Best TISAX® Podcasts (2024)

1
Episode 136: AI Risk Management – Is ISO 42001 the Solution? w/ Ariel Allensworth 52:45

8d ago52:45

52:45

By John Verry

1
Episode 135: Can Distributed Ledger Technology Simplify Privacy Compliance? W/ Zenobia Godschalk 43:06

21d ago43:06

43:06

In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with guest Zenobia Godschalk, Senior Vice President of Hedera Hashgraph, as they discuss distributed ledger technology and its effects on privacy compliance. Join us as we discuss the following: The erosion of Privacy Online Distributed Ledger Technology (…

1
Episode 134: Understanding TISAX w/ Alexander Häusler 49:47

1M ago49:47

49:47

By John Verry

1
Kubernetes Security – Simplified Shauli Rozen, CEO of ARMO 48:12

2M ago48:12

48:12

In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with guest Shauli Rozen, CEO and Co-Founder of ARMO, exploring the intricacies of Kubernetes, the orchestration tool that's reshaping how we deploy, scale, and manage containerized applications. Join us as we discuss: What a container is Implications of co…

1
Episode 132: Optimize Your SOC 2 - Lessons Learned from the 2023 Benchmark Study w/ Scott Woznicki 43:31

2M ago43:31

43:31

By John Verry

1
Episode 131: The New CMCC Proposed Rule w/ Jeff Carden & Warren Hylton 51:44

3M ago51:44

51:44

By John Verry

1
Episode 130: Revolutionizing Security Training with Kevin Paige CISO and VP of Product Strategy at Uptycs 46:56

3M ago46:56

46:56

By John Verry

1
Episode 129: Empowering Diversity in the Cybersecurity Industry with Larry Whiteside Jr. 40:08

4M ago40:08

40:08

By John Verry

1
Episode 128: Understanding the ISO 27001:2022 Update with Andrew Frost and Leigh Ronczka 36:40

4M ago36:40

36:40

In this episode of The Virtual CISO Podcast, your host, John Verry, sits down with Andrew Frost and Leigh Ronczka of CBIZ Pivot Point Security to discuss the updates needed to successfully transition from ISO27001:2013 to ISO 27001:2022. Join us as we discuss: How simplistic it is for a company to transition to ISO 27001:2022 The level of effort re…

1
Ep 127: The Future of Security: Unraveling the World of Social Engineering 57:11

4M ago57:11

57:11

By John Verry

1
Ep 126: Unlocking AI's Potential: Risks, Optimism & Challenges in the Current Wave of AI Technology 57:30

5M ago57:30

57:30

By John Verry

1
Ep: 125 - Understanding the New FTC Safeguards Rule: Key Changes and Requirements Explained 36:52

6M ago36:52

36:52

Tune into an insightful conversation with Jeremy Price, co-leader of a national cybersecurity practice. In this engaging discussion, Jermey explains the updated FTC safeguard rules that went into effect in June and what they’re intended to do. In this episode, your host, John Verry, and Jeremy Price discuss: - The Gramm Leach Bliley Act updates and…

1
An Introduction to AI and its Place in the Work Place with CEO of Private AI Patricia Thaine 45:22

7M ago45:22

45:22

Join us for an insightful conversation with Patricia Thaine, Founder and CEO of Private AI, as we delve into the world of artificial intelligence, language models, and data privacy. In this engaging discussion, Patricia sheds light on the transformative potential of AI, particularly language models like GPT-3.5, in various industries. In this episo…

1
Ep 123: Navigating IT-OT Dynamics: Cybersecurity, Integration, and Collaboration 45:44

7M ago45:44

45:44

By John Verry

1
What is VDA 2 & How Can You Reduce Testing Efforts With It? 1:12:54

7M ago1:12:54

1:12:54

VDA Volume 2 “Quality Assurance for Supplies” describes the basic requirements for sampling of serial parts submission for automotive serial parts. As an integral part of quality planning, the standard regulates the correct submission of all relevant documents and parts to the customer. This ensures that the customer's expectations are understood a…

1
Ep 122: Navigating New Horizons: CMMC, NIST 800-171 Updates, and Compliance Insights 40:34

8M ago40:34

40:34

In this episode of the "Virtual CISO Podcast," your host John Verry speaks with guest Warren Hylton, a FedRisk consultant at CBIZ Pivot Point Security, to explore recent updates in cybersecurity regulations. The conversation revolves around the Cybersecurity Maturity Model Certification (CMMC) and the updated NIST Special Publication 800-171 (R2 to…

