Navigating New Horizons: CMMC, NIST 800-171 Updates, and Compliance Insights
In this episode of the “Virtual CISO Podcast,” your host John Verry speaks with guest Warren Hylton, a FedRisk
Read More
Ep #121 – Jack Liljeberg Assistant Broker Thompson Flanagan
Strategies for Reducing the Cost of Your Cyber Liability Insurance Policy Description Like many other businesses, law firms are at
Read More
Ep #120: A FedRAMP ATO – The Good, The Bad and the Ugly
To do wide-scale business within the US federal government, cloud service providers (CSPs) need a FedRAMP ATO. The prospect can
Read More
Ep #119: What is a Microservice Architecture and how do I secure it?
Whatever kind of software application a team is building, the identification and remediation of cybersecurity issues needs to be part
Read More
Ep #118: The Simplest Way to Transition from ISO 27001:2013 to ISO 27001:2022
If you are ISO 27001 certified, or considering it, you are likely wondering how the transition from ISO 27001:2013 to
Read More
Ep #117: Eight Key Takeaways from the RSA 2023 Conference
In this week’s episode of the Virtual CISO podcast, your host John Verry, Pivot Point Security CISO and Managing
Read More
Ep #116: What is an SBOM & Why Are My Customers Suddenly Asking for One?
With the release of President Biden’s Executive Order 14028 on “Improving the Nation’s Cybersecurity” from May 2021 the US
Read More
Ep #115: If Your Asset Management Sucks, Your Security Sucks
Asset management is a crucial aspect of information security. It refers to the processes and procedures involved in identifying, organizing,
Read More
Ep #114: 4 Tactical Steps To Implementing DevSecOps In 2023
DevSecOps is the practice of integrating security testing at every stage of the software development process. With DevSecOps,
Read More
Ep #113 – Should we be in Microsoft 365 GCC, GCC High, or Commercial?
Microsoft 365 was launched in 2011 in hopes of revolutionizing cloud-powered productivity platforms. Since then, Microsoft 365 has grown
Read More
Ep #112 – When should you move to ISO 27001:2022?
ISO 27001:2022 is the first update to the global “gold standard” for provable cybersecurity in ten years. Notable
Read More
Ep #111 – How to use the Software Assurance Maturity Model (SAMM) to Build Highly Secure Applications
The “buzz” in building more secure applications is “shift security left,” which means integrating security into and throughout the
Read More
Ep #110 – Understanding TISAX (Trusted Information Security Assessment Exchange)
Trusted Information Security Assessment Exchange (TISAX) is a vendor due diligence standard used in the automotive industry to verify
Read More
Ep #109 – Understanding How Cybercriminals Operate Can Protect Your Business
In today’s cyber landscape, business leaders and security professionals need every edge they can gain to better protect their organizations
Read More
Ep #108 – Understanding the Legalities Around CUI
Orgs in the DIB need to protect CUI in alignment with the NIST 800-171 cybersecurity standard—and soon the Cybersecurity Maturity
Read More
Ep #107 – An AWS Security Guru’s Recommendation for Securing your AWS Infrastructure
Over 90% of security breaches in the public cloud stem from user error, and not the cloud service provider. Today,
Read More
Ep#106 – Strategies to Manage Cybersecurity through an Economic Downturn
Managing Cyber Security through an Economic downturn is no easy task. With increasing concerns on how to stay secure and
Read More
Ep#105 – Solving the Problems of Cloud Native Applications
Building Cloud Native Applications can bring about many operational and security problems. Today, we sat down with an expert in
Read More
Ep#104 – Is Digital Business Risk Management the future of Attack Surface Management?
