The Virtual CISO Podcast

Navigating IT-OT Dynamics: Cybersecurity, Integration, and Collaboration

Navigating New Horizons: CMMC, NIST 800-171 Updates, and Compliance Insights

Description: In this episode of the “Virtual CISO Podcast,” your host John Verry speaks with guest Warren Hylton, a

Ep #121 – Jack Liljeberg Assistant Broker Thompson Flanagan

Strategies for Reducing the Cost of Your Cyber Liability Insurance Policy Description Like many other businesses, law firms are at

Ep #120: A FedRAMP ATO – The Good, The Bad and the Ugly

To do wide-scale business within the US federal government, cloud service providers (CSPs) need a FedRAMP ATO. The prospect can

Ep #119: What is a Microservice Architecture and how do I secure it?

Whatever kind of software application a team is building, the identification and remediation of cybersecurity issues needs to be part

Ep #118: The Simplest Way to Transition from ISO 27001:2013 to ISO 27001:2022

If you are ISO 27001 certified, or considering it, you are likely wondering how the transition from ISO 27001:2013 to

Ep #117: Eight Key Takeaways from the RSA 2023 Conference

In this week’s episode of the Virtual CISO podcast, your host John Verry, Pivot Point Security CISO and Managing

Ep #116: What is an SBOM & Why Are My Customers Suddenly Asking for One?

With the release of President Biden’s Executive Order 14028 on “Improving the Nation’s Cybersecurity” from May 2021 the US

Ep #115: If Your Asset Management Sucks, Your Security Sucks

Asset management is a crucial aspect of information security. It refers to the processes and procedures involved in identifying, organizing,

Ep #114: 4 Tactical Steps To Implementing DevSecOps In 2023

DevSecOps is the practice of integrating security testing at every stage of the software development process. With DevSecOps,

Ep #113 – Should we be in Microsoft 365 GCC, GCC High, or Commercial?

Microsoft 365 was launched in 2011 in hopes of revolutionizing cloud-powered productivity platforms. Since then, Microsoft 365 has grown

Ep #112 – When should you move to ISO 27001:2022?

ISO 27001:2022 is the first update to the global “gold standard” for provable cybersecurity in ten years. Notable

Ep #111 – How to use the Software Assurance Maturity Model (SAMM) to Build Highly Secure Applications

The “buzz” in building more secure applications is “shift security left,” which means integrating security into and throughout the

Ep #110 – Understanding TISAX (Trusted Information Security Assessment Exchange)

Trusted Information Security Assessment Exchange (TISAX) is a vendor due diligence standard used in the automotive industry to verify

Ep #109 – Understanding How Cybercriminals Operate Can Protect Your Business

In today’s cyber landscape, business leaders and security professionals need every edge they can gain to better protect their organizations

Ep #108 – Understanding the Legalities Around CUI

Orgs in the DIB need to protect CUI in alignment with the NIST 800-171 cybersecurity standard—and soon the Cybersecurity Maturity

Ep #107 – An AWS Security Guru’s Recommendation for Securing your AWS Infrastructure

Over 90% of security breaches in the public cloud stem from user error, and not the cloud service provider. Today,

Ep#106 – Strategies to Manage Cybersecurity through an Economic Downturn

Managing Cyber Security through an Economic downturn is no easy task. With increasing concerns on how to stay secure and

Ep#105 – Solving the Problems of Cloud Native Applications

Building Cloud Native Applications can bring about many operational and security problems. Today, we sat down with an expert in

Ep#104 – Is Digital Business Risk Management the future of Attack Surface Management?

Digital Business Risk Management helps companies track and disrupt the most advanced bad actors and malevolent infrastructures. Team Crymu specializes

Ep#103 – The Complexity of deploying a secure application in the cloud

Governance, Risk, and Compliance (GRC) platforms can be very tricky to construct. Today, we sat down with an expert in

Ep#102 – Rosemary Martorana – The intersection of Privacy and Security

You cannot have privacy without security. While they once existed quite distinct from one another, they are now so delicately

Ep#101 – George Perezdiaz – Most Asked CMMC Questions

CMMC (Cybersecurity Maturity Model Certification) can raise many red flags and concerns – As CMMC rulemaking approaches in 2023, we

Ep#100 – Dimitri Sirota – The Two Audiences For Privacy & How They Drive Data Collection

This marks our 100th episode of The Virtual CISO and an insightful journey into having the opportunity to have frank

Ep#99 – Willy Fabritius – Unpacking Critical Elements of Supply Chain Risk Management

Supply chain risk management can prove to be a slippery slope—why should you take pains to conduct a proper risk

Ep#98 – Taylor Smith – Breaking Down the Latest in Software Security Standards & the Impact on SaaS Businesses

What are the merits of the Software Assurance Maturity Model (SAMM), and how does it differ from the Application Security

Ep#97 – Rob Dickinson – What You Need to Know about APIs and API Security

Application development is moving from a web-centric world to an API-centric world. If you’re wondering what that looks like, what

EP#96 – James Fair – How to Measure the Value of Information Security

Most recognize the value preservation in cybersecurity. But forward thinking professionals also see the value creation in having a secure

EP#95 – Elzar Camper – Understanding NIST’s Secure Software Development Framework

What exactly is a Software Development Life Cycle, and how does NIST’s Secure Software Development Framework impact that cycle and

EP#94 – Mark Montgomery – US Gov. Cybersecurity Roadmap: Where it came from and Where is it Going?

