PODCAST · technology
The Virtual CISO Podcast
by John Verry
The Virtual CISO Podcast is a frank discussion that provides the very best information security advice and insights for Security, IT and Business leaders. If you’re looking for the latest strategies, tips, and trends from seasoned information security practitioners, want no-B.S. answers to your biggest security questions, need a perspective on how your peers are addressing the same issues, or just simply want to stay informed and proactive, then welcome to the show. Our moderator, John Verry, chats with industry thought leaders to ensure you have what you need to be confident in your security and compliance. John will keep you informed, and perhaps even mildly entertained, through topics like ISO 27001, breach avoidance, incident response, dealing with pesky security questionnaires, data privacy, and managing vendor risk. Think of it as security… with a smile.
-
160
-
159
-
158
-
157
-
156
-
155
-
154
-
153
-
152
EP 151: Trust, But Verify: How HITRUST is Reshaping Assurance
In this episode of the Virtual CISO Podcast, host John Verry and guest Chris Schaeffer discussthe HITRUST framework, its evolution, and its significance in the cybersecurity landscape. Theydelve into the Common Security Framework (CSF), the different assessment models (E1, I1,R2), and how HITRUST compares to other frameworks like SOC 2 and ISO 27001. Theconversation also touches on the future of HITRUST, including potential reciprocity with otherstandards and the impact of emerging technologies like AI.
-
151
Ep 150: Is OSCAL the Future of Security Documentation (& FedRAMP)?
In this episode of the Virtual CISO Podcast, John Verry speaks with Kenny Scott, founder and CEO of Paramify, about the challenges of cyber risk management and the potential of OSCAL (Open Security Controls Assessment Language) in simplifying compliance and documentation processes. They discuss the importance of structured digital communication in security, the complexities of FedRAMP, and how OSCAL can streamline the documentation process, ultimately reducing costs and improving efficiency in security programs. In this conversation, Kenny and John discuss the challenges and strategies for adopting OSCAL (Open Security Controls Assessment Language) in organizations. They explore the importance of understanding data flows for compliance, the role of AI in streamlining compliance processes, and the potential for OSCAL to transform how organizations manage security and compliance documentation. They also touch on the future of OSCAL and its relevance in various compliance frameworks beyond FedRAMP.
-
150
-
149
Episode 148: Cloud Detection & Response
In this episode, John Verry interviews Eric Gumanofsky, Vice President for Product Innovation at Tenable Security, about the concept of Cloud Detection and Response (CDR). They discuss the similarities and differences between CDR and Endpoint Detection and Response (EDR), as well as the integration of CDR into a comprehensive Cloud Native Application Protection (CNAP) solution. They also explore the challenges and benefits of automating response in the cloud and the importance of risk-based decision-making. The conversation highlights the evolving nature of the cloud security space and the need for organizations to stay informed and make informed decisions.
-
148
Episode 147: Why vCISO Engagements Fail
In this episode, John Verry and Matt Webster discuss the evolving landscape of virtual CISO services, exploring the common pitfalls and failures associated with these projects. They emphasize the importance of clear expectations, the distinction between a virtual CISO and a virtual security team, and the necessity of executive buy-in for successful cybersecurity initiatives. The conversation also highlights the need for specialized expertise in various cybersecurity domains and the challenges of maintaining focus amidst tactical distractions. They explore the tactical challenges organizations face, the importance of redundancy in virtual CISO services, and how breaches can impact these engagements. The discussion emphasizes the need for cultural fit and industry-specific knowledge when hiring a virtual CISO, ensuring organizations can navigate the ever-evolving cybersecurity landscape effectively.
-
147
Episode 146: Dark Web Monitoring
In this conversation, John Verry interviews Steph Shample, Cybercrime Analyst for DarkOwl, about the dark web and its implications for cybersecurity professionals. They discuss: The basics of the dark web, its purpose, and the types of activities that take place there. They also explore the value of darknet data for threat intelligence and how it can be used to understand and combat cyber threats. Cybersecurity professionals can benefit from understanding the dark web to gain insights into the tactics, techniques, and procedures used by threat actors. Additionally, they touch on the evolving nature of cyber attacks and the importance of sharing information within industry-specific groups and the role of tools like Dark Owl in proactively monitoring the dark web.
