In this engaging episode of the CMMC Proof Podcast, host Derrich Phillips sits down with Jeff Brown, Google US Public Sector Workspace Lead, to explore how Google Workspace is transforming CMMC compliance for defense contractors.

Discover how Google Assured Controls and U.S.-based data centers empower organizations to meet CMMC Level 2 requirements with ease and confidence.

What We Cover in This Episode: - Google Workspace for Defense: Tailored solutions for the defense industrial base (DIB)

Whether you're a prime contractor, subcontractor, or IT lead, this conversation offers valuable insights to streamline your compliance process. Watch now to learn how Google Workspace can make your CMMC journey more secure, scalable, and cost-effective.

🔔 Subscribe for the latest updates and expert tips on CMMC compliance and more!

Visit the Google Workspace landing page-https://workspace.google.com/learning/content/cybersecurity-maturity-model-certification?e=48754805 🌐 Visit www.cmmcproof.com for additional resources and expert insights.

In this episode of the CMMC Proof Podcast, host Derrich Phillips sits down with Doug Landoll, CEO of Lantego and the author of the bestselling CMMC Assessment Handbook.

Doug shares his journey into cybersecurity, offering a unique perspective on the importance of collaboration within the cybersecurity community.

What you’ll learn in this episode:

• Doug’s experience as an author, focusing on CMMC and its impact on organizations.
• Insights into the CMMC assessment process, its challenges, and how it compares to frameworks like SOC 2 or ISO 27001.
• The future of CMMC compliance and why proactive preparation is essential for organizations.
• The value of CISSP training and clear success definitions in building a fulfilling cybersecurity career.
• Why consulting should center on empowering organizations for better assessments.                                                                                                                                                            Whether you're a defense contractor preparing for CMMC compliance, a cybersecurity professional seeking expert advice, or someone exploring a career in the field, this episode is packed with actionable insights and inspiration. Subscribe for the latest CMMC updates and insights. Visit www.cmmcproof.com

Join Derrich Phillips, Lead Certified CMMC Assessor (CCA), as he interviews Tatiana Marin, Director, Information Security at Kruze Consulting. In this episode, Tatiana shares her unique journey into cybersecurity, her strategies for building a strong security culture, and valuable insights on navigating SOC 2 compliance.

Key Topics Covered:

• Transitioning from operations management to cybersecurity leadership
• Practical tips for managing SOC 2 audits and selecting the right tools
• The importance of leadership support and fostering a security-first mindset
• Leveraging external partners to enhance cybersecurity for small businesses
• Balancing rapid growth with robust security in a remote work environment   
• Takeaways: Tatiana highlights the critical role of collaboration, effective communication, and leadership buy-in in creating a resilient cybersecurity posture. Her insights offer actionable advice for companies of all sizes. 
• Whether you're tackling SOC 2 compliance or looking to improve your cybersecurity practices, this episode is packed with practical guidance and inspiration. Visit www.cmmcproof.com

In this episode of the CMMC Proof Podcast, host Derrich Phillips interviews Melissa Burant, a supply chain project manager at Iowa State University CIRAS, to uncover the compliance challenges defense contractors face under the Cybersecurity Maturity Model Certification (CMMC).

 Melissa shares insights into bridging the gap between federal requirements and current compliance practices, emphasizing the importance of simplifying complex regulations and providing actionable steps for small and medium-sized manufacturers. She sheds light on the shortcomings of the current CMMC ecosystem, such as the lack of resources mapping back to federal requirements and the overwhelming information contractors must navigate.

The conversation dives into: The effectiveness of virtual boot camps in empowering companies to implement cybersecurity practices. How false claims and noncompliance cases impact small businesses. The importance of connecting cybersecurity efforts to revenue. Collaborative strategies to support manufacturers in the cybersecurity industry. Building targeted resources and simplifying the compliance journey for contractors. Melissa’s practical advice and passion for helping small businesses make this episode a must-watch for anyone navigating the complexities of CMMC compliance. 

Subscribe

 Visit www.cmmcproof.com

Join Emilyann Fogarty, CISO at NYSERNet, as she explores the unique cybersecurity challenges in higher education—from targeted attacks and compliance pressures to limited budgets. Emilyann shares her approach to building scalable security programs focused on risk management and aligned with institutional goals. Highlighting the importance of soft skills, effective communication, and relationship-building, she offers practical insights on asking the right questions and fostering trust within an organization.

Ready to accelerate your own compliance journey? Start your 7-day trial of CMMC Proof: Compliance Acceleration System at www.cmmcproof.com.

In this episode of the CMMC Proof Podcast, host Derrich Phillips sits down with Tammie McClellan, Deputy CISO at the University of Central Florida (UCF). With over 31 years of experience at UCF, Tammie dives into the challenges of CMMC compliance in the higher education and research space. She shares valuable insights on the Knight Shield initiative, which aims to streamline the compliance process while protecting Controlled Unclassified Information (CUI).

