The Virtual CISO Podcast

Solving the Problems of Cloud Native Applications

  Building Cloud Native Applications can bring about many operational and security problems. Today, we sat down

Read More

Ep#104 – Is Digital Business Risk Management the future of Attack Surface Management?

Digital Business Risk Management helps companies track and disrupt the most advanced bad actors and malevolent infrastructures.

Read More

Ep#103 – The Complexity of deploying a secure application in the cloud

Governance, Risk, and Compliance (GRC) platforms can be very tricky to construct. Today, we sat down with

Read More

Ep#102 – Rosemary Martorana – The intersection of Privacy and Security

You cannot have privacy without security. While they once existed quite distinct from one another, they are

Read More

Ep#101 – George Perezdiaz – Most Asked CMMC Questions

CMMC (Cybersecurity Maturity Model Certification) can raise many red flags and concerns – As CMMC rulemaking approaches

Read More

Ep#100 – Dimitri Sirota – The Two Audiences For Privacy & How They Drive Data Collection

This marks our 100th episode of The Virtual CISO and an insightful journey into having the opportunity

Read More

Ep#99 – Willy Fabritius – Unpacking Critical Elements of Supply Chain Risk Management

Supply chain risk management can prove to be a slippery slope—why should you take pains to conduct

Read More

Ep#98 – Taylor Smith – Breaking Down the Latest in Software Security Standards & the Impact on SaaS Businesses

What are the merits of the Software Assurance Maturity Model (SAMM), and how does it differ from

Read More

Ep#97 – Rob Dickinson – What You Need to Know about APIs and API Security

Application development is moving from a web-centric world to an API-centric world. If you’re wondering what that

Read More

EP#96 – James Fair – How to Measure the Value of Information Security

Most recognize the value preservation in cybersecurity.  But forward thinking professionals also see the value creation in

Read More

EP#95 – Elzar Camper – Understanding NIST’s Secure Software Development Framework

What exactly is a Software Development Life Cycle, and how does NIST’s Secure Software Development Framework impact

Read More

EP#94 – Mark Montgomery – US Gov. Cybersecurity Roadmap: Where it came from and Where is it Going?

Today, information is worth more than riches. The new currency is data. With this being true, the

Read More

EP#93 – Robert Buda – Confronting the Wild West of Database Security

Don’t wait for an emergency; secure your database correctly right out of the gate. Think of everything

Read More

EP#92 – Ron Gula – Bridging the Gap Between Cybersecurity and the Business World

Ron Gula, President and Co-Founder of Gula Tech Adventures, has a very specific goal: To defend the

Read More

EP#91 – Eric Jesse – Legal & Infosec Strategies to Deal with Exploding Cyber Liability Insurance Premiums

There’s no denying that cybersecurity risks in the workplace have increased exponentially in recent years. From the

Read More

EP#90 – John Verry – Important Clarifications on CMMC v2 from CMMC Day May 9, 2022

To invest in CMMC or to not invest in CMMC, that is the question. CMMC (Cybersecurity Maturity

Read More

EP#89 – Alberto Yépez – The Past, Present and Future of Cybersecurity From the Viewpoint of a Venture Capitalist

Alberto Yépez joins the show to share his perspective as a venture capitalist working to help entrepreneurs

Read More

EP#88 – Michelangelo Sidagni – Understanding Attack Surface Management and how it applies to your cyber security strategy

We’ve spent the last two and a half years with rapidly rising cloud adoption. It was a

Read More

EP#87 – Chris Ciabarra – The Convergence of Physical & Cyber Security and the Impact to Cyber Security Professionals

As technology advances, there will always be new threats from malicious actors seeking to exploit these advancements

Read More

EP#86 – Caleb Leidy – What New Cybersecurity Maturity Model Certification (CMMC) Guidance Means for Managed Service Providers (MSPs)

As the implementation of CMMC by the DIB picks up pace, the frequently shifting requirements can be

Read More

EP#85 – Deidre Diamond – 8 Ingredients for Baking Inclusivity Into Your Culture

  Inclusivity and diversity aren’t just about who you hire — it’s about the culture you create.

