Contacts
Info
The Virtual CISO Podcast is a frank discussion that provides the very best information security advice and insights for Security, IT and Business leaders. If you’re looking for the latest...
show more
The Virtual CISO Podcast is a frank discussion that provides the very best information security advice and insights for Security, IT and Business leaders. If you’re looking for the latest strategies, tips, and trends from seasoned information security practitioners, want no-B.S. answers to your biggest security questions, need a perspective on how your peers are addressing the same issues, or just simply want to stay informed and proactive, then welcome to the show. Our moderator, John Verry, chats with industry thought leaders to ensure you have what you need to be confident in your security and compliance. John will keep you informed, and perhaps even mildly entertained, through topics like ISO 27001, breach avoidance, incident response, dealing with pesky security questionnaires, data privacy, and managing vendor risk. Think of it as security… with a smile.
show less
Episodes & Posts
Episodes
Posts
29 APR 2025 · In this episode of the Virtual CISO Podcast, John Verry speaks with Kenny Scott, founder and CEO of Paramify, about the challenges of cyber risk management and the potential of OSCAL (Open Security Controls Assessment Language) in simplifying compliance and documentation processes. They discuss the importance of structured digital communication in security, the complexities of FedRAMP, and how OSCAL can streamline the documentation process, ultimately reducing costs and improving efficiency in security programs. In this conversation, Kenny and John discuss the challenges and strategies for adopting OSCAL (Open Security Controls Assessment Language) in organizations. They explore the importance of understanding data flows for compliance, the role of AI in streamlining compliance processes, and the potential for OSCAL to transform how organizations manage security and compliance documentation. They also touch on the future of OSCAL and its relevance in various compliance frameworks beyond FedRAMP.
6 MAR 2025
11 FEB 2025 · In this episode, John Verry interviews Eric Gumanofsky, Vice President for Product Innovation at Tenable Security, about the concept of Cloud Detection and Response (CDR). They discuss the similarities and differences between CDR and Endpoint Detection and Response (EDR), as well as the integration of CDR into a comprehensive Cloud Native Application Protection (CNAP) solution. They also explore the challenges and benefits of automating response in the cloud and the importance of risk-based decision-making. The conversation highlights the evolving nature of the cloud security space and the need for organizations to stay informed and make informed decisions.
29 JAN 2025 · In this episode, John Verry and Matt Webster discuss the evolving landscape of virtual CISO services, exploring the common pitfalls and failures associated with these projects. They emphasize the importance of clear expectations, the distinction between a virtual CISO and a virtual security team, and the necessity of executive buy-in for successful cybersecurity initiatives. The conversation also highlights the need for specialized expertise in various cybersecurity domains and the challenges of maintaining focus amidst tactical distractions. They explore the tactical challenges organizations face, the importance of redundancy in virtual CISO services, and how breaches can impact these engagements. The discussion emphasizes the need for cultural fit and industry-specific knowledge when hiring a virtual CISO, ensuring organizations can navigate the ever-evolving cybersecurity landscape effectively.
7 JAN 2025 · In this conversation, John Verry interviews Steph Shample, Cybercrime Analyst for DarkOwl, about the dark web and its implications for cybersecurity professionals. They discuss:
- The basics of the dark web, its purpose, and the types of activities that take place there.
- They also explore the value of darknet data for threat intelligence and how it can be used to understand and combat cyber threats.
- Cybersecurity professionals can benefit from understanding the dark web to gain insights into the tactics, techniques, and procedures used by threat actors.
- Additionally, they touch on the evolving nature of cyber attacks and the importance of sharing information within industry-specific groups and the role of tools like Dark Owl in proactively monitoring the dark web.
2 DEC 2024 · In this episode of the Virtual See-So Podcast, host John Verry speaks with Sanjeev Verma, chairman and co-founder of Prevail, about the intricacies of CMMC compliance and the importance of cybersecurity. They discuss:
- The delays in CMMC implementation, key elements of the new regulation, and the importance of being prepared for compliance.
- The complexities of compliance with CMMC regulations, the importance of documentation, and the implications of using cloud services and VDI.
- They emphasize that compliance is an ongoing process requiring annual affirmation and that organizations must be proactive in their cybersecurity measures. T
- They highlight the necessity of flow down requirements and the role of encryption in protecting sensitive data.
17 OCT 2024 · In this episode of The Virtual CISO Podcast, your host John Verry is joined by Mike Craig to break down the differences between FedRAMP, TxRAMP, AZRAMP, and StateRAMP.
Together, they discuss:How the Naoris Protocol establishes decentralized trust for compute endpoints.
- Key distinctions between the RAMP frameworks and how they impact an organization's path to Authorization to Operate (ATO).
- How Organizationally Defined Parameters (ODPs) shape the implementation of controls across different RAMPs.
- The impact of Federal Acquisition Regulations (FAR) on FedRAMP technical architecture and cost recovery.
- Why nearly 60% of FedRAMP projects fail, and how strategic planning can help companies avoid costly mistakes.
- And more!
If you're considering federal cybersecurity compliance or just want to stay ahead in cloud security, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe for more insightful episodes. For updates on cybersecurity, digital technology, and more, follow us on LinkedIn: https://www.linkedin.com/company/pivot-point-security/
23 SEP 2024 · In this episode of The Virtual CISO Podcast, your host, John Verry, sits down with David Carvalho, a cryptography and cybersecurity expert with over 25 years of experience, to explore the next frontier in cybersecurity: decentralized security models and post-quantum cryptography.
- How the Naoris Protocol establishes decentralized trust for compute endpoints.
- The importance of a decentralized security baseline for digital trust.
- Real-world applications in cyber insurance and regulatory compliance.
- The growing threat of quantum computing and the need for post-quantum security.
- And more!
If you're considering federal cybersecurity compliance or just want to stay ahead in cloud security, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe for more insightful episodes. For updates on cybersecurity, digital technology, and more, follow us on LinkedIn: https://www.linkedin.com/company/pivot-point-security/posts/?feedView=all
21 AUG 2024
11 JUL 2024 · In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with Aviv Grafi, CTO and founder of Votiro, as they discuss innovative solutions to combat business email compromise. Join us as we discuss:
- The mechanisms of business email compromise
- How malicious files are used in cyberattacks
- The limitations of traditional security methods
- The benefits of malicious file reconstruction technology
And more! If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast. For updates on cybersecurity, digital technology, and more, follow us on LinkedIn:https://www.linkedin.com/company/pivot-point-security/
The Virtual CISO Podcast is a frank discussion that provides the very best information security advice and insights for Security, IT and Business leaders. If you’re looking for the latest...
show more
The Virtual CISO Podcast is a frank discussion that provides the very best information security advice and insights for Security, IT and Business leaders. If you’re looking for the latest strategies, tips, and trends from seasoned information security practitioners, want no-B.S. answers to your biggest security questions, need a perspective on how your peers are addressing the same issues, or just simply want to stay informed and proactive, then welcome to the show. Our moderator, John Verry, chats with industry thought leaders to ensure you have what you need to be confident in your security and compliance. John will keep you informed, and perhaps even mildly entertained, through topics like ISO 27001, breach avoidance, incident response, dealing with pesky security questionnaires, data privacy, and managing vendor risk. Think of it as security… with a smile.
show less
Information
| Author | John Verry |
| Organization | CBIZ Pivot Point Security |
| Categories | Technology |
| Website | www.spreaker.com |
| - |
Copyright 2025 - Spreaker Inc. an iHeartMedia Company
