CMMC Proof

Join Emilyann Fogarty, CISO at NYSERNet, as she explores the unique cybersecurity challenges in higher education—from targeted attacks and compliance pressures to limited budgets. Emilyann shares her approach to building scalable security programs focused on risk management and aligned with institutional goals. Highlighting the importance of soft skills, effective communication, and relationship-building, she offers practical insights on asking the right questions and fostering trust within an organization.

Ready to accelerate your own compliance journey? Start your 7-day trial of CMMC Proof: Compliance Acceleration System at www.cmmcproof.com.

In this episode of the CMMC Proof Podcast, host Derrich Phillips sits down with Tammie McClellan, Deputy CISO at the University of Central Florida (UCF). With over 31 years of experience at UCF, Tammie dives into the challenges of CMMC compliance in the higher education and research space. She shares valuable insights on the Knight Shield initiative, which aims to streamline the compliance process while protecting Controlled Unclassified Information (CUI).

The conversation covers the evolving landscape of cybersecurity regulations, including NIST and the potential impact of future policies like NSPM-33. Tammie emphasizes the importance of collaboration between cybersecurity professionals and researchers to achieve seamless compliance. She also highlights the critical role of program managers and the need for continuous learning and mentorship in the field.

Don’t miss Tammie’s valuable insights on how R1 research universities like UCF are navigating the evolving world of cybersecurity compliance.

In this insightful conversation, cybersecurity coach and instructor Kenneth Ellington provides and overview how SIEM and SOAR technology to meet CMMC requirements, specifically for small businesses.

He shares practical advice on leveraging SIEM technology, emphasizing the importance of baseline understanding and tuning to avoid unexpected costs related to logging. Kenneth also offers tips on navigating license costs, data ingestion, and documentation to optimize cybersecurity efforts.

Kenneth highlights the importance of hiring staff with honesty, integrity, and technical competence to manage SIEM solutions effectively. He also discusses the growing role of AI in threat hunting and the value of continuous learning and personal growth in the field.

For businesses looking to strengthen their cybersecurity, Kenneth shares best practices, alternative solutions for log tracking, and the benefits of fractional SOC management services.

 Connect with us at www.aspirecyber.com

Visit https://kenneth-ellington-s-school.teachable.com/p/home to learn more about Kenneth Ellington

In this compelling episode, we explore the recent whistleblower lawsuit filed by the United States Department of Justice against Georgia Tech and Georgia Tech Research Corporation. This case, which alleges significant cybersecurity breaches, has sent shockwaves through the defense contracting and academic communities.

Key Takeaways:

• Specific Contracts and Violations: We break down the particular contracts involved and the critical cybersecurity lapses, including failure to implement a System Security Plan (SSP) and the use of a false cybersecurity score.
•  Egregious Violations: The case highlights the most serious violations—such as operating without anti-virus protection, submitting a fictitious SPRS score, and creating a false SSP based on a non-existent campus IT system.
• Intentional Misconduct: We delve into how Georgia Tech and GTRC knowingly violated federal cybersecurity requirements, particularly in handling Controlled Unclassified Information (CUI). Evidence and Documentation: Explore the evidence presented, including incriminating emails, text messages, and sworn testimonies that reveal a pattern of non-compliance and false claims.
• Impact on the Government: Learn about the damage done to the U.S. government, including millions of dollars paid for services that did not meet contractual obligations due to these cybersecurity failings.
• This episode is a must-watch for anyone involved in government contracting, cybersecurity, or compliance. We provide insights into how these violations were uncovered, the legal implications, and what this means for the future of cybersecurity in federally funded research. 🔔 Don’t forget to subscribe stay updated with our latest episodes on cybersecurity, legal developments, and more! Useful Links: DOJ Filing- https://www.justice.gov/opa/pr/united-states-files-suit-against-georgia-institute-technology-and-georgia-tech-research

Join us as Will Drake, Senior Security Analyst at Indiana University, dives into the intricate world of cybersecurity in academia. In this enlightening conversation, Will shares the successful strategies and challenges of the "Secure My Research" initiative, aimed at implementing cybersecurity best practices in research environments.

What You'll Discover:

• Streamlined Solutions: Learn how Indiana University is providing end-to-end secure solutions to support researchers.
• Advocacy in Action: Explore how advocacy helps overcome barriers and secure research data, with practical examples from the program.
• Empathy in Cybersecurity: Understand the critical role of interpersonal skills and empathy in crafting security measures that respect and enhance research workflows.
• Salesforce CRM in Cybersecurity: Insights on leveraging Salesforce CRM for effective documentation and stakeholder management.
• Professional Insights: Will also discusses his personal journey in cybersecurity, touching on overcoming imposter syndrome and the importance of unique strengths.
• Tune in to gain a comprehensive understanding of how cybersecurity can coexist seamlessly with academic research, fostering innovation while ensuring security. Secure My Research: https://cacr.iu.edu/projects/SecureMyResearch/index.html

Join Derrich Phillips in an engaging discussion with Daniel Eliot, the lead for small business engagement at NIST, on the latest episode of CMMC Proof podcast. They explore the updated NIST Cybersecurity Framework and its Small Business Quick Start Guide, focusing on practical insights and challenges faced by small businesses in implementing cybersecurity measures.