1
Ep 121: Strategies for Reducing the Cost of Your Cyber Liability Insurance Policy 23:16

10M ago23:16

23:16

Like many other businesses, law firms are at significant risk of cyber-attack and increasingly are turning to cyber liability insurance (CLI) to transfer some of their cyber risk. But many are being denied coverage or face high premiums due to shortfalls in their cybersecurity controls. In this episode, your host John Verry, CBIZ Pivot Point Securi…

1
Ep 120: A FedRAMP ATO – The Good, The Bad, and the Ugly 38:42

10M ago38:42

38:42

To do wide-scale business within the US federal government, cloud service providers (CSPs) need a FedRAMP ATO. The prospect can be daunting as few CSPs have federal cyber compliance expertise. Misconceptions and misinformation can create additional roadblocks. In this episode, your host John Verry, CBIZ Pivot Point Security Managing Director , sits…

1
Ep 119: What is a Microservice Architecture and how do I secure it? 46:46

11M ago46:46

46:46

Whatever kind of software application a team is building, the identification and remediation of cybersecurity issues needs to be part of every stage of the software development lifecycle (SDLC). But making that happen takes a wealth of skills and approaches, as well as an eye on compliance and the ability to keep pace with the ever-changing online …

1
Ep 118: The Simplest Way to Transition from ISO 27001:2013 to ISO 27001:2022 39:17

11M ago39:17

39:17

If you are ISO 27001 certified, or considering it, you are likely wondering how the transition from ISO 27001:2013 to ISO 27001:2022 affects you. With the notable changes, there are many uncertainties. For example, how soon can you get certified to ISO 27001:2022? Can you still get certified to 27001:2013? For anyone already certified, how soon can…

1
Ep 117: Eight Key Takeaways from the RSA 2023 Conference 17:37

12M ago17:37

17:37

In this week's episode of the Virtual CISO podcast, your host John Verry, Pivot Point Security CISO and Managing Partner, shares his valuable insights from the 2023 RSA conference. As the security industry evolves, with an increasing number of vendors and products, John advises against adopting a product-based security strategy. Instead, he recomme…

1
Ep 116: What is an SBOM & Why Are My Customers Suddenly Asking for One? 36:45

12M ago36:45

36:45

With the release of President Biden’s Executive Order 14028 on “Improving the Nation’s Cybersecurity” from May 2021 the US public and private sectors have been alerted to the significant cybersecurity risks within our software supply chain. As of the March 2023 release of the National Cybersecurity Strategy, which will shift liability for software …

1
Ep 115: If Your Asset Management Sucks, Your Security Sucks 47:00

1y ago47:00

47:00

Asset management is a crucial aspect of information security. It refers to the processes and procedures involved in identifying, organizing, tracking, and protecting an organization's assets. The security of these assets is paramount, as you can’t protect what you don’t know about. To learn more about how to Fix Cyber Asset Management, your host Jo…

1
Ep 114: 4 Tactical Steps To Implementing DevSecOps In 2023 51:44

1y ago51:44

51:44

DevSecOps is the practice of integrating security testing at every stage of the software development process. With DevSecOps, training and educating all teams in risk, security, and mitigation at all stages of development is a top priority– traditionally, app developers don't pay much attention to security, which increases the risk of vulnerable co…

1
Ep 113: Should we be in Microsoft 365 GCC, GCC High, or Commercial? 46:45

1y ago46:45

46:45

Microsoft 365 was launched in 2011 in hopes of revolutionizing cloud-powered productivity platforms. Since then, Microsoft 365 has grown to the point where it is now one of the largest cloud-powered productivity platforms on the market, competing with the likes of Google and more. To give organizations a clear picture of their Microsoft 365 options…

1
What's Changed In VDA 6.3? 1:03:11

1y ago1:03:11

1:03:11

ENCONA hosted a free webinar on 2 March 2023. VDA 6.3, the globally recognized and established process audit standard, was published for the first time in 1998 and was revised in 2010, 2016 as well as 2022. In this completely free 1-hour webinar we will touch on the core changes, and update you about key requirements for updating auditor certificat…

1
Ep 112: When should you move to ISO 27001:2022? 50:28

1y ago50:28

50:28

ISO 27001:2022 is the first update to the global "gold standard" for provable cybersecurity in ten years. Notable changes from the 2013 version will likely significantly impact most organizations' Information Security Management Systems (ISMS). In this episode, your host John Verry sits down with Ryan Mackie and Danny Manimbo from Schellman & Co. t…

1
Ep 111: How to use the Software Assurance Maturity Model (SAMM) to Build Highly Secure Applications 37:30

1y ago37:30

37:30

The “buzz” in building more secure applications is “shift security left,” which means integrating security into and throughout the Software Development Lifecycle (SDLC). The Software Assurance Maturity Model (SAMM) is an excellent tool from OWASP that provides a framework for assessing and improving your development processes, resulting in more sec…

