Best CMMC Compliance Guide Podcasts (2025)

1
How to Scope CMMC Correctly: Avoid Audit Failures, Over-Scoping, and Cloud Risks 12:17

5d ago12:17

12:17

Submit any questions you would like answered on the podcast! Is your CMMC scope setting you up for success—or failure? In this episode of the CMMC Compliance Guide, Brooke and Stacey from Justice IT Consulting break down one of the most misunderstood (and expensive) parts of your compliance journey: scoping. Learn how to define your CUI boundary th…

1
What You Missed at CEIC West 2025: CMMC Culture, AI Labeling, and Subcontractor Risks 51:51

19d ago51:51

51:51

Submit any questions you would like answered on the podcast! Missed CEIC West 2025 in Las Vegas? We’ve got your insider recap. In this episode of the CMMC Compliance Guide, Austin and Brooke break down the most critical insights defense contractors need to know—from Katie Arrington’s keynote to real-world flowdown risks, mock assessment walkthrough…

1
How to Identify and Fix Your NIST 800-171 Weak Spots 36:38

26d ago36:38

36:38

Submit any questions you would like answered on the podcast! Are you sure you're NIST 800-171 compliant? In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke break down the most overlooked NIST 800-171 requirements that continue to trip up DoD contractors—and what you can do today to avoid those costly mistakes. From data flow di…

1
CMMC Day 2025 Recap: Key Takeaways, Real-World Mistakes & What SMBs Must Fix Now 56:52

1M ago56:52

56:52

Submit any questions you would like answered on the podcast! Get the latest insider takeaways from CMMC Day 2025 straight from Washington D.C. In this episode of the CMMC Compliance Guide Podcast, Brooke and Austin break down the most critical updates small and midsized businesses (SMBs) in the defense supply chain need to know now. We cover: ✅ Why…

1
Decoding NIST 800-171: Your Plain English Path to CMMC Level 2 Compliance 59:20

2M ago59:20

59:20

Submit any questions you would like answered on the podcast! Feeling overwhelmed by CMMC compliance and NIST 800-171’s 110 controls? You’re not alone — but you don’t have to be stuck. In this episode of the CMMC Compliance Guide Podcast, Brooke and Austin break down NIST 800-171 Revision 2 in plain English — no government-speak, no tech jargon — so…

1
How to Improve Your SPRS Score Before It Costs You Contracts 9:12

2M ago9:12

9:12

Submit any questions you would like answered on the podcast! Is your SPRS score putting your DoD contracts at risk? In this episode of the CMMC Compliance Guide, we break down exactly what the SPRS score is, why it matters, and how to improve it fast—before you lose out on federal work. Whether you're stuck at -72 or hovering at 80, we’ll walk you …

1
The E.A.S.Y Framework That Makes CMMC Actually Doable 13:15

3M ago13:15

13:15

Submit any questions you would like answered on the podcast! If someone tells you CMMC compliance can't be easy… they’re not necessarily wrong — but they’re also missing the point. In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke from Justice IT Consulting break down one of the biggest myths in the compliance space: that achi…

1
CMMC Compliance Consulting vs. DIY Compliance: Which Is the Smarter, More Cost-Effective Choice? 33:17

3M ago33:17

33:17

Submit any questions you would like answered on the podcast! In this episode of The CMMC Compliance Guide Podcast, Brooke and Austin dive into a key question many DoD contractors face: Should you handle CMMC compliance yourself or hire a consultant? We break down the risks, costs, and benefits to help you make the best decision for your business. D…

1
Your IT Provider: The Keystone to Passing CMMC – or the Hidden Risk That Could Cost You Everything 8:34

3M ago8:34

8:34

Submit any questions you would like answered on the podcast! In this episode of The CMMC Compliance Guide Podcast, Brooke and Stacey reveal a critical factor that could make or break your compliance journey: your IT provider. ✅ Discover why your IT provider plays a crucial role in your CMMC assessment. ✅ Learn the risks of working with an unqualifi…

