Introducing the Penn State Whistleblower. In this episode, the whistleblower explains how he tried to stop Penn State from misrepresenting their NIST 800-171 compliance to the DoD and what he has faced since he blew the whistle! Whistleblower attorney Julie Bracker also shares what the media got wrong in this case and the latest on the Georgia Tech FCA case! Here are a few highlights from this episode: - Hear directly from the whistleblower in this False Claims Act case - What the media got...

Confused about Microsoft 365 and DFARS/CMMC compliance? In this episode, I speak with Richard Wakeman, Chief Architect for cybersecurity of Aerospace & Defense @ Microsoft! We discuss the history of the government clouds, the need behind GCC and GCC High, and much more! Here are some highlights: The origins of the Microsoft cloudsWhich clouds support DFARS 7012 complianceWhen will GCC High be FedRAMP authorized?CUI enclave considerationsRichard is a wealth of knowledge, and I have...

Is your MSP a cybersecurity liability? In this episode, I speak with Brian Hubbard, President of Evolved Cyber Solutions and the MSP Cybersecurity Exchange! We discuss the state of MSP cybersecurity and how MSPCyberX is elevating the security posture of MSPs everywhere! Here are some highlights: Why MSPs are so critical to our nation's securityThe inevitable regulations that will target MSPsMSPs involvement during CMMC assessmentsHow MSPCyberX can helpGRC Academy partnered with MSPCyberX...

FREE CMMC gap assessments!! FREE penetration tests!! FREE SOC & incident response!! This is a hidden CMMC treasure that no one's talking about! In this episode, I speak with Darren Mott about the FREE cybersecurity services offered to the DIB by the National Cybersecurity Operations Center! Here are some of the FREE services they offer: CMMC gap assessmentsPenetration testingSOC & Incident responseForensic analysisThreat intelligenceI had no idea the National CSOC existed! This is an...

Want a high paying job in GRC? Want to build a powerful GRC team? In this episode, I spoke with Kenneth Moras, Security GRC Lead at Plaid. Kenneth has worked in critical GRC roles in big tech companies like Adobe and Meta! He was heavily involved in the cyber response to international regulators after severe breaches. Here are some highlights: What you need to do and know to get a job in GRCHow to master GRC3 critical skillsets you need in your cyber GRC teamHow regulatory incident response...

Throw away your plastic driver's license - digital IDs have entered the chat! In this episode, I spoke with Dr. Paul Ashley, the CTO of Anonyome Labs. Paul explains how widespread online surveillance is, the evolution of digital identity from centralized to decentralized models, how digital wallets work, and what big tech doesn't want you to know! Here are a few highlights from this episode: Big tech's surveillance economyEvolution of digital identityDecentralized IdentityGlobal adoption of...

Introducing the Georgia Tech Whistleblowers. In this episode, the whistleblowers explain how they tried to stop Georgia Tech from allegedly LYING to the government about their NIST 800-171 compliance and what they have faced since they blew the whistle! Whistleblower attorney Julie Bracker also shares what could come next and how much Georgia Tech may have to pay out! Here are a few highlights from this episode: Hear directly from the whistleblowers in this False Claims Act caseDetails on the...

Zero Trust is NOT complicated! Don't believe me? Let me introduce you to its creator! In this episode, Jacob speaks with John Kindervag, the creator of Zero Trust. John is the Chief Evangelist at Illumio where he accelerates awareness and adoption of Zero Trust Segmentation. In the episode he shares the origin story of Zero Trust starting with his time at Forrester Research. He explains the fundamental principles of Zero Trust, debunks common misconceptions, and how you can implement Zero...

Introducing the Cisco Whistleblower. In this episode, Jacob speaks with lawyer Hamsa Mahendranathan about the FIRST cybersecurity False Claims Act (FCA) lawsuit that reached a settlement! This goes all the way back to 2008 believe it or not… The lawsuit was FINALLY settled in 2019! As we all know, the DoJ has intervened in the Georgia Tech NIST 800-171 FCA whistleblower complaint. Wonder what the whistleblowers may be dealing with? Maybe you want to blow the whistle yourself and don't know...

Think your users are resistant to CMMC? You ain't seen nothin' yet! In this episode, Jacob speaks with Daniel Stark of Meerkat Cyber about the unique CMMC compliance challenges in a manufacturing environment. Here are some highlights: Daniel's experience running IT in a family-owned manufacturing shopHow Controlled Unclassified Information (CUI) flows on the shop floorPhysical and environmental security constraints unique to manufacturingHow ISO 9001 / AS9100 can help get the buy in for...

So… How do I get a CMMC’d early? In this episode, Jacob speaks with Steven Molter of IntelliGRC about his experiences helping IntelliGRC clients complete NIST 800-171 Joint Surveillance Voluntary Assessments (JSVAs). Here are some highlights: The JSVA process & how to request oneThe different teams within DIBCACThe challenge of subjectivity during assessmentsAdvice for companies preparing for JSVAsHow a company convinced DIBCAC to "upgrade" from a traditional DIBCAC high assessment to a...