-
146
Episode 145: CMMC: The Final Rule
In this episode of the Virtual See-So Podcast, host John Verry speaks with Sanjeev Verma, chairman and co-founder of Prevail, about the intricacies of CMMC compliance and the importance of cybersecurity. They discuss: The delays in CMMC implementation, key elements of the new regulation, and the importance of being prepared for compliance. The complexities of compliance with CMMC regulations, the importance of documentation, and the implications of using cloud services and VDI. They emphasize that compliance is an ongoing process requiring annual affirmation and that organizations must be proactive in their cybersecurity measures. T They highlight the necessity of flow down requirements and the role of encryption in protecting sensitive data.
-
145
Episode 144: TxRAMP or StateRAMP or AZRAMP or FedRAMP? What’s right for your company?
In this episode of The Virtual CISO Podcast, your host John Verry is joined by Mike Craig to break down the differences between FedRAMP, TxRAMP, AZRAMP, and StateRAMP.Together, they discuss:How the Naoris Protocol establishes decentralized trust for compute endpoints. Key distinctions between the RAMP frameworks and how they impact an organization's path to Authorization to Operate (ATO).How Organizationally Defined Parameters (ODPs) shape the implementation of controls across different RAMPs.The impact of Federal Acquisition Regulations (FAR) on FedRAMP technical architecture and cost recovery.Why nearly 60% of FedRAMP projects fail, and how strategic planning can help companies avoid costly mistakes. And more!If you're considering federal cybersecurity compliance or just want to stay ahead in cloud security, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe for more insightful episodes. For updates on cybersecurity, digital technology, and more, follow us on LinkedIn: https://www.linkedin.com/company/pivot-point-security/
-
144
Episode 143: Is Decentralized Proof of Security Leveraging Blockchain the future of Cybersecurity?
In this episode of The Virtual CISO Podcast, your host, John Verry, sits down with David Carvalho, a cryptography and cybersecurity expert with over 25 years of experience, to explore the next frontier in cybersecurity: decentralized security models and post-quantum cryptography.How the Naoris Protocol establishes decentralized trust for compute endpoints. The importance of a decentralized security baseline for digital trust.Real-world applications in cyber insurance and regulatory compliance.The growing threat of quantum computing and the need for post-quantum security.And more!If you're considering federal cybersecurity compliance or just want to stay ahead in cloud security, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe for more insightful episodes. For updates on cybersecurity, digital technology, and more, follow us on LinkedIn: Pivot Point Security.
-
143
-
142
Episode 141: Stopping Business Email Compromise with a Novel Malicious File Reconstruction Approach
In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with Aviv Grafi, CTO and founder of Votiro, as they discuss innovative solutions to combat business email compromise. Join us as we discuss:The mechanisms of business email compromise How malicious files are used in cyberattacks The limitations of traditional security methods The benefits of malicious file reconstruction technologyAnd more! If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast. For updates on cybersecurity, digital technology, and more, follow us on LinkedIn:https://www.linkedin.com/company/pivot-point-security/
-
141
Episode 140: DIB/CMMC Cybersecurity – Interesting Observations from a Significant Study
Join us for an engaging episode of the Virtual CISO Podcast with host John Verry. This episode features Chris Petersen, co-founder of LogRhythm and current CEO of Radical. Chris brings over two decades of experience in cybersecurity, offering deep insights into the industry's challenges and advancements. In this episode, we'll explore: - The surprising results from Radical’s DIB Cybersecurity Survey, including the incongruity between high self-assessed security skills and other survey responses. - The critical issue of poor scoping in System Security Plans (SSPs) and its impact on the effectiveness of security monitoring within the Defense Industrial Base (DIB). - The paradox of organizations delaying CMMC certification despite acknowledging the lengthy process and the looming enforcement deadline.If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast. For updates on the state of cybersecurity, digital technology, and more, follow us on LinkedIn, https://www.linkedin.com/company/pivot-point-security/
-
140
Episode 139: How adding Crisis Management to your Incident Response Plan can save your bacon?
