All Episodes
The Virtual CISO Podcast — 160 episodes
Episode 159: The New Security Stack: Doors, Data, and AI With Jeffrey Friedman
Episode 158: AI Is Increasing Your Cyber Risk – Can It Also Reduce It? With Mike Armistead
Episode 157: AI Security: Testing, Exploits, and Threat Feeds With Marco Figueroa
Episode 156: AI Security: Threat Modeling & Pipeline Evolution with Jason Rebholz
Episode 155: Incident Response Testing in Cloud Forward Organizations with Matt Lea
Ep 154: How DORA Will Impact US Companies with Dejan Kosutic
Ep 153: Inside ISO 42001: The Future of AI Governance with Danny Manimbo
EP 152: Granular, Persistent, Zero Trust: The Case for File-Level Security
EP 151: Trust, But Verify: How HITRUST is Reshaping Assurance
Ep 150: Is OSCAL the Future of Security Documentation (& FedRAMP)?
Ep 149: Unlocking the Future: Passkeys and Passwordless Authentication with Anna Pobletts
Episode 148: Cloud Detection & Response
Episode 147: Why vCISO Engagements Fail
Episode 146: Dark Web Monitoring
Episode 145: CMMC: The Final Rule
Episode 144: TxRAMP or StateRAMP or AZRAMP or FedRAMP? What’s right for your company?
Episode 143: Is Decentralized Proof of Security Leveraging Blockchain the future of Cybersecurity?
Episode 142: CNAPP - Secure Cloud Apps in a Snap
Episode 141: Stopping Business Email Compromise with a Novel Malicious File Reconstruction Approach
Episode 140: DIB/CMMC Cybersecurity – Interesting Observations from a Significant Study
Episode 139: How adding Crisis Management to your Incident Response Plan can save your bacon?
Episode 138: Is Consuming SaaS an Information Security Faustian Bargain? w/ William Eshagh
Episode 137: Strategies and Insights w/ Sagi Brody
Episode 136: AI Risk Management – Is ISO 42001 the Solution? w/ Ariel Allensworth
Episode 135: Can Distributed Ledger Technology Simplify Privacy Compliance? W/ Zenobia Godschalk
Episode 134: Understanding TISAX w/ Alexander Häusler
Kubernetes Security – Simplified Shauli Rozen, CEO of ARMO
Episode 132: Optimize Your SOC 2 - Lessons Learned from the 2023 Benchmark Study w/ Scott Woznicki
Episode 131: The New CMCC Proposed Rule w/ Jeff Carden & Warren Hylton
Episode 130: Revolutionizing Security Training with Kevin Paige CISO and VP of Product Strategy at Uptycs
Episode 129: Empowering Diversity in the Cybersecurity Industry with Larry Whiteside Jr.
Episode 128: Understanding the ISO 27001:2022 Update with Andrew Frost and Leigh Ronczka
Ep 127: The Future of Security: Unraveling the World of Social Engineering
Ep 126: Unlocking AI's Potential: Risks, Optimism & Challenges in the Current Wave of AI Technology
Ep: 125 - Understanding the New FTC Safeguards Rule: Key Changes and Requirements Explained
An Introduction to AI and its Place in the Work Place with CEO of Private AI Patricia Thaine
Ep 123: Navigating IT-OT Dynamics: Cybersecurity, Integration, and Collaboration
Ep 122: Navigating New Horizons: CMMC, NIST 800-171 Updates, and Compliance Insights
Ep 121: Strategies for Reducing the Cost of Your Cyber Liability Insurance Policy
Ep 120: A FedRAMP ATO – The Good, The Bad, and the Ugly
Ep 119: What is a Microservice Architecture and how do I secure it?
Ep 118: The Simplest Way to Transition from ISO 27001:2013 to ISO 27001:2022
Ep 117: Eight Key Takeaways from the RSA 2023 Conference
Ep 116: What is an SBOM & Why Are My Customers Suddenly Asking for One?
Ep 115: If Your Asset Management Sucks, Your Security Sucks
Ep 114: 4 Tactical Steps To Implementing DevSecOps In 2023
Ep 113: Should we be in Microsoft 365 GCC, GCC High, or Commercial?
