The Balancing Act by Security Compass
Jeff Sorrell - An Industry Perspective on CMMC

Jeff Sorrell - An Industry Perspective on CMMC

October 16, 2020

Today we are joined by Altaz Valani from Security Compass and Jeff Sorrell, a Data Privacy and Information Security Consultant. We will discuss, at a high level, the importance of Cybersecurity Maturity Model Certification (CMMC) and its operational impact on companies that have contracts with the U.S. Department of Defense. We dive into some of the nuances of CMMC as it advocates moving away from self-attestation to third-party audit and certification. To conclude this discussion, Jeff will share thoughts on any trends based on his own experience.

Andrew Wertkin - Where Application Security Meets Infrastructure Security in Cyberspace

Andrew Wertkin - Where Application Security Meets Infrastructure Security in Cyberspace

October 9, 2020

Today we are joined by Ehsan Foroughi from Security Compass, and Andrew Wertkin, Chief Strategy Officer at BlueCat. In this podcast, we will discuss the intersection of network infrastructure and security, and how to bake security requirements from that perspective. Drawing from his experience in enterprise architecture and distributed computing networks, Andrew will also share valuable security and network health insights.

Hasan Yasar - Achieve Continuous ATO Through DevSecOps

Hasan Yasar - Achieve Continuous ATO Through DevSecOps

October 5, 2020

Today we are joined by Hasan Yasar, Technical Director of Continuous Deployment at the Software Engineering Institute, CMU, to talk about Continuous ATO. We will start with the need to automate architectural assurance across the application build and deployment pipeline. Further, we will discuss how risk management is embedded into the process through security controls. Finally, we will conclude with how DevOps unlocks the ability to achieve continuous ATO.

Brian Pitts - Adoption of SD Elements

Brian Pitts - Adoption of SD Elements

October 2, 2020

In this podcast, we are joined by Brian Pitts, Director, Product Security Governance at Johnson Controls (JCI) to discuss some of the unique security challenges faced by IOT device manufacturers and how advanced tooling has helped JCI bolster their product security practices.

Glen Notman - Bridging the Gap Between Security and Business Teams

Glen Notman - Bridging the Gap Between Security and Business Teams

September 25, 2020

Today we are joined by Glen Notman, Associate Partner at Citihub. In this podcast, we will talk about the gap that exists between the security and business teams. To communicate the value of security, it’s important for security teams to make their findings and recommendations relevant to the business. This involves empathizing with the real needs of a business stakeholder.

Gopi Reddy - Enabling Digital Through Secure DevOps

Gopi Reddy - Enabling Digital Through Secure DevOps

September 21, 2020

Today we are joined by Gopi Reddy who is an experienced Enterprise Architect. We will talk about digital transformation and how DevOps enables the business imperative. Security is often not considered a key part of this transformation because of the perception that it is a low-level technical activity. With the shift to digital product enablement in a high velocity environment, this is now changing as security becomes everyone’s responsibility.

Ruth G. Lennon - First Steps in Building Proactive Security

Ruth G. Lennon - First Steps in Building Proactive Security

September 18, 2020

Today we are joined by Ruth G. Lennon, Lecturer, Department of Computing at the Letterkenny Institute of Technology, to talk about initiating the journey of injecting security into development. Many teams feel enormous pressure from the start to quickly understand security. In this podcast, we delve into taking a more thoughtful and deliberate approach that focuses on building a strong foundation to align your cross functional teams.

Nikhil Kumar & Altaz Valani - Feasibility of Zero Trust

Nikhil Kumar & Altaz Valani - Feasibility of Zero Trust

September 14, 2020

Today we are joined by Altaz Valani from Security Compass and Nikhil Kumar, President, and Founder of ApTSi, to discuss the feasibility of Zero Trust. In this podcast, we will talk about the value of Zero Trust from a business enablement perspective. We will also dive into the feasibility of Zero Trust for technical leaders. While Zero Trust is not a silver bullet, for today’s rapidly evolving business and security scenarios, it offers a compelling evolution away from our network-centric approach towards a focus on the data.

Stephen Whitlock & Altaz Valani - Rolling Out Zero Trust

Stephen Whitlock & Altaz Valani - Rolling Out Zero Trust

September 11, 2020

Today we are joined by Altaz Valani from Security Compass and Stephen Whitlock, one of the first members of the Jericho Forum and a security expert with 16 years of experience at Boeing. In this podcast, we will discuss the evolution of Zero Trust and its roots in the Jericho Forum work. We will also talk about the business value of Zero Trust and the pitfalls of rolling out a Zero Trust program. Implementing Zero Trust is more effective if we understand the history and why today’s business needs are driving this evolutionary approach to security.

Tony Carrato & Altaz Valani - Business Value of Zero Trust Compared to Other Security Models

Tony Carrato & Altaz Valani - Business Value of Zero Trust Compared to Other Security Models

September 8, 2020

Today we are joined by Altaz Valani from Security Compass and Tony Carrato, an independent consultant with expertise in delivering enterprise architecture across varied industries. In this podcast, we will discuss the evolution of the Zero Trust security model and how it is different from existing models. We will also delve into the business value that Zero Trust can offer organizations in the midst of changing operating models. The agility of organizations depends, in large part, on the security assurance of data safety at all times.

Play this podcast on Podbean App