Read More

EP#84 – Jack Naglieri – Becoming More Efficient With a Cloud-Native Approach

  What if you could be proactive in your approach to cloud data security rather than a

Read More

EP#83 – John DiMaria – Essential Cloud Security & Compliance Tips From CSA

  Even before the pandemic, the majority of businesses were already moving to the cloud.  Now, it

Read More

EP#82 – Kyle Lai & Caleb Leidy – Ongoing Challenges in CMMC

  We’ve had another bumpy year in 2021. So, what’s coming down the pike in 2022? And

Read More

EP#81 – Mike McNeil – Is Open Source the Future of Endpoint Security?

  Open source is a transparency issue. Being able to see what code is running on your

Read More

EP#80 – Maxime Lamothe-Brassard – The AWS Approach to Provable Security

  Traditionally, companies have relied on the promises of vendors when it comes to reaffirming their security

Read More

EP#79 – Ryan Mackie & Danny Manimbo – What Does the New ISO 27002 Update Mean for You?

  After years, ISO 27002 is finally here. What does that mean for your business? Luckily, the

Read More

EP#78 – Andrea Willis – CMMC 2.0 & Continuous Compliance

    If you look around at what’s happening in the world of cybersecurity, you’ll notice one

Read More

EP#77 – John Verry – 8 Information Security Predictions for 2022

    We’ve had another bumpy year in 2021. So, what’s coming down the pike in 2022?

Read More

EP#76 – John Verry – Government Security Guidance: How We Got Here

    If you’re beholden to government security guidance — and let’s face it, if you’re a

Read More

EP#75 – Joe Grand – How Hardware Hackers Exploit IoT Vulnerabilities

    You’ve probably heard the hype:  IoT is the next frontier in the information revolution that

Read More

EP#74 – Harshil Parikh – Bridging the Gap Between Security & Development Teams

    There is an age-old conflict between security and development teams. Development teams are focused on

Read More

EP#73 – Mark Richman – Why Cloud Is More Secure Than Your Average On-Prem Solution

    What’s more secure? A cloud-based or on-prem document management system?   It’s a question that

Read More

EP#72 – Brian Hajost – How Configuration Management Makes Security Simple

    Configuration management is the best kept secret in security. Not only will it save time

Read More

EP#71 – Caleb Leidy & George Perezdiaz – CMMC 2.0 is Here! Find Out What It Really Means for DIB and Non-DIB USG Contractors

  The US Department of Defense (DoD) has just announced CMMC 2.0, a new strategic direction for

Read More

EP#70 – Gerald Auger – How Simply Cyber Helps People Pivot to a Cybersecurity Career

A lot of people want to break into cybersecurity. And why not? Where else can you have

Read More

EP#69 – Steve Ginty – Can You Benefit From Attack Surface Management?

  In a world where new vulnerabilities appear seemingly every minute, threat intelligence is more important than

Read More

EP#68 – Mosi Platt – Why Continuous Compliance Matters More than Ever

As public trust in technology erodes — for the first time — it’s clear that we need

Read More

EP#67 – Hoala Greevy – ‎The Virtual CISO Podcast: How HIPAA Compliant Email is Revolutionizing Healthcare

  When it comes to healthcare InfoSec, it’s the Wild West. Most healthcare organizations just don’t have

Read More

EP#66 – Jason Powell – Private Practices: How to Prioritize Privacy in Your Organization

In the U.S., it’s easy to look at overseas privacy legislation like GDPR and conclude it’s a

Read More

EP#65 – Chris Dorr – Why Information Security Is Key to Business Strategy

Chess legend Bobby Fischer once said that winning tactics flow from a superior position.  Bobby Fischer would

Read More

EP#64 – John Grange – Head in the Clouds: Multi-Cloud Security & Governance

How well do you know what’s happening in your cloud?  With so many people in an organization

Read More

EP#63 – Johnna Verry – Can We Predict Security Threats w/ Machine Learning?

