The Virtual CISO Podcast

The Virtual CISO Podcast

John Verry
Země Spojené státy
Žánry Technologie
Jazyk EN
Epizody 160
Nejnovější 10.06.2026

The Virtual CISO Podcast offers frank discussions on information security, providing advice and insights for security, IT, and business leaders. Host John Verry chats with industry thought leaders about topics like ISO 27001, breach avoidance, incident response, data privacy, and vendor risk management. The show aims to keep listeners informed and proactive with a touch of humor.

Epizody

  • Episode 159: The New Security Stack: Doors, Data, and AI With Jeffrey Friedman 10.06.2026 41min
  • Episode 158: AI Is Increasing Your Cyber Risk – Can It Also Reduce It? With Mike Armistead 28.04.2026 45min
  • Episode 157: AI Security: Testing, Exploits, and Threat Feeds With Marco Figueroa 03.04.2026 50min
  • Episode 156: AI Security: Threat Modeling & Pipeline Evolution with Jason Rebholz 25.02.2026 48min
  • Episode 155: Incident Response Testing in Cloud Forward Organizations with Matt Lea 17.12.2025 30min
  • Ep 154: How DORA Will Impact US Companies with Dejan Kosutic 06.11.2025 33min
  • Ep 153: Inside ISO 42001: The Future of AI Governance with Danny Manimbo 22.09.2025 40min
  • EP 152: Granular, Persistent, Zero Trust: The Case for File-Level Security 12.08.2025 37min
  • EP 151: Trust, But Verify: How HITRUST is Reshaping Assurance 01.07.2025 45min
    In this episode of the Virtual CISO Podcast, host John Verry and guest Chris Schaeffer discussthe HITRUST framework, its evolution, and its significance in the cybersecurity landscape. Theydelve into the Common Security Framework (CSF), the different assessment models (E1, I1,R2), and how HITRUST compares to other frameworks like SOC 2 and ISO 27001. Theconversation also touches on the future of HITRUST, including potential reciprocity with otherstandards and the impact of emerging technologies like AI.
  • Ep 150: Is OSCAL the Future of Security Documentation (& FedRAMP)? 29.04.2025 46min
    In this episode of the Virtual CISO Podcast, John Verry speaks with Kenny Scott, founder and CEO of Paramify, about the challenges of cyber risk management and the potential of OSCAL (Open Security Controls Assessment Language) in simplifying compliance and documentation processes. They discuss the importance of structured digital communication in security, the complexities of FedRAMP, and how OSCAL can streamline the documentation process, ultimately reducing costs and improving efficiency in security programs. In this conversation, Kenny and John discuss the challenges and strategies for adopting OSCAL (Open Security Controls Assessment Language) in organizations. They explore the importance of understanding data flows for compliance, the role of AI in streamlining compliance processes, and the potential for OSCAL to transform how organizations manage security and compliance documentation. They also touch on the future of OSCAL and its relevance in various compliance frameworks beyond FedRAMP. 
  • Ep 149: Unlocking the Future: Passkeys and Passwordless Authentication with Anna Pobletts 06.03.2025 40min
  • Episode 148: Cloud Detection & Response 11.02.2025 37min
    In this episode, John Verry interviews Eric Gumanofsky, Vice President for Product Innovation at Tenable Security, about the concept of Cloud Detection and Response (CDR). They discuss the similarities and differences between CDR and Endpoint Detection and Response (EDR), as well as the integration of CDR into a comprehensive Cloud Native Application Protection (CNAP) solution. They also explore the challenges and benefits of automating response in the cloud and the importance of risk-based decision-making. The conversation highlights the evolving nature of the cloud security space and the need for organizations to stay informed and make informed decisions. 
  • Episode 147: Why vCISO Engagements Fail 29.01.2025 59min
    In this episode, John Verry and Matt Webster discuss the evolving landscape of virtual CISO services, exploring the common pitfalls and failures associated with these projects. They emphasize the importance of clear expectations, the distinction between a virtual CISO and a virtual security team, and the necessity of executive buy-in for successful cybersecurity initiatives. The conversation also highlights the need for specialized expertise in various cybersecurity domains and the challenges of maintaining focus amidst tactical distractions. They explore the tactical challenges organizations face, the importance of redundancy in virtual CISO services, and how breaches can impact these engagements. The discussion emphasizes the need for cultural fit and industry-specific knowledge when hiring a virtual CISO, ensuring organizations can navigate the ever-evolving cybersecurity landscape effectively. 
  • Episode 146: Dark Web Monitoring 07.01.2025 47min
    In this conversation, John Verry interviews Steph Shample, Cybercrime Analyst for DarkOwl, about the dark web and its implications for cybersecurity professionals. They discuss: The basics of the dark web, its purpose, and the types of activities that take place there. They also explore the value of darknet data for threat intelligence and how it can be used to understand and combat cyber threats.  Cybersecurity professionals can benefit from understanding the dark web to gain insights into the tactics, techniques, and procedures used by threat actors. Additionally, they touch on the evolving nature of cyber attacks and the importance of sharing information within industry-specific groups and the role of tools like Dark Owl in proactively monitoring the dark web.  
