Best Hitrust Podcasts (2025)

1
What's Next for GRC Academy and Jacob Hill 3:50

Play Pause

5d ago3:50

3:50

I have an incredible announcement to share! 👀 Before that though, let me share some of my history with you. Back in 2016, I started a side-business called TEKFused LLC focused on web design/hosting. Fast forward to 2022, I launched GRC Academy, and since then I’ve released 3 CMMC courses, released 50+ podcast episodes, and partnered with some amazi…

1
EP 152: Granular, Persistent, Zero Trust: The Case for File-Level Security 37:18

29d ago37:18

37:18

By John Verry

1
EP 151: Trust, But Verify: How HITRUST is Reshaping Assurance 45:29

2M ago45:29

45:29

In this episode of the Virtual CISO Podcast, host John Verry and guest Chris Schaeffer discuss the HITRUST framework, its evolution, and its significance in the cybersecurity landscape. They delve into the Common Security Framework (CSF), the different assessment models (E1, I1, R2), and how HITRUST compares to other frameworks like SOC 2 and ISO 2…

1
The Business Case for CMMC - Surviving DOGE 52:53

3M ago52:53

52:53

CMMC certification could be the key to surviving DOGE cuts! 👀 In this episode, I’m joined by Derek Kernus of Aethon Security to discuss the business case for CMMC! This episode was really refreshing to me. Yes, our discussions about deep CMMC topics are important, but learning how to convince your company leadership to make the CMMC investment is e…

1
The Compliance Playbook to Cybersecurity 31:43

3M ago31:43

31:43

"Compliance is the security referee - frameworks are the playbooks." In this episode, I’m joined by Tim Golden, Founder of Compliance Scorecard, to unpack the misunderstood, and mission-critical world of cyber GRC. Tim shares what he’s learned from decades of hands-on work - from implementing NIST frameworks before “GRC” was even a term, to helping…

1
Can You Trust Your Eyes? Deepfakes, Self-Healing Systems, and AI Risks You’re Not Seeing 28:13

3M ago28:13

28:13

In this episode of Cybersecurity Sense, host Mark Burnette sits down with Andy Kerr and Kyle Hinterberg for a sharp, insightful look at the real-world impacts of artificial intelligence on cybersecurity. From the alarming rise in deepfake attacks to the evolving landscape of PCI compliance, the trio dives into the current hot topics keeping cyberse…

1
How HITRUST Fixes What’s Broken in Cybersecurity Compliance 55:46

4M ago55:46

55:46

Cybersecurity frameworks can learn a lot from HITRUST. In this episode, Ryan Patrick of HITRUST explains how HITRUST approaches the assurance problem, from centralizing the certification process to frequent updates to the control sets based on threat data. I barely knew anything about HITRUST going in, but it’s clear they’re tackling the cybersecur…

1
CUI Masterclass with Ryan Bonner 51:04

4M ago51:04

51:04

"Outread the others" - that's how Ryan Bonner mastered CUI. If you're confused about Controlled Unclassified Information (CUI) - you're not alone. Many defense contractors (not to mention DoD themselves) misunderstand what is CUI, where it comes from, and how to handle it. In this episode, Ryan Bonner, CEO of DEFCERT, gives a masterclass in underst…

1
Ep 150: Is OSCAL the Future of Security Documentation (& FedRAMP)? 46:47

5M ago46:47

46:47

In this episode of the Virtual CISO Podcast, John Verry speaks with Kenny Scott, founder and CEO of Paramify, about the challenges of cyber risk management and the potential of OSCAL (Open Security Controls Assessment Language) in simplifying compliance and documentation processes. They discuss the importance of structured digital communication in …

1
Small Business Achieves CMMC Level 2 Certification: Reynolds Construction's DIY Success Story 36:29

5M ago36:29

36:29

HR guy leads his company to CMMC level 2 certification! 👀 In this episode I’m joined by Eric Fields of Reynolds Construction to learn how he led his business to CMMC level 2 certification! I call him "Eric the Great" - you'll see why in a moment. Eric's background was in HR and business operations. He had no background in IT or cybersecurity. They …

