In this episode of ‘This Is Fine’, Matt sits down with Harold Smith III, the CEO and Founder of Monkton, to discuss the complexities of the Small Business Innovation Research (SBIR) program. They cover the program's role in government acquisition and the challenges small businesses encounter in navigating the contracting world. Matt and Harold explore the advantages of SBIR for both small businesses and the government, emphasizing the power of collaboration and user-centered design. They also address criticisms of the program, such as 'SBIR mills', and advocate for reform to encourage true innovation. Tune in to learn more about SBIR Phase 3 and how it can help your small business thrive!

Chapters:

00:00 Introduction to SBIR and Its Importance

03:01 Understanding the SBIR Program

06:12 Benefits of SBIR for Government

08:56 Challenges in Government Contracting

11:59 The Role of User-Centered Design

14:57 Critiques of the SBIR Program

18:06 Navigating the Valley of Death

20:54 The Future of SBIR and Innovation

25:24 Innovation vs. Acquisition: Understanding the Landscape

26:50 Navigating the Challenges of COVID-19

29:29 The Transition from Air Force to Space Force

32:08 Understanding the SBIR Process and Its Challenges

35:20 Technical Barriers in Government Contracting

39:06 Best Practices for Compliance and Data Management

43:40 Advice for Companies Entering the SBIR Space

47:31 Future Conversations: Expanding the Discussion on SBIRs

Keywords:

SBIR, Small Business Innovation Research, government contracting, small business, Phase I, Phase 2, Phase 3, Space Force, compliance, data management, best practice

On this episode of "This Is Fine," we dive into the controversial Windows 11 recall feature and its implications for privacy and security. Our host, Matt Triner, CEO of Hunter Strategy, along with expert guests Jake Williams, VP of Research & Development at Hunter Strategy, Jennifer Lee, Partner at Constangy, Brooks, Smith & Prophete, LLP, and Andrew King, CISO at Hunter Strategy, dissect the legal and security concerns surrounding a feature that takes screenshots of users' work every five seconds and stores them locally.

We'll explore...

...as well as the broader security culture at Microsoft and the call for better governance.

Tune in to learn why turning off this feature might be the best move for both enterprise users and consumers alike.

Chapters

00:00 Introduction to the Windows 11 Recall Feature

06:45 Legal Implications: Privacy Laws and Attorney-Client Privilege

08:36 Security Implications: Clear Text Information and Breach Defense

12:37 The Security Culture at Microsoft and the Lack of Governance

34:56 Recommendations: Turn Off the Recall Feature

Keywords

Windows 11 recall feature, Screenshot capture privacy risks, Legal implications of data capture, Security concerns in Windows 11, Compliance with privacy laws, Data governance challenges, Oversight in security protocols, Microsoft security governance, Attorney-client privilege risks, Incident response discoverability

On this episode of "This Is Fine," we delve into the critical topic of software supply chain security with our guests Jessica Sweet, Supply Chain Expert, and Dan Beller, Director of Cloud Engineering, at Hunter Strategy. We explore the vulnerabilities and risks tied to the software supply chain, including malicious software insertion and open-source vulnerabilities.

We'll uncover...

...as well as how cloud technologies both enhance and complicate supply chain security.

Tune in to discover essential strategies like maintaining machine-readable SBOMs and implementing multifactor authentication to secure your software supply chain!

Chapters

00:00 Introduction and Importance of Software Supply Chain Security

02:11 Common Vulnerabilities and Risks in the Software Supply Chain

04:41 Challenges of Vendor Management in Supply Chains

09:43 The Role of Cloud in Enhancing and Complicating Supply Chain Security

15:59 Best Practices for Software Supply Chain Security

Keywords

Software Supply Chain Vulnerabilities, Risks of Malicious Software Insertion, Open-Source Security Issues, Vendor Management Challenges in Software Security, Cloud Impacts on Supply Chain Security, Best Practices for SBOMs (Software Bill of Materials), Multifactor Authentication in Supply Chains

On this episode of "This Is Fine," we dive into the cutting-edge world of Artificial Intelligence and its pivotal role in cyber threat detection. Our host, Matt Triner, is joined by special guests Matt D’vertola, the Applied AI Lead at Hunter Strategy, and Andrew King, the CISO at Hunter Strategy.