1
How the DoD’s Cybersecurity Crackdown Could Impact Your Aerospace Contracts 50:17

3M ago50:17

50:17

Submit any questions you would like answered on the podcast! The DoD is tightening its cybersecurity regulations, and your aerospace contracts could be on the line. In this episode of The CMMC Compliance Guide Podcast, we break down the latest changes to CMMC, DFARS, and FAR that could directly impact your business. Join Austin and Brooke from Just…

1
CyberAB January Town Hall Updates: Key CMMC & FAR CUI Rule Insights for DoD Contractors 15:19

4M ago15:19

15:19

Submit any questions you would like answered on the podcast! In this episode of The CMMC Compliance Guide Podcast, we break down the most important updates from the CyberAB January Town Hall. From the latest developments in CMMC implementation to the newly proposed FAR CUI rule, we discuss what these changes mean for DoD contractors and beyond. Key…

1
CMMC Compliance: How to Win DoD Contracts & Avoid Costly Mistakes 26:02

4M ago26:02

26:02

Submit any questions you would like answered on the podcast! In this week’s episode, Brooke Justice and guest cohost Stacey break down one of the most crucial topics for DoD contractors: how CMMC compliance directly impacts your ability to win and keep defense contracts. From understanding compliance levels to avoiding costly mistakes, we’ll walk y…

1
FedRAMP Authorization vs. Equivalency: What Your Business Needs to Know 14:03

5M ago14:03

14:03

Submit any questions you would like answered on the podcast! In this episode of The CMMC Compliance Guide Podcast, Brooke and Stacey from Justice IT Consulting dive deep into the critical distinctions between FedRAMP Authorization and FedRAMP Equivalency. Whether you're leveraging cloud services for compliance or planning your next steps in CMMC ce…

1
2024 Compliance Wrapped: Insights from CEIC East 27:25

5M ago27:25

27:25

Submit any questions you would like answered on the podcast! In this episode of The CMMC Compliance Guide Podcast, Brooke Justice is joined by guest cohost Stacey Flores, stepping in for Austin Justice, to bring you the key takeaways from the recent CEIC East conference. If you missed the event, don’t worry—Brooke and Stacey are here to fill you in…

1
A Conversation with an Assessor ft. Chris Silvers 1:08:45

7M ago1:08:45

1:08:45

Submit any questions you would like answered on the podcast! In this special episode of the CMMC Compliance Guide Podcast, hosts Brooke and Austin Justice are joined by Chris Silvers, one of less than 100 individuals officially certified as both a Certified CMMC Provisional Assessor and Instructor. With over 25 years of cybersecurity experience, Ch…

1
A Digital War or an Unreasonable Ask for SMB's? (WARNING: SOAPBOX EPISODE) 49:57

7M ago49:57

49:57

Submit any questions you would like answered on the podcast! In this thought-provoking episode of the CMMC Compliance Guide Podcast, Brooke and Austin Justice tackle a question that’s top of mind for many small and medium-sized businesses in the defense supply chain: Is CMMC a necessary defense in a digital war, or an unreasonable burden on SMBs? K…

1
November 2024 CyberAB Town Hall Recap: Essential CMMC 2.0 Updates for Defense Contractors 32:00

7M ago32:00

32:00

Submit any questions you would like answered on the podcast! In this episode, Brooke and Austin Justice dive into the latest CyberAB townhall update, sharing key insights for defense contractors. Stay informed on the latest CMMC developments, compliance changes, and how they could impact your business. Whether you're navigating CMMC 2.0 or simply t…

1
October 2024 CyberAB Town Hall Recap: CMMC 2.0 Updates You Can't Miss! 15:14

7M ago15:14

15:14

Submit any questions you would like answered on the podcast! In this episode, Brooke and Austin Justice dive into the latest CyberAB townhall update, sharing key insights for defense contractors. Stay informed on the latest CMMC developments, compliance changes, and how they could impact your business. Whether you're navigating CMMC 2.0 or simply t…