1
[Webinar] What You Can Expect from a HITRUST Assessment 40:14

5M ago40:14

40:14

In this webinar, Matt Halbleib (Director of Assessments) and Lee Pierce (Director of HITRUST Sales) will discuss: How to determine which HITRUST Assessment type to choose How to prepare for a HITRUST Validation Assessment What to expect from a SecurityMetrics HITRUST Assessment Ready to discuss your HITRUST needs? Request a quote here. Read our new…

1
The FASTEST Way to CMMC Compliance - CUI Enclaves 58:20

5M ago58:20

58:20

CMMC rolls out in a few months and there are STILL companies who are JUST getting started! In this episode I’m joined by Daniel Akridge of Summit 7 to talk about the real challenges facing the Defense Industrial Base - and the FASTEST path to CMMC certification. To CUI Enclave, or not to CUI enclave - that is the question! 👉 Here are some of the hi…

1
CMMC Will BREAK Your MSP - Axiom's CMMC Level 2 Journey 1:32:14

6M ago1:32:14

1:32:14

“We built a second company from scratch…” Is that what it takes for MSPs to get CMMC'd!?! 👀 In this episode I’m joined by Bobby Guerra and Kaleigh Floyd from Axiom, an IT Managed Service Provider (MSP). They explain exactly what it took to achieve CMMC level 2 certification - after 4 years of effort. Most MSPs aren’t ready for CMMC. Many believe it…

1
The Future of AI Security: Legacy AI, Emerging Risks & Business Impact 39:02

6M ago39:02

39:02

Cybersecurity is evolving, and so is our podcast! 🎙️ New hosts Andy Kerr and Kyle Hinterberg discuss their backgrounds and the a new, broader focus for the podcast—expanding beyond PCI compliance to cover real-world cybersecurity trends. In this episode, you'll learn about the evolution of security challenges and the growing impact of AI in cyberse…

1
CMMC Level 2 Assessments - What to Expect and How to Avoid Disaster 35:44

6M ago35:44

35:44

Preparing for a CMMC assessment, but don't know what to expect? Get ready to learn from CMMC Lead Assessor Fernando Machado as he explains EXACTLY what happens in each phase of the CMMC assessment process! Fernando is the Managing Principal of Cybersec Investments which is an authorized C3PAO. Fernando has been involved with CMMC starting in 2020 a…

1
Ep 149: Unlocking the Future: Passkeys and Passwordless Authentication with Anna Pobletts 40:58

6M ago40:58

40:58

By John Verry

1
CMMC Mistakes COST Villa-Tech $485,000 54:08

7M ago54:08

54:08

🔥 "I Could Have Saved $300K on CMMC!" 🔥 Miguel is the founder of Villa-Tech, a small but powerful tech company that is breaking into the defense contracting space. Miguel shares a raw and honest look at the costly missteps, lessons learned, and strategies that could save small businesses hundreds of thousands of dollars preparing for CMMC certifica…

1
Episode 148: Cloud Detection & Response 37:24

7M ago37:24

37:24

In this episode, John Verry interviews Eric Gumanofsky, Vice President for Product Innovation at Tenable Security, about the concept of Cloud Detection and Response (CDR). They discuss the similarities and differences between CDR and Endpoint Detection and Response (EDR), as well as the integration of CDR into a comprehensive Cloud Native Applicati…

1
CMMC Compliance in AWS Cloud Just Got a LOT Easier 29:16

7M ago29:16

29:16

CMMC and DFARS compliance is hard - especially in the cloud. Got AWS? They've given you tools that make compliance much easier! In this episode, I sit down with Travis Goldbach from Amazon Web Services (AWS) to break down the solutions AWS has created to simplify CMMC and DFARS compliance. 👉 Here are some highlights: AWS compliance automation - red…

1
Episode 147: Why vCISO Engagements Fail 59:02

7M ago59:02

59:02

In this episode, John Verry and Matt Webster discuss the evolving landscape of virtual CISO services, exploring the common pitfalls and failures associated with these projects. They emphasize the importance of clear expectations, the distinction between a virtual CISO and a virtual security team, and the necessity of executive buy-in for successful…

