EPISODE · Mar 3, 2026 · 17 MIN
Is NIST Too Complex for Small Businesses? Daniel Eliot Weighs In (ep. 2)
from Practical Cybersecurity with Jen Stone · host SecurityMetrics
"I can’t think about cybersecurity this week; I’m thinking about 1099s."You’re not alone. Many SMBs see the NIST Cybersecurity Framework (CSF) as an overwhelming manual for government contractors, not a local shop or startup. Jen Stone sits down with Daniel Eliot, NIST’s lead for small business engagement. We break down the new NIST CSF 2.0 Small Business Quick Start Guide —a "small-chunk" resource designed for under-resourced organizations to move from chaos to a structured program. In this episode:Why having "everyone" responsible means "nobody" is.How to build a "reasonable" security program while managing payroll and daily operations.Why taking security seriously helps you win bigger contracts and scale safely.The exact steps (MFA, patching, backups, and more) that even large orgs get wrong.NIST ResourcesNIST (National Institute of Standards and Technology): https://www.nist.gov/Small Business Cybersecurity Corner: https://www.nist.gov/itl/smallbusinesscyberNIST CSF 2.0 (Cybersecurity Framework): https://www.nist.gov/cyberframeworkSmall Business Quick Start Guide: https://www.nist.gov/publications/nist-cybersecurity-framework-20-small-business-quick-start-guideContact Daniel and his team: [email protected] Term DefinitionsThe 6 Functions: Govern, Identify, Protect, Detect, Respond, and RecoverMFA: Multi-Factor Authentication—essential for account access. Patching: Updating software to fix security "holes." MSP/MSSP: Local experts you can hire to manage IT security. Timestamps00:00 – Many hats of small business owners00:26 – Daniel Eliot and NIST’s Mission02:25 – Exploring the Small Business Cybersecurity Corner03:20 – What is the NIST CSF?04:26 – The Small Business Quick Start Guide for CSF 2.006:52 – How to Identify Your Most Critical Assets09:56 – When to Seek Help: Engaging MSPs and Local Resources10:52 – Defining a "Successful" Cybersecurity Program13:21 – Essential Fundamentals: MFA, Patching, and Backups15:35 – How to Engage Directly with NIST Jen Stone (MCIS, CISSP, CISA, QSA) is a Principal Security Analyst at SecurityMetrics. With 25+ years in IT and 100+ high-level assessments, Jen specializes in making complex compliance actionable for businesses of all sizes. Outside of security, she is an aerial arts enthusiast and motorcycle rider. A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place But if you just want to learn how to protect yourself for free, start here: https://academy.securitymetrics.com/
What this episode covers
"I can’t think about cybersecurity this week; I’m thinking about 1099s." You’re not alone. Many SMBs see the NIST Cybersecurity Framework (CSF) as an overwhelming manual for government contractors, not a local shop or startup. Jen Stone sits down with Daniel Eliot, NIST’s lead for small business engagement. We break down the new NIST CSF 2.0 Small Business Quick Start Guide —a "small-chunk" resource designed for under-resourced organizations to move from chaos to a structured program.&n...
NOW PLAYING
Is NIST Too Complex for Small Businesses? Daniel Eliot Weighs In (ep. 2)
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Jan 2, 2026 ·47m
Dec 21, 2025 ·46m