1
How It All Began: The CMMC Compliance Guide Podcast Origin Story 18:43

7M ago18:43

18:43

Submit any questions you would like answered on the podcast! In this special episode, we take you behind the scenes to explore the origin story of the CMMC Compliance Guide Podcast. Join hosts, Austin and Brooke Justice as they share how the podcast began, its mission to help defense contractors navigate the complexities of CMMC compliance, and wha…

1
32 CFR Rule Explained: Key Compliance Guide for DoD Contractors 52:31

7M ago52:31

52:31

Submit any questions you would like answered on the podcast! Are you a DoD contractor navigating the complexities of the 32 CFR Rule? In this video, we break down the key aspects of the 32 CFR Rule, explaining how it impacts defense contractors and the steps you need to take to stay compliant. Whether you're new to the defense industry or need a re…

1
Navigating the 48 CFR Rule: Essential Insights for DoD Contractors on CMMC 2.0 Compliance 37:05

7M ago37:05

37:05

Submit any questions you would like answered on the podcast! In this in-depth discussion, Austin and Brooke Justice from Justice IT Consulting break down the critical updates and challenges associated with the new 48 CFR proposed rule for CMMC 2.0 compliance. Learn about the key differences from previous regulations, the most significant hurdles Do…

1
How to achieve the Defense Department’s CMMC compliance with Frank Smith 32:59

4y ago32:59

32:59

Did you know that the Department of Defense (DOD) is mandating that suppliers have Cybersecurity Maturity Model Certification (CMMC) to a prescribed level? In this episode, Frank Smith, Manager of Security and Consulting Practice at Ntiva, shares all you need to know about CMMC. Discover what CMMC is, why you should care, the requirements needed fo…

1
Developing a Security Test Methodology with Mike Spanbauer 34:42

4y ago34:42

34:42

I today’s episode, I’m going to be sharing a session that Mike Spanbauer, Security Evangelist for Juniper, gave at the last Secure Guild online conference on Developing a Security Test Methodology. Discover the four pieces that make up his approach and some essential tips in implementing your own. Listen up!…

1
Prioritize Your Open Source Findings with James Rabon 22:10

4+ y ago22:10

22:10

Does your team struggle with prioritizing your security open-source findings? In this episode, James Rabon, Director of Product Management at Micro Focus, will share an approach that can help. Discover how James’ team co-developed “susceptibility analysis,” which allows developers and application security engineers determine whether a publicly-disc…

1
CyberOps with Joe Abraham 30:32

4+ y ago30:32

30:32

Cybersecurity concepts are fundamental pieces of knowledge necessary for a career in security testing. In this episode, Joe Abraham, author of numerous Pluralsight courses, will share some insights into many security aspects. Listen in to learn about security onion, threat intelligence, cyber threat hunting tips and more.…

1
TrustedSec Sysmon Community Guide with Carlos Perez 29:38

4+ y ago29:38

29:38

Are you struggling to find information on how to use Sysmon for your security efforts? In this episode, Carlos Perez, a Research Team lead at TrustedSec, shares all about the TrustedSec Sysmon Community Guide. Discover why Carlos created this guide and how it helps empower defenders with the information they need to leverage this great tool. Also, …

1
Cybersecurity Tools and Frameworks with Aaron Rosenmund 31:34

4+ y ago31:34

31:34

Aaron Rosenmund, a cybersecurity researcher at Pluralsight, shares a wealth of knowledge around security testing in this episode. Discover blue team tools to protect, detect, and respond against targeted threat actor techniques in an enterprise environment. Listen in to also learn security frameworks to help you with your threat hunting efforts…

1
Information Gathering in Penetration Testing with Malek Mohammad 21:35

4+ y ago21:35

21:35

How can you prevent attacks if you don't know your enemy? In this episode, Malek Mohammad, author of the Pluralsight course: Web Application Penetration Testing: Information Gathering, discusses how to know how your enemies target you. Discover fingerprinting web applications, enumerating applications, understanding their entry points, and tooling …

1
Happy Security Testing New Year 2021! 1:40

4+ y ago1:40

1:40

Happy New Year! We will be away for a few weeks but will be back with more security testing awesomeness in 2021. Also, don't forget to register for AutomationGuild.

