Cheri is a vCISO on a mission to simplify cybersecurity and SOC 2 so companies have what they need to make strategic decisions around implementing the right solutions, not too much and not too little. She sees a lot of "noise" in the marketplace around cy
In this episode, Cheri Hotman and Paula Biggs break down the realities of CMMC compliance, with a special focus on scoping and avoiding common missteps. They explain how CMMC builds on existing NIST 800-171 requirements and why scoping—deciding which systems, people, and vendors fall under compliance—is the first and most critical step. Paula emphasizes that smaller companies can often save significant cost and risk by narrowing their scope strategically, while Cheri highlights how poor scoping leads to inflated audits, unnecessary licensing fees, and added risk exposure. Together, they stress the importance of understanding vendor responsibilities, building accurate and detailed System Security Plans (SSPs), and treating audits as confidence-building exercises rather than checkbox events. The conversation reinforces that CMMC isn't just about passing an audit—it's about sustaining secure, risk-aware practices that protect sensitive data and long-term business trust.
Cheri Hotman and Tanya Wade cut through the checkbox mentality of audits to show why real compliance is about building programs that protect your people, data, and reputation year-round. From SOC 2 readiness to the pitfalls of over-relying on GRC tools, they share practical steps for prioritizing controls, assigning ownership, and reducing audit stress. If you've ever thought “we passed the audit—now what?”, this episode gives you the roadmap to continuous compliance with less chaos and more confidence.
In this kickoff episode of The Art of Cybersecurity, host Cheri Hotman shares why this podcast exists and what listeners can expect. Cyber isn't just science or technology — it's art. It's messy, constrained, people-driven, and ultimately about mitigating risk to protect people and data.Cheri cuts through the noise of “easy button” tools, audit-passing mentalities, and checkbox compliance to talk about what security really is: designing programs that work, tackling people and process challenges, and aligning solutions to business goals.Expect honest, unfiltered conversations, real-world stories, and practical insights that go beyond buzzwords. If you're ready to say what needs to be said and push for cybersecurity that truly matters, subscribe now and join the fight.
Take these 5 tactics given by Cheri Hotman to help better protect the cloud.
Take these 5 tactics given by Cheri Hotman to help better protect the cloud.
Cybersecurity is a Problem of People ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
Pen Test to Remove Security Blindness ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
SaaS Tools Cover My Security, Right? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
Even Policies Are Not Set-It-And-Forget-It ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
Don't Solve for the Wrong Problem ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
Cybersecurity Does Not Equal Cool Tools ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
CEO's, Watch Your Assets ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
How to Respond to Security Questionnaires? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
Why Can't I Just Download Policy? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
Got Asked for It, But Don't Have SOC 2? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
Minimal Security You Need for Cyber War ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
5 Questions CEOs Should Ask on Cybersecurity ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
The Longer the Better Password ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
Don't be Overwhelmed (on Security), Start Here ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
Does Your Business Need a VPN? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
How Much Is the Cost of a SOC 2? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
Get Your SOC 2 "Fast" & "Easy"? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
What Does War Mean to Business Security? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech
What We Learn from Tesla Hack? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech