

Step 8 to Retaining Security Talent Win Win Communication

Step #8 to Retaining Security Talent: Win-Win Communication

Continue Reading

Step 7 to Retaining Security Talent Make Career Promotion Criteria Outlined Transparent

Step #7 to Retaining Security Talent: Make Career Promotion Criteria Outlined & Transparent

Continue Reading

Step 6 to Retaining Security Talent Roles Responsibilities Clearly Defined Measured

Step #6 to Retaining Security Talent: Roles & Responsibilities are Clearly Defined & Measured

Continue Reading

Step 5 to Retaining Security Talent Consistent Management Training

Step #5 to Retaining Security Talent: Consistent Management Training

Continue Reading

Step 4 to Retaining Security Talent Kindness Only Culture

Step #4 to Retaining Security Talent: Kindness-Only Culture

Continue Reading

Ste 3 to Retaining Security Talent Self Care Culture

Step #3 to Retaining Security Talent: Self-Care Culture

Continue Reading

Step 2 to Retaining Security Talent Positive Attitude Culture

Step #2 to Retaining Security Talent: Positive Attitude Culture

Continue Reading

Step 1 to Retaining Security Talent Emotionally Intelligent Managers

Step #1 to Retaining Security Talent: Emotionally Intelligent Managers

Continue Reading

8 ingredients for baking inclusivity

8 Ingredients for Baking Inclusivity into Your Culture

Continue Reading

sec new rules cybersecurity

SEC Proposes New Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

Continue Reading

nist cybersecurity framework

The NIST Cybersecurity Framework Helps Business and Technical Leaders Communicate About Security

Continue Reading

cloud controls matrix

Cloud Controls Matrix

Continue Reading

local storage versus cookies

Local Storage Versus Cookies: Which to Use to Securely Store Session Tokens

Continue Reading

panther helps get real time access to arbitrary security data

How Panther Helps Get You Real-Time Access to Arbitrary Security Data

Continue Reading

comparing cost of siem

Comparing the Cost of “SIEM”: How Much and Time-to-Value

Continue Reading

real time streaming security analytics

Get Proactive with Real-Time Streaming Security Analytics

Continue Reading

big data snowflake reinvention siem

Big Data, Snowflake and the Reinvention of SIEM

Continue Reading

state of siem security industry

“The State of SIEM” and Why the Security Industry Needs to Move On

Continue Reading

what is serverless siem

What is “Serverless SIEM” and Why Should We (as an Org Trying to Detect Cyber Threats) Care?

Continue Reading

becoming more effecient with cloud native approach

Becoming More Efficient w/ a Cloud-Native Approach to Data Security

Continue Reading

incorporate nist into your iso27001

February 2, 2022

3 Top Ways to Incorporate NIST 800-171 into Your ISO 27001 or SOC 2 Program

Continue Reading

4 key responses cubersecurity regulations

February 2, 2022

4 Key Responses to New US Government Cybersecurity Regulations

Continue Reading

cisa critical infrastructure

February 2, 2022

CISA, Critical Infrastructure and CUI: 3 New Drivers for the Future of Your ISO 27001 or SOC 2 Cybersecurity Program

Continue Reading

brief history cybersecurity guidance

February 2, 2022

A Brief History of Recent US Government Cybersecurity Guidance and Why You Should Care—Even If You Don’t Do Business with the USG

Continue Reading

are saas customers bigger business risk

December 3, 2021

Are SaaS Customers a Bigger Business Risk to their Vendors than Vice Versa?

Continue Reading

4 top things your saas vendors should do

December 3, 2021

4 Top Things Your SaaS Vendors Should Be Doing to Prove They’re Secure

Continue Reading

ai based threat detection for saas apps

December 3, 2021

AI-Based Threat Detection for SaaS Applications: “Suspenders to Backup Your Belt”

Continue Reading

customer managed encryption keys

December 3, 2021

Customer Managed Encryption Keys: With Great Power Comes Great Responsibility

Continue Reading

cloud security shared responsibility model evolving

December 3, 2021

The Cloud Security “Shared Responsibility” Model is Evolving

Continue Reading

cloud based solutions are now more secure than on prem

December 3, 2021

Here’s Why Cloud-Based Solutions are Now More Secure than On-Prem

Continue Reading

using the csa star program for procurement

Using the CSA STAR Program for Procurement

Continue Reading

how cloud security alliance addresses privacy

How the Cloud Security Alliance Addresses Privacy

Continue Reading

csa cloud controls matrix

What is the CSA Cloud Controls Matrix and Why Should Everyone on the Cloud Care?

Continue Reading

cloud security alliance

What is the Cloud Security Alliance and Why Should I (as Someone Selling or Buying Cloud Services) Care?

Continue Reading

essential cloud security compliance tips from csa

Essential Cloud Security & Compliance Tips from CSA

Continue Reading

cmmc 20 whats ahead for the dib

CMMC 2.0: What’s Ahead for the DIB?

Continue Reading

why is management buy in a challenge for cmmc compliance

Why is Management Buy-In a Challenge for CMMC Compliance?

Continue Reading

dib orgs heres how to apply the cmmc scoping guide to ot assets

Dib Orgs: Here’s How to Apply the CMMC Scoping Guide to OT Assets

Continue Reading

dib orgs why is asset management a challenge

Dib Orgs: Why is Asset Management a Challenge?

Continue Reading

dib orgs what to do if you dont think you have cui

Dib Orgs: What to Do If You Don’t Think You Have CUI

Continue Reading

cmmc 2 0 scoping

CMMC 2.0 Scoping

Continue Reading

3 reasons why its so hard to identify cui

3 Reasons Why It’s So Hard to Identify CUI

Continue Reading

3 top challenges with cmmc 20

3 Top Challenges with CMMC 2.0

Continue Reading

ongoing challenges with cmmc

Ongoing Challenges with CMMC

Continue Reading

cmmc rulemaking what are the implications

CMMC 2.0 Rulemaking: What are the Implications for Government Contractors Outside the DIB?

Continue Reading

fleet device management future plans

Fleet Device Management: Future Plans

Continue Reading

How Malware Spreads

Continue Reading

Using Fleet’s Policy Feature for Configuration Management

Continue Reading

Open Source Device Management—Can It Improve Your Vulnerability Management?

Continue Reading

Open Source Device Management—Is It Right for Your Use Cases?

Continue Reading

Open Source Device Management—It’s All About Transparency and Flexibility

Continue Reading

Is Open Source the Future of Endpoint Security

Continue Reading

IoT Device Security: What to Look for from Vendors

Continue Reading

IoT Security Guidance: What is Its Real-World Value?

Continue Reading

Remotely Hacking IoT Devices: Here’s How It’s Done

Continue Reading

“AWS for Security” — A One-Stop Shop in the Making?

Continue Reading

A Hardware Hacker’s Top Tips for Building Secure IoT Devices

Continue Reading

“AWS for Security” — Can It Also Support Compliance?

Continue Reading

The New NIST Secure Software Development Framework: Why It’s So Important for the USG Supply Chain

Continue Reading

“AWS for Security”—Can It Reduce Your Security Software Costs?

Continue Reading

OK, So… What’s an IoT Device?

Continue Reading

Are You Ready for “AWS for Security”?

Continue Reading

The “AWS Approach” to Provable Security

Continue Reading

The New ISO 27002:2022—What Does It Mean for Your ISO 27001 ISMS?

Continue Reading

The Value of Attributes in the New ISO 27002:2022

Continue Reading

The OMB’s Final Zero Trust Strategy: 8 Key Takeaways

Continue Reading

The New ISO 27002:2022—What’s New with the Controls?

Continue Reading

The New ISO 27002:2022—What are “Themes” and Why are They Cool?

Continue Reading

The New ISO 27002:2022 — How Was It Developed?

Continue Reading

What Does the New ISO 27002 Update Mean for You?

Continue Reading

DIB Orgs: Can You Identify CUI?

Continue Reading

DIB Orgs: Your SPRS Score, System Security Plan and POAMs Had Better Be for Real

Continue Reading

Continuous Compliance: What Are the Business Benefits?

Continue Reading

Continuous Compliance for DIB Orgs: What Are Some Examples?

Continue Reading

3 Inescapable Reasons Why DIB Orgs are Now Reliant on Their Compliance Programs

Continue Reading

CMMC 2.0 Compliance—What Will It Look Like at Level 1 or Level 2?

Continue Reading

Microsoft Just Endorsed ISO 27001 (and ISO 27701) Over SOC 2! Here’s What It Means to You

Continue Reading

CMMC 2.0 Compliance—Here’s What to Focus on Now

Continue Reading

Continuous Compliance—What is It and Why Should You (as a DIB Org) Care?

Continue Reading

John Verry’s 2022 InfoSec Prediction #8: CSPs Up Their Security Game

Continue Reading

John Verry’s 2022 InfoSec Prediction #7: Software Security Goes Mainstream

Continue Reading

John Verry’s 2022 InfoSec Prediction #6: Companies Will Look to Shorten Their Vendors Lists

Continue Reading

John Verry’s 2022 InfoSec Prediction #5: “Our Compliance Officer” and/or “Our GRC Platform” Enter Your Lexicon

Continue Reading

John Verry’s 2022 InfoSec Prediction #4: The Use of Fractional/Virtual CISOs Will Continue to Grow Rapidly

Continue Reading

John Verry’s 2022 InfoSec Prediction #3: Supply Chain Risk Management Will Continue to Grow in Importance

Continue Reading

John Verry’s 2022 InfoSec Prediction #2: Cyber Liability Insurance Premiums and Due Diligence Will Increase Significantly

Continue Reading

John Verry’s 2022 InfoSec Prediction #1: Zero Trust Moves from Buzzword to Reality

Continue Reading

New False Claims Act Initiative Could Increase Federal Contractors’ Cyber Compliance Risk

Continue Reading

It’s Hard to Spell Security with API (Translation: You Need an AppSec Strategy)

Continue Reading

CMMC NIST

CMMC 2.0 and NIST 800-171—Pressure from Primes Could Accelerate Compliance Timeframes

Continue Reading

John Verry’s 2022 InfoSec Predictions: Challenges & Responses

Continue Reading

2021 Cyber Incident Year in Review

Continue Reading

Incident response

February 2, 2022

Can Attack Surface Management Help with Incident Response?

Continue Reading

vulnerability assessment

February 1, 2022

Can Attack Surface Management Help with Vulnerability Assessment?

Continue Reading

Supply chain security 2

January 31, 2022

How Attack Surface Management Can Help Reduce Supply Chain Security Risks

Continue Reading

got root

January 27, 2022

How I Got root on a Thermostat

Continue Reading

ISO 27001 2022

January 25, 2022

Are You Ready for the New ISO 27001:2022?

Continue Reading

ISMS Consulting 1

January 24, 2022

How (Not) to Perfect Your ISO 27001 Information Security Management System in Only 3 Years

Continue Reading

FedRamp changes

January 21, 2022

New Senate Bill Proposes Multiple Changes to FedRAMP Program

Continue Reading

CUI

January 17, 2022

All Federal Contractors are Already Subject to NIST 800-171 Requirements—Not Just the DIB

Continue Reading

Threat Investigation

January 10, 2022

Attack Surface Management with RiskIQ’s PassiveTotal Platform

Continue Reading