Highlights include Daniel's role at NIST, key changes in the cybersecurity framework, and strategies for small businesses to adopt a risk-based approach. Discover actionable steps across the framework's functions: identify, protect, detect, respond, and recover, tailored for improving cybersecurity resilience.

Key Takeaways:

• Insights into adapting cybersecurity behaviors and practices for organizational growth.
• The significance of prioritization in cybersecurity efforts, addressing critical vulnerabilities.
• NIST's community-driven approach to framework development, with valuable input and resources.
• Practical tools such as implementation examples, quick start guides, and community profiles to aid businesses in their cybersecurity journey.

Join us for an exclusive insider's perspective as Reneé Brooker, former Civil Frauds Assistant Director at the United States Department of Justice, shares her insights into False Claims Act (FCA) investigations. With her extensive experience supervising all FCA cases in 94 United States District Courts and overseeing billions of dollars in recoveries, she offers a unique understanding of holding companies accountable for their conduct. Don't miss this rare opportunity to gain valuable insights from a seasoned legal expert in the field. 

In this conversation, Jim Dempsey discusses his book 'Cybersecurity Law Fundamentals' and the current state of cybersecurity and privacy laws in the United States. He highlights the patchwork of laws and regulations that exist, the need for a comprehensive cybersecurity law, and the importance of asset inventory and risk assessment for companies.

Jim also discusses the role of whistleblowers in addressing cyber fraud and the potential impact of the False Claims Act on improving cybersecurity compliance. The current state of cybersecurity and privacy laws in the United States is a patchwork of regulations and standards, with no comprehensive cybersecurity law in place. Companies need to prioritize asset inventory and risk assessment as part of their cybersecurity practices.

Whistleblowers play a crucial role in addressing cyber fraud, and the False Claims Act provides incentives for individuals to come forward and report non-compliance. There is a need for more enforcement and accountability in cybersecurity and privacy practices, with a focus on reasonable requirements and third-party assessments.

The intersection of the False Claims Act and the implementation of the Cybersecurity Maturity Model Certification (CMMC) could lead to improved compliance and accountability in government contracts. 

 Link to purchase Jim's book- Cybersecurity Law Fundamentals (2024) https://iapp.org/resources/article/cybersecurity-law-fundamentals/

Visit www.aspirecyber.com to learn more about how to Get CMMC Compliant ASAP. 

Join us on the latest episode of the CMMC Proof podcast as we delve into the fascinating world of cybersecurity education with our special guest, Spiros Bamiatzis, Department Chair of Cybersecurity, and NSA Grant Program Director at Ivy Tech. In this episode, Spiros shares his expertise on the critical role of professors in mentoring and guiding students in cybersecurity education. We explore the rapidly evolving landscape of emerging technologies and discuss how AI is both aiding cyber professionals and posing challenges as cybercriminals leverage its power. Spiros also highlights the importance of certifications in the cybersecurity field and how they add value to professionals' skill sets. Additionally, we delve into the pivotal role cybersecurity plays in thwarting terrorist attacks and safeguarding national security. Don't miss this enlightening conversation packed with valuable insights and practical advice from a seasoned cybersecurity educator. Subscribe to the CMMC Proof podcast to stay updated on the latest episodes and expert discussions in the world of cybersecurity compliance.

Join us for an insightful episode of the CMMC Proof podcast as we sit down with Wendy Epley, an experienced regulatory compliance expert with a passion for export controls and cybersecurity. With over a decade dedicated to the field, Wendy bridges the gap between export controls and cybersecurity, a vital intersection in today's regulatory landscape.

As the Principal Analyst at the University of Arizona's Information Security Office, Wendy leads initiatives in Information Security in Contracting and Federated Cyber Risk Management. Her expertise helps various university units navigate federal regulations and compliance frameworks such as CMMC and NIST publications.

In this episode, Wendy shares her wealth of knowledge, offering practical insights into managing security posture, risk tolerance, and contractual obligations within the academic and research sector. Discover how Wendy's unique approach emphasizes balance, flexibility, and shared responsibility, empowering organizations to achieve their mission while staying compliant. 

Don't miss this engaging conversation where Wendy discusses her experiences, challenges, and the innovative solutions used at the University of Arizona. Tune in to gain invaluable perspectives on regulatory compliance and cybersecurity in academia, and learn how Wendy's expertise can benefit your organization's compliance journey. Subscribe now and stay updated on the latest episodes of the CMMC Proof podcast!