Cybersecurity, GRC & SOC 2 Essentials

Follow Cybersecurity, GRC & SOC 2 Essentials
Share on
Copy link to clipboard

Cheri is a vCISO on a mission to simplify cybersecurity and SOC 2 so companies have what they need to make strategic decisions around implementing the right solutions, not too much and not too little. She sees a lot of "noise" in the marketplace around cy

Cheri Hotman


    • Aug 29, 2025 LATEST EPISODE
    • monthly NEW EPISODES
    • 10m AVG DURATION
    • 24 EPISODES


    Search for episodes from Cybersecurity, GRC & SOC 2 Essentials with a specific topic:

    Latest episodes from Cybersecurity, GRC & SOC 2 Essentials

    CMMC Demystified Scoping Compliance and Avoiding Costly Mistakes

    Play Episode Listen Later Aug 29, 2025 43:44


    In this episode, Cheri Hotman and Paula Biggs break down the realities of CMMC compliance, with a special focus on scoping and avoiding common missteps. They explain how CMMC builds on existing NIST 800-171 requirements and why scoping—deciding which systems, people, and vendors fall under compliance—is the first and most critical step. Paula emphasizes that smaller companies can often save significant cost and risk by narrowing their scope strategically, while Cheri highlights how poor scoping leads to inflated audits, unnecessary licensing fees, and added risk exposure. Together, they stress the importance of understanding vendor responsibilities, building accurate and detailed System Security Plans (SSPs), and treating audits as confidence-building exercises rather than checkbox events. The conversation reinforces that CMMC isn't just about passing an audit—it's about sustaining secure, risk-aware practices that protect sensitive data and long-term business trust.

    mistakes compliance costly nist demystified scoping
    Beyond the Audit: Making Continuous Compliance Work

    Play Episode Listen Later Aug 29, 2025 23:29


    Cheri Hotman and Tanya Wade cut through the checkbox mentality of audits to show why real compliance is about building programs that protect your people, data, and reputation year-round. From SOC 2 readiness to the pitfalls of over-relying on GRC tools, they share practical steps for prioritizing controls, assigning ownership, and reducing audit stress. If you've ever thought “we passed the audit—now what?”, this episode gives you the roadmap to continuous compliance with less chaos and more confidence.

    compliance audit continuous grc
    Episode 0: Why Cybersecurity Is as Much Art as Science

    Play Episode Listen Later Aug 20, 2025 21:40


    In this kickoff episode of The Art of Cybersecurity, host Cheri Hotman shares why this podcast exists and what listeners can expect. Cyber isn't just science or technology — it's art. It's messy, constrained, people-driven, and ultimately about mitigating risk to protect people and data.Cheri cuts through the noise of “easy button” tools, audit-passing mentalities, and checkbox compliance to talk about what security really is: designing programs that work, tackling people and process challenges, and aligning solutions to business goals.Expect honest, unfiltered conversations, real-world stories, and practical insights that go beyond buzzwords. If you're ready to say what needs to be said and push for cybersecurity that truly matters, subscribe now and join the fight.

    art science cybersecurity cyber
    5 Tactics to Protect the Cloud Pt. 2

    Play Episode Listen Later Jul 19, 2022 7:39


    Take these 5 tactics given by Cheri Hotman to help better protect the cloud.

    protect cloud tactics
    5 Tactics to Protect the Cloud Pt. 1

    Play Episode Listen Later Jul 18, 2022 8:24


    Take these 5 tactics given by Cheri Hotman to help better protect the cloud.

    protect cloud tactics
    Cybersecurity is a Problem of People

    Play Episode Listen Later May 5, 2022 10:59


    Cybersecurity is a Problem of People ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    cybersecurity
    Pen Test to Remove Security Blindness

    Play Episode Listen Later May 5, 2022 8:31


    Pen Test to Remove Security Blindness ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    security remove blindness
    SaaS Tools Cover My Security, Right?

    Play Episode Listen Later May 5, 2022 7:58


    SaaS Tools Cover My Security, Right? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    tools security saas
    Even Policies Are Not Set-It-And-Forget-It

    Play Episode Listen Later May 5, 2022 5:53


    Even Policies Are Not Set-It-And-Forget-It ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    policies
    Don't Solve for the Wrong Problem

    Play Episode Listen Later May 5, 2022 9:04


    Don't Solve for the Wrong Problem ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    solve
    Cybersecurity Does Not Equal Cool Tools

    Play Episode Listen Later May 5, 2022 8:52


    Cybersecurity Does Not Equal Cool Tools ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    cybersecurity equal cool tools
    CEO's, Watch Your Assets

    Play Episode Listen Later May 5, 2022 5:19


    CEO's, Watch Your Assets ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    ceo assets
    How to Respond to Security Questionnaires?

    Play Episode Listen Later May 5, 2022 6:06


    How to Respond to Security Questionnaires? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    security respond questionnaires
    Why Can't I Just Download Policy?

    Play Episode Listen Later May 5, 2022 5:51


    Why Can't I Just Download Policy? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    policy
    Got Asked for It, But Don't Have SOC 2?

    Play Episode Listen Later May 5, 2022 6:50


    Got Asked for It, But Don't Have SOC 2? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    Minimal Security You Need for Cyber War

    Play Episode Listen Later May 5, 2022 9:56


    Minimal Security You Need for Cyber War ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    security minimal cyberwar
    5 Questions CEOs Should Ask on Cybersecurity

    Play Episode Listen Later May 5, 2022 12:34


    5 Questions CEOs Should Ask on Cybersecurity ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    ceos cybersecurity
    The Longer the Better Password

    Play Episode Listen Later May 5, 2022 9:42


    The Longer the Better Password ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    longer passwords
    Don't be Overwhelmed (on Security), Start Here

    Play Episode Listen Later May 5, 2022 10:26


    Don't be Overwhelmed (on Security), Start Here ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    security overwhelmed
    Does Your Business Need a VPN?

    Play Episode Listen Later May 5, 2022 9:38


    Does Your Business Need a VPN? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    vpn
    How Much Is the Cost of a SOC 2?

    Play Episode Listen Later May 5, 2022 6:05


    How Much Is the Cost of a SOC 2? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    cost soc
    Get Your SOC 2 "Fast" & "Easy"?

    Play Episode Listen Later May 5, 2022 7:18


    Get Your SOC 2 "Fast" & "Easy"? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    What Does War Mean to Business Security?

    Play Episode Listen Later May 5, 2022 10:32


    What Does War Mean to Business Security? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    business security
    What We Learn from Tesla Hack?

    Play Episode Listen Later Apr 19, 2022 7:13


    What We Learn from Tesla Hack? ➜ Hit the LIKE button ➜ SHARE the video with someone who might need it ➜ POST your questions in the comments for future video topics ➜ SUBSCRIBE for notifications of new episodes #cybersecurity #security #soc2 #vciso #compliance #risk #riskmanagement #grc #itrm #video #fintech #healthcare #healthcaretechnology #healthcaretech #software #saassecurity #ceo #ciso #phi #pii #pi #softwareindustry #dataprivacy #dataprotection #womenincybersecurity #womenincyber #womeninfintech #womenintech

    tesla hack what we learn

    Claim Cybersecurity, GRC & SOC 2 Essentials

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel