In this week’s episode of the Future of Cyber Risk podcast, David speaks to Eric Adams, CEO/CISO at Federal Cyber Defense Solutions. They discuss what FedRAMP and FISMA are, how to use NIST as a roadmap to federal compliance, and what controls you need to implement for those requirements. They also talk about the need for vulnerability context and continuous monitoring, the importance of having leadership support behind your compliance efforts, and how AI will impact the future of security — but only if it’s used for good. Topics discussed: How to understand the differences in NIST, FISMA, and FedRAMP and how NIST is the roadmap that can lead you to federal compliance. How to better understand the controls you need to apply for something like FedRAMP compliance. Why you need to have leadership commitment and support behind your security compliance efforts. Why you can be compliant but not secure and what questions and suggestions can guide your efforts to increase security. Why vulnerability prioritization based on context and continuous monitoring needs to be part of your compliance approach. How the future of security will include more automation and AI — but only if it’s used properly.