Together, they explore:

...and the challenges we face in this dynamic field.

Tune in to learn how GPT and other large language models are revolutionizing cybersecurity and why staying ahead of AI advancements is crucial for both professionals and tech enthusiasts alike.

Chapters

00:00 Introduction to AI technologies in cyber threat detection

03:12 Practical applications of AI in compliance and redaction

06:49 The importance of human validation and risk-based decision-making

25:49 Measuring the impact of AI: Mean toil time and quality written pieces

Keywords

GPT, LLMs, Cyber Threat Detection, AI Technologies, Traditional Approaches, Junior Analysts, Compliance, Redaction, Human Validation, Risk-Based Decision-Making, Automation, Mean Toil Time, Quality Written Pieces

On this episode of "This Is Fine," we explore insider threat mitigation strategies for small-to-medium sized businesses. Often at a disadvantage due to limited resources, these companies can face unique challenges in effectively detecting and preventing insider threats. We'll help to provide effective strategies to help bridge this gap and safeguard your organization. 

Joining us is Andrew King, Chief Information Security Officer, and Joel Cabrera, Director of Security Operations, here at Hunter Strategy. Their experience and understanding of cybersecurity challenges faced by businesses of all sizes help to provide invaluable insights into effective insider threat mitigation strategies, specifically tailored for small to medium enterprises.  

So, whether you're a business owner, an IT professional, or simply curious about insider threat mitigation best practices, sit back and tune in as we share how small businesses can confidently and resiliently navigate the complex landscape of insider threats. 

Want to learn more about the Google Security Checklist mentioned in this episode? Click here! Security checklist for medium and large businesses (100+ users) - Google Workspace Admin Help 

Chapters: 

00:00 Introduction and Context: Insider Threats in SMBs 

01:26 Overlaying Insider Threat Intelligence Programs 

04:45 Prevention and Detection Strategies 

06:30 Hardening Your Environment and Role-Based Access Control 

09:55 Microsoft Tools for Insider Threat Mitigation 

11:35 The Role of Company Culture in Insider Threat Mitigation 

14:19 User Access Audits and Minimizing Access 

16:07 Data Classification and Labeling 

20:03 Differentiating Startups and SMBs 

23:06 User Access Management and Deprovisioning 

On this episode of "This Is Fine," we tackle securing mobile applications for military use with security expert, Harold Smith III. Harold, Co-Founder & CEO of Monkton (a secure mobile app provider) and owner of the MATTER IDIQ, joins us to navigate the complexities of NIAP Certification for military apps.  

We'll uncover... 

...for deploying secure mobile applications on the battlefield. 

Tune in and discover how you can help to protect our troops, one app at a time! 

Chapters: 

00:00 Introduction and the Role of Contracts Officers 

00:45 The Importance of Secure Mobile Applications for Military Use 

02:12 Monkton's Journey and the NIAP Certification Process 

06:37 The Challenges and Rarity of Going Through NIAP Evaluation 

10:50 The Baseline Importance of NIAP Requirements 

15:54 The Need to Stay Ahead in Secure App Development 

17:38 The Current State of Software Development and Security 

20:54 Building Secure Mobile Apps from the Beginning 

21:43 Data Security and Architecture in Mobile App Development 

23:03 Native Mobile Applications and Cloud Services 

24:02 Cost Savings and Efficiency with Functions Platform as a Service 

25:46 Challenges and Education for Contracting Officers 

32:23 The Importance of Collaboration and Innovation in Government 

Keywords: 

secure mobile applications, NIAP certification, National Information Assurance Partnership, authentication mechanisms, legacy systems, future of app development, data security, mobile app development, native applications, cloud services, Amazon Lambda, DynamoDB, SBIR, small-business-innovation-research, set-aside programs, edge computing

On today’s special episode of “This Is Fine”, we unpack the very recent global CrowdStrike outage. CrowdStrike is an industry leading cybersecurity company that provides endpoint detection and response (EDR) software. On the morning of July 19th, 2024, CrowdStrike released a faulty update that impacted Microsoft Windows systems, leading to a widespread outage in industries varying from the airlines to emergency services.