In this episode, Jacob speaks with Brian Kowalski, Senior Vice President of Federal at Hypori. In the episode they discuss Hypori's origin story and its innovations in the mobile security space. Here are some highlights from the episode: Hypori's origin story and its roots starting as an NSA Commercial Solutions for Classified Program (CSfC) productHow it is different from traditional Mobile Device Management (MDM)How it works, its certifications, and its deployment optionsHow Hypori can help...

In this episode, Jacob speaks with Mr. Mark Nicholls! Mark is the CEO of Information Professionals Group and has over 30 years of experience! In the episode they discuss the business case for information security, and how cybersecurity professionals can effectively communicate with the C-suite and other business leaders! Here are some highlights from the episode: The Importance of information security in businessThe Importance of securing dataHow cyber professionals should engage with...

In this episode, Jacob speaks with Penetration Tester & Social Engineer Chris Silvers! Chris Silvers is the founder of CG Silvers Consulting! Chris has a vast amount of experience ranging from CMMC assessments to penetration testing. He even won the prestigious DEF CON black badge during the DEF CON 24 Social Engineering Capture the Flag (SECTF)! In this episode they focus on how organizations can defend against social engineering attacks! Here are some highlights from the...

In this episode, Jacob speaks with ISO 27001 expert Aron Lange! Aron is the founder of the GRC Lab, and a Udemy instructor with more than 11,000 students! He is an experienced auditor for management systems based on ISO 27001, ISO 9001, ISO 27018 and ISO 22301. In this episode they discuss the essentials of ISO 27001 including the history of the standard and the changes in the latest revision, but also the significance of the organizations involved and the danger of ISO “certification paper...

In this episode, Jacob speaks with cybersecurity researcher Patrick Garrity! Patrick Garrity is a seasoned security researcher at VulnCheck where he focuses on vulnerabilities, vulnerability exploitation and threat actors. In this episode they discuss the importance of integrating threat intelligence into vulnerability management using the Exploit Prediction Scoring System (EPSS), CISA Known Exploited Vulnerabilities Catalog, and the changes in CVSS 4.0! Here are some highlights from the...

In this episode, Jacob speaks with attorney Julie Bracker! Julie is the whistleblower attorney for both the Penn State University and Georgia Tech University FCA complaints. These complaints essentially allege the defendants misrepresented their compliance with NIST 800-171! They discuss the False Claims Act and the DOJ's Civil Cyber Fraud Initiative, and what federal contractors can do to avoid being the subject of a whistleblower complaint! Here are some highlights from the episode: What is...

In this episode, Jacob speaks with a panel of information security experts from universities about CMMC and their experience preparing for it! They discuss security and compliance challenges at universities, the Penn State NIST 800-171 False Claims Act lawsuit, and much more! Here are some highlights from the episode: How universities are different from other types of organizationsDifferent compliance requirements for universitiesWho is involved in the execution of a government contract?The...

In this episode, Jacob talks to Dr. Raghuram Srinivas from MetricStream! They discuss the beginnings of AI, how it has evolved over time, and the risks and opportunities it presents to companies around the world! Raghuram is the Senior Vice President of Product Management at MetricStream. He is an AI expert and has worked in AI-focused roles at JPM Chase, KPMG, as well as the Watson Group at IBM. Here are some highlights from the episode: The history of AIHow do large language models (LLMs)...

In this episode, Jacob talks to Patrick Perry from Zscaler. They discuss Zscaler's experiences navigating the FedRAMP and DoD Impact Level processes as well as Zero Trust! Pat is a cybersecurity expert with over 20 years of experience. He currently works at Zscaler as Field CTO and is responsible for the alignment of Zscaler capabilities to the DoD and IC mission sets in order to provide dynamic, mission-focused, innovative approaches to enable transformation and zero trust to warfighter...

In this episode Jacob speaks with Derrich Phillips from Aspire Cyber about best practices and tips when filling out cybersecurity questionnaires. Derrich Phillips is a cybersecurity expert with over 20 years of experience in the field. He started his career in the Army's security operations center, defending networks against cyber attacks. As the founder of Aspire Cyber, he focuses on helping small companies prove their cybersecurity readiness to handle information for enterprise...

In this episode Jacob speaks with Shauna Weatherly from FedSubK.com. Shauna recently retired from the federal government after serving more than 35 years in the federal acquisition / contracting space! During her career she served as chief of contracting, contracting officer representative, and as an advisor to the Civilian Agency Acquisition Council (CAAC). She even has direct experience in the federal rulemaking process, and contributed to FAR case 2017-016, also known as the FAR CUI rule,...

In this episode Jacob speaks with Michael Greenman from Deltek. Michael has worked in government and cloud-based technology for over 20 years, and currently works at Deltek in the Product Strategy group and is the evangelist for cybersecurity compliance and cloud services! Michael shares Deltek's perspective on security and compliance as a cloud service provider. Here are some highlights from the episode: How Michael got into cybersecurityDeltek's government cloudsDFARS 252.204-7012's C - G...

In this episode Jacob speaks with Dr. Thomas Graham who is a CMMC assessor. Thomas is the Vice President and CISO at Redspin, and Redspin is the first CMMC Third Party Assessor Organization (C3PAO)! This episode has a lot of great information for the defense industrial base!Here are some highlights from the episode: Redspins' experience becoming the first C3PAONotable changes in NIST 800-171 r3CMMC challenges and misconceptionsTips for selecting the right CMMC consultant and assessorOther...