Join Derrich Phillips, Lead Certified CMMC Assessor (CCA), as he interviews Tatiana Marin, Director, Information Security at Kruze Consulting. In this episode, Tatiana shares her unique journey into cybersecurity, her strategies for building a strong security culture, and valuable insights on navigating SOC 2 compliance.

Key Topics Covered:

• Transitioning from operations management to cybersecurity leadership
• Practical tips for managing SOC 2 audits and selecting the right tools
• The importance of leadership support and fostering a security-first mindset
• Leveraging external partners to enhance cybersecurity for small businesses
• Balancing rapid growth with robust security in a remote work environment   
• Takeaways: Tatiana highlights the critical role of collaboration, effective communication, and leadership buy-in in creating a resilient cybersecurity posture. Her insights offer actionable advice for companies of all sizes. 
• Whether you're tackling SOC 2 compliance or looking to improve your cybersecurity practices, this episode is packed with practical guidance and inspiration. Visit www.cmmcproof.com

In this episode of the CMMC Proof Podcast, host Derrich Phillips interviews Melissa Burant, a supply chain project manager at Iowa State University CIRAS, to uncover the compliance challenges defense contractors face under the Cybersecurity Maturity Model Certification (CMMC).

 Melissa shares insights into bridging the gap between federal requirements and current compliance practices, emphasizing the importance of simplifying complex regulations and providing actionable steps for small and medium-sized manufacturers. She sheds light on the shortcomings of the current CMMC ecosystem, such as the lack of resources mapping back to federal requirements and the overwhelming information contractors must navigate.

The conversation dives into: The effectiveness of virtual boot camps in empowering companies to implement cybersecurity practices. How false claims and noncompliance cases impact small businesses. The importance of connecting cybersecurity efforts to revenue. Collaborative strategies to support manufacturers in the cybersecurity industry. Building targeted resources and simplifying the compliance journey for contractors. Melissa’s practical advice and passion for helping small businesses make this episode a must-watch for anyone navigating the complexities of CMMC compliance. 

Subscribe

 Visit www.cmmcproof.com

Join Emilyann Fogarty, CISO at NYSERNet, as she explores the unique cybersecurity challenges in higher education—from targeted attacks and compliance pressures to limited budgets. Emilyann shares her approach to building scalable security programs focused on risk management and aligned with institutional goals. Highlighting the importance of soft skills, effective communication, and relationship-building, she offers practical insights on asking the right questions and fostering trust within an organization.

Ready to accelerate your own compliance journey? Start your 7-day trial of CMMC Proof: Compliance Acceleration System at www.cmmcproof.com.

In this episode of the CMMC Proof Podcast, host Derrich Phillips sits down with Tammie McClellan, Deputy CISO at the University of Central Florida (UCF). With over 31 years of experience at UCF, Tammie dives into the challenges of CMMC compliance in the higher education and research space. She shares valuable insights on the Knight Shield initiative, which aims to streamline the compliance process while protecting Controlled Unclassified Information (CUI).

The conversation covers the evolving landscape of cybersecurity regulations, including NIST and the potential impact of future policies like NSPM-33. Tammie emphasizes the importance of collaboration between cybersecurity professionals and researchers to achieve seamless compliance. She also highlights the critical role of program managers and the need for continuous learning and mentorship in the field.

Don’t miss Tammie’s valuable insights on how R1 research universities like UCF are navigating the evolving world of cybersecurity compliance.

In this insightful conversation, cybersecurity coach and instructor Kenneth Ellington provides and overview how SIEM and SOAR technology to meet CMMC requirements, specifically for small businesses.

He shares practical advice on leveraging SIEM technology, emphasizing the importance of baseline understanding and tuning to avoid unexpected costs related to logging. Kenneth also offers tips on navigating license costs, data ingestion, and documentation to optimize cybersecurity efforts.

Kenneth highlights the importance of hiring staff with honesty, integrity, and technical competence to manage SIEM solutions effectively. He also discusses the growing role of AI in threat hunting and the value of continuous learning and personal growth in the field.

For businesses looking to strengthen their cybersecurity, Kenneth shares best practices, alternative solutions for log tracking, and the benefits of fractional SOC management services.

 Connect with us at www.aspirecyber.com

Visit https://kenneth-ellington-s-school.teachable.com/p/home to learn more about Kenneth Ellington

In this compelling episode, we explore the recent whistleblower lawsuit filed by the United States Department of Justice against Georgia Tech and Georgia Tech Research Corporation. This case, which alleges significant cybersecurity breaches, has sent shockwaves through the defense contracting and academic communities.