1
Episode 146: Dark Web Monitoring 47:11

8M ago47:11

47:11

In this conversation, John Verry interviews Steph Shample, Cybercrime Analyst for DarkOwl, about the dark web and its implications for cybersecurity professionals. They discuss: The basics of the dark web, its purpose, and the types of activities that take place there. They also explore the value of darknet data for threat intelligence and how it c…

1
CMMC 2.0 Is FINALLY Here - What Happens Next (with Stacy Bostjanick) 1:07:48

8M ago1:07:48

1:07:48

It’s been a long and wild ride on this #cmmc ship! ⛵ In this episode, I speak with Stacy Bostjanick who is the Director of the CMMC program at DoD CIO! Here are some highlights from the episode: Expectations for the initial phase in of CMMC Who determines CMMC levels for contracts? How will CMMC waivers work? Criteria for CMMC level 2 self-assessme…

1
CMMC Disaster: What MSPs Aren't Telling You 47:28

9M ago47:28

47:28

Your MSP could be a CMMC disaster. 💥💣💥 I wish I was joking. In this episode I speak with Joy Beland about the critical role IT Managed Service Providers (MSPs) play in the CMMC space and why so many of them will cause their clients to fail their CMMC assessments. Here are some of the highlights: The NEW critical CMMC requirement for MSPs Why so man…

1
Healthcare Cybersecurity: Lives are at Stake 34:48

9M ago34:48

34:48

Should you NEVER pay after a ransomware attack? In this episode I speak with Frank Riccardi about cybersecurity in healthcare and the event that triggered much more cyber accountability for the C-suite. Here are some of the highlights: Why healthcare workers are prone to social engineering attacks Reasons you SHOULD and should NOT pay after ransomw…

1
My MSP Was Hacked - Should I Fire Them? 52:47

9M ago52:47

52:47

Should you fire your MSP?!? 🔥🔥🔥 In this episode, I speak with cybersecurity attorney Sarah Anderson about how to evaluate IT Managed Service Providers and how businesses can protect themselves when relying on them. Here are some of the highlights: How you should evaluate MSPs What to do after your MSP is hacked Managing the cyber incident Cyber ins…

1
New to PCI Compliance? Get the Support You Need | SecurityMetrics Podcast 106 44:21

9M ago44:21

44:21

Learn more about cyber risks for small businesses: Are you a small-medium business owner? Did you just get a message from your bank telling you to call SecurityMetrics? Are you worried about having a bad experience? Do you know what PCI even means? This episode is for you. Learn how SecurityMetrics can help you navigate this regulatory landscape. W…

1
Episode 145: CMMC: The Final Rule 56:38

9M ago56:38

56:38

In this episode of the Virtual See-So Podcast, host John Verry speaks with Sanjeev Verma, chairman and co-founder of Prevail, about the intricacies of CMMC compliance and the importance of cybersecurity. They discuss: The delays in CMMC implementation, key elements of the new regulation, and the importance of being prepared for compliance. The comp…

1
SOC 2 Compliance: ALL The Essentials Simplified 22:16

10M ago22:16

22:16

SOC 2 isn't the only SOC out there! 🧦 In this episode Cera Adams breaks down these SOC reports and what to expect in a SOC audit! Here are a few highlights from this episode: Why CPAs are involved What SOC 1 / SOC 2 / SOC 3 reports mean to providers and consumers Difference between SOC 2 Type 1 and Type 2 reports How SOC scoping and audits work SOC…

1
Android Security Masterclass: What Every Cyber GRC Team Must Know 1:20:55

10M ago1:20:55

1:20:55

Do you use Android at work, but don't really understand it? In this episode Hahna Kane Latonick teaches an Android cybersecurity masterclass for cyber GRC teams: Here are a few highlights from this episode: How the Android project is managed How Android devices are compromised The many steps to update Android devices Most important steps to secure …

1
Penn State Cybersecurity False Claims Scandal: Meet the Whistleblower 44:24

10M ago44:24

44:24

Introducing the Penn State Whistleblower. In this episode, the whistleblower explains how he tried to stop Penn State from misrepresenting their NIST 800-171 compliance to the DoD and what he has faced since he blew the whistle! Whistleblower attorney Julie Bracker also shares what the media got wrong in this case and the latest on the Georgia Tech…