This week, we're exploring a topic at the intersection of cloud services and national defense: FedRAMP Equivalence. New requirements introduced by the DoD CIO may bring significant changes for cloud vendors eager to supply the Defense Industrial Base. 

We are joined by our special guest, Alex Trafton, Senior Managing Director from Ankura Consulting. Alex’s core focus is on regulatory and compliance frameworks within the defense industry. Alex leads a practice focused on helping organizations meet some of the most stringent compliance frameworks such as FedRAMP, CMMC, and NIST 800-171. 

Join us as we discuss the changes to FedRAMP equivalence and the impacts they will have on the DIB and organizations looking to serve it.

Chapters: 

00:00 Introduction and Background 

06:16 The Need for FedRAMP Equivalence 

13:30 The Role of Third-Party Assessors 

29:07 Strategic advice for vendors 

37:51 Navigating the regulatory requirements 

In this episode, we explore Cyber Fusion Centers and how they deliver measurable impact to your organization's security posture. We’re joined today by our very own Andrew (AJ) King, Chief Information Security Officer, and Joel Cabrera, Director of Security Operations to discuss the impact our cyber fusion center has for our clients.  

AJ and Joel break down the core components of a successful fusion center:  

 Listen now to discover how Hunter’s approach to building Cyber Fusion Centers transforms our client’s security strategy! 

00:00 Introduction and Flow of Conversation 

03:00 The Concept of Cyber Fusion Centers 

11:03 Ecosystem and Integration in Fusion Centers 

30:49 Mistakes to Avoid in Implementing Security Programs 

37:05 Conclusion and Closing Remarks 

Today’s episode takes you on a (somewhat procedural) ride through the world of government security authorizations. Matt Triner and Chris Sowards, a GRC (Governance, Risk, and Compliance) expert at Hunter Strategy, break down the Authority to Operate (ATO) process using a relatable analogy: buying a car. Just like how buying a car is a decision that involves cost, efficiency and risk, the government needs to use a multitude of factors to review the security risks before allowing a system to operate. 

We'll explore the differences in ATO processes between agencies, how they handle risk tolerance, and the challenges companies face, like dealing with non-essential controls and navigating compliance culture. Matt and Chris talk through a range of topics offering advice for new companies and discuss the struggles of FedRAMP accreditation. They’ll even touch on the specific challenges faced by software vendors in obtaining ATOs. 

Don't miss this episode if you're interested in government risk and compliance, selling software to the government, or wonder why it takes so long for the government to get new systems online! 

Chapters: 

00:00 Introduction to ATO Process 

01:29 ATO Process Analogy: Buying a Car 

03:02 Different ATO Processes for Different Agencies 

04:55 Different Risk Tolerance for Different Agencies 

06:10 Challenges in the ATO Process 

08:02 Dealing with Non-Applicable Controls 

09:30 Navigating ATO Process for New Companies 

11:09 Bizarre Situations in ATO Remediation 

12:31 Navigating Compliance and Mitigating Controls 

13:23 Teaching Assessors about System Security 

14:45 Advice for Companies Selling to the Government 

17:23 ATO for On-Prem Software in the Cloud 

19:19 Challenges with Cloud-Based Systems 

21:33 Struggles with FedRAMP Accreditation 

25:02 ATO for Software Providers 

27:09 ATO Challenges for Atlassian Suite 

28:58 Using AWS Infrastructure for On-Premise Jira 

29:57 Challenges in Assessing SAS Applications 

30:36 The Role of Third-Party Assessors 

31:24 Conclusion and Future Topics