The Virtual CISO Podcast
Episodes
Information Governance w/David Gould
08 Jul 2021
Contributed by Lukas
Information governance is the solution to that irrational fear of deletion we all experience from time to time. Expert in the field and Chief Customer...
DIBCAC & CMMC Audit Prep w/ George Perezdiaz & Caleb Leidy
01 Jul 2021
Contributed by Lukas
Are you ready for your DIBCAC/CMMC audit? Let’s make sure. We’re speaking to two of our best Security Consultants from right here within our ranks...
Trust Is a Vulnerability: 5 Steps on the Path to Zero Trust with John Kindervag
25 Jun 2021
Contributed by Lukas
How do you quantify trust? Is it something that can be digitized? In the world of cybersecurity, trust is a vulnerability. What we need is Zero Trus...
You Are a Target: Assessing Cybersecurity Risk with Dr. Eric Cole
16 Jun 2021
Contributed by Lukas
Whoever propagates the rumor that the goal of cybersecurity is to prevent all attacks deserves to be punched in the face. The goal of cybersecurity i...
CMMC Assessments Are Here: What You Need to Know with Stacy High-Brinkley
10 Jun 2021
Contributed by Lukas
In the latest episode, Stacy High-Brinkley, VP of Compliance Solutions at Cask, shares what you need to know about the coming CMMC assessments. To h...
Everything You Need to Know About StateRAMP with Leah McGrath
03 Jun 2021
Contributed by Lukas
The federal government has FedRAMP to manage security authorizations for cloud service offerings. But cyber attacks don’t stop at the federal level....
How EDR & NDR Help You Make Better Security Decisions with Chris Neyhuis
26 May 2021
Contributed by Lukas
Remember those halcyon days when you could just stick an antivirus on your desktop and not worry — before all these confusing initialisms like EDR a...
How PreVeil Drive Makes Storing and Sharing Data More Secure with Sanjeev Verma
20 May 2021
Contributed by Lukas
PreVeil Drive is a cloud service that lets users encrypt, store and share their files for CMMC Compliance and personal use. Unlike other cloud service...
Lessons Learned in Our Initial 27701 Certification Audits
10 May 2021
Contributed by Lukas
ISO-27701 is an exciting new standard. But it comes with a learning curve for all of us — clients, consultants, and auditors. In this episode, w...
Using your ISO 9001 Management System to Simplify CMMC Certification
28 Apr 2021
Contributed by Lukas
John Laffey, Program Manager at Perry Johnson Registrars, Inc. discusses the cornerstones of an information security management system from the perspe...
How to Communicate Across Departmental Divides
20 Apr 2021
Contributed by Lukas
Have you ever wished that there was some sort of Star-Trek universal translator device for communicating your department’s needs to the C-Suite? ...
MSPs, MSSPs & Validation: What You Need to Know
13 Apr 2021
Contributed by Lukas
Gone are the days when every company had their own internal IT department. We’re well into the era of Managed Service Providers. But how do yo...
Why CMMC Is the Most Significant Standard of all Time
09 Apr 2021
Contributed by Lukas
With the proliferation of so many information security standards, are we nearing a breaking point? In the end, which standard will win? In th...
CMMC Level 1: An Overview
01 Apr 2021
Contributed by Lukas
Let’s talk about the Cybersecurity Maturity Model Certification, or CMMC. What is it, why should you care about it, and how do you know if it’...
Solutions to Security, Compliance, and Technology Challenges in Aerospace
16 Mar 2021
Contributed by Lukas
Manufacturing tends to resist new technology. Not aerospace, though. It's on the cutting edge. In this episode of The Virtual CISO Podcast, John Vir...
CMMC Level 3: What Government Staffing Agencies Need to Know
09 Mar 2021
Contributed by Lukas
In this episode of The Virtual CISO Podcast, host John Verry, CISO and Managing Partner at Pivot Point Security go over everything government staffing...
The ISVS: What You Need to Know
04 Mar 2021
Contributed by Lukas
These days, everything is connected to the internet. Whether it’s your car, your light bulbs, your microwave, your pacemaker, or your cochlear impla...
FedRAMP: What You Need to Know
26 Feb 2021
Contributed by Lukas
Are you looking to get your product authorized for use by federal agencies? Then you probably need to understand FedRAMP, how it works, and, most imp...
How Data Privacy Standards Affect Your Business
02 Feb 2021
Contributed by Lukas
Privacy is changing. Across the globe, new standards are recognizing it as a fundamental human right. But between GDPR, CCPA, and all the other stan...
Should You Invest in a GRC Tool for Security & Compliance?
21 Jan 2021
Contributed by Lukas
Getting your ducks in a row for a GRC audit can be a huge undertaking. Especially when you get compliant for the audit, then don’t look at it agai...