1
Microsoft 365 GCC High: The Inside Story with Richard Wakeman 1:02:05

10M ago1:02:05

1:02:05

Confused about Microsoft 365 and DFARS/CMMC compliance? In this episode, I speak with Richard Wakeman, Chief Architect for cybersecurity of Aerospace & Defense @ Microsoft! We discuss the history of the government clouds, the need behind GCC and GCC High, and much more! Here are some highlights: The origins of the Microsoft clouds Which clouds supp…

1
MSP Cyber Exchange: Shield Your MSP from Hackers (MSPCyberX) 15:38

11M ago15:38

15:38

Is your MSP a cybersecurity liability? In this episode, I speak with Brian Hubbard, President of Evolved Cyber Solutions and the MSP Cybersecurity Exchange! We discuss the state of MSP cybersecurity and how MSPCyberX is elevating the security posture of MSPs everywhere! Here are some highlights: Why MSPs are so critical to our nation's security The…

1
Are you ready for the ecommerce security storm? A buyer’s guide to PCI DSS 11.6.1 and 6.4.3 1:24:59

11M ago1:24:59

1:24:59

Join us on this extra long episode as SecurityMetrics experts Jen Stone, Gary Glover, Aaron Willis and Chad Horton dive deep into the evolving landscape of PCI compliance for e-commerce businesses. With the deadline for PCI 4.0 rapidly approaching, understanding the new requirements for e-commerce is crucial. In this episode, our panelists discuss:…

1
Episode 144: TxRAMP or StateRAMP or AZRAMP or FedRAMP? What’s right for your company? 53:20

11M ago53:20

53:20

In this episode of The Virtual CISO Podcast, your host John Verry is joined by Mike Craig to break down the differences between FedRAMP, TxRAMP, AZRAMP, and StateRAMP. Together, they discuss:How the Naoris Protocol establishes decentralized trust for compute endpoints. Key distinctions between the RAMP frameworks and how they impact an organization…

1
FREE CMMC Cybersecurity Services You NEED to Know About! 17:43

12M ago17:43

17:43

FREE CMMC gap assessments!! FREE penetration tests!! FREE SOC & incident response!! This is a hidden CMMC treasure that no one's talking about! In this episode, I speak with Darren Mott about the FREE cybersecurity services offered to the DIB by the National Cybersecurity Operations Center! Here are some of the FREE services they offer: CMMC gap as…

1
Cybersecurity for Families: A Parent-Child Guide to Online Safety | SecurityMetrics Podcast 104 27:27

12M ago27:27

27:27

Download the guide: https://www.cisecurity.org/insights/white-papers/from-both-sides-a-parental-guide-to-protecting-your-childs-online-activity Are you a parent looking for guidance on how to keep kids safe online? Join us for a candid conversation with Sean Atkinson, CISO at the Center for Internet Security, and his daughter, Emma, as they discuss…

1
Mastering GRC - What I Learned from Big Tech! (with Kenneth Moras) 31:09

12M ago31:09

31:09

Want a high paying job in GRC? Want to build a powerful GRC team? In this episode, I spoke with Kenneth Moras, Security GRC Lead at Plaid. Kenneth has worked in critical GRC roles in big tech companies like Adobe and Meta! He was heavily involved in the cyber response to international regulators after severe breaches. Here are some highlights: What…

1
Episode 143: Is Decentralized Proof of Security Leveraging Blockchain the future of Cybersecurity? 49:46

12M ago49:46

49:46

In this episode of The Virtual CISO Podcast, your host, John Verry, sits down with David Carvalho, a cryptography and cybersecurity expert with over 25 years of experience, to explore the next frontier in cybersecurity: decentralized security models and post-quantum cryptography. How the Naoris Protocol establishes decentralized trust for compute e…

