Share GRC Academy
Share to email
Share to Facebook
Share to X
By Jacob Hill
5
11 ratings
The podcast currently has 33 episodes available.
Want a high paying job in GRC? Want to build a powerful GRC team?
In this episode, I spoke with Kenneth Moras, Security GRC Lead at Plaid.
Kenneth has worked in critical GRC roles in big tech companies like Adobe and Meta! He was heavily involved in the cyber response to international regulators after severe breaches.
Here are some highlights:
Kenneth is a true GRC master! His advice for folks wanting to get into GRC is the best I've heard! His tips on building successful GRC teams were excellent as well!
What were your biggest takeaway? Do you agree that GRC teams need technical knowledge? Looking forward to your thoughts!
Follow Kenneth on LinkedIn: https://www.linkedin.com/in/kennethmoras/
Plaid Website: https://plaid.com/
-----------
Thanks to our sponsor Vanta!
Want to save time filling out security questionnaires?
Register for Vanta's webinar on Questionnaire Automation here: https://vanta.com/grcacademy
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e33&utm_campaign=courses
Throw away your plastic driver's license - digital IDs have entered the chat!
In this episode, I spoke with Dr. Paul Ashley, the CTO of Anonyome Labs.
Paul explains how widespread online surveillance is, the evolution of digital identity from centralized to decentralized models, how digital wallets work, and what big tech doesn't want you to know!
Here are a few highlights from this episode:
I had no idea this was happening. More than 20 states in the USA are adopting digital driver's licenses!
It's fascinating to think of how digital IDs could be used personally and at work!
It's also scary to think of how some governments could abuse this technology.
Whatever you think, I'm looking forward to hearing your thoughts!
Follow Paul on LinkedIn: https://www.linkedin.com/in/drpaulashley/
Anonyome Labs Website: https://anonyome.com/
My Sudo App: https://mysudo.com/
-----------
Thanks to our sponsor Vanta!
Want to save time filling out security questionnaires?
Register for Vanta's webinar on Questionnaire Automation here: https://vanta.com/grcacademy
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e32&utm_campaign=courses
Introducing the Georgia Tech Whistleblowers.
In this episode, the whistleblowers explain how they tried to stop Georgia Tech from allegedly LYING to the government about their NIST 800-171 compliance and what they have faced since they blew the whistle!
Whistleblower attorney Julie Bracker also shares what could come next and how much Georgia Tech may have to pay out!
Here are a few highlights from this episode:
Both of the whistleblowers have a long history with Georgia Tech and truly care for the institution.
Christopher Craig has worked at Georgia Tech for more than 20 years. He was the Associate Director of Cybersecurity where he managed all central cyber security personnel and built the GRC team until Georgia Tech demoted him to an Enterprise Security Architect.
Kyle Koza worked at Georgia Tech for more than 15 years until he left his role as a Principal Information Security Engineer in 2022. He got his bachelor’s and master's degrees from Georgia Tech and also co-wrote and still teaches a security incident response master's degree course at the university.
I thought Christopher's recommendation (24:37) for universities to centralize their labs was excellent!
How can a university expect to maintain its NIST / CMMC compliance if multiple labs are built and managed by different teams who may not even be familiar with the NIST 800-171 security controls?
I also loved hearing Chris tell us about the support he has received from the cyber community (38:00)! Who in cyber doesn't want to do the right thing? I would like to think those with bad intent are an extremely small percentage.
Special thanks to Christopher and Kyle for sharing their stories with us, and to Julie Bracker for coordinating this interview!
Follow Julie on LinkedIn: https://www.linkedin.com/in/juliekeetonbracker/
Bracker & Marcus LLC Website: https://www.fcacounsel.com/
-----------
Thanks to our sponsor Vanta!
Want to save time filling out security questionnaires?
Register for Vanta's upcoming webinar on Questionnaire Automation here: https://vanta.com/grcacademy
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e31&utm_campaign=courses
Zero Trust is NOT complicated!
Don't believe me? Let me introduce you to its creator!
In this episode, Jacob speaks with John Kindervag, the creator of Zero Trust.
John is the Chief Evangelist at Illumio where he accelerates awareness and adoption of Zero Trust Segmentation.
In the episode he shares the origin story of Zero Trust starting with his time at Forrester Research. He explains the fundamental principles of Zero Trust, debunks common misconceptions, and how you can implement Zero Trust using a 5-step model.
Here are a few highlights from this episode:
John's elevator pitch for Zero Trust is a masterclass in itself.
If you want to convince business leaders to invest in cybersecurity, you have to focus on how that investment will benefit the business. John does exactly that here and we should all take note.
Illumio is a Zero Trust Segmentation company that prevents breaches and ransomware from spreading across hybrid environments. Their platform visualizes traffic flows, automatically sets granular segmentation policies, and isolates critical assets and compromised systems. Founded in 2013, Illumio protects organizations of all sizes, from Fortune 100 to small businesses.
Follow John on LinkedIn: https://www.linkedin.com/in/john-kindervag-40572b1/
Illumio Website: https://www.illumio.com/
-----------
Thanks to our sponsor Vanta!
Want to save time filling out security questionnaires?
Register for Vanta's upcoming webinar on Questionnaire Automation here: https://vanta.com/grcacademy
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e30&utm_campaign=courses
Introducing the Cisco Whistleblower.
In this episode, Jacob speaks with lawyer Hamsa Mahendranathan about the FIRST cybersecurity False Claims Act (FCA) lawsuit that reached a settlement!