1
Ep 110: Understanding TISAX (Trusted Information Security Assessment Exchange) 33:00

1y ago33:00

33:00

Trusted Information Security Assessment Exchange (TISAX) is a vendor due diligence standard used in the automotive industry to verify that third-party suppliers’ cybersecurity programs provide adequate protection for the information the automotive supplier shares. In this episode, your host John Verry, CISO and Managing Partner at Pivot Point Secur…

1
Ep 109: Understanding How Cybercriminals Operate Can Protect Your Business 45:39

1+ y ago45:39

45:39

In today’s cyber landscape, business leaders and security professionals need every edge they can gain to better protect their organizations and plan their defense against attackers. . Why do hackers do what they do? What are they trying to steal from you? Who do they partner with to make money and avoid getting caught? In this episode, hosted by Jo…

1
Ep 108: Understanding the Legalities Around CUI 51:05

1+ y ago51:05

51:05

Orgs in the DIB need to protect CUI in alignment with the NIST 800-171 cybersecurity standard—and soon the Cybersecurity Maturity Model Certification (CMMC) requirements—or face legal and compliance penalties as well as potential lost business. To clarify the biggest questions and reveal the most dangerous unknowns in the convoluted realm of CUI, y…

1
Ep 107: An AWS Security Guru’s Recommendation for Securing your AWS Infrastructure 47:57

1+ y ago47:57

47:57

Over 90% of security breaches in the public cloud stem from user error, and not the cloud service provider. Today, your host John Verry sat down with one of Amazon Web Services (AWS) own Temi Adebambo, to understand what is going wrong with public cloud security, and how you can eliminate your biggest risks. This episode features Temi Adebambo, Hea…

1
Ep 106: Strategies to Manage Cybersecurity through an Economic Downturn 23:50

1+ y ago23:50

23:50

Managing Cybersecurity through an Economic downturn is no easy task. With increasing concerns on how to stay secure and compliant in a down economy, John Verry tackles this podcast himself giving you his ten best fundamental practices. This episode features your host John Verry, CISO & Managing Partner, from Pivot Point Security, who provides answe…

1
How To Effectively Audit Customer Specific Requirements 1:23:52

1+ y ago1:23:52

1:23:52

ENCONA hosted a free webinar on 30 November 2022. Customer-specific requirements are the requirements created by the customer with the expectation that the supplier will identify, implement, and audit these customer-specific requirements with the same intensity that they do the basic requirements of industry standards such as IATF 16949:2016 - cust…

1
Ep 105: Solving the Problems of Cloud Native Apps. 34:55

1+ y ago34:55

34:55

Building Cloud Native Applications can bring about many operational and security problems. Today, we sat down with an expert in this field to talk about building cloud native applications, and deploying applications that are secure in the cloud. This episode features Fausto Lendeborg, Co-Founder & CCO, from Secberus, who provides answers and explan…

1
Ep 104: Is Digital Business Risk Mgt. The Future of ASM 46:14

1+ y ago46:14

46:14

Digital Business Risk Management helps companies track and disrupt the most advanced bad actors. Team Crymu specializes in Digital Business Risk Management & Attack Surface Management, giving clients insight and help relating to cyber threats. This episode features David Monnier, Chief Evangelist and Team Cymru Fellow, from Team Cymru, who provides…

1
Ep 103: The Complexity of Deploying a Secure Application in the Cloud 50:30

1+ y ago50:30

50:30

Governance, Risk, and Compliance (GRC) platforms can be tricky to construct. Today, we sat down with an expert in this field to talk about building and deploying secure applications in the cloud. This episode features Jeff Schlauder, Information Security Executive, from Catalina Worldwide, who provides answers and explanations to a variety of quest…

1
ENCONA Interviewed on Punct Si De La Capat By Onelia Pescaru 52:59

1+ y ago52:59

52:59

On Friday 28 October 2022 part of the ENCONA senior management team, Hans Trunkenpolz (Founder & Chairman of the Board), Lloyd Staples (Chief Executive Officer) and Dan Kulcsar (Romania Operations Manager), were interviewed on Punct Si De La Capat By Onelia Pescaru, on Nova Tv Brasov. Learn more about what makes us tick and our expansion into the R…

1
Ep 102: The Intersection of Privacy and Security 38:55

1+ y ago38:55

38:55

You cannot have privacy without security. While they once existed quite distinct from one another, they are now so delicately woven that they are nearly indistinguishable. Over time, the GDPR has cemented the relationship between physical security and information security, and now, it’s incorporating data privacy. This compliance triad has become t…