1
Digital Identity Wallets: How They Work and What Big Tech Is Hiding 25:58

1y ago25:58

25:58

Throw away your plastic driver's license - digital IDs have entered the chat! In this episode, I spoke with Dr. Paul Ashley, the CTO of Anonyome Labs. Paul explains how widespread online surveillance is, the evolution of digital identity from centralized to decentralized models, how digital wallets work, and what big tech doesn't want you to know! …

1
Building a Resilient Healthcare System: A Cybersecurity Blueprint | SecurityMetrics Podcast Ep 103 38:29

1y ago38:29

38:29

Links from the episode: https://405d.hhs.gov/ Discover the latest trends and threats in healthcare cybersecurity. This episode explores the real-world impact of cyberattacks on patient care, the vulnerabilities of medical devices, and the strategies organizations can implement to protect their sensitive data. Request a Quote for a PCI Audit ► https…

1
Georgia Tech Cybersecurity False Claims Scandal: Meet the Whistleblowers 41:35

1y ago41:35

41:35

Introducing the Georgia Tech Whistleblowers. In this episode, the whistleblowers explain how they tried to stop Georgia Tech from allegedly LYING to the government about their NIST 800-171 compliance and what they have faced since they blew the whistle! Whistleblower attorney Julie Bracker also shares what could come next and how much Georgia Tech …

1
Zero Trust - It's Way Easier Than You Think with John Kindervag 31:45

1y ago31:45

31:45

Zero Trust is NOT complicated! Don't believe me? Let me introduce you to its creator! In this episode, Jacob speaks with John Kindervag, the creator of Zero Trust. John is the Chief Evangelist at Illumio where he accelerates awareness and adoption of Zero Trust Segmentation. In the episode he shares the origin story of Zero Trust starting with his …

1
Which SAQ type is right for my business? | SecurityMetrics Podcast Ep 102 32:02

1y ago32:02

32:02

Confused about PCI DSS compliance standards? This video breaks down each available SAQ type, including: SAQ-A, SAQ P2PE-HW, SAQ D for Service Providers, and the newly introduced SAQ SPoC for PCI DSS 4.0. Learn which one is right for your business based on your payment processing environment. Learn about: Different SAQ types for merchants Eligibilit…

1
The Cisco Whistleblower - The First Settled Cybersecurity False Claims Act (FCA) Lawsuit 26:30

1y ago26:30

26:30

Introducing the Cisco Whistleblower. In this episode, Jacob speaks with lawyer Hamsa Mahendranathan about the FIRST cybersecurity False Claims Act (FCA) lawsuit that reached a settlement! This goes all the way back to 2008 believe it or not… The lawsuit was FINALLY settled in 2019! As we all know, the DoJ has intervened in the Georgia Tech NIST 800…

1
Episode 142: CNAPP - Secure Cloud Apps in a Snap 43:06

1y ago43:06

43:06

By John Verry

1
CMMC and Manufacturing with Daniel Stark 25:43

1y ago25:43

25:43

Think your users are resistant to CMMC? You ain't seen nothin' yet! In this episode, Jacob speaks with Daniel Stark of Meerkat Cyber about the unique CMMC compliance challenges in a manufacturing environment. Here are some highlights: Daniel's experience running IT in a family-owned manufacturing shop How Controlled Unclassified Information (CUI) f…

1
Farm to… DevOps?: How anyone can grow into a tech career | SecurityMetrics Podcast Ep 101 36:08

1y ago36:08

36:08

Join Jen Stone as she chats with DevOps engineer and Day Two DevOps podcaster Kyler Middleton about her unique journey from a rural upbringing to becoming a DevOps expert. Discover how Kyler's passion for teaching led her to a career in technology, and learn about the importance of automation and documentation in building secure and efficient cloud…

1
Insights on NIST 800-171 Joint Surveillance Voluntary Assessments (JSVA) from IntelliGRC 27:40

1y ago27:40

27:40

So… How do I get a CMMC’d early? In this episode, Jacob speaks with Steven Molter of IntelliGRC about his experiences helping IntelliGRC clients complete NIST 800-171 Joint Surveillance Voluntary Assessments (JSVAs). Here are some highlights: The JSVA process & how to request one The different teams within DIBCAC The challenge of subjectivity durin…