Best Pivot Point Security Podcasts (2025)

1
EP 151: Trust, But Verify: How HITRUST is Reshaping Assurance 45:29

21d ago45:29

45:29

In this episode of the Virtual CISO Podcast, host John Verry and guest Chris Schaeffer discuss the HITRUST framework, its evolution, and its significance in the cybersecurity landscape. They delve into the Common Security Framework (CSF), the different assessment models (E1, I1, R2), and how HITRUST compares to other frameworks like SOC 2 and ISO 2…

1
Ep 150: Is OSCAL the Future of Security Documentation (& FedRAMP)? 46:47

3M ago46:47

46:47

In this episode of the Virtual CISO Podcast, John Verry speaks with Kenny Scott, founder and CEO of Paramify, about the challenges of cyber risk management and the potential of OSCAL (Open Security Controls Assessment Language) in simplifying compliance and documentation processes. They discuss the importance of structured digital communication in …

1
Ep 149: Unlocking the Future: Passkeys and Passwordless Authentication with Anna Pobletts 40:58

5M ago40:58

40:58

By John Verry

1
Episode 148: Cloud Detection & Response 37:24

5M ago37:24

37:24

In this episode, John Verry interviews Eric Gumanofsky, Vice President for Product Innovation at Tenable Security, about the concept of Cloud Detection and Response (CDR). They discuss the similarities and differences between CDR and Endpoint Detection and Response (EDR), as well as the integration of CDR into a comprehensive Cloud Native Applicati…

1
Episode 147: Why vCISO Engagements Fail 59:02

6M ago59:02

59:02

In this episode, John Verry and Matt Webster discuss the evolving landscape of virtual CISO services, exploring the common pitfalls and failures associated with these projects. They emphasize the importance of clear expectations, the distinction between a virtual CISO and a virtual security team, and the necessity of executive buy-in for successful…

1
Episode 146: Dark Web Monitoring 47:11

7M ago47:11

47:11

In this conversation, John Verry interviews Steph Shample, Cybercrime Analyst for DarkOwl, about the dark web and its implications for cybersecurity professionals. They discuss: The basics of the dark web, its purpose, and the types of activities that take place there. They also explore the value of darknet data for threat intelligence and how it c…

1
Episode 145: CMMC: The Final Rule 56:38

8M ago56:38

56:38

In this episode of the Virtual See-So Podcast, host John Verry speaks with Sanjeev Verma, chairman and co-founder of Prevail, about the intricacies of CMMC compliance and the importance of cybersecurity. They discuss: The delays in CMMC implementation, key elements of the new regulation, and the importance of being prepared for compliance. The comp…

1
Episode 144: TxRAMP or StateRAMP or AZRAMP or FedRAMP? What’s right for your company? 53:20

9M ago53:20

53:20

In this episode of The Virtual CISO Podcast, your host John Verry is joined by Mike Craig to break down the differences between FedRAMP, TxRAMP, AZRAMP, and StateRAMP. Together, they discuss:How the Naoris Protocol establishes decentralized trust for compute endpoints. Key distinctions between the RAMP frameworks and how they impact an organization…

1
Episode 143: Is Decentralized Proof of Security Leveraging Blockchain the future of Cybersecurity? 49:46

10M ago49:46

49:46

In this episode of The Virtual CISO Podcast, your host, John Verry, sits down with David Carvalho, a cryptography and cybersecurity expert with over 25 years of experience, to explore the next frontier in cybersecurity: decentralized security models and post-quantum cryptography. How the Naoris Protocol establishes decentralized trust for compute e…

1
Episode 142: CNAPP - Secure Cloud Apps in a Snap 43:06

11M ago43:06

43:06

By John Verry

1
Episode 141: Stopping Business Email Compromise with a Novel Malicious File Reconstruction Approach 38:22

1y ago38:22

38:22

In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with Aviv Grafi, CTO and founder of Votiro, as they discuss innovative solutions to combat business email compromise. Join us as we discuss: The mechanisms of business email compromise How malicious files are used in cyberattacks The limitations of traditi…

1
Episode 140: DIB/CMMC Cybersecurity – Interesting Observations from a Significant Study 47:44

1y ago47:44

47:44

Join us for an engaging episode of the Virtual CISO Podcast with host John Verry. This episode features Chris Petersen, co-founder of LogRhythm and current CEO of Radical. Chris brings over two decades of experience in cybersecurity, offering deep insights into the industry's challenges and advancements. In this episode, we'll explore: - The surpri…