Digital Business Risk Management helps companies track and disrupt the most advanced bad actors and malevolent infrastructures. Team Crymu specializes
Read More
Ep#103 – The Complexity of deploying a secure application in the cloud
Governance, Risk, and Compliance (GRC) platforms can be very tricky to construct. Today, we sat down with an expert in
Read More
Ep#102 – Rosemary Martorana – The intersection of Privacy and Security
You cannot have privacy without security. While they once existed quite distinct from one another, they are now so delicately
Read More
Ep#101 – George Perezdiaz – Most Asked CMMC Questions
CMMC (Cybersecurity Maturity Model Certification) can raise many red flags and concerns – As CMMC rulemaking approaches in 2023, we
Read More
Ep#100 – Dimitri Sirota – The Two Audiences For Privacy & How They Drive Data Collection
This marks our 100th episode of The Virtual CISO and an insightful journey into having the opportunity to have frank
Read More
Ep#99 – Willy Fabritius – Unpacking Critical Elements of Supply Chain Risk Management
Supply chain risk management can prove to be a slippery slope—why should you take pains to conduct a proper risk
Read More
Ep#98 – Taylor Smith – Breaking Down the Latest in Software Security Standards & the Impact on SaaS Businesses
What are the merits of the Software Assurance Maturity Model (SAMM), and how does it differ from the Application Security
Read More
Ep#97 – Rob Dickinson – What You Need to Know about APIs and API Security
Application development is moving from a web-centric world to an API-centric world. If you’re wondering what that looks like, what
Read More
EP#96 – James Fair – How to Measure the Value of Information Security
Most recognize the value preservation in cybersecurity. But forward thinking professionals also see the value creation in having a secure
Read More
EP#95 – Elzar Camper – Understanding NIST’s Secure Software Development Framework
What exactly is a Software Development Life Cycle, and how does NIST’s Secure Software Development Framework impact that cycle and
Read More
EP#94 – Mark Montgomery – US Gov. Cybersecurity Roadmap: Where it came from and Where is it Going?
Today, information is worth more than riches. The new currency is data. With this being true, the state of cybersecurity
Read More
EP#93 – Robert Buda – Confronting the Wild West of Database Security
Don’t wait for an emergency; secure your database correctly right out of the gate. Think of everything outside of your
Read More
EP#92 – Ron Gula – Bridging the Gap Between Cybersecurity and the Business World
Ron Gula, President and Co-Founder of Gula Tech Adventures, has a very specific goal: To defend the country in cyberspace
Read More
EP#91 – Eric Jesse – Legal & Infosec Strategies to Deal with Exploding Cyber Liability Insurance Premiums
There’s no denying that cybersecurity risks in the workplace have increased exponentially in recent years. From the pandemic causing employees
Read More
EP#90 – John Verry – Important Clarifications on CMMC v2 from CMMC Day May 9, 2022
To invest in CMMC or to not invest in CMMC, that is the question. CMMC (Cybersecurity Maturity Model Certification) is
Read More
EP#89 – Alberto Yépez – The Past, Present and Future of Cybersecurity From the Viewpoint of a Venture Capitalist
Alberto Yépez joins the show to share his perspective as a venture capitalist working to help entrepreneurs build Cybersecurity businesses.
Read More
EP#88 – Michelangelo Sidagni – Understanding Attack Surface Management and how it applies to your cyber security strategy
We’ve spent the last two and a half years with rapidly rising cloud adoption. It was a rocket ship before
Read More
EP#87 – Chris Ciabarra – The Convergence of Physical & Cyber Security and the Impact to Cyber Security Professionals
As technology advances, there will always be new threats from malicious actors seeking to exploit these advancements — whether that
Read More
EP#86 – Caleb Leidy – What New Cybersecurity Maturity Model Certification (CMMC) Guidance Means for Managed Service Providers (MSPs)
As the implementation of CMMC by the DIB picks up pace, the frequently shifting requirements can be daunting — especially
Read More
EP#85 – Deidre Diamond – 8 Ingredients for Baking Inclusivity Into Your Culture
Inclusivity and diversity aren’t just about who you hire — it’s about the culture you create. Sure, you can get
Read More
EP#84 – Jack Naglieri – Becoming More Efficient With a Cloud-Native Approach
What if you could be proactive in your approach to cloud data security rather than a reactive one once the
Read More
EP#83 – John DiMaria – Essential Cloud Security & Compliance Tips From CSA
Even before the pandemic, the majority of businesses were already moving to the cloud. Now, it seems you can’t do
Read More
EP#82 – Kyle Lai & Caleb Leidy – Ongoing Challenges in CMMC
We’ve had another bumpy year in 2021. So, what’s coming down the pike in 2022? And what impact will the
Read More
EP#81 – Mike McNeil – Is Open Source the Future of Endpoint Security?
Open source is a transparency issue. Being able to see what code is running on your computer — as well
Read More
EP#80 – Maxime Lamothe-Brassard – The AWS Approach to Provable Security
Traditionally, companies have relied on the promises of vendors when it comes to reaffirming their security stance. However, LimaCharlie has
Read More
EP#79 – Ryan Mackie & Danny Manimbo – What Does the New ISO 27002 Update Mean for You?
After years, ISO 27002 is finally here. What does that mean for your business? Luckily, the transition should be pretty
Read More
EP#78 – Andrea Willis – CMMC 2.0 & Continuous Compliance
If you look around at what’s happening in the world of cybersecurity, you’ll notice one thing: Security never stops… Which
Read More
EP#77 – John Verry – 8 Information Security Predictions for 2022
We’ve had another bumpy year in 2021. So, what’s coming down the pike in 2022? And what impact will the
Read More
EP#76 – John Verry – Government Security Guidance: How We Got Here
If you’re beholden to government security guidance — and let’s face it, if you’re a company operating in the US,
Read More
EP#75 – Joe Grand – How Hardware Hackers Exploit IoT Vulnerabilities
You’ve probably heard the hype: IoT is the next frontier in the information revolution that promises to make all our
Read More
EP#74 – Harshil Parikh – Bridging the Gap Between Security & Development Teams
There is an age-old conflict between security and development teams. Development teams are focused on time-to-market and packing features into
Read More
EP#73 – Mark Richman – Why Cloud Is More Secure Than Your Average On-Prem Solution
What’s more secure? A cloud-based or on-prem document management system? It’s a question that gets asked a lot in
Read More
EP#72 – Brian Hajost – How Configuration Management Makes Security Simple
Configuration management is the best kept secret in security. Not only will it save time and money, it also helps
Read More
EP#71 – Caleb Leidy & George Perezdiaz – CMMC 2.0 is Here! Find Out What It Really Means for DIB and Non-DIB USG Contractors
The US Department of Defense (DoD) has just announced CMMC 2.0, a new strategic direction for its cybersecurity program based
Read More
EP#70 – Gerald Auger – How Simply Cyber Helps People Pivot to a Cybersecurity Career
A lot of people want to break into cybersecurity. And why not? Where else can you have a blast, work
Read More
EP#69 – Steve Ginty – Can You Benefit From Attack Surface Management?
In a world where new vulnerabilities appear seemingly every minute, threat intelligence is more important than ever. And one of
Read More
EP#68 – Mosi Platt – Why Continuous Compliance Matters More than Ever
As public trust in technology erodes — for the first time — it’s clear that we need to reevaluate
Read More
EP#67 – Hoala Greevy – The Virtual CISO Podcast: How HIPAA Compliant Email is Revolutionizing Healthcare
When it comes to healthcare InfoSec, it’s the Wild West. Most healthcare organizations just don’t have the necessary IT budgets
Read More
EP#66 – Jason Powell – Private Practices: How to Prioritize Privacy in Your Organization
In the U.S., it’s easy to look at overseas privacy legislation like GDPR and conclude it’s a reaction to worrying
Read More
EP#65 – Chris Dorr – Why Information Security Is Key to Business Strategy
Chess legend Bobby Fischer once said that winning tactics flow from a superior position. Bobby Fischer would have made a
Read More
EP#64 – John Grange – Head in the Clouds: Multi-Cloud Security & Governance
How well do you know what’s happening in your cloud? With so many people in an organization able to access
Read More
EP#63 – Johnna Verry – Can We Predict Security Threats w/ Machine Learning?
