GRC Academy

In this episode, Jacob speaks with ISO 27001 expert Aron Lange! Aron is the founder of the GRC Lab, and a Udemy instructor with more than 11,000 students! He is an experienced auditor for management systems based on ISO 27001, ISO 9001, ISO 27018 and ISO 22301. In this episode they discuss the essentials of ISO 27001 including the history of the standard and the changes in the latest revision, but also the significance of the organizations involved and the danger of ISO “certification paper mills.” Here are some highlights from the episode: Follow Aron on LinkedIn: https://www.linkedin.com/in/aronlange/ Aron’s Udemy courses: https://www.udemy.com/user/aron-lange/ Aron’s Website: https://www.aronlange.com/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e23&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode, Jacob speaks with cybersecurity researcher Patrick Garrity! Patrick Garrity is a seasoned security researcher at VulnCheck where he focuses on vulnerabilities, vulnerability exploitation and threat actors. In this episode they discuss the importance of integrating threat intelligence into vulnerability management using the Exploit Prediction Scoring System (EPSS), CISA Known Exploited Vulnerabilities Catalog, and the changes in CVSS 4.0! Here are some highlights from the episode: Follow Patrick on LinkedIn: https://www.linkedin.com/in/patrickmgarrity/ VulnCheck Website: https://vulncheck.com/ Thanks to our sponsor Keeper Security! Need a FedRAMP authorized Password Manager? See how Keeper can help you comply with CMMC: https://www.keepersecurity.com/cmmc/?utm_source=grcacademy&utm_medium=display&utm_campaign=cmmc_video Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e22&utm_campaign=courses

In this episode, Jacob speaks with attorney Julie Bracker! Julie is the whistleblower attorney for both the Penn State University and Georgia Tech University FCA complaints. These complaints essentially allege the defendants misrepresented their compliance with NIST 800-171! They discuss the False Claims Act and the DOJ's Civil Cyber Fraud Initiative, and what federal contractors can do to avoid being the subject of a whistleblower complaint! Here are some highlights from the episode: Follow Julie on LinkedIn: https://www.linkedin.com/in/juliekeetonbracker/ Bracker & Marcus LLP Website: https://www.fcacounsel.com/ Penn State FCA Complaint: https://cdn.grcacademy.io/web/20240325204912/penn-state-university-false-claims-act-complaint.pdf Georgia Tech FCA Complaint: https://cdn.grcacademy.io/web/20240325204909/georgia-tech-university-false-claims-act-complaint.pdf 2023 DoJ Report of FCA settlements (more than $2.68 billion): https://www.justice.gov/opa/pr/false-claims-act-settlements-and-judgments-exceed-268-billion-fiscal-year-2023 ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e21&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode, Jacob speaks with a panel of information security experts from universities about CMMC and their experience preparing for it! They discuss security and compliance challenges at universities, the Penn State NIST 800-171 False Claims Act lawsuit, and much more! Here are some highlights from the episode: Here are the panelists: https://www.linkedin.com/in/jay-gallman/https://www.linkedin.com/in/kolin-hodgson-cisa-cissp-4bbb9a/https://www.linkedin.com/in/melissa-kimble/https://www.linkedin.com/in/wendyepley/Thanks to our sponsor Keeper Security! Need a secure file sharing solution? Register for a webinar showing how Defense Contractors can share sensitive information using Keeper: https://grcacademy.io/ref/keeper/webinar-cmmc-file-sharing-april-2024/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e20&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode, Jacob talks to Dr. Raghuram Srinivas from MetricStream! They discuss the beginnings of AI, how it has evolved over time, and the risks and opportunities it presents to companies around the world! Raghuram is the Senior Vice President of Product Management at MetricStream. He is an AI expert and has worked in AI-focused roles at JPM Chase, KPMG, as well as the Watson Group at IBM. Here are some highlights from the episode: Follow Ragu on LinkedIn: https://www.linkedin.com/in/raghuramsrinivas/ MetricStream website: https://www.metricstream.com/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online cyber GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e19&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode, Jacob talks to Patrick Perry from Zscaler. They discuss Zscaler's experiences navigating the FedRAMP and DoD Impact Level processes as well as Zero Trust! Pat is a cybersecurity expert with over 20 years of experience. He currently works at Zscaler as Field CTO and is responsible for the alignment of Zscaler capabilities to the DoD and IC mission sets in order to provide dynamic, mission-focused, innovative approaches to enable transformation and zero trust to warfighter organizations. Zscaler U.S. Government Solutions enables the U.S government and their strategic partners to securely transform their networks and applications for a mobile and cloud-first world. Zscaler's FedRAMP Moderate/High/DoD IL5-authorized solutions ensure fast, secure