1
Episode 139: How adding Crisis Management to your Incident Response Plan can save your bacon? 38:53

1y ago38:53

38:53

Join us for an engaging episode of the Virtual CISO Podcast with host John Verry. This episode features Kevin Dinino, President of KCD PR, who delves into the critical aspects of crisis management and communications. Kevin brings over 20 years of experience in guiding companies through the complexities of strategic communications, particularly in t…

1
Episode 138: Is Consuming SaaS an Information Security Faustian Bargain? w/ William Eshagh 44:30

1y ago44:30

44:30

By John Verry

1
Episode 137: Strategies and Insights w/ Sagi Brody 30:57

1y ago30:57

30:57

By John Verry

1
Episode 136: AI Risk Management – Is ISO 42001 the Solution? w/ Ariel Allensworth 52:45

1+ y ago52:45

52:45

By John Verry

1
Episode 135: Can Distributed Ledger Technology Simplify Privacy Compliance? W/ Zenobia Godschalk 43:06

1+ y ago43:06

43:06

In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with guest Zenobia Godschalk, Senior Vice President of Hedera Hashgraph, as they discuss distributed ledger technology and its effects on privacy compliance. Join us as we discuss the following: The erosion of Privacy Online Distributed Ledger Technology (…

1
Episode 134: Understanding TISAX w/ Alexander Häusler 49:47

1+ y ago49:47

49:47

By John Verry

1
Kubernetes Security – Simplified Shauli Rozen, CEO of ARMO 48:12

1+ y ago48:12

48:12

In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with guest Shauli Rozen, CEO and Co-Founder of ARMO, exploring the intricacies of Kubernetes, the orchestration tool that's reshaping how we deploy, scale, and manage containerized applications. Join us as we discuss: What a container is Implications of co…

1
Episode 132: Optimize Your SOC 2 - Lessons Learned from the 2023 Benchmark Study w/ Scott Woznicki 43:31

1+ y ago43:31

43:31

By John Verry

1
Episode 131: The New CMCC Proposed Rule w/ Jeff Carden & Warren Hylton 51:44

1+ y ago51:44

51:44

By John Verry

1
Episode 130: Revolutionizing Security Training with Kevin Paige CISO and VP of Product Strategy at Uptycs 46:56

1+ y ago46:56

46:56

By John Verry

1
Episode 129: Empowering Diversity in the Cybersecurity Industry with Larry Whiteside Jr. 40:08

1+ y ago40:08

40:08

By John Verry

1
Episode 128: Understanding the ISO 27001:2022 Update with Andrew Frost and Leigh Ronczka 36:40

1+ y ago36:40

36:40

In this episode of The Virtual CISO Podcast, your host, John Verry, sits down with Andrew Frost and Leigh Ronczka of CBIZ Pivot Point Security to discuss the updates needed to successfully transition from ISO27001:2013 to ISO 27001:2022. Join us as we discuss: How simplistic it is for a company to transition to ISO 27001:2022 The level of effort re…

1
Ep 127: The Future of Security: Unraveling the World of Social Engineering 57:11

1+ y ago57:11

57:11

By John Verry

1
Ep 126: Unlocking AI's Potential: Risks, Optimism & Challenges in the Current Wave of AI Technology 57:30

1+ y ago57:30

57:30

By John Verry

1
Ep: 125 - Understanding the New FTC Safeguards Rule: Key Changes and Requirements Explained 36:52

1+ y ago36:52

36:52

Tune into an insightful conversation with Jeremy Price, co-leader of a national cybersecurity practice. In this engaging discussion, Jermey explains the updated FTC safeguard rules that went into effect in June and what they’re intended to do. In this episode, your host, John Verry, and Jeremy Price discuss: - The Gramm Leach Bliley Act updates and…

1
An Introduction to AI and its Place in the Work Place with CEO of Private AI Patricia Thaine 45:22

2y ago45:22

45:22

Join us for an insightful conversation with Patricia Thaine, Founder and CEO of Private AI, as we delve into the world of artificial intelligence, language models, and data privacy. In this engaging discussion, Patricia sheds light on the transformative potential of AI, particularly language models like GPT-3.5, in various industries. In this episo…