Join us for an engaging episode of the Virtual CISO Podcast with host John Verry. This episode features Kevin Dinino, President of KCD PR, who delves into the critical aspects of crisis management and communications. Kevin brings over 20 years of experience in guiding companies through the complexities of strategic communications, particularly in the cybersecurity, financial, and technology sectors. In this episode, we'll explore: The nuances of differentiating between an incident and a crisis, and how to handle the transition from one to the other.The essential components of a comprehensive crisis management plan and the importance of integrating cyber incident response with overall crisis communication strategies.Real-world examples of effective crisis communication, including the famous Tylenol recall and modern-day cyber incidents.The evolving landscape of cyber liability insurance and the role of PR firms in mitigating the reputational impact of security breaches. Insights into the latest federal disclosure requirements and their implications for incident and crisis management.If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast. For updates on the state of cybersecurity, digital technology, and more, follow us on LinkedIn, / pivot-point-security .
-
139
-
138
-
137
-
136
Episode 135: Can Distributed Ledger Technology Simplify Privacy Compliance? W/ Zenobia Godschalk
In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with guest Zenobia Godschalk, Senior Vice President of Hedera Hashgraph, as they discuss distributed ledger technology and its effects on privacy compliance. Join us as we discuss the following: The erosion of Privacy OnlineDistributed Ledger Technology (DLT) and how it enables Web 3How DLT can be used to improve security and compliance with Privacy regulationsIf you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast.For updates on the state of cybersecurity, digital technology, and more, follow us on LinkedIn: https://www.linkedin.com/company/pivot-point-security/
-
135
-
134
Kubernetes Security – Simplified Shauli Rozen, CEO of ARMO
In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with guest Shauli Rozen, CEO and Co-Founder of ARMO, exploring the intricacies of Kubernetes, the orchestration tool that's reshaping how we deploy, scale, and manage containerized applications.Join us as we discuss:What a container isImplications of containers on securityHow you can leverage Kubescape to improve application securityAnd more!If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast.For updates on the state of cybersecurity, digital technology, and more, follow us on LinkedIn, https://www.linkedin.com/company/pivot-point-security/
-
133
-
132
-
131
-
130
-
129
Episode 128: Understanding the ISO 27001:2022 Update with Andrew Frost and Leigh Ronczka
In this episode of The Virtual CISO Podcast, your host, John Verry, sits down with Andrew Frost and Leigh Ronczka of CBIZ Pivot Point Security to discuss the updates needed to successfully transition from ISO27001:2013 to ISO 27001:2022. Join us as we discuss: How simplistic it is for a company to transition to ISO 27001:2022The level of effort required to implement the changesWhat auditors are looking for when organizations make an updateAnd more!If you want to learn more about the realm of cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast. For updates on the state of cybersecurity, digital technology, and more, follow us on LinkedIn, https://www.linkedin.com/company/pivot-point-security/
-
128
-
127
-
126
Ep: 125 - Understanding the New FTC Safeguards Rule: Key Changes and Requirements Explained
Tune into an insightful conversation with Jeremy Price, co-leader of a national cybersecurity practice. In this engaging discussion, Jermey explains the updated FTC safeguard rules that went into effect in June and what they’re intended to do. In this episode, your host, John Verry, and Jeremy Price discuss: - The Gramm Leach Bliley Act updates and how that affects financial institutions, and companies that offer things like consumer financial products and services - The extended and new definition of financial institutions - How to determine whether or not your company falls under the new definition of financial institutions and what that means for your business - And more!
-
125
An Introduction to AI and its Place in the Work Place with CEO of Private AI Patricia Thaine
Join us for an insightful conversation with Patricia Thaine, Founder and CEO of Private AI, as we delve into the world of artificial intelligence, language models, and data privacy. In this engaging discussion, Patricia sheds light on the transformative potential of AI, particularly language models like GPT-3.5, in various industries. In this episode, your host, John Verry, and Patricia Thaine discuss: how specialized AI models are revolutionizing tasks such as sentiment analysis and personal information identification, all while ensuring data remains private and secure.responsible AI practices and preparing the next generation to harness AI's power responsibly.the potential of AI and the ethical considerations that accompany it.And more!If you want to learn more about the realm of cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms! For weekly updates on the state of cybersecurity, digital technology, and more, follow us on LinkedIn, @pivot-point-security.