connections between users and applications, regardless of device, location, or network. Here are some highlights from the episode: Follow Patrick on LinkedIn: https://www.linkedin.com/in/perrypn2019/ Zscaler website: https://www.zscaler.com/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e18&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob speaks with Derrich Phillips from Aspire Cyber about best practices and tips when filling out cybersecurity questionnaires. Derrich Phillips is a cybersecurity expert with over 20 years of experience in the field. He started his career in the Army's security operations center, defending networks against cyber attacks. As the founder of Aspire Cyber, he focuses on helping small companies prove their cybersecurity readiness to handle information for enterprise customers. Here are some highlights from the episode: Check out this video where Derrich and I discuss how ChatGPT can be used in information security compliance: https://youtu.be/IAAJPJLBeaY Follow Derrich on LinkedIn: https://www.linkedin.com/in/derrichphillips/ Aspire Cyber website: https://www.aspirecyber.com/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e17&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob speaks with Shauna Weatherly from FedSubK.com. Shauna recently retired from the federal government after serving more than 35 years in the federal acquisition / contracting space! During her career she served as chief of contracting, contracting officer representative, and as an advisor to the Civilian Agency Acquisition Council (CAAC). She even has direct experience in the federal rulemaking process, and contributed to FAR case 2017-016, also known as the FAR CUI rule, which will contractually require the implementation of NIST SP 800-171 on federal contracts. Join us as we pull back the curtain on the federal rulemaking process and more! Here are some highlights from the episode: Follow Shauna on LinkedIn: https://www.linkedin.com/in/shauna-weatherly/ FedSubK website: https://www.fedsubk.com/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e16&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob speaks with Michael Greenman from Deltek. Michael has worked in government and cloud-based technology for over 20 years, and currently works at Deltek in the Product Strategy group and is the evangelist for cybersecurity compliance and cloud services! Michael shares Deltek's perspective on security and compliance as a cloud service provider. Here are some highlights from the episode: Follow Michael on LinkedIn: https://www.linkedin.com/in/michael-greenman-94952a3/ Deltek website: https://www.deltek.com/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e15&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob speaks with Dr. Thomas Graham who is a CMMC assessor. Thomas is the Vice President and CISO at Redspin, and Redspin is the first CMMC Third Party Assessor Organization (C3PAO)! This episode has a lot of great information for the defense industrial base!Here are some highlights from the episode: Follow Thomas on LinkedIn: https://www.linkedin.com/in/tgrahamphd/ Redspin website: https://www.redspin.com ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e14&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob Hill talks with Jacob Horne from Summit 7! Jacob Horne is Summit 7's Chief Security Evangelist, and has a unique genetic superpower that allows him to delve into NIST publications & government regulations without experiencing even a hint of boredom! In the episode Jacob Horne explains the history leading up to the CMMC program, when CMMC may be required, and the significance of the FAR CUI rule! Here are some key topics we discussed: Follow Jacob on LinkedIn: https://www.linkedin.com/in/jacob-evan-horne/ Summit 7 website: https://www.summit7.us/ Jacob Horne's Deep dive on CMMC rulemaking timeline: https://www.youtube.com/watch?v=qyLDQxo-YPg Federal Rulemaking book: https://www.amazon.com/Rulemaking-Government-Agencies-Write-Policy/dp/1483352811/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e13&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob talks with Dr. Ron Ross from NIST! This is the final of a three-part series with Dr. Ross. In the episode Dr. Ross shares his thoughts on topics like ChatGPT, zero trust, his top 5 security controls, advice to folks new to cybersecurity, and much more! Here are some key topics we discussed: Dr. Ross is the author of multiple publications including Risk Management Framework (RMF), NIST 800-53, NIST 800-171, and many more! Dr. Ross leads the FISMA Implementation Project which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure. He also leads the Joint Task Force, an interagency group that includes the DoD, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for developing a unified information security framework for the federal government and its contractors. Follow Ron on LinkedIn: https://www.linkedin.com/in/ronrossecure/ NIST CSRC Website: https://csrc.nist.gov/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e12&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob talks with Dr. Ron Ross from NIST! This is the 2nd of a three-part series with Dr. Ross. In the episode Dr. Ross