Ep 112: When should you move to ISO 27001:2022?
Ep 111: How to use the Software Assurance Maturity Model (SAMM) to Build Highly Secure Applications
Ep 110: Understanding TISAX (Trusted Information Security Assessment Exchange)
Ep 109: Understanding How Cybercriminals Operate Can Protect Your Business
Ep 108: Understanding the Legalities Around CUI
Ep 107: An AWS Security Guru’s Recommendation for Securing your AWS Infrastructure
Ep 106: Strategies to Manage Cybersecurity through an Economic Downturn
Ep 105: Solving the Problems of Cloud Native Apps.
Ep 104: Is Digital Business Risk Mgt. The Future of ASM
Ep 103: The Complexity of Deploying a Secure Application in the Cloud
Ep 102: The Intersection of Privacy and Security
Ep 101: Most Asked CMMC Questions
Ep 100: The Two Audiences For Privacy & How They Drive Data Collection
Unpacking Critical Elements of Supply Chain Risk Management
Breaking Down the Latest in Software Security Standards & the Impact on SaaS Businesses
What You Need to Know about APIs and API Security
How to Measure the Value of Information Security
Understanding NIST’s Secure Software Development Framework
US Gov. Cybersecurity Roadmap: Where it came from and Where is it Going?
Confronting the Wild West of Database Security
Bridging the Gap Between Cybersecurity and the Business World
Legal and Infosec strategies to deal with exploding Cyber Liability Insurance premiums
Important Clarifications on CMMC v2 from CMMC Day May 9, 2022
The Past, Present and Future of Cybersecurity From the Viewpoint of a Venture Capitalist
Understanding Attack Surface Management and How It Applies to Your Cyber Security Strategy
The Convergence of Physical & Cyber Security and the Impact to Cyber Security Professionals
What CMMC 2 Guidance Means for Managed Service Providers (MSPs)
8 Ingredients for Baking Inclusivity into Your Culture
Becoming More Efficient w/ a Cloud-Native Approach
Use the CSA Cloud Controls to Maximize Your Security & Reduce Your Risk of Breach
Ongoing Challenges in CMMC
Is Open Source the Future of Endpoint Security
The AWS Approach to Provable Security
What Does the New ISO 27002 Update Mean for You?
CMMC 2.0 & Continuous Compliance w/ Andrea Willis
8 Information Security Predictions for 2022
Government Security Guidance: How We Got Here
How Hardware Hackers Exploit IoT Vulnerabilities w/ Joe Grand
Bridging the Gap Between Security & Development Teams w/ Harshil Parikh
Why Cloud Is More Secure Than Your Average On-Prem Solution w/ Mark Richman
How Configuration Management Makes Security Simple w/ Brian Hajost
CMMC 2.0 is Here! Find Out What It Really Means for DIB and Non-DIB USG
How Simply Cyber Helps People Pivot to a Cybersecurity Career w/ Gerald Auger
Can You Benefit from Attack Surface Management? w/ Steve Ginty
Why Continuous Compliance Matters More than Ever w/ Mosi Platt
How HIPAA Compliant Email is Revolutionizing Healthcare w/ Hoala Greevy
Private Practices: How to Prioritize Privacy in Your Organization w/ Jason Powell
Why Information Security Is Key to Business Strategy w/ Chris Dorr
Head in the Clouds: Multi-Cloud Security & Governance w/ John Grange
Can We Predict Security Threats w/ Machine Learning? w/ Johnna Verry
What People Get Wrong About ISO 27001 Compliance
Bridging the Gap Between Traditional Compliance & DevOPs w/ Raj Krishnamurthy
A Guide for Validating Your Security Process w/ John Verry
Governing Cybersecurity: A Process for Becoming Provably Secure & Compliant w/ John Verry
The Cybersecurity Executive Order: What You Need to Know w/ Scott Sarris
Your Passwords Are Failing You w/Josh Amishav-Zlatin
Information Governance w/David Gould
DIBCAC & CMMC Audit Prep w/ George Perezdiaz & Caleb Leidy
Trust Is a Vulnerability: 5 Steps on the Path to Zero Trust with John Kindervag
You Are a Target: Assessing Cybersecurity Risk with Dr. Eric Cole
CMMC Assessments Are Here: What You Need to Know with Stacy High-Brinkley
Everything You Need to Know About StateRAMP with Leah McGrath
How EDR & NDR Help You Make Better Security Decisions with Chris Neyhuis
How PreVeil Drive Makes Storing and Sharing Data More Secure with Sanjeev Verma
Lessons Learned in Our Initial 27701 Certification Audits
Using your ISO 9001 Management System to Simplify CMMC Certification
How to Communicate Across Departmental Divides
MSPs, MSSPs & Validation: What You Need to Know
Why CMMC Is the Most Significant Standard of all Time
CMMC Level 1: An Overview
Solutions to Security, Compliance, and Technology Challenges in Aerospace
CMMC Level 3: What Government Staffing Agencies Need to Know
The ISVS: What You Need to Know
FedRAMP: What You Need to Know
How Data Privacy Standards Affect Your Business
Should You Invest in a GRC Tool for Security & Compliance?
