GRC Academy
by Jacob Hill
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform for GRC professionals, executives, and anyone else who wants to increase their knowledge in the GRC space!
Podcast episodes
Season 1
The Business Case for Information Security with Mark Nicholls
In this episode, Jacob speaks with Mr. Mark Nicholls! Mark is the CEO of Information Professionals Group and has over 30 years of experience! In the episode they discuss the business case for information security, and how cybersecurity professionals can effectively communicate with the C-suite and other business leaders! Here are some highlights from the episode: The Importance of information security in business The Importance of securing data How cyber professionals should engage with business leaders Roleplaying exercise - bad/good examples of a cyber pro trying to convince a CEO How active listening can help you make a difference Follow Mark on LinkedIn: https://www.linkedin.com/in/markdnicholls/ Information Professionals Group Website: https://www.informpros.com.au/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e25&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/
How To Stop Social Engineering in Its Tracks with Chris Silvers
In this episode, Jacob speaks with Penetration Tester & Social Engineer Chris Silvers! Chris Silvers is the founder of CG Silvers Consulting! Chris has a vast amount of experience ranging from CMMC assessments to penetration testing. He even won the prestigious DEF CON black badge during the DEF CON 24 Social Engineering Capture the Flag (SECTF)! In this episode they focus on how organizations can defend against social engineering attacks! Here are some highlights from the episode: Winning the DEF CON SECTF black badge Social engineering tactics and tools CEO impersonation / fraud attacks How can GRC help defend against social engineering? Why businesses shouldn't start with a penetration test Follow Chris on LinkedIn: https://www.linkedin.com/in/cgsilvers/ Chris's Website: https://www.cgsilvers.com/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e24&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/
ISO 27001 Essentials with Aron Lange
In this episode, Jacob speaks with ISO 27001 expert Aron Lange! Aron is the founder of the GRC Lab, and a Udemy instructor with more than 11,000 students! He is an experienced auditor for management systems based on ISO 27001, ISO 9001, ISO 27018 and ISO 22301. In this episode they discuss the essentials of ISO 27001 including the history of the standard and the changes in the latest revision, but also the significance of the organizations involved and the danger of ISO “certification paper mills.” Here are some highlights from the episode: The history of ISO 27001 Changes in ISO 27001:2022 Who are the IAF, accreditation bodies, and certification bodies? The importance of hiring an IAF affiliated certification body ISO scoping Maintaining an ISO certification Best practices for internal audits Follow Aron on LinkedIn: https://www.linkedin.com/in/aronlange/ Aron’s Udemy courses: https://www.udemy.com/user/aron-lange/ Aron’s Website: https://www.aronlange.com/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e23&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/
Why Threat Intel is Essential for Vulnerability Management with Patrick Garrity
In this episode, Jacob speaks with cybersecurity researcher Patrick Garrity! Patrick Garrity is a seasoned security researcher at VulnCheck where he focuses on vulnerabilities, vulnerability exploitation and threat actors. In this episode they discuss the importance of integrating threat intelligence into vulnerability management using the Exploit Prediction Scoring System (EPSS), CISA Known Exploited Vulnerabilities Catalog, and the changes in CVSS 4.0! Here are some highlights from the episode: How Exploit Prediction Scoring System (EPSS) can predict exploitation How vulnerability scanners integrate EPSS CISA's Known Exploited Vulnerabilities (KEV) Catalog The national security implications of vulnerability management Follow Patrick on LinkedIn: https://www.linkedin.com/in/patrickmgarrity/ VulnCheck Website: https://vulncheck.com/ Thanks to our sponsor Keeper Security! Need a FedRAMP authorized Password Manager? See how Keeper can help you comply with CMMC: https://www.keepersecurity.com/cmmc/?utm_source=grcacademy&utm_medium=display&utm_campaign=cmmc_video Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e22&utm_campaign=courses
The False Claims Act and The DOJ's Civil Cyber Fraud Initiative with Julie Bracker
In this episode, Jacob speaks with attorney Julie Bracker! Julie is the whistleblower attorney for both the Penn State University and Georgia Tech University FCA complaints. These complaints essentially allege the defendants misrepresented their compliance with NIST 800-171! They discuss the False Claims Act and the DOJ's Civil Cyber Fraud Initiative, and what federal contractors can do to avoid being the subject of a whistleblower complaint! Here are some highlights from the episode: What is the False Claims Act? What is the DoJ's Civil Cyber Fraud Initiative? What are the risks and rewards for whistleblowers? Who are the targets of the initiative? Can companies blindly rely on their MSP and be safe? How to quantify damages of cyber noncompliance fraud DoJ Civil Cyber Fraud settled lawsuits so far Georgia Tech and Penn State FCA cases Follow Julie on LinkedIn: https://www.linkedin.com/in/juliekeetonbracker/ Bracker & Marcus LLP Website: https://www.fcacounsel.com/ Penn State FCA Complaint: https://cdn.grcacademy.io/web/20240325204912/penn-state-university-false-claims-act-complaint.pdf Georgia Tech FCA Complaint: https://cdn.grcacademy.io/web/20240325204909/georgia-tech-university-false-claims-act-complaint.pdf 2023 DoJ Report of FCA settlements (more than $2.68 billion): https://www.justice.gov/opa/pr/false-claims-act-settlements-and-judgments-exceed-268-billion-fiscal-year-2023 ----------- Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform! Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e21&utm_campaign=courses Need a FedRAMP authorized Password Manager? Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/ See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/