Every CISO’s dreams of moving from reactive security to purely proactive security posture. In an era of

Read More

EP#62 – John Verry – What People Get Wrong About ISO 27001 Compliance

Just because ISO 27001 suggests a control, doesn’t mean you have to have it – in fact,

Read More

EP#61 – Raj Krishnamurthy – Bridging the Gap Between Traditional Compliance & DevOPs

Traditional compliance approaches have served us well for years… But they just don’t cut it anymore.  We

Read More

EP#60 – John Verry – A Guide for Validating Your Security Process

In this special episode, we’re sharing a guest appearance I made on The Perfect Storm. During that

Read More

EP#59 – John Verry – Governing Cybersecurity: A Process for Becoming Provably Secure & Compliant

Today’s special episode was inspired by a conversation I had with a then potential, now current client

Read More

EP#58 – Scott Sarris – The Cybersecurity Executive Order: What You Need to Know

In the wake of the SolarWinds fiasco, a new executive order mandates practices to prevent future attacks…

Read More

EP#57 – Is Your Business Safe? w/ Josh Amishav-Zlatin

By the time you think of a ‘new’ password, attackers already have a way to crack it.

Read More

EP#56 – Information Governance w/ David Gould

Information governance is the solution to that irrational fear of deletion we all experience from time to

Read More

EP#55 – DIBCAC & CMMC Audit Prep with George Perezdiaz & Caleb Leidy

Are you ready for your DIBCAC/CMMC audit? Let’s make sure. We’re speaking to two of our best

Read More

EP#54 – John Kindervag – Trust Is a Vulnerability: 5 Steps on the Path to Zero Trust

How do you quantify trust? Is it something that can be digitized? In the world of cybersecurity,

Read More

EP#53 – Dr. Eric Cole – You Are a Target: Assessing Cybersecurity Risk

Whoever propagates the rumor that the goal of cybersecurity is to prevent all attacks deserves to be

Read More

EP#52 – Stacy High-Brinkley – CMMC Assessments Are Here: What You Need to Know

In the latest episode, Stacy High-Brinkley, VP of Compliance Solutions at Cask, shares what you need to

Read More

EP#51 – Leah McGrath – Everything You Need to Know About StateRAMP

The federal government has FedRAMP to manage security authorizations for cloud service offerings. But cyber attacks don’t

Read More

EP#50 – Chris Neyhuis – How EDR & NDR Help You Make Better Security Decisions

Remember those halcyon days when you could just stick an antivirus on your desktop and not worry

Read More

EP#49 – Sanjeev Verma – How PreVeil Drive Makes Storing and Sharing Data More Secure

PreVeil Drive is a cloud service that lets users encrypt, store and share their files for CMMC

Read More

EP#48 – John Verry – Lessons Learned in Our Initial 27701 Certification Audits

ISO-27701 is an exciting new standard. But it comes with a learning curve for all of us

Read More

Using your ISO 9001 Management System to Simplify CMMC Certification

John Laffey, Program Manager at Perry Johnson Registrars, Inc. discusses the cornerstones of an information security management

Read More

EP#46 – John Sheridan – How to Communicate Across Departmental Divides

Have you ever wished that there was some sort of Star-Trek universal translator device for communicating your

Read More

EP#45 – Charles Weaver – MSPs, MSSPs & Validation: What You Need to Kno‪w

Gone are the days when every company had their own internal IT department. We’re well into the

Read More

EP#44 – John Verry Guest Appearance with Eric Hess on The Encrypted Economy: Why CMMC Is the Most Significant Standard of All Tim‪e

With the proliferation of so many information security standards, are we nearing a breaking point?  In the

Read More

EP#43 – John Verry – CMMC Level 1: An Overview

Let’s talk about the Cybersecurity Maturity Model Certification, or CMMC.  What is it, why should you care

Read More

EP#42 – John Virgolino – Solutions to Security, Compliance, and Technology Challenges in Aerospace