Key Takeaways:

• Specific Contracts and Violations: We break down the particular contracts involved and the critical cybersecurity lapses, including failure to implement a System Security Plan (SSP) and the use of a false cybersecurity score.
•  Egregious Violations: The case highlights the most serious violations—such as operating without anti-virus protection, submitting a fictitious SPRS score, and creating a false SSP based on a non-existent campus IT system.
• Intentional Misconduct: We delve into how Georgia Tech and GTRC knowingly violated federal cybersecurity requirements, particularly in handling Controlled Unclassified Information (CUI). Evidence and Documentation: Explore the evidence presented, including incriminating emails, text messages, and sworn testimonies that reveal a pattern of non-compliance and false claims.
• Impact on the Government: Learn about the damage done to the U.S. government, including millions of dollars paid for services that did not meet contractual obligations due to these cybersecurity failings.
• This episode is a must-watch for anyone involved in government contracting, cybersecurity, or compliance. We provide insights into how these violations were uncovered, the legal implications, and what this means for the future of cybersecurity in federally funded research. 🔔 Don’t forget to subscribe stay updated with our latest episodes on cybersecurity, legal developments, and more! Useful Links: DOJ Filing- https://www.justice.gov/opa/pr/united-states-files-suit-against-georgia-institute-technology-and-georgia-tech-research

Join us as Will Drake, Senior Security Analyst at Indiana University, dives into the intricate world of cybersecurity in academia. In this enlightening conversation, Will shares the successful strategies and challenges of the "Secure My Research" initiative, aimed at implementing cybersecurity best practices in research environments.

What You'll Discover:

• Streamlined Solutions: Learn how Indiana University is providing end-to-end secure solutions to support researchers.
• Advocacy in Action: Explore how advocacy helps overcome barriers and secure research data, with practical examples from the program.
• Empathy in Cybersecurity: Understand the critical role of interpersonal skills and empathy in crafting security measures that respect and enhance research workflows.
• Salesforce CRM in Cybersecurity: Insights on leveraging Salesforce CRM for effective documentation and stakeholder management.
• Professional Insights: Will also discusses his personal journey in cybersecurity, touching on overcoming imposter syndrome and the importance of unique strengths.
• Tune in to gain a comprehensive understanding of how cybersecurity can coexist seamlessly with academic research, fostering innovation while ensuring security. Secure My Research: https://cacr.iu.edu/projects/SecureMyResearch/index.html

Join Derrich Phillips in an engaging discussion with Daniel Eliot, the lead for small business engagement at NIST, on the latest episode of CMMC Proof podcast. They explore the updated NIST Cybersecurity Framework and its Small Business Quick Start Guide, focusing on practical insights and challenges faced by small businesses in implementing cybersecurity measures.

Highlights include Daniel's role at NIST, key changes in the cybersecurity framework, and strategies for small businesses to adopt a risk-based approach. Discover actionable steps across the framework's functions: identify, protect, detect, respond, and recover, tailored for improving cybersecurity resilience.

Key Takeaways:

• Insights into adapting cybersecurity behaviors and practices for organizational growth.
• The significance of prioritization in cybersecurity efforts, addressing critical vulnerabilities.
• NIST's community-driven approach to framework development, with valuable input and resources.
• Practical tools such as implementation examples, quick start guides, and community profiles to aid businesses in their cybersecurity journey.

Join us for an exclusive insider's perspective as Reneé Brooker, former Civil Frauds Assistant Director at the United States Department of Justice, shares her insights into False Claims Act (FCA) investigations. With her extensive experience supervising all FCA cases in 94 United States District Courts and overseeing billions of dollars in recoveries, she offers a unique understanding of holding companies accountable for their conduct. Don't miss this rare opportunity to gain valuable insights from a seasoned legal expert in the field. 

In this conversation, Jim Dempsey discusses his book 'Cybersecurity Law Fundamentals' and the current state of cybersecurity and privacy laws in the United States. He highlights the patchwork of laws and regulations that exist, the need for a comprehensive cybersecurity law, and the importance of asset inventory and risk assessment for companies.

Jim also discusses the role of whistleblowers in addressing cyber fraud and the potential impact of the False Claims Act on improving cybersecurity compliance. The current state of cybersecurity and privacy laws in the United States is a patchwork of regulations and standards, with no comprehensive cybersecurity law in place. Companies need to prioritize asset inventory and risk assessment as part of their cybersecurity practices.

Whistleblowers play a crucial role in addressing cyber fraud, and the False Claims Act provides incentives for individuals to come forward and report non-compliance. There is a need for more enforcement and accountability in cybersecurity and privacy practices, with a focus on reasonable requirements and third-party assessments.

The intersection of the False Claims Act and the implementation of the Cybersecurity Maturity Model Certification (CMMC) could lead to improved compliance and accountability in government contracts. 

 Link to purchase Jim's book- Cybersecurity Law Fundamentals (2024) https://iapp.org/resources/article/cybersecurity-law-fundamentals/

Visit www.aspirecyber.com to learn more about how to Get CMMC Compliant ASAP.