Today, information is worth more than riches. The new currency is data. With this being true, the state of cybersecurity

EP#93 – Robert Buda – Confronting the Wild West of Database Security

Don’t wait for an emergency; secure your database correctly right out of the gate. Think of everything outside of your

EP#92 – Ron Gula – Bridging the Gap Between Cybersecurity and the Business World

Ron Gula, President and Co-Founder of Gula Tech Adventures, has a very specific goal: To defend the country in cyberspace

EP#91 – Eric Jesse – Legal & Infosec Strategies to Deal with Exploding Cyber Liability Insurance Premiums

There’s no denying that cybersecurity risks in the workplace have increased exponentially in recent years. From the pandemic causing employees

EP#90 – John Verry – Important Clarifications on CMMC v2 from CMMC Day May 9, 2022

To invest in CMMC or to not invest in CMMC, that is the question. CMMC (Cybersecurity Maturity Model Certification) is

EP#89 – Alberto Yépez – The Past, Present and Future of Cybersecurity From the Viewpoint of a Venture Capitalist

Alberto Yépez joins the show to share his perspective as a venture capitalist working to help entrepreneurs build Cybersecurity businesses.

EP#88 – Michelangelo Sidagni – Understanding Attack Surface Management and how it applies to your cyber security strategy

We’ve spent the last two and a half years with rapidly rising cloud adoption. It was a rocket ship before

EP#87 – Chris Ciabarra – The Convergence of Physical & Cyber Security and the Impact to Cyber Security Professionals

As technology advances, there will always be new threats from malicious actors seeking to exploit these advancements — whether that

EP#86 – Caleb Leidy – What New Cybersecurity Maturity Model Certification (CMMC) Guidance Means for Managed Service Providers (MSPs)

As the implementation of CMMC by the DIB picks up pace, the frequently shifting requirements can be daunting — especially

EP#85 – Deidre Diamond – 8 Ingredients for Baking Inclusivity Into Your Culture

Inclusivity and diversity aren’t just about who you hire — it’s about the culture you create. Sure, you can get

EP#84 – Jack Naglieri – Becoming More Efficient With a Cloud-Native Approach

What if you could be proactive in your approach to cloud data security rather than a reactive one once the

EP#83 – John DiMaria – Essential Cloud Security & Compliance Tips From CSA

Even before the pandemic, the majority of businesses were already moving to the cloud. Now, it seems you can’t do

EP#82 – Kyle Lai & Caleb Leidy – Ongoing Challenges in CMMC

We’ve had another bumpy year in 2021. So, what’s coming down the pike in 2022? And what impact will the

EP#81 – Mike McNeil – Is Open Source the Future of Endpoint Security?

Open source is a transparency issue. Being able to see what code is running on your computer — as well

EP#80 – Maxime Lamothe-Brassard – The AWS Approach to Provable Security

Traditionally, companies have relied on the promises of vendors when it comes to reaffirming their security stance. However, LimaCharlie has

EP#79 – Ryan Mackie & Danny Manimbo – What Does the New ISO 27002 Update Mean for You?

After years, ISO 27002 is finally here. What does that mean for your business? Luckily, the transition should be pretty

EP#78 – Andrea Willis – CMMC 2.0 & Continuous Compliance

If you look around at what’s happening in the world of cybersecurity, you’ll notice one thing: Security never stops… Which

EP#77 – John Verry – 8 Information Security Predictions for 2022

We’ve had another bumpy year in 2021. So, what’s coming down the pike in 2022? And what impact will the

EP#76 – John Verry – Government Security Guidance: How We Got Here

If you’re beholden to government security guidance — and let’s face it, if you’re a company operating in the US,

EP#75 – Joe Grand – How Hardware Hackers Exploit IoT Vulnerabilities

You’ve probably heard the hype: IoT is the next frontier in the information revolution that promises to make all our

EP#74 – Harshil Parikh – Bridging the Gap Between Security & Development Teams

There is an age-old conflict between security and development teams. Development teams are focused on time-to-market and packing features into

EP#73 – Mark Richman – Why Cloud Is More Secure Than Your Average On-Prem Solution

What’s more secure? A cloud-based or on-prem document management system? It’s a question that gets asked a lot in

EP#72 – Brian Hajost – How Configuration Management Makes Security Simple

Configuration management is the best kept secret in security. Not only will it save time and money, it also helps

EP#71 – Caleb Leidy & George Perezdiaz – CMMC 2.0 is Here! Find Out What It Really Means for DIB and Non-DIB USG Contractors

The US Department of Defense (DoD) has just announced CMMC 2.0, a new strategic direction for its cybersecurity program based

EP#70 – Gerald Auger – How Simply Cyber Helps People Pivot to a Cybersecurity Career

A lot of people want to break into cybersecurity. And why not? Where else can you have a blast, work

EP#69 – Steve Ginty – Can You Benefit From Attack Surface Management?

