Trusted Information Security Assessment Exchange (TISAX) is a vendor due diligence standard used in the automotive industry to verify that third-party suppliers’ cybersecurity programs provide adequate protection for the information the automotive supplier shares. In this episode, your host John Verry, CISO and Managing Partner at Pivot Point Security, sits down with Ed Chandler, Account Executive and Cybersecurity lead for TÜV SÜD America, who provides answers and explanations to what TISAX is, how it operates, and helps you better understand the implications surrounding it. Join us as we d ..read more

In today’s cyber landscape, business leaders and security professionals need every edge they can gain to better protect their organizations and plan their defense against attackers. . Why do hackers do what they do? What are they trying to steal from you? Who do they partner with to make money and avoid getting caught? In this episode, hosted by John Verry, CISO and Managing Partner at Pivot Point Security,  sits down with Raveed Laeb, Vice President of Product for KELA, who provides answers and explanations to explain the cybercrime business models, supply chains, and operational strateg ..read more

Over 90% of security breaches in the public cloud stem from user error, and not the cloud service provider. Today, your host John Verry sat down with one of Amazon Web Services (AWS) own Temi Adebambo, to understand what is going wrong with public cloud security, and how you can eliminate your biggest risks. This episode features Temi Adebambo, Head of Security Solutions Architecture at Amazon Web Services (AWS), to explain exactly what’s going wrong with public cloud security, how users can eliminate their biggest risks, and much more. Join us as we discuss: • The 2 mistakes public cloud user ..read more

Managing Cybersecurity through an Economic downturn is no easy task. With increasing concerns on how to stay secure and compliant in a down economy, John Verry tackles this podcast himself giving you his ten best fundamental practices. This episode features your host John Verry, CISO & Managing Partner, from Pivot Point Security, who provides answers and explanations to a variety of questions regarding how to stay compliant, secure, and budget in a down economy. Join us as we discuss: · How to be Strategic in a Down Economy · How to leverage automation · How to get more from your vendors ..read more

Building Cloud Native Applications can bring about many operational and security problems. Today, we sat down with an expert in this field to talk about building cloud native applications, and deploying applications that are secure in the cloud. This episode features Fausto Lendeborg, Co-Founder & CCO, from Secberus, who provides answers and explanations to a variety of questions regarding Building applications in the cloud, deploying applications securely in the cloud, and much more. Join us as we discuss: · Building Cloud Native Applications · Deploying Applications Securely · Managing a ..read more

Digital Business Risk Management helps companies track and disrupt the most advanced bad actors.  Team Crymu specializes in Digital Business Risk Management & Attack Surface Management, giving clients insight and help relating to cyber threats. This episode features David Monnier, Chief Evangelist and Team Cymru Fellow, from Team Cymru, who provides answers and explanations to a variety of questions regarding Business Risk Management, ASM (attack surface management), and much more. Join us as we discuss: ● Attack Surface Management ● Digital Business Risk Management ● Electronic Asset ..read more

Governance, Risk, and Compliance (GRC) platforms can be tricky to construct.  Today, we sat down with an expert in this field to talk about building and deploying secure applications in the cloud. This episode features Jeff Schlauder, Information Security Executive, from Catalina Worldwide, who provides answers and explanations to a variety of questions regarding deploying applications securely in the cloud, using AWS (amazon web services), and much more. Join us as we discuss: · Building and deploying secure applications in the cloud · The Logistics of Web Applications · Building, operat ..read more

CMMC (Cybersecurity Maturity Model Certification) can raise many red flags and concerns - As CMMC rulemaking approaches in 2023, we take a break from our normal podcast and answer the most asked CMMC questions to date to help ease the unknown. This episode features George Perezdiaz, FedRisk Practice Lead, with Pivot Point Security, who provides answers and explanations to a variety of questions we have received regarding CMMC. George is extremely knowledgeable on CMMC topics while being one of the top industry experts on the topic. During this episode, he helps answer our top 20 most asked que ..read more

This marks our 100th episode of The Virtual CISO and an insightful journey into having the opportunity to have frank discussions with thought leaders that provide the very best information security advice and insights.  I am happy to have invited Dimitri Sirota, CEO & CoFounder of BigID, to walk through BigID’s approach to privacy, security, and data governance on this momentous episodic occasion.  Join us as we discuss: The merits of gathering data beyond the usual locations Why discovery is a foundational piece of BigID’s approach How BigID supports efficient data collection ..read more

What are the merits of the Software Assurance Maturity Model (SAMM), and how does it differ from the Application Security Verification Standard (ASVS) model? And why should you care? From design to operations, there are several crucial considerations to hold regarding business functions and use cases. I invited Taylor Smith, Application Penetration Testing Lead at Pivot Point Security, onto the show to provide insights into SAMM. Including definitions, the differences between SAMM, ASVS, and BSIMM, and how these models are relevant in today’s software development environment.  To hear thi ..read more