Every CISO’s dreams of moving from reactive security to purely proactive security posture. In an era of big data and
Read More
EP#62 – John Verry – What People Get Wrong About ISO 27001 Compliance
Just because ISO 27001 suggests a control, doesn’t mean you have to have it – in fact, you could be
Read More
EP#61 – Raj Krishnamurthy – Bridging the Gap Between Traditional Compliance & DevOPs
Traditional compliance approaches have served us well for years… But they just don’t cut it anymore. We need an approach
Read More
EP#60 – John Verry – A Guide for Validating Your Security Process
In this special episode, we’re sharing a guest appearance I made on The Perfect Storm. During that episode, I shared
Read More
EP#59 – John Verry – Governing Cybersecurity: A Process for Becoming Provably Secure & Compliant
Today’s special episode was inspired by a conversation I had with a then potential, now current client of ours at
Read More
EP#58 – Scott Sarris – The Cybersecurity Executive Order: What You Need to Know
In the wake of the SolarWinds fiasco, a new executive order mandates practices to prevent future attacks… How well does
Read More
EP#57 – Is Your Business Safe? w/ Josh Amishav-Zlatin
By the time you think of a ‘new’ password, attackers already have a way to crack it. Josh Amishav-Zlatin, Founder
Read More
EP#56 – Information Governance w/ David Gould
Information governance is the solution to that irrational fear of deletion we all experience from time to time. Expert in
Read More
EP#55 – DIBCAC & CMMC Audit Prep with George Perezdiaz & Caleb Leidy
Are you ready for your DIBCAC/CMMC audit? Let’s make sure. We’re speaking to two of our best Security Consultants from
Read More
EP#54 – John Kindervag – Trust Is a Vulnerability: 5 Steps on the Path to Zero Trust
How do you quantify trust? Is it something that can be digitized? In the world of cybersecurity, trust is a
Read More
EP#53 – Dr. Eric Cole – You Are a Target: Assessing Cybersecurity Risk
Whoever propagates the rumor that the goal of cybersecurity is to prevent all attacks deserves to be punched in the
Read More
EP#52 – Stacy High-Brinkley – CMMC Assessments Are Here: What You Need to Know
In the latest episode, Stacy High-Brinkley, VP of Compliance Solutions at Cask, shares what you need to know about the
Read More
EP#51 – Leah McGrath – Everything You Need to Know About StateRAMP
The federal government has FedRAMP to manage security authorizations for cloud service offerings. But cyber attacks don’t stop at the
Read More
EP#50 – Chris Neyhuis – How EDR & NDR Help You Make Better Security Decisions
Remember those halcyon days when you could just stick an antivirus on your desktop and not worry — before all
Read More
EP#49 – Sanjeev Verma – How PreVeil Drive Makes Storing and Sharing Data More Secure
PreVeil Drive is a cloud service that lets users encrypt, store and share their files for CMMC Compliance and personal
Read More
EP#48 – John Verry – Lessons Learned in Our Initial 27701 Certification Audits
ISO-27701 is an exciting new standard. But it comes with a learning curve for all of us — clients, consultants,
Read More
Using your ISO 9001 Management System to Simplify CMMC Certification
John Laffey, Program Manager at Perry Johnson Registrars, Inc. discusses the cornerstones of an information security management system from the
Read More
EP#46 – John Sheridan – How to Communicate Across Departmental Divides
Have you ever wished that there was some sort of Star-Trek universal translator device for communicating your department’s needs to
Read More
EP#45 – Charles Weaver – MSPs, MSSPs & Validation: What You Need to Know
Gone are the days when every company had their own internal IT department. We’re well into the era of Managed
Read More
EP#44 – John Verry Guest Appearance with Eric Hess on The Encrypted Economy: Why CMMC Is the Most Significant Standard of All Time
With the proliferation of so many information security standards, are we nearing a breaking point? In the end, which standard
Read More
EP#43 – John Verry – CMMC Level 1: An Overview
Let’s talk about the Cybersecurity Maturity Model Certification, or CMMC. What is it, why should you care about it, and
Read More
EP#42 – John Virgolino – Solutions to Security, Compliance, and Technology Challenges in Aerospace
Manufacturing tends to resist new technology. Not aerospace, though. It’s on the cutting edge. In this episode of The Virtual
Read More
EP#41 – John Verry – CMMC Level 3: What Government Staffing Agencies Need to Know
In this episode of The Virtual CISO Podcast, host John Verry, CISO and Managing Partner at Pivot Point Security go
Read More
EP#40 – Aaron Guzman – The ISVS: What You Need to Know
These days, everything is connected to the internet. Whether it’s your car, your light bulbs, your microwave, your pacemaker, or
Read More
EP#39 – Stephen Halbrook – FedRAMP: What You Need to Know
Are you looking to get your product authorized for use by federal agencies? Then you probably need to understand FedRAMP,
Read More
EP#38 – Dyann Mills – How Data Privacy Standards Affect Your Business
Privacy is changing. Across the globe, new standards are recognizing it as a fundamental human right. But between GDPR, CCPA,
Read More
EP#37 – Craig Unger – Should You Invest in a GRC Tool for Security & Compliance?