-
124
-
123
Ep 122: Navigating New Horizons: CMMC, NIST 800-171 Updates, and Compliance Insights
In this episode of the "Virtual CISO Podcast," your host John Verry speaks with guest Warren Hylton, a FedRisk consultant at CBIZ Pivot Point Security, to explore recent updates in cybersecurity regulations. The conversation revolves around the Cybersecurity Maturity Model Certification (CMMC) and the updated NIST Special Publication 800-171 (R2 to R3).Join us in this week’s episode as we discuss The potential outcomes of the DOD’s rules package submission to OMBNIST 800-171's Revision 3 updatesThe transition from DoD-led to commercial-led assessments regarding CMMCAnd more!To hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast.Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.
-
122
Ep 121: Strategies for Reducing the Cost of Your Cyber Liability Insurance Policy
Like many other businesses, law firms are at significant risk of cyber-attack and increasingly are turning to cyber liability insurance (CLI) to transfer some of their cyber risk. But many are being denied coverage or face high premiums due to shortfalls in their cybersecurity controls. In this episode, your host John Verry, CBIZ Pivot Point Security Managing Director, sits down with Jack Liljeberg, Assistant Broker at Thompson Flanagan. Jack helps give business and security leaders in the legal vertical, as well as anyone seeking CLI coverage, a comprehensive update on the state of the CLI marketplace and critical issues to be aware of.In this episode, join us as we discuss: · Whether CLI premiums still increasingly rapidly or have stabilized· Most critical information security controls that businesses need to obtain CLI coverage or avoid onerous premiums· The importance of honesty, accuracy, and plenty of detail in CLI applications· Exemptions and other issues to watch out for in CLI policies· Other insurance coverage types that can bridge gaps in a firm’s CLI coverageTo hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast. Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.
-
121
Ep 120: A FedRAMP ATO – The Good, The Bad, and the Ugly
To do wide-scale business within the US federal government, cloud service providers (CSPs) need a FedRAMP ATO. The prospect can be daunting as few CSPs have federal cyber compliance expertise. Misconceptions and misinformation can create additional roadblocks. In this episode, your host John Verry, CBIZ Pivot Point Security Managing Director , sits down with Mike Craig, CEO at Vanaheim Security, who gives clear guidance with business and security leaders on what it takes to get a FedRAMP ATO, including best practices and common mistakes. In this episode, join us as we discuss: • Key considerations to help decide if a FedRAMP ATO is worth pursuing • How long a FedRAMP ATO really takes, how much it really costs, and why • The three stages of the FedRAMP journey • Key participants in the FedRAMP “dance” and how they relate • Huge pros and cons of an agency sponsorship versus the JAB authorization path to a FedRAMP ATO To hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast. Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.
-
120
Ep 119: What is a Microservice Architecture and how do I secure it?
Whatever kind of software application a team is building, the identification and remediation of cybersecurity issues needs to be part of every stage of the software development lifecycle (SDLC). But making that happen takes a wealth of skills and approaches, as well as an eye on compliance and the ability to keep pace with the ever-changing online environment—microservices being a prime example.In this episode, your host John Verry, Pivot Point Security CISO and Managing Partner, sits down with Laura Bell Main, CEO and Founder of SafeStack to give business and security leaders a clear and logical overview of microservice security issues and more. In this episode, join us as we discuss: • What constitutes a microservice architecture and how it relates to other design approaches, languages, and frameworks• The microservice software supply chain and the limitations of a Software Bill of Materials in a microservices context• How using microservices changes the approach of securing an application• How zero trust concepts relate to microservice architectures• How SafeStack is helping to educate developers about application security in organizations of all sizesTo hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast. Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.
-
119
Ep 118: The Simplest Way to Transition from ISO 27001:2013 to ISO 27001:2022
If you are ISO 27001 certified, or considering it, you are likely wondering how the transition from ISO 27001:2013 to ISO 27001:2022 affects you. With the notable changes, there are many uncertainties. For example, how soon can you get certified to ISO 27001:2022? Can you still get certified to 27001:2013? For anyone already certified, how soon can they transition to ISO 27001:2022? In this episode, your host John Verry, Pivot Point Security CISO and Managing Partner, sits down with Andrew Frost, GRC Advisory Consultant at Pivot Point Security to explore the most effective and simplest practices for making the transition from ISO 27001:2013 to ISO 27001:2022. In this episode, join us as we discuss: • An overview of what changed and why from ISO 27001:2013 to ISO 27001:2022 • Timelines for certification to the new standard, including why it might be advisable to delay an ISO 27001:2022 certification audit until 2024 • The level of effort required for the transition to ISO 27001:2022 • Guidance on how to plan and execute the transition to ISO 27001:2022 • How auditors might use the new #hashtags in ISO 27001:2022 To hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast. Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.