1
Ep 123: Navigating IT-OT Dynamics: Cybersecurity, Integration, and Collaboration 45:44

2y ago45:44

45:44

By John Verry

1
Ep 122: Navigating New Horizons: CMMC, NIST 800-171 Updates, and Compliance Insights 40:34

2y ago40:34

40:34

In this episode of the "Virtual CISO Podcast," your host John Verry speaks with guest Warren Hylton, a FedRisk consultant at CBIZ Pivot Point Security, to explore recent updates in cybersecurity regulations. The conversation revolves around the Cybersecurity Maturity Model Certification (CMMC) and the updated NIST Special Publication 800-171 (R2 to…

1
Ep 121: Strategies for Reducing the Cost of Your Cyber Liability Insurance Policy 23:16

2y ago23:16

23:16

Like many other businesses, law firms are at significant risk of cyber-attack and increasingly are turning to cyber liability insurance (CLI) to transfer some of their cyber risk. But many are being denied coverage or face high premiums due to shortfalls in their cybersecurity controls. In this episode, your host John Verry, CBIZ Pivot Point Securi…

1
Ep 120: A FedRAMP ATO – The Good, The Bad, and the Ugly 38:42

2y ago38:42

38:42

To do wide-scale business within the US federal government, cloud service providers (CSPs) need a FedRAMP ATO. The prospect can be daunting as few CSPs have federal cyber compliance expertise. Misconceptions and misinformation can create additional roadblocks. In this episode, your host John Verry, CBIZ Pivot Point Security Managing Director , sits…

1
Ep 119: What is a Microservice Architecture and how do I secure it? 46:46

2y ago46:46

46:46

Whatever kind of software application a team is building, the identification and remediation of cybersecurity issues needs to be part of every stage of the software development lifecycle (SDLC). But making that happen takes a wealth of skills and approaches, as well as an eye on compliance and the ability to keep pace with the ever-changing online …

1
Ep 118: The Simplest Way to Transition from ISO 27001:2013 to ISO 27001:2022 39:17

2y ago39:17

39:17

If you are ISO 27001 certified, or considering it, you are likely wondering how the transition from ISO 27001:2013 to ISO 27001:2022 affects you. With the notable changes, there are many uncertainties. For example, how soon can you get certified to ISO 27001:2022? Can you still get certified to 27001:2013? For anyone already certified, how soon can…

1
Ep 117: Eight Key Takeaways from the RSA 2023 Conference 17:37

2y ago17:37

17:37

In this week's episode of the Virtual CISO podcast, your host John Verry, Pivot Point Security CISO and Managing Partner, shares his valuable insights from the 2023 RSA conference. As the security industry evolves, with an increasing number of vendors and products, John advises against adopting a product-based security strategy. Instead, he recomme…

1
Ep 116: What is an SBOM & Why Are My Customers Suddenly Asking for One? 36:45

2y ago36:45

36:45

With the release of President Biden’s Executive Order 14028 on “Improving the Nation’s Cybersecurity” from May 2021 the US public and private sectors have been alerted to the significant cybersecurity risks within our software supply chain. As of the March 2023 release of the National Cybersecurity Strategy, which will shift liability for software …

1
Ep 115: If Your Asset Management Sucks, Your Security Sucks 47:00

2+ y ago47:00

47:00

Asset management is a crucial aspect of information security. It refers to the processes and procedures involved in identifying, organizing, tracking, and protecting an organization's assets. The security of these assets is paramount, as you can’t protect what you don’t know about. To learn more about how to Fix Cyber Asset Management, your host Jo…

1
Ep 114: 4 Tactical Steps To Implementing DevSecOps In 2023 51:44

2+ y ago51:44

51:44

DevSecOps is the practice of integrating security testing at every stage of the software development process. With DevSecOps, training and educating all teams in risk, security, and mitigation at all stages of development is a top priority– traditionally, app developers don't pay much attention to security, which increases the risk of vulnerable co…

1
Ep 113: Should we be in Microsoft 365 GCC, GCC High, or Commercial? 46:45

2+ y ago46:45

46:45

Microsoft 365 was launched in 2011 in hopes of revolutionizing cloud-powered productivity platforms. Since then, Microsoft 365 has grown to the point where it is now one of the largest cloud-powered productivity platforms on the market, competing with the likes of Google and more. To give organizations a clear picture of their Microsoft 365 options…

1
Ep 112: When should you move to ISO 27001:2022? 50:28

2+ y ago50:28

50:28

ISO 27001:2022 is the first update to the global "gold standard" for provable cybersecurity in ten years. Notable changes from the 2013 version will likely significantly impact most organizations' Information Security Management Systems (ISMS). In this episode, your host John Verry sits down with Ryan Mackie and Danny Manimbo from Schellman & Co. t…