Manufacturing tends to resist new technology. Not aerospace, though. It’s on the cutting edge. In this episode

Read More

EP#41 – John Verry – CMMC Level 3: What Government Staffing Agencies Need to Kno‪w

In this episode of The Virtual CISO Podcast, host John Verry, CISO and Managing Partner at Pivot

Read More

EP#40 – Aaron Guzman – The ISVS: What You Need to Know

These days, everything is connected to the internet. Whether it’s your car, your light bulbs, your microwave,

Read More

EP#39 – Stephen Halbrook – FedRAMP: What You Need to Know

Are you looking to get your product authorized for use by federal agencies? Then you probably need

Read More

EP#38 – Dyann Mills – How Data Privacy Standards Affect Your Business

[et_pb_section fb_built=”1″ _builder_version=”3.22″][et_pb_row _builder_version=”4.8.2″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.8.2″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”] Privacy is

Read More

EP#37 – Craig Unger – Should You Invest in a GRC Tool for Security & Compliance?

[et_pb_section fb_built=”1″ _builder_version=”3.22″][et_pb_row _builder_version=”3.25″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.8.2″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” hover_enabled=”0″ sticky_enabled=”0″] powered by Sounder

Read More

EP#36 – Corbin Evans – CMMC Compliance: The Nuances You Should Know

The DFARS interim rule that went into effect on November 30th has a lot of nuances to

Read More

EP#35 – Scott Edwards – GCC High Demystified: What CMMC Compliance Means for DIB Firms

  Should I migrate to GCC High? Do I have to? Are there alternatives?  If you’re a

Read More

EP#34- Scott Armstrong – What DIB Firms Need to Know About the CMMC Interim Rule

If you’ve taken the time to look through the DFARS Interim Rule… All 80+ (potentially) confusing pages

Read More

EP#33- Ryan Buckley – The Secrets to Keeping Your SaaS Secure

SaaS is a great business to be in.  But whether you’re a startup or a mature company… 

Read More

EP#32 – Aaron Guzman & John Yeoh – How IoT Is Shaping the Future of Cybersecurity

The internet of things is taking off.  IoT is bringing new innovations across the board… But it’s

Read More

EP#31 – Ron Ross – A Brief History of NIST Guidance

ISO 27001, CMMC, NIST 800-53… Keeping track of the myriad security guidelines can be tricky. Especially when

Read More

EP#30 – John Verry – How To Beat The 6 Most Challenging CMMC L3 Requirements

Preparing to achieve CMMC compliance may seem daunting. Especially in 6 challenging components.  But we’re going to

Read More

EP#29 – Reg Harnish – How COVID-19 Is Shaping Security’s Future

Though 2020 has felt decades-long already, we still haven’t had to deal with the long-term effects of

Read More

EP#28 – Why 800-171 Compliance Isn’t Going Away Any Time Soon w/John Ellis

CMMC is coming… But that doesn’t mean 800-171 compliance is out the window.  In this episode, I

Read More

EP#27 – Jon Bass – How DevOps Took Over (& Why You Should Care)

Not too long ago, DevOps seemed like a fringe buzzword… Now, it’s front-and-center. So, what is DevOps

Read More

EP#26 – Rich Stever – How to Optimize Your ISMS

When ISO 27001 is optimized for speed, it’s an amazingly effective and efficient way to manage security

Read More

EP#25 – Chris Lank – CMMC Compliance & Continuous Monitoring Made Simple

If your organization is in the DIB, CMMC compliance is a big deal. It’s probably the biggest

Read More

EP#24 – Ryan Mackie – Everything You Need to Know About ISO 27001 Audits

Prepping for an ISO 27001 audit can be a nerve-wracking process.  But it doesn’t have to be. 