The conversation covers the evolving landscape of cybersecurity regulations, including NIST and the potential impact of future policies like NSPM-33. Tammie emphasizes the importance of collaboration between cybersecurity professionals and researchers to achieve seamless compliance. She also highlights the critical role of program managers and the need for continuous learning and mentorship in the field.

Don’t miss Tammie’s valuable insights on how R1 research universities like UCF are navigating the evolving world of cybersecurity compliance.

In this insightful conversation, cybersecurity coach and instructor Kenneth Ellington provides and overview how SIEM and SOAR technology to meet CMMC requirements, specifically for small businesses.

He shares practical advice on leveraging SIEM technology, emphasizing the importance of baseline understanding and tuning to avoid unexpected costs related to logging. Kenneth also offers tips on navigating license costs, data ingestion, and documentation to optimize cybersecurity efforts.

Kenneth highlights the importance of hiring staff with honesty, integrity, and technical competence to manage SIEM solutions effectively. He also discusses the growing role of AI in threat hunting and the value of continuous learning and personal growth in the field.

For businesses looking to strengthen their cybersecurity, Kenneth shares best practices, alternative solutions for log tracking, and the benefits of fractional SOC management services.

 Connect with us at www.aspirecyber.com

Visit https://kenneth-ellington-s-school.teachable.com/p/home to learn more about Kenneth Ellington

In this compelling episode, we explore the recent whistleblower lawsuit filed by the United States Department of Justice against Georgia Tech and Georgia Tech Research Corporation. This case, which alleges significant cybersecurity breaches, has sent shockwaves through the defense contracting and academic communities.

Key Takeaways:

• Specific Contracts and Violations: We break down the particular contracts involved and the critical cybersecurity lapses, including failure to implement a System Security Plan (SSP) and the use of a false cybersecurity score.
•  Egregious Violations: The case highlights the most serious violations—such as operating without anti-virus protection, submitting a fictitious SPRS score, and creating a false SSP based on a non-existent campus IT system.
• Intentional Misconduct: We delve into how Georgia Tech and GTRC knowingly violated federal cybersecurity requirements, particularly in handling Controlled Unclassified Information (CUI). Evidence and Documentation: Explore the evidence presented, including incriminating emails, text messages, and sworn testimonies that reveal a pattern of non-compliance and false claims.
• Impact on the Government: Learn about the damage done to the U.S. government, including millions of dollars paid for services that did not meet contractual obligations due to these cybersecurity failings.
• This episode is a must-watch for anyone involved in government contracting, cybersecurity, or compliance. We provide insights into how these violations were uncovered, the legal implications, and what this means for the future of cybersecurity in federally funded research. 🔔 Don’t forget to subscribe stay updated with our latest episodes on cybersecurity, legal developments, and more! Useful Links: DOJ Filing- https://www.justice.gov/opa/pr/united-states-files-suit-against-georgia-institute-technology-and-georgia-tech-research

Join us as Will Drake, Senior Security Analyst at Indiana University, dives into the intricate world of cybersecurity in academia. In this enlightening conversation, Will shares the successful strategies and challenges of the "Secure My Research" initiative, aimed at implementing cybersecurity best practices in research environments.

What You'll Discover:

• Streamlined Solutions: Learn how Indiana University is providing end-to-end secure solutions to support researchers.
• Advocacy in Action: Explore how advocacy helps overcome barriers and secure research data, with practical examples from the program.
• Empathy in Cybersecurity: Understand the critical role of interpersonal skills and empathy in crafting security measures that respect and enhance research workflows.
• Salesforce CRM in Cybersecurity: Insights on leveraging Salesforce CRM for effective documentation and stakeholder management.
• Professional Insights: Will also discusses his personal journey in cybersecurity, touching on overcoming imposter syndrome and the importance of unique strengths.
• Tune in to gain a comprehensive understanding of how cybersecurity can coexist seamlessly with academic research, fostering innovation while ensuring security. Secure My Research: https://cacr.iu.edu/projects/SecureMyResearch/index.html

Join Derrich Phillips in an engaging discussion with Daniel Eliot, the lead for small business engagement at NIST, on the latest episode of CMMC Proof podcast. They explore the updated NIST Cybersecurity Framework and its Small Business Quick Start Guide, focusing on practical insights and challenges faced by small businesses in implementing cybersecurity measures.

Highlights include Daniel's role at NIST, key changes in the cybersecurity framework, and strategies for small businesses to adopt a risk-based approach. Discover actionable steps across the framework's functions: identify, protect, detect, respond, and recover, tailored for improving cybersecurity resilience.

Key Takeaways:

• Insights into adapting cybersecurity behaviors and practices for organizational growth.
• The significance of prioritization in cybersecurity efforts, addressing critical vulnerabilities.
• NIST's community-driven approach to framework development, with valuable input and resources.
• Practical tools such as implementation examples, quick start guides, and community profiles to aid businesses in their cybersecurity journey.