  • Episode 145: CMMC: The Final Rule 02.12.2024 56min
    In this episode of the Virtual See-So Podcast, host John Verry speaks with Sanjeev Verma, chairman and co-founder of Prevail, about the intricacies of CMMC compliance and the importance of cybersecurity. They discuss: The delays in CMMC implementation, key elements of the new regulation, and the importance of being prepared for compliance.  The complexities of compliance with CMMC regulations, the importance of documentation, and the implications of using cloud services and VDI.  They emphasize that compliance is an ongoing process requiring annual affirmation and that organizations must be proactive in their cybersecurity measures. T They highlight the necessity of flow down requirements and the role of encryption in protecting sensitive data. 
  • Episode 144: TxRAMP or StateRAMP or AZRAMP or FedRAMP? What’s right for your company? 17.10.2024 53min
    In this episode of The Virtual CISO Podcast, your host John Verry is joined by Mike Craig to break down the differences between FedRAMP, TxRAMP, AZRAMP, and StateRAMP.Together, they discuss:How the Naoris Protocol establishes decentralized trust for compute endpoints. Key distinctions between the RAMP frameworks and how they impact an organization's path to Authorization to Operate (ATO).How Organizationally Defined Parameters (ODPs) shape the implementation of controls across different RAMPs.The impact of Federal Acquisition Regulations (FAR) on FedRAMP technical architecture and cost recovery.Why nearly 60% of FedRAMP projects fail, and how strategic planning can help companies avoid costly mistakes. And more!If you're considering federal cybersecurity compliance or just want to stay ahead in cloud security, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe for more insightful episodes. For updates on cybersecurity, digital technology, and more, follow us on LinkedIn: https://www.linkedin.com/company/pivot-point-security/
  • Episode 143: Is Decentralized Proof of Security Leveraging Blockchain the future of Cybersecurity? 23.09.2024 49min
    In this episode of The Virtual CISO Podcast, your host, John Verry, sits down with David Carvalho, a cryptography and cybersecurity expert with over 25 years of experience, to explore the next frontier in cybersecurity: decentralized security models and post-quantum cryptography.How the Naoris Protocol establishes decentralized trust for compute endpoints. The importance of a decentralized security baseline for digital trust.Real-world applications in cyber insurance and regulatory compliance.The growing threat of quantum computing and the need for post-quantum security.And more!If you're considering federal cybersecurity compliance or just want to stay ahead in cloud security, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe for more insightful episodes. For updates on cybersecurity, digital technology, and more, follow us on LinkedIn: Pivot Point Security.
  • Episode 142: CNAPP - Secure Cloud Apps in a Snap 21.08.2024 43min
  • Episode 141: Stopping Business Email Compromise with a Novel Malicious File Reconstruction Approach 11.07.2024 38min
    In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with Aviv Grafi, CTO and founder of Votiro, as they discuss innovative solutions to combat business email compromise. Join us as we discuss:The mechanisms of business email compromise How malicious files are used in cyberattacks The limitations of traditional security methods The benefits of malicious file reconstruction technologyAnd more! If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast. For updates on cybersecurity, digital technology, and more, follow us on LinkedIn:https://www.linkedin.com/company/pivot-point-security/
  • Episode 140: DIB/CMMC Cybersecurity – Interesting Observations from a Significant Study 27.06.2024 47min
    Join us for an engaging episode of the Virtual CISO Podcast with host John Verry. This episode features Chris Petersen, co-founder of LogRhythm and current CEO of Radical. Chris brings over two decades of experience in cybersecurity, offering deep insights into the industry's challenges and advancements. In this episode, we'll explore: - The surprising results from Radical’s DIB Cybersecurity Survey, including the incongruity between high self-assessed security skills and other survey responses. - The critical issue of poor scoping in System Security Plans (SSPs) and its impact on the effectiveness of security monitoring within the Defense Industrial Base (DIB). - The paradox of organizations delaying CMMC certification despite acknowledging the lengthy process and the looming enforcement deadline.If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast. For updates on the state of cybersecurity, digital technology, and more, follow us on LinkedIn, https://www.linkedin.com/company/pivot-point-security/

Oblíbený v

Tento podcast se objevuje také v podcastových žebříčcích těchto zemí.