CMMC Compliance: The Nuances You Should Know
GCC High Demystified: What CMMC Compliance Means for DIB Firms
What DIB Firms Need to Know About the CMMC Interim Rule
The Secrets to Keeping Your SaaS Secure
32. How IoT Is Shaping the Future of Cybersecurity
31. A Brief History of NIST Guidance
30. How to Beat the 6 Most Challenging CMMC L3 Requirements
29. How COVID-19 Is Shaping Security’s Future w/Reg Harnish
28. Why 800-171 Compliance Isn’t Going Away Any Time Soon w/John Ellis
27. How DevOps Took Over (& Why You Should Care) w/Jon Bass
26: How to Optimize Your ISMS w/Rich Stever
25: CMMC Compliance & Continuous Monitoring Made Simple w/Chris Lank
24: Everything You Need to Know About ISO 27001 Audits w/ Ryan Mackie
23. Why Security Is So Important for a Growing SaaS w/ Jesse Nash
22. CMMC Training & Assessments: Rollout, Certification & Competition w/ Ben Tchoubineh
21. CMMC Compliance Doesn’t Have to Be Hard (or Pricey) w/ Sanjeev Verma
20. Faster, Better & Cheaper Vendor Due Diligence Reviews w/ Kevin Hermosura
19. Why Application Security is a Team Sport and How Your Team Can Win w/ Joe Manico
18. IT & Security: How to Do More with Less w/ Jose Ciriaco
17. CMMC Certification Audits—Can You Leverage ISO 27001? w/ Thomas Price
16. Why Buyers of Security Services Need to Leverage CREST w/ Ian Glover
15. The OWASP Top Ten is Great, but is it Enough? w/ Andrew van der Stock
14. How Computer Forensics Protects Your Data During Litigation w/ Brian Dykstra
13. Why ISO 27701 is the Answer to Privacy Compliance w/ Debbie Zaller
12. Disaster Recovery, Business Continuity, and Data Resilience w/ Cosmo Gazzani
11. OWASP ASVS: The Go-To Standard for Application Security w/ Daniel Cuthbert
10. Exostar and Their Role in Your CMMC Certification w/ Stuart Itkin
9. When an SMB Should Implement a SIEM w/ Danielle Russell
8. Resilience Guidance and the SCA w/ Tom Garrubba
7: Dead CISO's Don't Get Bonuses w/ Dr. Joel Kahn
6. The Virtual CIO: What it Is and What it Isn’t w/ Darek Hahn
5. Staying Secure in a COVID-19 World w/ John Verry
4. True Confessions of a Real Virtual CISO w/ Andrew Farkas
3. ISO 27001 vs. SOC 2 – Which Attestation is Right For You? w/ Dan Schroeder
2. How to Attract and Retain Cyber Talent w/ Deidre Diamond
1. CMMC: What You Need to Know About DoD Cybersecurity Regulation w/ Katie Arrington
Welcome to The Virtual CISO Podcast