Cyber Compliance & Beyond

In this Q&A-style episode, we revisit the CMMC landscape following the implementation of the rule and the finalization of the Title 48 procurement rule. We break down what’s changed, how CMMC requirements are phased into contracts and most importantly, the types of CMMC services available to help you take your next best step. We dive into boundary identification and definition, gap analysis/assessment, documentation support, readiness assessments, and formal Level 2 C3PAO assessments, along with key questions you should ask service providers to avoid confusion and unnecessary costs....

Cyber Compliance & Beyond

In this episode, we take a practical look at how cyber insurance fits into the broader world of organizational risk. While we often talk about risk from a security and compliance perspective, insurance brings its own lens, which has become increasingly important as threats evolve, and claims grow more complex. Today’s guest, Mark Westcott, President & CEO of ACNB Insurance, breaks down the types of risks insurers care about most, how cyber policies are shaped and the key factors that influence underwriting decisions. We also explore how compliance frameworks and certifications play into...

Cyber Compliance & Beyond

There’s no shortage of cybersecurity tools, but most compromises don’t happen because of technology failures, they happen because of a failure in organizational processes. In today’s episode, we explore how penetration testing and red teaming expose the people, processes and operational weaknesses that technology alone cannot. We discuss why security is ultimately a people problem, why organizations struggle to identify their own blind spots and how offensive testing reveals hidden vulnerabilities that technologies alone miss. In today’s broad ranging episode, we cover the following: ...

Cyber Compliance & Beyond

In this episode, we dive into Zero Trust and how organizations can put it into practice. With the rise of cloud computing, traditional on-prem networking architectures began to fade. Yet the need for strong security never went away – it evolved. That’s where Zero Trust comes in. At its core, Zero Trust isn’t just about technology. It’s about people, access, and trust – starting with the principle that no one is trusted by default. Tune in to learn: Why Zero Trust is more of a mindset and not a technology or set of technologies The challenges organizations face when adopting it How...

Cyber Compliance & Beyond

Waste, fraud, and abuse. These three words usually make headlines when government resources are misused on a massive scale. But the truth is, efforts to eliminate waste, fraud, and abuse extend far beyond the headline-grabbing cases. In this episode, our experts explore how the government combats waste, fraud, and abuse, and why cybersecurity is now front and center in the conversation. Over the past 40 years, federal agencies have increasingly relied on contractors, which has in turn increased the need for enforcement mechanisms to combat waste, fraud, and abuse. This episode goes over: The...

Cyber Compliance & Beyond

Email remains the most common form of non-verbal communication in organizations worldwide. It’s where our professional and personal lives often collide – making it a prime target for malicious actors. While the junk mail of the digital age – spam – has mostly faded into the background, the threats haven’t gone away. In fact, they’ve grown far more sophisticated. Our experts explore how email threats evolved from basic to spam to today’s complex phishing campaigns, spear phishing, whaling, and business email compromise. These attacks target people first – exploiting human...

Cyber Compliance & Beyond

The cyber workforce is as diverse as the challenges it faces. From process designers and behavioral analysts to business strategists and communicators, cybersecurity thrives on a diversity of skill sets. It’s important to understand what it takes to join the field, especially given the current shortage of cybersecurity professionals. In today’s episode, we’re breaking down the misconception that cybersecurity is only for hackers and codebreakers. We’ll dive into why soft skills like communications and organizational collaboration are just as essential as technical skills. We’ll talk...

Cyber Compliance & Beyond

Managing identities may be the most difficult and complex task facing any organization today. Often treated as an afterthought in system development, mishandling identity management can lead to serious consequences. Because identities aren’t just people — they’re also systems and facilities, and managing them effectively requires more than just technology. From powerful service accounts to poorly defined access controls, identity management is the frontline of doing security right. On this episode, we break down the following: Why identity is the most important security function The...

Cyber Compliance & Beyond

What are the real costs of cybersecurity implementation? Spoiler alert: it’s far more complex than it appears on the surface. Cybersecurity is a people and process problem, not a technology problem. Most of implementation costs come in the form of time, effort and coordination throughout the organization. In this episode, we reach back to the classroom for a refresher on how to conduct effective risk analyses. Risk analyses –or risk assessments– are critical tools for guiding smart cybersecurity investments and decisions. They’re the best tool for successfully navigating the...

Cyber Compliance & Beyond

Nothing introduces more complexity to an organization than access control as with access comes privileges. Privileges are needed for many activities within an organization. Couple the need for privileges with the complexity organizational structures and the usual personnel churn and an already complex problem becomes nearly unmanageable. Attackers target credentials for this very reason. Compromising an end-user with no privileges may seem trivial and unlikely to cause harm. However, as we discuss in this episode, if a privileged user logged in on that end-user’s machine, their privileged...