1
Ep 101: Most Asked CMMC Questions 47:12

1+ y ago47:12

47:12

CMMC (Cybersecurity Maturity Model Certification) can raise many red flags and concerns - As CMMC rulemaking approaches in 2023, we take a break from our normal podcast and answer the most asked CMMC questions to date to help ease the unknown. This episode features George Perezdiaz, FedRisk Practice Lead, with Pivot Point Security, who provides ans…

1
What Is This TISAX® Thing Everyone Is Talking About? 1:16:27

1+ y ago1:16:27

1:16:27

On Wednesday 21 September 2022 ENCONA hosted a free webinar. Established in early 2017, the TISAX® testing and exchange mechanism was founded on the German Association of the Automotive Industry (VDA) catalog of ISA (Information Security Assessment) requirements, largely established on the basis of the international ISO/IEC 27001 standard. The plat…

1
Ep 100: The Two Audiences For Privacy & How They Drive Data Collection 36:43

1+ y ago36:43

36:43

This marks our 100th episode of The Virtual CISO and an insightful journey into having the opportunity to have frank discussions with thought leaders that provide the very best information security advice and insights. I am happy to have invited Dimitri Sirota, CEO & CoFounder of BigID, to walk through BigID’s approach to privacy, security, and dat…

1
How to Effectively Identify, Gain & Maintain Organizational Knowledge (according to IATF 16949:2016) 1:17:39

1+ y ago1:17:39

1:17:39

ENCONA hosted a free webinar on 31 August 2022. There is a need to determine and manage organizational knowledge, to ensure the smooth operation of processes, and to achieve conformity of products and services. Requirements regarding organizational knowledge were introduced to safeguard organizations from loss of knowledge due to staff turnover and…

1
Unpacking Critical Elements of Supply Chain Risk Management 46:11

1+ y ago46:11

46:11

Supply chain risk management can prove to be a slippery slope—why should you take pains to conduct a proper risk assessment, and how do they impact IT and business continuity? From international restrictions to balancing generic and specific risk assessments, any guidance is welcome in the world of supply chain management. I invited Willy Fabritius…

1
Breaking Down the Latest in Software Security Standards & the Impact on SaaS Businesses 37:45

1+ y ago37:45

37:45

What are the merits of the Software Assurance Maturity Model (SAMM), and how does it differ from the Application Security Verification Standard (ASVS) model? And why should you care? From design to operations, there are several crucial considerations to hold regarding business functions and use cases. I invited Taylor Smith, Application Penetration…

1
What You Need to Know about APIs and API Security 43:35

1+ y ago43:35

43:35

Application development is moving from a web-centric world to an API-centric world. If you’re wondering what that looks like, what the security implications are and what an API is, you’re in the right place. There is no shortage of new application security strategies to familiarize ourselves with as cybersecurity adapts to changing times. That’s wh…

1
How to Measure the Value of Information Security 30:14

1+ y ago30:14

30:14

Most recognize the value preservation in cybersecurity. But forward thinking professionals also see the value creation in having a secure information posture. Cybersecurity is the foundation of preserving sensitive data and providing peace of mind but does it create value for the organization and if so, how do we measure that value? Tracking the re…

1
Understanding NIST’s Secure Software Development Framework 45:55

1+ y ago45:55

45:55

What exactly is a Software Development Life Cycle, and how does NIST’s Secure Software Development Framework impact that cycle and your organization? Of note, the SSDF will definitely impact you if your software is used by the US Government and will likely impact you even if it isn’t. There are a few choice practices that can help make sense of the…

1
US Gov. Cybersecurity Roadmap: Where it came from and Where is it Going? 58:10

2y ago58:10

58:10

Today, information is worth more than riches. The new currency is data. With this being true, the state of cybersecurity within the upper branches of the government was shockingly under-prepared. In this episode, I speak with Mark Montgomery, the former Executive Director of the Cyber Solarium Commission, about the report the commission published i…

1
How To Implement An Effective Supplier Development Program (according to IATF 16949:2016) 1:13:28

2y ago1:13:28

1:13:28

ENCONA hosted a free webinar on 13 July 2022, moderated by TARRYN JORDAAN, who was joined by subject matter experts HANS TRUNKENPOLZ and ANDREAS SCHRADER in an open discussion on this topic. Supplier development aims to provide an appropriate framework for improving the performance of suppliers as well as evaluating their performance. This webinar …

Podcasts Worth a Listen

TISAX® Podcasts

Podcasts Worth a Listen

Quick Reference Guide