Cyber Compliance & Beyond

The cyber workforce is as diverse as the challenges it faces. From process designers and behavioral analysts to business strategists and communicators, cybersecurity thrives on a diversity of skill sets. It’s important to understand what it takes to join the field, especially given the current shortage of cybersecurity professionals. In today’s episode, we’re breaking down the misconception that cybersecurity is only for hackers and codebreakers. We’ll dive into why soft skills like communications and organizational collaboration are just as essential as technical skills. We’ll talk...

Cyber Compliance & Beyond

Managing identities may be the most difficult and complex task facing any organization today. Often treated as an afterthought in system development, mishandling identity management can lead to serious consequences. Because identities aren’t just people — they’re also systems and facilities, and managing them effectively requires more than just technology. From powerful service accounts to poorly defined access controls, identity management is the frontline of doing security right. On this episode, we break down the following: Why identity is the most important security function The...

Cyber Compliance & Beyond

What are the real costs of cybersecurity implementation? Spoiler alert: it’s far more complex than it appears on the surface. Cybersecurity is a people and process problem, not a technology problem. Most of implementation costs come in the form of time, effort and coordination throughout the organization. In this episode, we reach back to the classroom for a refresher on how to conduct effective risk analyses. Risk analyses –or risk assessments– are critical tools for guiding smart cybersecurity investments and decisions. They’re the best tool for successfully navigating the...

Cyber Compliance & Beyond

Nothing introduces more complexity to an organization than access control as with access comes privileges. Privileges are needed for many activities within an organization. Couple the need for privileges with the complexity organizational structures and the usual personnel churn and an already complex problem becomes nearly unmanageable. Attackers target credentials for this very reason. Compromising an end-user with no privileges may seem trivial and unlikely to cause harm. However, as we discuss in this episode, if a privileged user logged in on that end-user’s machine, their privileged...

Cyber Compliance & Beyond

Mobile devices have become an extension of ourselves, seamlessly integrated into our daily lives like never before. But as we prioritize convenience—wanting our devices to “just work”—we often overlook security. This episode dives into the growing cybersecurity challenges that come with mobile adoption and what individuals and organizations can do to stay protected. We’ll go over: Why reliance on convenience creates security vulnerabilities (hint: it isn’t primarily vulnerabilities in the technical sense, more in the human sense) Key technical and compliance components driving...

Cyber Compliance & Beyond

Rolling out a new program always comes with challenges and CMMC has been no exception. Fortunately, we’ve moved into the implementation phase, with assessments now underway. This milestone not only helps organizations see the real value of the program but also gives us the chance to address lingering questions and clarify uncertainties that could only be resolved through full implementation. With this progress, we’re encountering fresh challenges and questions we hadn’t anticipated — while still fielding many of the same inquiries we’ve heard from the beginning. The good news? Full...

Cyber Compliance & Beyond

The CMMC training and certification ecosystem is ambitious as it aims to support training material development and certification of both instructors and assessors. It is currently on a path to providing a strong foundation for CMMC as a whole. In this episode our cybersecurity experts dive into the details and nuances of the training and certification requirements in the CMMC ecosystem. Hear them define the terms, discuss the requirements, contrast CMMC training and certification with other compliance frameworks, grapple with challenges and finally address what lies ahead. Joining host Cole...

Cyber Compliance & Beyond

The news about cybercrime is overwhelming to those who fight to secure our organizations. Cybercrime organizations are sophisticated and constantly changing. But there’s a hidden truth in cybercrime attacks: cybercriminals exploit the same weaknesses they’ve been exploiting for years. This should give us some hope; we know where our organizations are weakest, which gives us a good place to start. But these weaknesses are often hard to address. They require not just technical solutions, but a lot of thought, coordination, planning, and continual re-evaluation. Most often thought of as...

Cyber Compliance & Beyond

CMMC’s security requirements are not new. What is new about CMMC is the level of rigor. With the recent publication of the CMMC rule, DoD is ever closer to requiring contractors to comply with CMMC security requirements and back them up with an assessment. The CMMC Rule, like any new regulation, is packed with details. Details that have been rumored, speculated, and drafted. Now that they’re known and final, we’re here to help you see clearer. In today’s episode, our host, Cole French becomes the expert guest. As Director of Cybersecurity Services and CMMC Capability Lead at Kratos,...

Cyber Compliance & Beyond

AI is bringing speed and velocity never seen before. Some studies show that the output is the equivalent to what 35-40 humans can produce. This speed and velocity is applied to countless use cases across just about every economic sector. Cybersecurity compliance is laden with repetitive, redundant, and time-consuming manual tasks. While humans bring nuanced ingenuity and problem-solving capabilities, we are prone to errors, especially across such repetitive, redundant, and time-consuming tasks. Worse, cybersecurity compliance requirements are far from standardized, though there is a tremendous...