1
Ep 111: How to use the Software Assurance Maturity Model (SAMM) to Build Highly Secure Applications 37:30

2+ y ago37:30

37:30

The “buzz” in building more secure applications is “shift security left,” which means integrating security into and throughout the Software Development Lifecycle (SDLC). The Software Assurance Maturity Model (SAMM) is an excellent tool from OWASP that provides a framework for assessing and improving your development processes, resulting in more sec…

1
Ep 110: Understanding TISAX (Trusted Information Security Assessment Exchange) 33:00

2+ y ago33:00

33:00

Trusted Information Security Assessment Exchange (TISAX) is a vendor due diligence standard used in the automotive industry to verify that third-party suppliers’ cybersecurity programs provide adequate protection for the information the automotive supplier shares. In this episode, your host John Verry, CISO and Managing Partner at Pivot Point Secur…

1
Ep 109: Understanding How Cybercriminals Operate Can Protect Your Business 45:39

2+ y ago45:39

45:39

In today’s cyber landscape, business leaders and security professionals need every edge they can gain to better protect their organizations and plan their defense against attackers. . Why do hackers do what they do? What are they trying to steal from you? Who do they partner with to make money and avoid getting caught? In this episode, hosted by Jo…

1
Ep 108: Understanding the Legalities Around CUI 51:05

2+ y ago51:05

51:05

Orgs in the DIB need to protect CUI in alignment with the NIST 800-171 cybersecurity standard—and soon the Cybersecurity Maturity Model Certification (CMMC) requirements—or face legal and compliance penalties as well as potential lost business. To clarify the biggest questions and reveal the most dangerous unknowns in the convoluted realm of CUI, y…

1
Ep 107: An AWS Security Guru’s Recommendation for Securing your AWS Infrastructure 47:57

2+ y ago47:57

47:57

Over 90% of security breaches in the public cloud stem from user error, and not the cloud service provider. Today, your host John Verry sat down with one of Amazon Web Services (AWS) own Temi Adebambo, to understand what is going wrong with public cloud security, and how you can eliminate your biggest risks. This episode features Temi Adebambo, Hea…

1
Ep 106: Strategies to Manage Cybersecurity through an Economic Downturn 23:50

2+ y ago23:50

23:50

Managing Cybersecurity through an Economic downturn is no easy task. With increasing concerns on how to stay secure and compliant in a down economy, John Verry tackles this podcast himself giving you his ten best fundamental practices. This episode features your host John Verry, CISO & Managing Partner, from Pivot Point Security, who provides answe…

1
Ep 105: Solving the Problems of Cloud Native Apps. 34:55

2+ y ago34:55

34:55

Building Cloud Native Applications can bring about many operational and security problems. Today, we sat down with an expert in this field to talk about building cloud native applications, and deploying applications that are secure in the cloud. This episode features Fausto Lendeborg, Co-Founder & CCO, from Secberus, who provides answers and explan…

1
Ep 104: Is Digital Business Risk Mgt. The Future of ASM 46:14

2+ y ago46:14

46:14

Digital Business Risk Management helps companies track and disrupt the most advanced bad actors. Team Crymu specializes in Digital Business Risk Management & Attack Surface Management, giving clients insight and help relating to cyber threats. This episode features David Monnier, Chief Evangelist and Team Cymru Fellow, from Team Cymru, who provides…

1
Ep 103: The Complexity of Deploying a Secure Application in the Cloud 50:30

2+ y ago50:30

50:30

Governance, Risk, and Compliance (GRC) platforms can be tricky to construct. Today, we sat down with an expert in this field to talk about building and deploying secure applications in the cloud. This episode features Jeff Schlauder, Information Security Executive, from Catalina Worldwide, who provides answers and explanations to a variety of quest…

1
Ep 102: The Intersection of Privacy and Security 38:55

2+ y ago38:55

38:55

You cannot have privacy without security. While they once existed quite distinct from one another, they are now so delicately woven that they are nearly indistinguishable. Over time, the GDPR has cemented the relationship between physical security and information security, and now, it’s incorporating data privacy. This compliance triad has become t…

Podcasts Worth a Listen

Pivot Point Security Podcasts

Podcasts Worth a Listen

Quick Reference Guide