Getting your ducks in a row for a GRC audit can be a huge undertaking. Especially when you get compliant
Read More
EP#36 – Corbin Evans – CMMC Compliance: The Nuances You Should Know
The DFARS interim rule that went into effect on November 30th has a lot of nuances to it — and
Read More
EP#35 – Scott Edwards – GCC High Demystified: What CMMC Compliance Means for DIB Firms
< Should I migrate to GCC High? Do I have to? Are there alternatives? If you’re a DIB member and
Read More
EP#34- Scott Armstrong – What DIB Firms Need to Know About the CMMC Interim Rule
If you’ve taken the time to look through the DFARS Interim Rule… All 80+ (potentially) confusing pages of it… You
Read More
EP#33- Ryan Buckley – The Secrets to Keeping Your SaaS Secure
SaaS is a great business to be in. But whether you’re a startup or a mature company… Your product is
Read More
EP#32 – Aaron Guzman & John Yeoh – How IoT Is Shaping the Future of Cybersecurity
The internet of things is taking off. IoT is bringing new innovations across the board… But it’s also bringing a
Read More
EP#31 – Ron Ross – A Brief History of NIST Guidance
ISO 27001, CMMC, NIST 800-53… Keeping track of the myriad security guidelines can be tricky. Especially when you don’t know
Read More
EP#30 – John Verry – How To Beat The 6 Most Challenging CMMC L3 Requirements
Preparing to achieve CMMC compliance may seem daunting. Especially in 6 challenging components. But we’re going to make them easy.
Read More
EP#29 – Reg Harnish – How COVID-19 Is Shaping Security’s Future
Though 2020 has felt decades-long already, we still haven’t had to deal with the long-term effects of the pandemic. But
Read More
EP#28 – Why 800-171 Compliance Isn’t Going Away Any Time Soon w/John Ellis
CMMC is coming… But that doesn’t mean 800-171 compliance is out the window. In this episode, I catch up with
Read More
EP#27 – Jon Bass – How DevOps Took Over (& Why You Should Care)
Not too long ago, DevOps seemed like a fringe buzzword… Now, it’s front-and-center. So, what is DevOps and why should
Read More
EP#26 – Rich Stever – How to Optimize Your ISMS
When ISO 27001 is optimized for speed, it’s an amazingly effective and efficient way to manage security and compliance. Today’s
Read More
EP#25 – Chris Lank – CMMC Compliance & Continuous Monitoring Made Simple
If your organization is in the DIB, CMMC compliance is a big deal. It’s probably the biggest thing to happen
Read More
EP#24 – Ryan Mackie – Everything You Need to Know About ISO 27001 Audits
Prepping for an ISO 27001 audit can be a nerve-wracking process. But it doesn’t have to be. You just need
Read More
EP#23 – Jesse Nash – Why Security Is So Important For a Growing SaaS
If you have a growing SaaS company, security may be far down your list of priorities. I’ll be blunt… it
Read More
EP#22 – Ben Tchoubineh – CMMC Training & Assessments: Rollout, Certification & Competition
If you are scrambling to figure out CMMC, you aren’t alone. It’s perhaps the most sweeping information security change for
Read More
EP#21 – Sanjeev Verma – CMMC Compliance Doesn’t Have to be Hard (or Pricey)
If your company works with the DoD… You might be worried about CMMC compliance. But it doesn’t have to be
Read More
EP#20 – Kevin Hermosura – Faster, Better & Cheaper Vendor Due Diligence Reviews
Covid 19 has created lots and lots of challenges and opened our eyes to ones that lay dormant. One of
Read More
EP#19 – Jim Manico – Why Application Security is a Team Sport and How Your Team Will Win
If you’re a business leader, especially at a SaaS firm or if you’re a developer at a SaaS firm, this
Read More
EP#18 – Jose Ciriaco – IT & Security: How to Do More with Less
Information security is a well easily fallen into. There is so much on the market. So many things to consider.