Read More

EP#23 – Jesse Nash – Why Security Is So Important For a Growing SaaS

If you have a growing SaaS company, security may be far down your list of priorities.  I’ll

Read More

EP#22 – Ben Tchoubineh – CMMC Training & Assessments: Rollout, Certification & Competition

If you are scrambling to figure out CMMC, you aren’t alone. It’s perhaps the most sweeping information

Read More

EP#21 – Sanjeev Verma – CMMC Compliance Doesn’t Have to be Hard (or Pricey)

If your company works with the DoD… You might be worried about CMMC compliance. But it doesn’t

Read More

EP#20 – Kevin Hermosura – Faster, Better & Cheaper Vendor Due Diligence Reviews

Covid 19 has created lots and lots of challenges and opened our eyes to ones that lay

Read More

EP#19 – Jim Manico – Why Application Security is a Team Sport and How Your Team Will Win

If you’re a business leader, especially at a SaaS firm or if you’re a developer at a

Read More

EP#18 – Jose Ciriaco – IT & Security: How to Do More with Less

Information security is a well easily fallen into.  There is so much on the market.  So many

Read More

EP#17 – Thomas Price – CMMC Certification Audits—Can You Leverage ISO 27001?

If you want a glimpse into what one of your future CMMC audits will be like, this

Read More

EP#16 – Ian Glover – Why Buyers of Security Services Need to Leverage CREST

Who do you trust with your network? Would you give a random person access to the infrastructure

Read More

EP#15 – Andrew van der Stock – The OWASP Top Ten is Great, but is it Enough?

We all have things we consider “the best”. Things we look to. Rely on. What happens when

Read More

EP#14 – Brian Dykstra – How Computer Forensics Protects Your Data During Litigation

The word forensics usually makes us think of homicide, but it applies to computers, too. Computer forensics

Read More

EP#13 – Debbie Zaller – Why ISO 27701 is the Answer to Privacy Compliance

As the first data privacy certification available, ISO 27701 can greatly reduce the complexity of managing privacy,

Read More

EP#12 – Cosmo Gazzani – Disaster Recovery, Business Continuity, and Data Resilience

Getting a flat tire is a disaster. Knowing where you keep the spare is disaster recovery. Changing

Read More

EP#11 – Daniel Cuthbert – OWASP ASVS: The Go-To Standard for Application Security

Your application is probably vulnerable.  “But how?! We hired a company to pen test our application. They

Read More

EP#10 – Stuart Itkin – Exostar and Their Role in Your CMMC Certification

  Is your organization ready for CMMC? As CMMCs roll out over the next 6 years, it’s

Read More

EP#9 – Danielle Russell – When an SMB Should Implement a SIEM

As an SMB, you’re probably thinking you’re too insignificant for a targeted cyberattack. That’s not even a

Read More

EP#8 Tom Garrubba – Resilience Guidance and the SCA

You’re responsible for information security at your SMB, and you need a better, faster and cheaper way

Read More

EP#7 Dr. Joel Kahn – Dead CISOs Don’t Get Bonuses

If you thought this podcast was supposed to be about information security, you might be confused about

Read More

EP#6 Darek Hahn – The Virtual CIO: What it Is and What it Isn’t

In this world of remote work that we’ve found ourselves in, there are likely a lot of

Read More

EP#5 John Verry – Staying Secure in a COVID-19 World

Can we all agree that this is a strange, confusing, and stressful time to be living through? 

Read More

EP#4 Andrew Farkas – True Confessions of a Real Virtual CISO

Trust, but verify. These famous words of Ronald Reagan, who, incidentally, would make a fantastic CISO, are

Read More

EP#3 Dan Schroeder – ISO 27001 vs. SOC 2 – Which Attestation is Right For You

Considering ISO 27001 certification? Wondering about SOC 2 attestation? Trying to figure out the differences between the

Read More

EP#2 Deidre Diamond – How to Attract & Retain Cyber Talent

The cyber talent search feels like a global, dangerous game of Marco Polo.  We’re all looking for

Read More

EP#1 Katie Arrington – CMMC: What You Need to Know About DoD Cybersecurity Regulation

As CISO for Acquisition and Sustainment at the United States Department of Defense, she’s well beyond needing

Read More