shares a status update on NIST 800-171 revision 3. At the time of this recording, NIST has released the 1st initial draft, and the 1st public comment period has closed. Here are some key topics we discussed: Dr. Ross is the author of multiple publications including Risk Management Framework (RMF), NIST 800-53, NIST 800-171, and many more! Dr. Ross leads the FISMA Implementation Project which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure. He also leads the Joint Task Force, an interagency group that includes the DoD, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for developing a unified information security framework for the federal government and its contractors. Follow Ron on LinkedIn: https://www.linkedin.com/in/ronrossecure/ NIST CSRC Website: https://csrc.nist.gov/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e11&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob talks with Dr. Ron Ross from NIST! This is the 1st of a three-part series with Dr. Ross. In the episode Dr. Ross shares the fascinating history of NISTs involvement in cyber security! Here are some key topics we discussed: Dr. Ross is the author of multiple publications including Risk Management Framework (RMF), NIST 800-53, NIST 800-171, and many more! Dr. Ross leads the FISMA Implementation Project which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure. He also leads the Joint Task Force, an interagency group that includes the DoD, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for developing a unified information security framework for the federal government and its contractors. Follow Ron on LinkedIn: https://www.linkedin.com/in/ronrossecure/ NIST CSRC Website: https://csrc.nist.gov/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e10&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob talks with operational technology (OT) cybersecurity expert Joseph Loomis! Joseph is the President of Secrabus Inc where he performs cybersecurity assessments on Oil & Gas companies to help elevate their security posture and protect their critical assets. Joseph shares his experiences after more than 15 years in the Oil & Gas industrial control system (ICS) and OT cybersecurity space. Here are some key topics we discussed: Follow Joseph on LinkedIn: https://www.linkedin.com/in/josephloomis/ Secrabus Inc's Website: https://secrabus.com/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e9&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob talks with GRC professional Jonathan Fisher. Jonathan shifted into the GRC field after 20 years in the military supporting aircraft maintenance, and explains how others can do the same! Here are some key topics we discussed: Follow Jonathan on LinkedIn: https://www.linkedin.com/in/jonfisher11/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e8&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob speaks with privacy attorney Donata Stroink-Skillrud. Donata is the chair of the American Bar Association’s ePrivacy committee, and has an excellent understanding of privacy laws in the US and the EU. She shares the impact of US and EU privacy laws on businesses, how they can plan to comply, and much more! Here are some key topics we discussed: Donata's website: https://termageddon.com Follow Donata on LinkedIn: https://www.linkedin.com/in/donata-stroink-skillrud/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e7&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob speaks with Koren Wise who is a highly experienced CMMC consultant, assessor, and instructor. Koren offers insights from her experience helping companies prepare for CMMC, and gives advice on hiring the right CMMC consultant and assessor for your business - and much more!. Here are some of the topics we discussed: Follow Koren on LinkedIn: https://www.linkedin.com/in/koren-wise/ Koren's website: https://www.wtinetworks.com ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e6&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob speaks with Rick Rosenberry about Cyber Insurance in the context of DoD and government contracting. Rick is an insurance broker and a CMMC Registered Practitioner, and he explains that not all cyber insurance policies are equal and the importance of working with an insurance broker that understands cybersecurity and your regulatory environment. Here are a few of the topics we discussed: Follow Rick on LinkedIn: https://www.linkedin.com/in/rick-rosenberry/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e5&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob speaks with Laura Rodgers about her work helping to prepare North Carolina businesses for the DoD's Cybersecurity Maturity Model Certification (CMMC). Laura has established an excellent training program that guides North Carolina businesses in the creation of cybersecurity programs. The effort is in collaboration with the North Carolina Military Business Center, North Carolina State University, and other strategic partners. Here are a few of the topics we discussed: Follow Laura on LinkedIn: https://www.linkedin.com/in/lauradrodgers/ Cyber NC website: https://www.cybernc.us/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e4&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/