In this episode, we have a deep conversation with Sr Cyber Security, I.T. Audit, and Third Party Risk Management Consultant, James Redman. Redman helped roll out HITRUST (The Health Information Trust Alliance) policies and procedures for a large health insurer to executive accolades. He also spent time in I.T. Audit at two respected accounting firms and even was a construction project manager. He has the following certifications: CISA, CISSP, HITRUST CCSFP. Jeremy Swenson has an MBA and a Masters Degree in Security Technologies which covers frameworks generally. He has been a cybersecurity writer/commentator/thought leader for 5 plus years, and an I.T. consultant for more than a decade at many companies. We also cover the history of HITRUST as a security framework for healthcare, how to apply it, and how it differs from frameworks like NIST. We also cover how to manage third party or vendor risk as a company grows, the right mix of cloud vs. on-premises infrastructure, how to overcome checkbox compliance, and where companies make mistakes with cyber risk and cyber defense. Disclaimer: This podcast does not represent the views of former or current employers and / or clients. This podcast is not associated with or sponsored by HITRUST, nor is it marketing of HITRUST. It is a public discussion about cyber-security frameworks including HITRUST based on the subjects experience with many frameworks at many companies, including unique research, and publicly available research. This podcast will make every reasonable effort to verify facts and inferences therefrom. However, this podcast is intended to entertain and significantly inform its audience based on subjective reason based opinions. Non-public information will not be disclosed. Information obtained in this podcast may be materially out of date at or after the time of the podcast. This podcast is not legal, accounting, audit, health, technical, or financial advice. © Abstract Forward Consulting, LLC.