In a world where new vulnerabilities appear seemingly every minute, threat intelligence is more important than ever. And one of

EP#68 – Mosi Platt – Why Continuous Compliance Matters More than Ever

As public trust in technology erodes — for the first time — it’s clear that we need to reevaluate

EP#67 – Hoala Greevy – ‎The Virtual CISO Podcast: How HIPAA Compliant Email is Revolutionizing Healthcare

When it comes to healthcare InfoSec, it’s the Wild West. Most healthcare organizations just don’t have the necessary IT budgets

EP#66 – Jason Powell – Private Practices: How to Prioritize Privacy in Your Organization

In the U.S., it’s easy to look at overseas privacy legislation like GDPR and conclude it’s a reaction to worrying

EP#65 – Chris Dorr – Why Information Security Is Key to Business Strategy

Chess legend Bobby Fischer once said that winning tactics flow from a superior position. Bobby Fischer would have made a

EP#64 – John Grange – Head in the Clouds: Multi-Cloud Security & Governance

How well do you know what’s happening in your cloud? With so many people in an organization able to access

EP#63 – Johnna Verry – Can We Predict Security Threats w/ Machine Learning?

Every CISO’s dreams of moving from reactive security to purely proactive security posture. In an era of big data and

EP#62 – John Verry – What People Get Wrong About ISO 27001 Compliance

Just because ISO 27001 suggests a control, doesn’t mean you have to have it – in fact, you could be

EP#61 – Raj Krishnamurthy – Bridging the Gap Between Traditional Compliance & DevOPs

Traditional compliance approaches have served us well for years… But they just don’t cut it anymore. We need an approach

EP#60 – John Verry – A Guide for Validating Your Security Process

In this special episode, we’re sharing a guest appearance I made on The Perfect Storm. During that episode, I shared

EP#59 – John Verry – Governing Cybersecurity: A Process for Becoming Provably Secure & Compliant

Today’s special episode was inspired by a conversation I had with a then potential, now current client of ours at

EP#58 – Scott Sarris – The Cybersecurity Executive Order: What You Need to Know

In the wake of the SolarWinds fiasco, a new executive order mandates practices to prevent future attacks… How well does

EP#57 – Is Your Business Safe? w/ Josh Amishav-Zlatin

By the time you think of a ‘new’ password, attackers already have a way to crack it. Josh Amishav-Zlatin, Founder

EP#56 – Information Governance w/ David Gould

Information governance is the solution to that irrational fear of deletion we all experience from time to time. Expert in

EP#55 – DIBCAC & CMMC Audit Prep with George Perezdiaz & Caleb Leidy

Are you ready for your DIBCAC/CMMC audit? Let’s make sure. We’re speaking to two of our best Security Consultants from

EP#54 – John Kindervag – Trust Is a Vulnerability: 5 Steps on the Path to Zero Trust

How do you quantify trust? Is it something that can be digitized? In the world of cybersecurity, trust is a

EP#53 – Dr. Eric Cole – You Are a Target: Assessing Cybersecurity Risk

Whoever propagates the rumor that the goal of cybersecurity is to prevent all attacks deserves to be punched in the

EP#52 – Stacy High-Brinkley – CMMC Assessments Are Here: What You Need to Know

In the latest episode, Stacy High-Brinkley, VP of Compliance Solutions at Cask, shares what you need to know about the

EP#51 – Leah McGrath – Everything You Need to Know About StateRAMP

The federal government has FedRAMP to manage security authorizations for cloud service offerings. But cyber attacks don’t stop at the

EP#50 – Chris Neyhuis – How EDR & NDR Help You Make Better Security Decisions

Remember those halcyon days when you could just stick an antivirus on your desktop and not worry — before all

EP#49 – Sanjeev Verma – How PreVeil Drive Makes Storing and Sharing Data More Secure

PreVeil Drive is a cloud service that lets users encrypt, store and share their files for CMMC Compliance and personal

EP#48 – John Verry – Lessons Learned in Our Initial 27701 Certification Audits

ISO-27701 is an exciting new standard. But it comes with a learning curve for all of us — clients, consultants,

Using your ISO 9001 Management System to Simplify CMMC Certification

John Laffey, Program Manager at Perry Johnson Registrars, Inc. discusses the cornerstones of an information security management system from the

EP#46 – John Sheridan – How to Communicate Across Departmental Divides

Have you ever wished that there was some sort of Star-Trek universal translator device for communicating your department’s needs to

EP#45 – Charles Weaver – MSPs, MSSPs & Validation: What You Need to Kno‪w

Gone are the days when every company had their own internal IT department. We’re well into the era of Managed

EP#44 – John Verry Guest Appearance with Eric Hess on The Encrypted Economy: Why CMMC Is the Most Significant Standard of All Tim‪e

With the proliferation of so many information security standards, are we nearing a breaking point? In the end, which standard

The Virtual CISO Podcast

Services

Compliance

Insights

Pivot Point Security