1
AWS Penetration Testing with Jon Helmus 28:52

4+ y ago28:52

28:52

Need to secure your AWS environments? In this episode, Jonathan Helmus, author of the new book AWS Penetration Testing, will share some tips on AWS penetration testing and security best practices. Discover some of the commonly exploited vulnerabilities in AWS and how to prevent them. Listen in to learn more about cloud penetration testing tips, and…

1
Discover Network Vulnerabilities using Infection Monkey with Maril Vernon 30:44

4+ y ago30:44

30:44

Are you using Infection Monkey? In this episode, Pluralsight author and security expert Maril Vernon will share some insights from her Infection Monkey course. Discover uses of Infection Monkey to test for later movement and network segments against known MITRE tactics. Listen up to learn how this amazing tool can identify your company’s vulnerable…

1
OWASP Broken Authentication Breakdown with Prasad Salvi 23:23

4+ y ago23:23

23:23

Prepare to learn all about the OWASP Top 10 Web Application Security Risks—Broken Authentication. This is the second monthly episode in which security expert Prasad Salvi will join us to break down each OWASP risk one by one. Today we’ll discuss the second security risk listed—broken authentication. Discover what a broken authentication risk is, th…

1
API Security Testing In DevOps with Oli Moradov 46:05

4+ y ago46:05

46:05

How do you integrate API security testing into the development process? In this episode, Oli Moradov, VP of Dev and Strategic Alliances at NeuraLegio, shares ways that you can achieve API security testing automation directly into your DevOps or CI/CD pipelines. Discover how you can test every build without causing development drag. Listen up!…

1
Covid-19 Security and OWASP with Adiran Thirmal 34:03

4+ y ago34:03

34:03

Has COVID-19 impacted your security testing efforts? In this episode, security expert Adhiran Thirmal shares his thoughts on security testing, Covid-19, OWASP, and more. Listen up and find out more about changes to OWASP for 2020 and beyond and how you can help.

1
SQL Injection OWASP Top 10 with Prasad Salvi 25:23

4+ y ago25:23

25:23

Are you familiar with the OWASP Top 10 Web Application Security Risks? This is the first monthly episode where security expert Prasad Salvi joins us to break down each risk one by one. Today we talk all about the first security risk listed -- injection flaws. Discover what an injection flaw is, different ways this attack can occur, and how to preve…

1
P2P Security with Paul Marrapese 23:55

4+ y ago23:55

23:55

Peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics. In this episode, Paul Marrapese, a security researcher, shares his story of how supply chain vulnerabilities in modern IP cameras, baby monitors, and even alarm systems are putting millions at risk for eavesdropping and remote compro…

1
Avoid Being Runtime Blind using DeepFactor with Kiran Kamity & Mike Larkin 36:03

4+ y ago36:03

36:03

I believe most teams have a massive gap in their pre-production stage of development. In this episode, Kiran Kamity, Founder and CEO of DeepFactor, and Mike Larkin, Founder and CTO of DeepFactor, will share why Pre-production Observability is critical to ensuring your applications are secure, compliant, and performant. Discover how to inject the vi…

1
The Power of a Threat Aware Network with Mike Spanbauer 31:37

4+ y ago31:37

31:37

Security is a difficult discipline to master. It requires experts to continuously challenge themselves and learn new tools and technologies to protect their organizations. In this episode, Mike Spanbauer, Technology Evangelist at Juniper, will discuss some ways to build a threat-aware network. Discover a new way to think about your approach to secu…

1
Client Side Penetration Testing with Prasad Salvi 27:54

5y ago27:54

27:54

Don’t let hackers execute different client-side attacks on your website. In this episode, Prasad Salvi will cover some of the most important concepts in his Pluralsight Web Application Penetration Testing: Client-side Testing course. Discover how to be proficient in performing client-side attacks like Cross-Site Scripting, HTML Injection, Client-si…

1
Cyber Security Job Hunting with Owanate Bestman 30:52

5y ago30:52

30:52

How has the Covid-19 pandemic affected the employment prospects of cybersecurity professionals? In this episode, Owanate Bestman, the founder of Bestman Solutions, will share his take on what you need to know to stay employable in troubled times. Discover areas of growth in security, what employers are looking for, and what skills you’ll need in 20…

