Sign up to save your podcasts
Or
Share Is NIST Too Complex for Small Businesses? Daniel Eliot Weighs In
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Is NIST Too Complex for Small Businesses? Daniel Eliot Weighs In
"I can’t think about cybersecurity this week; I’m thinking about 1099s."
You’re not alone. Many SMBs see the NIST Cybersecurity Framework (CSF) as an overwhelming manual for government contractors, not a local shop or startup.
Jen Stone sits down with Daniel Eliot, NIST’s lead for small business engagement. We break down the new NIST CSF 2.0 Small Business Quick Start Guide —a "small-chunk" resource designed for under-resourced organizations to move from chaos to a structured program.
In this episode:
- Why having "everyone" responsible means "nobody" is.
- How to build a "reasonable" security program while managing payroll and daily operations.
- Why taking security seriously helps you win bigger contracts and scale safely.
- The exact steps (MFA, patching, backups, and more) that even large orgs get wrong.
NIST Resources
- NIST (National Institute of Standards and Technology): https://www.nist.gov/
- Small Business Cybersecurity Corner: https://www.nist.gov/itl/smallbusinesscyber
- NIST CSF 2.0 (Cybersecurity Framework): https://www.nist.gov/cyberframework
- Small Business Quick Start Guide: https://www.nist.gov/publications/nist-cybersecurity-framework-20-small-business-quick-start-guide
- Contact Daniel and his team: [email protected]
Key Term Definitions
- The 6 Functions: Govern, Identify, Protect, Detect, Respond, and Recover
- MFA: Multi-Factor Authentication—essential for account access.
- Patching: Updating software to fix security "holes."
- MSP/MSSP: Local experts you can hire to manage IT security.
Timestamps
- 00:00 – Many hats of small business owners
- 00:26 – Daniel Eliot and NIST’s Mission
- 02:25 – Exploring the Small Business Cybersecurity Corner
- 03:20 – What is the NIST CSF?
- 04:26 – The Small Business Quick Start Guide for CSF 2.0
- 06:52 – How to Identify Your Most Critical Assets
- 09:56 – When to Seek Help: Engaging MSPs and Local Resources
- 10:52 – Defining a "Successful" Cybersecurity Program
- 13:21 – Essential Fundamentals: MFA, Patching, and Backups
- 15:35 – How to Engage Directly with NIST
Jen Stone (MCIS, CISSP, CISA, QSA) is a Principal Security Analyst at SecurityMetrics. With 25+ years in IT and 100+ high-level assessments, Jen specializes in making complex compliance actionable for businesses of all sizes. Outside of security, she is an aerial arts enthusiast and motorcycle rider.
A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.
If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place
But if you just want to learn how to protect yourself for free, start here: https://academy.securitymetrics.com/
View all episodes
By SecurityMetrics
5
88 ratings
"I can’t think about cybersecurity this week; I’m thinking about 1099s."
You’re not alone. Many SMBs see the NIST Cybersecurity Framework (CSF) as an overwhelming manual for government contractors, not a local shop or startup.
Jen Stone sits down with Daniel Eliot, NIST’s lead for small business engagement. We break down the new NIST CSF 2.0 Small Business Quick Start Guide —a "small-chunk" resource designed for under-resourced organizations to move from chaos to a structured program.
In this episode:
- Why having "everyone" responsible means "nobody" is.
- How to build a "reasonable" security program while managing payroll and daily operations.
- Why taking security seriously helps you win bigger contracts and scale safely.
- The exact steps (MFA, patching, backups, and more) that even large orgs get wrong.
NIST Resources
- NIST (National Institute of Standards and Technology): https://www.nist.gov/
- Small Business Cybersecurity Corner: https://www.nist.gov/itl/smallbusinesscyber
- NIST CSF 2.0 (Cybersecurity Framework): https://www.nist.gov/cyberframework
- Small Business Quick Start Guide: https://www.nist.gov/publications/nist-cybersecurity-framework-20-small-business-quick-start-guide
- Contact Daniel and his team: [email protected]
Key Term Definitions
- The 6 Functions: Govern, Identify, Protect, Detect, Respond, and Recover
- MFA: Multi-Factor Authentication—essential for account access.
- Patching: Updating software to fix security "holes."
- MSP/MSSP: Local experts you can hire to manage IT security.
Timestamps
- 00:00 – Many hats of small business owners
- 00:26 – Daniel Eliot and NIST’s Mission
- 02:25 – Exploring the Small Business Cybersecurity Corner
- 03:20 – What is the NIST CSF?
- 04:26 – The Small Business Quick Start Guide for CSF 2.0
- 06:52 – How to Identify Your Most Critical Assets
- 09:56 – When to Seek Help: Engaging MSPs and Local Resources
- 10:52 – Defining a "Successful" Cybersecurity Program
- 13:21 – Essential Fundamentals: MFA, Patching, and Backups
- 15:35 – How to Engage Directly with NIST
Jen Stone (MCIS, CISSP, CISA, QSA) is a Principal Security Analyst at SecurityMetrics. With 25+ years in IT and 100+ high-level assessments, Jen specializes in making complex compliance actionable for businesses of all sizes. Outside of security, she is an aerial arts enthusiast and motorcycle rider.
A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.
If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place
But if you just want to learn how to protect yourself for free, start here: https://academy.securitymetrics.com/