-
118
Ep 117: Eight Key Takeaways from the RSA 2023 Conference
In this week's episode of the Virtual CISO podcast, your host John Verry, Pivot Point Security CISO and Managing Partner, shares his valuable insights from the 2023 RSA conference. As the security industry evolves, with an increasing number of vendors and products, John advises against adopting a product-based security strategy. Instead, he recommends having a clear plan to address specific security challenges. Tune in to this episode to learn John's eight key takeaways, the latest developments from the 2023 RSA conference, and gain valuable insights to enhance your organization's security posture. In this episode join us as we discuss: · Privacy will drive data governance · Data security posture management · Zero trust: a model rather than a product · AppSec and API security · 90-day TLS certificates To hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast. Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.
-
117
Ep 116: What is an SBOM & Why Are My Customers Suddenly Asking for One?
With the release of President Biden’s Executive Order 14028 on “Improving the Nation’s Cybersecurity” from May 2021 the US public and private sectors have been alerted to the significant cybersecurity risks within our software supply chain. As of the March 2023 release of the National Cybersecurity Strategy, which will shift liability for software products and services to promote secure development practices, it’s evident that software security needs to be elevated across all organizations. In this episode, your host John Verry, Pivot Point Security CISO and Managing Partner, sits down with Tim Mackey, Head of Software Supply Chain Risk Strategy at Synopsys, to explore what better software supply chain security means for software development and more. In this episode, join us as we discuss: · Defining an SBOM what it can include depending on stakeholder needs · The value of SBOMs for both software developers and their clients · Market drivers for improved software supply chain security · Software composition analysis and its role in mapping dependencies and identifying vulnerabilities within code · How the NIST Secure Software Development Framework (SSDF) supports initiatives to improve software supply security To hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast. Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.
-
116
Ep 115: If Your Asset Management Sucks, Your Security Sucks
Asset management is a crucial aspect of information security. It refers to the processes and procedures involved in identifying, organizing, tracking, and protecting an organization's assets. The security of these assets is paramount, as you can’t protect what you don’t know about. To learn more about how to Fix Cyber Asset Management, your host John Verry, sits down with Huxley Barbee, Security Evangelist at runZero, to discuss the importance of Asset Management, how it’s a critical component of any organization's security strategy and much more. In this episode, Join us as we discuss the following: • Definition of an asset—the answer is surprising • Top reasons why so many orgs are failing Asset Management 101 • Critical innovations of a modern asset management solution • Asset management in the cloud and what teams really need to focus on • How asset management failures killed Equifax To hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast. Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.
-
115
Ep 114: 4 Tactical Steps To Implementing DevSecOps In 2023
DevSecOps is the practice of integrating security testing at every stage of the software development process. With DevSecOps, training and educating all teams in risk, security, and mitigation at all stages of development is a top priority– traditionally, app developers don't pay much attention to security, which increases the risk of vulnerable code being deployed and the application being compromised. To learn more about DevSecOps in this episode, your host John Verry, sits down with André Keartland, Solutions Architect with Netsurit Professional Services, to discuss tactical steps to implement DevSecOps in 2023.In this episode, Join us as we discuss the following: • What is DevSecOps and how does it differ from DevOps?• Getting business stakeholder buy-in for application security• The best way to get started with DevSecOps• Who in your org needs application security training and why• How to assess application risk and why it’s so importantTo hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast. Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.
-
114
Ep 113: Should we be in Microsoft 365 GCC, GCC High, or Commercial?
Microsoft 365 was launched in 2011 in hopes of revolutionizing cloud-powered productivity platforms. Since then, Microsoft 365 has grown to the point where it is now one of the largest cloud-powered productivity platforms on the market, competing with the likes of Google and more.To give organizations a clear picture of their Microsoft 365 options, your host John Verry sits down with Conrad Agramont, CEO of Agile IT, a top Microsoft Cloud Service Provider focusing on Microsoft 365, to discuss Microsoft Government Community Cloud (GCC), GCC High, and more.In this episode, Join us as we discuss the following:• How the three Microsoft 365 clouds differ in terms of key security capabilities• The importance of communicating with your government program office about the cybersecurity requirements in your contract • What migration from commercial Microsoft 365 to a "gov cloud" can look like in terms of time, cost, and effort• The two most challenging aspects of any Microsoft 365 migration• Pros and cons of a "hybrid approach" involving multiple Microsoft 365 environments To hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast. Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.
