Sign up to save your podcasts
Or
Share Is NIST Too Complex for Small Businesses? Daniel Eliot Weighs In
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Is NIST Too Complex for Small Businesses? Daniel Eliot Weighs In
"I can’t think about cybersecurity this week; I’m thinking about 1099s."
You’re not alone. Many SMBs see the NIST Cybersecurity Framework (CSF) as an overwhelming manual for government contractors, not a local shop or startup.
Jen Stone sits down with Daniel Eliot, NIST’s lead for small business engagement. We break down the new NIST CSF 2.0 Small Business Quick Start Guide —a "small-chunk" resource designed for under-resourced organizations to move from chaos to a structured program.
In this episode:
- Why having "everyone" responsible means "nobody" is.
- How to build a "reasonable" security program while managing payroll and daily operations.
- Why taking security seriously helps you win bigger contracts and scale safely.
- The exact steps (MFA, patching, backups, and more) that even large orgs get wrong.
NIST Resources
- NIST (National Institute of Standards and Technology): https://www.nist.gov/
- Small Business Cybersecurity Corner: https://www.nist.gov/itl/smallbusinesscyber
- NIST CSF 2.0 (Cybersecurity Framework): https://www.nist.gov/cyberframework
- Small Business Quick Start Guide: https://www.nist.gov/publications/nist-cybersecurity-framework-20-small-business-quick-start-guide
- Contact Daniel and his team: [email protected]
Key Term Definitions
- The 6 Functions: Govern, Identify, Protect, Detect, Respond, and Recover
- MFA: Multi-Factor Authentication—essential for account access.
- Patching: Updating software to fix security "holes."
- MSP/MSSP: Local experts you can hire to manage IT security.
Timestamps
- 00:00 – Many hats of small business owners
- 00:26 – Daniel Eliot and NIST’s Mission
- 02:25 – Exploring the Small Business Cybersecurity Corner
- 03:20 – What is the NIST CSF?
- 04:26 – The Small Business Quick Start Guide for CSF 2.0
- 06:52 – How to Identify Your Most Critical Assets
- 09:56 – When to Seek Help: Engaging MSPs and Local Resources
- 10:52 – Defining a "Successful" Cybersecurity Program
- 13:21 – Essential Fundamentals: MFA, Patching, and Backups
- 15:35 – How to Engage Directly with NIST
Jen Stone (MCIS, CISSP, CISA, QSA) is a Principal Security Analyst at SecurityMetrics. With 25+ years in IT and 100+ high-level assessments, Jen specializes in making complex compliance actionable for businesses of all sizes. Outside of security, she is an aerial arts enthusiast and motorcycle rider.
Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit
Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing
Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide
Get FREE security and compliance training ► https://academy.securitymetrics.com/
Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place
View all episodes
By SecurityMetrics
5
88 ratings
"I can’t think about cybersecurity this week; I’m thinking about 1099s."
You’re not alone. Many SMBs see the NIST Cybersecurity Framework (CSF) as an overwhelming manual for government contractors, not a local shop or startup.
Jen Stone sits down with Daniel Eliot, NIST’s lead for small business engagement. We break down the new NIST CSF 2.0 Small Business Quick Start Guide —a "small-chunk" resource designed for under-resourced organizations to move from chaos to a structured program.
In this episode:
- Why having "everyone" responsible means "nobody" is.
- How to build a "reasonable" security program while managing payroll and daily operations.
- Why taking security seriously helps you win bigger contracts and scale safely.
- The exact steps (MFA, patching, backups, and more) that even large orgs get wrong.
NIST Resources
- NIST (National Institute of Standards and Technology): https://www.nist.gov/
- Small Business Cybersecurity Corner: https://www.nist.gov/itl/smallbusinesscyber
- NIST CSF 2.0 (Cybersecurity Framework): https://www.nist.gov/cyberframework
- Small Business Quick Start Guide: https://www.nist.gov/publications/nist-cybersecurity-framework-20-small-business-quick-start-guide
- Contact Daniel and his team: [email protected]
Key Term Definitions
- The 6 Functions: Govern, Identify, Protect, Detect, Respond, and Recover
- MFA: Multi-Factor Authentication—essential for account access.
- Patching: Updating software to fix security "holes."
- MSP/MSSP: Local experts you can hire to manage IT security.
Timestamps
- 00:00 – Many hats of small business owners
- 00:26 – Daniel Eliot and NIST’s Mission
- 02:25 – Exploring the Small Business Cybersecurity Corner
- 03:20 – What is the NIST CSF?
- 04:26 – The Small Business Quick Start Guide for CSF 2.0
- 06:52 – How to Identify Your Most Critical Assets
- 09:56 – When to Seek Help: Engaging MSPs and Local Resources
- 10:52 – Defining a "Successful" Cybersecurity Program
- 13:21 – Essential Fundamentals: MFA, Patching, and Backups
- 15:35 – How to Engage Directly with NIST
Jen Stone (MCIS, CISSP, CISA, QSA) is a Principal Security Analyst at SecurityMetrics. With 25+ years in IT and 100+ high-level assessments, Jen specializes in making complex compliance actionable for businesses of all sizes. Outside of security, she is an aerial arts enthusiast and motorcycle rider.
Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit
Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing
Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide
Get FREE security and compliance training ► https://academy.securitymetrics.com/
Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place