The Virtual CISO Podcast

In this episode of The Virtual CISO Podcast, your host, John Verry, sits down with Andrew Frost and Leigh Ronczka of CBIZ Pivot Point Security to discuss the updates needed to successfully transition from ISO27001:2013 to ISO 27001:2022. Join us as we discuss: How simplistic it is for a company to transition to ISO 27001:2022The level of effort required to implement the changesWhat auditors are looking for when organizations make an updateAnd more!If you want to learn more about the realm of cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast. For updates on the state of cybersecurity, digital technology, and more, follow us on LinkedIn, https://www.linkedin.com/company/pivot-point-security/

Tune into an insightful conversation with Jeremy Price, co-leader of a national cybersecurity practice. In this engaging discussion, Jermey explains the updated FTC safeguard rules that went into effect in June and what they’re intended to do. In this episode, your host, John Verry, and Jeremy Price discuss: - The Gramm Leach Bliley Act updates and how that affects financial institutions, and companies that offer things like consumer financial products and services - The extended and new definition of financial institutions - How to determine whether or not your company falls under the new definition of financial institutions and what that means for your business - And more!

Join us for an insightful conversation with Patricia Thaine, Founder and CEO of Private AI, as we delve into the world of artificial intelligence, language models, and data privacy. In this engaging discussion, Patricia sheds light on the transformative potential of AI, particularly language models like GPT-3.5, in various industries. In this episode, your host, John Verry, and Patricia Thaine discuss: how specialized AI models are revolutionizing tasks such as sentiment analysis and personal information identification, all while ensuring data remains private and secure.responsible AI practices and preparing the next generation to harness AI's power responsibly.the potential of AI and the ethical considerations that accompany it.And more!If you want to learn more about the realm of cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms! For weekly updates on the state of cybersecurity, digital technology, and more, follow us on LinkedIn, @pivot-point-security.

In this episode of the "Virtual CISO Podcast," your host John Verry speaks with guest Warren Hylton, a FedRisk consultant at CBIZ Pivot Point Security, to explore recent updates in cybersecurity regulations. The conversation revolves around the Cybersecurity Maturity Model Certification (CMMC) and the updated NIST Special Publication 800-171 (R2 to R3).Join us in this week’s episode as we discuss The potential outcomes of the DOD’s rules package submission to OMBNIST 800-171's Revision 3 updatesThe transition from DoD-led to commercial-led assessments regarding CMMCAnd more!To hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast.Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.

Like many other businesses, law firms are at significant risk of cyber-attack and increasingly are turning to cyber liability insurance (CLI) to transfer some of their cyber risk. But many are being denied coverage or face high premiums due to shortfalls in their cybersecurity controls. In this episode, your host John Verry, CBIZ Pivot Point Security Managing Director, sits down with Jack Liljeberg, Assistant Broker at Thompson Flanagan. Jack helps give business and security leaders in the legal vertical, as well as anyone seeking CLI coverage, a comprehensive update on the state of the CLI marketplace and critical issues to be aware of.In this episode, join us as we discuss: · Whether CLI premiums still increasingly rapidly or have stabilized· Most critical information security controls that businesses need to obtain CLI coverage or avoid onerous premiums· The importance of honesty, accuracy, and plenty of detail in CLI applications· Exemptions and other issues to watch out for in CLI policies· Other insurance coverage types that can bridge gaps in a firm’s CLI coverageTo hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast. Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.

To do wide-scale business within the US federal government, cloud service providers (CSPs) need a FedRAMP ATO. The prospect can be daunting as few CSPs have federal cyber compliance expertise. Misconceptions and misinformation can create additional roadblocks. In this episode, your host John Verry, CBIZ Pivot Point Security Managing Director , sits down with Mike Craig, CEO at Vanaheim Security, who gives clear guidance with business and security leaders on what it takes to get a FedRAMP ATO, including best practices and common mistakes. In this episode, join us as we discuss: • Key considerations to help decide if a FedRAMP ATO is worth pursuing • How long a FedRAMP ATO really takes, how much it really costs, and why • The three stages of the FedRAMP journey • Key participants in the FedRAMP “dance” and how they relate • Huge pros and cons of an agency sponsorship versus the JAB authorization path to a FedRAMP ATO To hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast. Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.

Whatever kind of software application a team is building, the identification and remediation of cybersecurity issues needs to be part of every stage of the software development lifecycle (SDLC). But making that happen takes a wealth of skills and approaches, as well as an eye on compliance and the ability to keep pace with the ever-changing online environment—microservices being a prime example.In this episode, your host John Verry, Pivot Point Security CISO and Managing Partner, sits down with Laura Bell Main, CEO and Founder of SafeStack to give business and security leaders a clear and logical overview of microservice security issues and more. In this episode, join us as we discuss: • What constitutes a microservice architecture and how it relates to other design approaches, languages, and frameworks• The microservice software supply chain and the limitations of a Software Bill of Materials in a microservices context• How using microservices changes the approach of securing an application• How zero trust concepts relate to microservice architectures• How SafeStack is helping to educate developers about application security in organizations of all sizesTo hear this episode and many more like it, we encourage you to subscribe to the Virtual CISO Podcast. Just search for The Virtual CISO Podcast in your favorite podcast player or watch the Podcast on YouTube here. To stay updated with the newest podcast releases, follow us on LinkedIn here.