This goes all the way back to 2008 believe it or not… The lawsuit was FINALLY settled in 2019!
As we all know, the DoJ has intervened in the Georgia Tech NIST 800-171 FCA whistleblower complaint.
Wonder what the whistleblowers may be dealing with? Maybe you want to blow the whistle yourself and don't know what to expect?
Here are a few highlights from this episode:
And so much more!
If you are interested in the False Claims Act and cyber compliance, you won't want to miss this one! This episode is truly one for the history books!
Read the whistleblower complaint: https://cdn.grcacademy.io/web/20240824091900/us-ex-rel-glenn-vs-cisco-fca-complaint.pdf
Follow Hamsa on LinkedIn: https://www.linkedin.com/in/hamsa-mahendranathan/
Whistleblower Partners Website: https://www.whistleblower.law/
-----------
Thanks to our sponsor Vanta!
Want to save time filling out security questionnaires?
Register for Vanta's upcoming webinar on Questionnaire Automation here: https://vanta.com/grcacademy
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e29&utm_campaign=courses
Think your users are resistant to CMMC? You ain't seen nothin' yet!
In this episode, Jacob speaks with Daniel Stark of Meerkat Cyber about the unique CMMC compliance challenges in a manufacturing environment.
Here are some highlights:
I really enjoyed learning more about how machine shops operate and the unique challenges they have when it comes to CMMC compliance!
It's awesome that there are folks in the CMMC ecosystem that are familiar with manufacturers!
Manufacturing is an extremely different type of environment and in my opinion "normal" office IT assessment experience won't cut it. Hire wisely, folks!
Follow Daniel on LinkedIn: https://www.linkedin.com/in/daniel-stark-a85694222/
Meerkcat Cyber Website: https://meerkatcyber.com/
-----------
Thanks to our sponsor Vanta!
Want to save time filling out security questionnaires?
Register for Vanta's upcoming webinar on Questionnaire Automation here: https://vanta.com/grcacademy
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e28&utm_campaign=courses
So… How do I get a CMMC’d early?
In this episode, Jacob speaks with Steven Molter of IntelliGRC about his experiences helping IntelliGRC clients complete NIST 800-171 Joint Surveillance Voluntary Assessments (JSVAs).
Here are some highlights:
According to the proposed CMMC program rule, JSVAs are eligible to convert to CMMC level 2 certifications once the CMMC program goes live assuming certain conditions are met:
Steve shared some great lessons for those preparing for JSVAs and CMMC assessments. If you're prepping for either, you won’t want to miss this episode!
Also, just in case you didn’t know, IntelliGRC customers receive my DIB-focused CMMC Overview Training! No other GRC platform that I'm aware of today provides comprehensive foundational CMMC training to their customers!
If you are looking for a GRC platform to manage your CMMC compliance program, check out IntelliGRC!
Follow Steve on LinkedIn: https://www.linkedin.com/in/steven-molter-apologeticz/
Follow IntelliGRC on LinkedIn: https://www.linkedin.com/company/intelligrc/
IntelliGRC Website: https://www.intelligrc.com/
IntelliGRC YouTube Channel: https://www.youtube.com/@intelligrc
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e27&utm_campaign=courses
Need a FedRAMP authorized Password Manager?
Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/
See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/
In this episode, Jacob speaks with Brian Kowalski, Senior Vice President of Federal at Hypori.
In the episode they discuss Hypori's origin story and its innovations in the mobile security space.
Here are some highlights from the episode:
We don't think about it much, but mobile devices really are a huge risk - just think of how much information is on your phone!
If you work in cybersecurity, you should know about this unique option to provide secure mobile access!
Follow Brian on LinkedIn: https://www.linkedin.com/in/brian-kovalski-057b8a7/
Hypori Website: https://www.hypori.com/
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e26&utm_campaign=courses
Need a FedRAMP authorized Password Manager?
Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/
See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/
In this episode, Jacob speaks with Mr. Mark Nicholls!
Mark is the CEO of Information Professionals Group and has over 30 years of experience!
In the episode they discuss the business case for information security, and how cybersecurity professionals can effectively communicate with the C-suite and other business leaders!
Here are some highlights from the episode:
Follow Mark on LinkedIn: https://www.linkedin.com/in/markdnicholls/
Information Professionals Group Website: https://www.informpros.com.au/
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e25&utm_campaign=courses
Need a FedRAMP authorized Password Manager?
Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/
See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/
In this episode, Jacob speaks with Penetration Tester & Social Engineer Chris Silvers!
Chris Silvers is the founder of CG Silvers Consulting! Chris has a vast amount of experience ranging from CMMC assessments to penetration testing. He even won the prestigious DEF CON black badge during the DEF CON 24 Social Engineering Capture the Flag (SECTF)!
In this episode they focus on how organizations can defend against social engineering attacks!
Here are some highlights from the episode:
Follow Chris on LinkedIn: https://www.linkedin.com/in/cgsilvers/
Chris's Website: https://www.cgsilvers.com/
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e24&utm_campaign=courses
Need a FedRAMP authorized Password Manager?
Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/
See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/
The podcast currently has 33 episodes available.
1,916 Listeners
353 Listeners
608 Listeners
145 Listeners
984 Listeners
367 Listeners
909 Listeners
7,598 Listeners
134 Listeners
181 Listeners
299 Listeners
66 Listeners
101 Listeners
31 Listeners
11 Listeners