1
Automated Security Compliance with Eric Martin 24:59

5y ago24:59

24:59

Do you have to comply with the complex, time-consuming, and tedious process of preparing for a security audit? In this episode, Eric Martin from Vanta, a cybersecurity startup, will discuss automated security and compliance. Discover why security compliance is essential, and how automation can help you with SOC 2 audits and HIPPA compliance require…

1
Securing the Future of RPA with Alan Radford 32:44

5y ago32:44

32:44

Identity needs to be at the core of a security strategy. In this episode, Alan Radford, CTO of One Identity, will share how to achieve security by ensuring the right people get proper access to the right resources at the right time. Discover how using RPA can help with your identity and access management efforts. Listen now!…

1
DevSecOps Blind Spots with Wilson Mar 29:12

5y ago29:12

29:12

Discover how to avoid blind spots in your DevSecOps with Wilson Mar. Wilson is a DevSecOps AI/ML leader, and in this episode, he’ll share his insights on how to improve security in your DevOps efforts. Listen in to find out more about tools, techniques and best practices in security.

1
Cyber Security Tips and Virus Bombs with Greg Scott 29:28

5y ago29:28

29:28

Want to know a fun way to learn cyber-security tips? In this episode, Greg Scott security expert and author of Virus Bomb and Bullseye Breach will share how to pick up security practices by reading novels. Discover how to secure stuff like the bad guys do, and how to avoid security breaches in your applications.…

1
Data Poisoning and Adversarial AI with Dr. Arash Rahnama 25:54

5y ago25:54

25:54

AI is everywhere, but have you ever thought about how it can impact security? Or how to test for AI-exposed security risks? In this episode, Dr. Arash Rahnama, head of Applied AI Research at Modzy, will share his views on the need for AI-embedded security and defenses. Discover how to avoid data poisoning, the emerging momentum around adversarial A…

1
The Art of Network Penetration Testing with Royce Davis 26:38

5y ago26:38

26:38

Discover how to take over an enterprise network from the inside. In this episode, Royce Davis, author of "The Art of Network Penetration Testing: Taking over any company in the world", explains how a malicious invader can wreak havoc on your network and how to prevent it. Learn some foolproof penetration testing techniques, and the four phases that…

1
Next Generation DevSecOps with Cindy Blake 25:49

5y ago25:49

25:49

Software development itself is changing rapidly, and security programs must evolve if they are to be effective in this next generation of software. In this episode, Cindy Blake, a Senior Security Evangelist at GitLab and author of 10 Steps Every CISO Should Take to Secure Next-Gen Software, will share what you need to know in these changing times. …

1
Update: We'll be back soon (Life Happens) 1:10

5y ago1:10

1:10

Hey, it's Joe I just want to let you know that the Testing Security Testing podcast is still around. We're only away for a few weeks. We'll be back shortly. I have a bunch of awesome interviews lined up already. Stay tuned for the Art of Network Penetration Testing the interview I did with Royce Davis and his new book. I'm also doing an interview w…

1
Talisman Security Testing with Harinee Muralinath 22:53

5y ago22:53

22:53

Don’t let your companies secrets accidentally get pushed to production and expose your company to security risks. In this episode, Harinee Muralinath, a Capability Lead, India at ThoughtWorks, and core contributor to Talisman, shares how. Talisman is a tool to detect and prevent secrets from getting checked-in in the first place. Discover how you c…

1
Switching from QE to Product Security with Dwayne Thomas 23:33

5y ago23:33

23:33

Think of making the switch from your current role to cybersecurity? In this episode, Dwayne Thomas, a Cyber Security Consultant at Mentor$chip shares his journey from QE to Security. Discover how to enter the most in-demand field in the software industry and learn more about bug bounty programs, presenting security topics for Toastmasters, searchin…

Podcasts Worth a Listen

CMMC Compliance Guide Podcasts

Podcasts Worth a Listen

Quick Reference Guide