In this episode of the Virtual CISO Podcast, host John Verry and guest Chris Schaeffer discuss
the HITRUST framework, its evolution, and its significance in the cybersecurity landscape. They
delve into the Common Security Framework (CSF), the different assessment models (E1, I1,
R2), and how HITRUST compares to other frameworks like SOC 2 and ISO 27001. The
conversation also touches on the future of HITRUST, including potential reciprocity with other
standards and the impact of emerging technologies like AI.

In this episode of the Virtual CISO Podcast, John Verry speaks with Kenny Scott, founder and CEO of Paramify, about the challenges of cyber risk management and the potential of OSCAL (Open Security Controls Assessment Language) in simplifying compliance and documentation processes. They discuss the importance of structured digital communication in security, the complexities of FedRAMP, and how OSCAL can streamline the documentation process, ultimately reducing costs and improving efficiency in security programs. In this conversation, Kenny and John discuss the challenges and strategies for adopting OSCAL (Open Security Controls Assessment Language) in organizations. They explore the importance of understanding data flows for compliance, the role of AI in streamlining compliance processes, and the potential for OSCAL to transform how organizations manage security and compliance documentation. They also touch on the future of OSCAL and its relevance in various compliance frameworks beyond FedRAMP. 

In this episode, John Verry interviews Eric Gumanofsky, Vice President for Product Innovation at Tenable Security, about the concept of Cloud Detection and Response (CDR). They discuss the similarities and differences between CDR and Endpoint Detection and Response (EDR), as well as the integration of CDR into a comprehensive Cloud Native Application Protection (CNAP) solution. They also explore the challenges and benefits of automating response in the cloud and the importance of risk-based decision-making. The conversation highlights the evolving nature of the cloud security space and the need for organizations to stay informed and make informed decisions. 

In this episode, John Verry and Matt Webster discuss the evolving landscape of virtual CISO services, exploring the common pitfalls and failures associated with these projects. They emphasize the importance of clear expectations, the distinction between a virtual CISO and a virtual security team, and the necessity of executive buy-in for successful cybersecurity initiatives. The conversation also highlights the need for specialized expertise in various cybersecurity domains and the challenges of maintaining focus amidst tactical distractions. They explore the tactical challenges organizations face, the importance of redundancy in virtual CISO services, and how breaches can impact these engagements. The discussion emphasizes the need for cultural fit and industry-specific knowledge when hiring a virtual CISO, ensuring organizations can navigate the ever-evolving cybersecurity landscape effectively. 

In this conversation, John Verry interviews Steph Shample, Cybercrime Analyst for DarkOwl, about the dark web and its implications for cybersecurity professionals. They discuss: 

• The basics of the dark web, its purpose, and the types of activities that take place there. 

• They also explore the value of darknet data for threat intelligence and how it can be used to understand and combat cyber threats.  

• Cybersecurity professionals can benefit from understanding the dark web to gain insights into the tactics, techniques, and procedures used by threat actors. 

• Additionally, they touch on the evolving nature of cyber attacks and the importance of sharing information within industry-specific groups and the role of tools like Dark Owl in proactively monitoring the dark web.  

In this episode of the Virtual See-So Podcast, host John Verry speaks with Sanjeev Verma, chairman and co-founder of Prevail, about the intricacies of CMMC compliance and the importance of cybersecurity. They discuss: 

• The delays in CMMC implementation, key elements of the new regulation, and the importance of being prepared for compliance.  

• The complexities of compliance with CMMC regulations, the importance of documentation, and the implications of using cloud services and VDI.  

• They emphasize that compliance is an ongoing process requiring annual affirmation and that organizations must be proactive in their cybersecurity measures. T 

• They highlight the necessity of flow down requirements and the role of encryption in protecting sensitive data. 

In this episode of The Virtual CISO Podcast, your host John Verry is joined by Mike Craig to break down the differences between FedRAMP, TxRAMP, AZRAMP, and StateRAMP.

Together, they discuss:How the Naoris Protocol establishes decentralized trust for compute endpoints.

