This week on The Encrypted Economy, my guest is John Verry. John is the Founder of Pivot Point Security, as well as the host of his own podcast called The Virtual CISO. He helps organizations of all shapes and sizes become certified in accordance with leading security frameworks like ISO 27001, and the new CMMC standard. John also specializes in reading the tea leaves when it comes to the futures of third-party risk management, and information security as a whole. It was a pleasure to talk to him about common security misconceptions and the potential for CMMC to unify the framework landscape. Do not miss this episode of The Encrypted Economy and keep an eye on The Virtual CISO Podcast where I will be making my own guest appearance!
Topics Covered
- John’s Background
- Working for Small vs Large Clients
- Changing Attitudes in Organizational Security
- Product vs Framework vs Technically Focused Organizations
- The False Sense of Security Brought by Tools
- The Importance of CMMC
- IntegratingTheFramework Landscape
- The Path Towards a Unified Framework
- Adding Privacy to the Equation
Resource List
- John’s LinkedIn
- Pivot Point Security Website
- The Virtual CISO Podcast
- NYS DFS Cybersecurity
- 20 CIS Controls and Resources
- CIS Critical Security Controls
- Office 365 Security and Compliance
- The CMMC
- ISO 27001
- NIST Cybersecurity Framework
- NIST SP 800-171
- What is CUI?
- DOD’s New CMMC Requirement
- GSA Polaris Draft
- Defense Federal Acquisition Regulation Supplement (DFARS)
- SOC 1
- SOC 2
- FedRamp
- FAIR Risk Management Framework
- NIST Privacy Framework
- California SB 327