CMMC Compliance: The Nuances You Should Know
12 Jan 2021
Contributed by Lukas
The DFARS interim rule that went into effect on November 30th has a lot of nuances to it — and many out there have questions about how it applies to...
GCC High Demystified: What CMMC Compliance Means for DIB Firms
18 Dec 2020
Contributed by Lukas
Should I migrate to GCC High? Do I have to? Are there alternatives? If you’re a DIB member and you are using Office 365 — as so many do — reach...
What DIB Firms Need to Know About the CMMC Interim Rule
15 Dec 2020
Contributed by Lukas
If you’ve taken the time to look through the DFARS Interim Rule… All 80+ (potentially) confusing pages of it... You might have some questions abou...
The Secrets to Keeping Your SaaS Secure
16 Nov 2020
Contributed by Lukas
SaaS is a great business to be in. But whether you’re a startup or a mature company… Your product is only as good as your security. ...
32. How IoT Is Shaping the Future of Cybersecurity
05 Nov 2020
Contributed by Lukas
The internet of things is taking off. IoT is bringing new innovations across the board… But it’s also bringing a new set of vulnerabilitie...
31. A Brief History of NIST Guidance
22 Oct 2020
Contributed by Lukas
ISO 27001, CMMC, NIST 800-53… Keeping track of the myriad security guidelines can be tricky. Especially when you don’t know the “why” be...
30. How to Beat the 6 Most Challenging CMMC L3 Requirements
06 Oct 2020
Contributed by Lukas
Preparing to achieve CMMC compliance may seem daunting. Especially in 6 challenging components. But we’re going to make them easy. In...
29. How COVID-19 Is Shaping Security’s Future w/Reg Harnish
29 Sep 2020
Contributed by Lukas
Though 2020 has felt decades-long already… We still haven’t had to deal with the long-term effects of the pandemic. But we will. The que...
28. Why 800-171 Compliance Isn’t Going Away Any Time Soon w/John Ellis
22 Sep 2020
Contributed by Lukas
CMMC is coming... But that doesn’t mean 800-171 compliance is out the window. In this episode, I catch up with John Ellis, Director of the S...
27. How DevOps Took Over (& Why You Should Care) w/Jon Bass
11 Sep 2020
Contributed by Lukas
Not too long ago, DevOps seemed like a fringe buzzword… Now, it’s front-and-center. So, what is DevOps and why should you care? To answer...
26: How to Optimize Your ISMS w/Rich Stever
25 Aug 2020
Contributed by Lukas
When ISO 27001 is optimized for speed, it’s an amazingly effective and efficient way to manage security and compliance. Today’s guest is one of...
25: CMMC Compliance & Continuous Monitoring Made Simple w/Chris Lank
17 Aug 2020
Contributed by Lukas
If your organization is in the DIB, CMMC compliance is a big deal. It’s probably the biggest thing to happen to information security in history. ...
24: Everything You Need to Know About ISO 27001 Audits w/ Ryan Mackie
11 Aug 2020
Contributed by Lukas
Prepping for an ISO 27001 audit can be a nerve-wracking process. But it doesn’t have to be. You just need to know what you’re getting into. ...
23. Why Security Is So Important for a Growing SaaS w/ Jesse Nash
04 Aug 2020
Contributed by Lukas
If you have a growing SaaS company, security may be far down your list of priorities. I’ll be blunt… it shouldn’t. Security maturity can be ma...
22. CMMC Training & Assessments: Rollout, Certification & Competition w/ Ben Tchoubineh
24 Jul 2020
Contributed by Lukas
If you are scrambling to figure out CMMC, you aren’t alone. It’s perhaps the most sweeping information security change for DoD contractors in hist...
21. CMMC Compliance Doesn’t Have to Be Hard (or Pricey) w/ Sanjeev Verma
17 Jul 2020
Contributed by Lukas
If your company works with the DoD. You might be worried about CMMC compliance. But it doesn’t have to be hard or expensive. In this episode, I caug...
20. Faster, Better & Cheaper Vendor Due Diligence Reviews w/ Kevin Hermosura
08 Jul 2020
Contributed by Lukas
Covid 19 has created lots and lots of challenges and opened our eyes to ones that lay dormant. One of the most stark realizations is how much we rely ...
19. Why Application Security is a Team Sport and How Your Team Can Win w/ Joe Manico
30 Jun 2020
Contributed by Lukas
If you’re a business leader, especially at a SaaS firm or if you’re a developer at a SaaS firm, this episode with Jim Manico will provide a ton of...