•  Key distinctions between the RAMP frameworks and how they impact an organization's path to Authorization to Operate (ATO).
• How Organizationally Defined Parameters (ODPs) shape the implementation of controls across different RAMPs.
• The impact of Federal Acquisition Regulations (FAR) on FedRAMP technical architecture and cost recovery.
• Why nearly 60% of FedRAMP projects fail, and how strategic planning can help companies avoid costly mistakes.
•  And more!

If you're considering federal cybersecurity compliance or just want to stay ahead in cloud security, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe for more insightful episodes. For updates on cybersecurity, digital technology, and more, follow us on LinkedIn: https://www.linkedin.com/company/pivot-point-security/

In this episode of The Virtual CISO Podcast, your host, John Verry, sits down with David Carvalho, a cryptography and cybersecurity expert with over 25 years of experience, to explore the next frontier in cybersecurity: decentralized security models and post-quantum cryptography.

• How the Naoris Protocol establishes decentralized trust for compute endpoints.
•  The importance of a decentralized security baseline for digital trust.
• Real-world applications in cyber insurance and regulatory compliance.
• The growing threat of quantum computing and the need for post-quantum security.
• And more!

If you're considering federal cybersecurity compliance or just want to stay ahead in cloud security, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe for more insightful episodes. For updates on cybersecurity, digital technology, and more, follow us on LinkedIn: Pivot Point Security.

In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with Aviv Grafi, CTO and founder of Votiro, as they discuss innovative solutions to combat business email compromise. Join us as we discuss:

• The mechanisms of business email compromise
•  How malicious files are used in cyberattacks
•  The limitations of traditional security methods
•  The benefits of malicious file reconstruction technology

And more! If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast. For updates on cybersecurity, digital technology, and more, follow us on LinkedIn:https://www.linkedin.com/company/pivot-point-security/

Join us for an engaging episode of the Virtual CISO Podcast with host John Verry. This episode features Chris Petersen, co-founder of LogRhythm and current CEO of Radical. Chris brings over two decades of experience in cybersecurity, offering deep insights into the industry's challenges and advancements. In this episode, we'll explore:

 - The surprising results from Radical’s DIB Cybersecurity Survey, including the incongruity between high self-assessed security skills and other survey responses.
 - The critical issue of poor scoping in System Security Plans (SSPs) and its impact on the effectiveness of security monitoring within the Defense Industrial Base (DIB).
 - The paradox of organizations delaying CMMC certification despite acknowledging the lengthy process and the looming enforcement deadline.

If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast. For updates on the state of cybersecurity, digital technology, and more, follow us on LinkedIn, https://www.linkedin.com/company/pivot-point-security/

Join us for an engaging episode of the Virtual CISO Podcast with host John Verry. This episode features Kevin Dinino, President of KCD PR, who delves into the critical aspects of crisis management and communications. Kevin brings over 20 years of experience in guiding companies through the complexities of strategic communications, particularly in the cybersecurity, financial, and technology sectors. In this episode, we'll explore:

•  The nuances of differentiating between an incident and a crisis, and how to handle the transition from one to the other.
• The essential components of a comprehensive crisis management plan and the importance of integrating cyber incident response with overall crisis communication strategies.
• Real-world examples of effective crisis communication, including the famous Tylenol recall and modern-day cyber incidents.
• The evolving landscape of cyber liability insurance and the role of PR firms in mitigating the reputational impact of security breaches. 
•  Insights into the latest federal disclosure requirements and their implications for incident and crisis management.

If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast. For updates on the state of cybersecurity, digital technology, and more, follow us on LinkedIn,   / pivot-point-security  .

In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with guest Zenobia Godschalk, Senior Vice President of Hedera Hashgraph, as they discuss distributed ledger technology and its effects on privacy compliance.

Join us as we discuss the following: 

• The erosion of Privacy Online

• Distributed Ledger Technology (DLT) and how it enables Web 3

• How DLT can be used to improve security and compliance with Privacy regulations

If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast.

For updates on the state of cybersecurity, digital technology, and more, follow us on LinkedIn: https://www.linkedin.com/company/pivot-point-security/