-
113
Ep 112: When should you move to ISO 27001:2022?
ISO 27001:2022 is the first update to the global "gold standard" for provable cybersecurity in ten years. Notable changes from the 2013 version will likely significantly impact most organizations' Information Security Management Systems (ISMS). In this episode, your host John Verry sits down with Ryan Mackie and Danny Manimbo from Schellman & Co. to explain the most significant changes in ISO 27001:2022 and their potential impacts. Join us as we discuss the following: How to determine the optimal timeline to migrate your ISMS from 27001:2013 to ISO 27001:2022Top areas that auditors will focus on during your transition auditHow moving to the new ISO 27001:2022 can benefit your cybersecurity program (and your marketing)The critical importance of risk assessment/risk management for ISO 27001:2022 certificationThe "ripple effect" of ISO 27001:2022 changes on related standards like ISO 27017, ISO 27701, and CSA STARSTo hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here. Listening on a desktop & can't see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
-
112
Ep 111: How to use the Software Assurance Maturity Model (SAMM) to Build Highly Secure Applications
The “buzz” in building more secure applications is “shift security left,” which means integrating security into and throughout the Software Development Lifecycle (SDLC). The Software Assurance Maturity Model (SAMM) is an excellent tool from OWASP that provides a framework for assessing and improving your development processes, resulting in more secure applications. In this episode, your host, John Verry, CISO and Managing Partner at Pivot Point Security, sits down with Sebastien Deleersnyder, co-lead of the OWASP SAMM project, to discuss in depth how you can use SAMM to improve your application security program. Join us as we discuss the following:● The biggest challenge teams face in developing secure applications ● Using OWASP SAMM to assess your current security process● Where most orgs really are today in terms of AppSec● Identifying quick wins to improve web app security● Leveraging SAMM alongside other security frameworks like NIST 800-218 and ISO 27001To hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast on our YouTube here. To Stay up to date with the newest podcast releases, follow us on LinkedIn here. Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
-
111
Ep 110: Understanding TISAX (Trusted Information Security Assessment Exchange)
Trusted Information Security Assessment Exchange (TISAX) is a vendor due diligence standard used in the automotive industry to verify that third-party suppliers’ cybersecurity programs provide adequate protection for the information the automotive supplier shares. In this episode, your host John Verry, CISO and Managing Partner at Pivot Point Security, sits down with Ed Chandler, Account Executive and Cybersecurity lead for TÜV SÜD America, who provides answers and explanations to what TISAX is, how it operates, and helps you better understand the implications surrounding it. Join us as we discuss: • Where did TISAX come from, why does it exist, and why is it increasingly important worldwide? • Why so many North American firms are now facing TISAX requirements • How the TISAX assessment/audit process works • TISAX assessment objectives and assessment levels • How aligning your org with comprehensive cybersecurity standards like ISO 27001 can also help with TISAX To hear this episode, and many more like it, we would encourage you to subscribe to the Virtual CISO Podcast on our YouTube here. To Stay up to date with the newest podcast releases, follow us on LinkedIn here. Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.
No matches for "" in this podcast's transcripts.
No topics indexed yet for this podcast.
Loading reviews...
ABOUT THIS SHOW
The Virtual CISO Podcast is a frank discussion that provides the very best information security advice and insights for Security, IT and Business leaders. If you’re looking for the latest strategies, tips, and trends from seasoned information security practitioners, want no-B.S. answers to your biggest security questions, need a perspective on how your peers are addressing the same issues, or just simply want to stay informed and proactive, then welcome to the show. Our moderator, John Verry, chats with industry thought leaders to ensure you have what you need to be confident in your security and compliance. John will keep you informed, and perhaps even mildly entertained, through topics like ISO 27001, breach avoidance, incident response, dealing with pesky security questionnaires, data privacy, and managing vendor risk. Think of it as security… with a smile.
HOSTED BY
John Verry
CATEGORIES
Loading similar podcasts...