18. IT & Security: How to Do More with Less w/ Jose Ciriaco
24 Jun 2020
Contributed by Lukas
Information security is a well easily fallen into. There is so much on the market. So many things to consider. It’s hard to determine...
17. CMMC Certification Audits—Can You Leverage ISO 27001? w/ Thomas Price
17 Jun 2020
Contributed by Lukas
If you want a glimpse into what one of your future CMMC audits will be like, this is the show for you. On this episode of The Virtual CISO Podcast,...
16. Why Buyers of Security Services Need to Leverage CREST w/ Ian Glover
09 Jun 2020
Contributed by Lukas
Who do you trust with your network? Would you give a random person access to the infrastructure that runs your business? Anyone with a compute...
15. The OWASP Top Ten is Great, but is it Enough? w/ Andrew van der Stock
02 Jun 2020
Contributed by Lukas
We all have things we consider “the best”. Things we look to. Rely on. What happens when one of those old reliable, gold standard things ...
14. How Computer Forensics Protects Your Data During Litigation w/ Brian Dykstra
26 May 2020
Contributed by Lukas
The word forensics usually makes us think of homicide, but it applies to computers, too. Computer forensics simply just means telling the story of ...
13. Why ISO 27701 is the Answer to Privacy Compliance w/ Debbie Zaller
19 May 2020
Contributed by Lukas
As the first data privacy certification available, ISO 27701 can greatly reduce the complexity of managing privacy, risk and proving compliance with r...
12. Disaster Recovery, Business Continuity, and Data Resilience w/ Cosmo Gazzani
12 May 2020
Contributed by Lukas
Getting a flat tire is a disaster. Knowing where you keep the spare is disaster recovery. Changing a tire in under 7 minutes to get right back on the ...
11. OWASP ASVS: The Go-To Standard for Application Security w/ Daniel Cuthbert
05 May 2020
Contributed by Lukas
Your application is probably vulnerable. “But how?! We hired a company to pen test our application. They did a thorough test against the OWASP top...
10. Exostar and Their Role in Your CMMC Certification w/ Stuart Itkin
28 Apr 2020
Contributed by Lukas
Is your organization ready for CMMC? As CMMCs roll out over the next 6 years, it’s going to become a reality for more and more DoD subcontractors....
9. When an SMB Should Implement a SIEM w/ Danielle Russell
21 Apr 2020
Contributed by Lukas
As an SMB, you’re probably thinking you’re too insignificant for a targeted cyberattack. That’s not even a little bit true. In this episode, I i...
8. Resilience Guidance and the SCA w/ Tom Garrubba
14 Apr 2020
Contributed by Lukas
You’re a CISO at an SMB, and you see that the AUP is called the SCA now. So now what? Actually, there are 3 applications for this great tool a...
7: Dead CISO's Don't Get Bonuses w/ Dr. Joel Kahn
07 Apr 2020
Contributed by Lukas
If you thought this podcast was supposed to be about information security, you might be confused about why we’re featuring heart disease. Bottom lin...
6. The Virtual CIO: What it Is and What it Isn’t w/ Darek Hahn
31 Mar 2020
Contributed by Lukas
In this world of remote work that we’ve found ourselves in, there are likely a lot of companies that are looking around and wondering if they’ve g...
5. Staying Secure in a COVID-19 World w/ John Verry
23 Mar 2020
Contributed by Lukas
Can we all agree that this is a strange, confusing, and stressful time to be living through? That none of us really know what’s going to happen, o...
4. True Confessions of a Real Virtual CISO w/ Andrew Farkas
17 Mar 2020
Contributed by Lukas
Trust, but verify. These famous words of Ronald Reagan, who, incidentally, would make a fantastic CISO, are also the simplest explanation of what it’...
3. ISO 27001 vs. SOC 2 – Which Attestation is Right For You? w/ Dan Schroeder
10 Mar 2020
Contributed by Lukas
Considering an ISO 27001 certification? Wondering about SOC 2 attestation? Trying to figure out the differences between the two? We got you covered. ...
2. How to Attract and Retain Cyber Talent w/ Deidre Diamond
03 Mar 2020
Contributed by Lukas
The cyber talent search feels like a global, dangerous game of Marco Polo. We’re all looking for each other, but nobody can find anyone. (And e...
1. CMMC: What You Need to Know About DoD Cybersecurity Regulation w/ Katie Arrington
25 Feb 2020
Contributed by Lukas
Katie Arrington is THE expert in the national cyber security battle. As CISO for Acquisition and Sustainment at the United States Department of Def...
Welcome to The Virtual CISO Podcast
12 Feb 2020
Contributed by Lukas
Information security is a serious topic. However, the host of The Virtual CISO Podcast and managing partner at Pivot Point Security, John Verry...