Read More
EP#17 – Thomas Price – CMMC Certification Audits—Can You Leverage ISO 27001?
If you want a glimpse into what one of your future CMMC audits will be like, this is the show
Read More
EP#16 – Ian Glover – Why Buyers of Security Services Need to Leverage CREST
Who do you trust with your network? Would you give a random person access to the infrastructure that runs your
Read More
EP#15 – Andrew van der Stock – The OWASP Top Ten is Great, but is it Enough?
We all have things we consider “the best”. Things we look to. Rely on. What happens when one of those
Read More
EP#14 – Brian Dykstra – How Computer Forensics Protects Your Data During Litigation
The word forensics usually makes us think of homicide, but it applies to computers, too. Computer forensics is really just
Read More
EP#13 – Debbie Zaller – Why ISO 27701 is the Answer to Privacy Compliance
As the first data privacy certification available, ISO 27701 can greatly reduce the complexity of managing privacy, risk and proving
Read More
EP#12 – Cosmo Gazzani – Disaster Recovery, Business Continuity, and Data Resilience
Getting a flat tire is a disaster. Knowing where you keep the spare is disaster recovery. Changing a tire in
Read More
EP#11 – Daniel Cuthbert – OWASP ASVS: The Go-To Standard for Application Security
Your application is probably vulnerable. “But how?! We hired a company to pen test our application. They did a thorough
Read More
EP#10 – Stuart Itkin – Exostar and Their Role in Your CMMC Certification
Is your organization ready for CMMC? As CMMCs roll out over the next 6 years, it’s going to become
Read More
EP#9 – Danielle Russell – When an SMB Should Implement a SIEM
As an SMB, you’re probably thinking you’re too insignificant for a targeted cyberattack. That’s not even a little bit true.
Read More
EP#8 Tom Garrubba – Resilience Guidance and the SCA
You’re responsible for information security at your SMB, and you need a better, faster and cheaper way to demonstrate your
Read More
EP#7 Dr. Joel Kahn – Dead CISOs Don’t Get Bonuses
If you thought this podcast was supposed to be about information security, you might be confused about why we’re featuring
Read More
EP#6 Darek Hahn – The Virtual CIO: What it Is and What it Isn’t
In this world of remote work that we’ve found ourselves in, there are likely a lot of companies that are
Read More
EP#5 John Verry – Staying Secure in a COVID-19 World
Can we all agree that this is a strange, confusing, and stressful time to be living through? That none of
Read More
EP#4 Andrew Farkas – True Confessions of a Real Virtual CISO
Trust, but verify. These famous words of Ronald Reagan, who, incidentally, would make a fantastic CISO, are also the simplest
Read More
EP#3 Dan Schroeder – ISO 27001 vs. SOC 2 – Which Attestation is Right For You
Considering ISO 27001 certification? Wondering about SOC 2 attestation? Trying to figure out the differences between the two? We have
Read More
EP#2 Deidre Diamond – How to Attract & Retain Cyber Talent
The cyber talent search feels like a global, dangerous game of Marco Polo. We’re all looking for each other, but
Read More
EP#1 Katie Arrington – CMMC: What You Need to Know About DoD Cybersecurity Regulation
As CISO for Acquisition and Sustainment at the United States Department of Defense, she’s well beyond needing analogies to understand
Read More