Podcasts about cybersecurity practice

Privacy is a big deal in the financial world and rightfully so. They posses very important and sensitive information. So, how do financial privacy laws match/differ from the privacy laws passed by countries and states? What can they learn from each other? We discuss this and more with Elliot Golding, a partner in McDermott Will & Emery's Data Privacy and Cybersecurity Practice.

In this episode of the Great Women in Compliance podcast, Hemma and Ellen host a roundtable with Hope Anderson, a partner in White & Case's Data, Privacy & Cybersecurity Practice, and Jean Liu, Assistant General Counsel, Privacy, Safety, and Regulatory Affairs who joined Microsoft in 2023 as part of the Nuance Communications, Inc. acquisition.    Together, Hope and Jean have a wealth of experience advising on privacy, AI, and data governance compliance issues and they are well positioned to leverage this experience in the wake of a rapidly evolving regulatory landscape. Hemma and Ellen didn't waste a minute mining these two experts for practical tips and recommendations for those of us looking to get smart quick and grapple with what seems like a behemoth task of keeping up with developments in the technology and the legislation, while at the same time, making sure we don't get left behind in learning to leverage AI in our own functions. Join us for an engaging ride through the ups and downs of privacy and AI compliance, and be inspired as we were by the great opportunities to develop new and exciting use cases while mitigating risk and the chance to unlock the power of responsible and ethical AI for our businesses.  Key Highlights Getting up to speed with rapidly evolving regulatory landscape The role of AI principles vs policies and procedures Human Rights, Bias, and AI Keeping the “Human in the Loop” Thoughts on a US Federal AI or Privacy Law Leveraging AI for Ethics and Compliance Key resources and recommendations Resources Join the Great Women in Compliance community on LinkedIn here.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at Open Source Intelligence with Mishaal Khan, Cybersecurity Practice Lead at Mindsight.Misshal is a jack of all trades and master of some! With a profound knack for thinking like the bad guys, Misshal harnesses his extensive knowledge—from the nitty-gritty of bits and bytes to intricate business processes. As a techie, Ethical Hacker, OSINT enthusiast, and Social Engineer, he leverages his diverse skillset to help organizations fortify their defenses and tackle real-world security challenges. You can find out more about his book, The Phantom CISO, on his website, here.And you can learn more about Operation Privacy here.

Sam Rehman—a frequent voice on this podcast network and EPAM's Chief Information Security Officer and SVP—was in the classroom recently, teaching students, and in the process was “surprised by the density of PII that's in in the system.” This led Rehman to realize that “at least here in California,” higher education's investment in cybersecurity is “substantially behind.” Catching up is a theme of today's conversation about privacy, education, and artificial intelligence. Speaking for the (cyber)defense, with Rehman, is today's guest on *The Resonance Test,* Scott Loughlin, Partner and Global Co-Lead of the Privacy & Cybersecurity Practice at the law firm Hogan Lovells. “It took a long time to get people to understand that the easiest thing to do is not always the right thing to do to protect the company's interest and protect the company's data,” says Loughlin. “And that is an experience that we'll all have with respect to generative AI tools.” Loughlin and Rehman are put through their conversational paces from questions by Brian Imholte, our Head of Education & Learning Services. They have much to say about data governance (“Data is not by itself anymore, it's broken up in pieces, combined, massaged, and then pulled out from a model,” says Rehman), data pedigree, the laws—and lack thereof—regarding privacy and generative AI. They also kick around the role that FERPA assumes here. “You're trying to deploy this old framework against this new technology, which is difficult,” says Loughlin, adding: “There are some key areas of tension that will come up with using generative AI with student data.” So where might an educational publisher or school begin? “Focus on your value first,” says Rehman. Do your experiments, but do them in small pieces, he says: "And then within those small pieces, know what you're putting into the model.” This informative and spirited conversation is even occasionally funny. Loughlin brings up a court case about whether or not a selfie-taking monkey selfie would own the copyright to the photo. “The court said no,” notes Loughlin, adding that US Copyright laws are “designed to protect the authorship of humans, not of monkeys, and in this case not of generative AI tools.” Download now: It's sure to generate some new thoughts. Host: Kenji Ross Engineer: Kyp Pilalas Producer: Ken Gordon

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 Learn more about your ad choices. Visit megaphone.fm/adchoices

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of our podcast series on insider risk, Catherine Marinis-Yaqub is joined by Pete Marta, a partner in Hogan Lovells' Cybersecurity Practice in New York City.    Establishing and operating an insider risk management program can often be a daunting and overwhelming experience for companies, and our speakers delve into the challenges facing insider risk programmes and how organisations can increase engagement throughout their organization, confront sensitive issues such as employee privacy, and why insider risk is, at the end of the day, a “team sport”.

Last year a new app launched in Australia that promised unbeatable deals from Chinese manufacturers. Initially luring users with enticing offers and cash incentives, but Temu's shine began to fade after a number of customer complaints about the products, customer service & cyber security issues.  In this episode of The Quicky, we take a look at Temu's ownership, product range and ethical concerns surrounding its business model. We also speak to cybersecurity expert Paul Haskell-Dowland about how consumers should approach Temu.  Subscribe to Mamamia GET IN TOUCH Feedback? We're listening! Call the pod phone on 02 8999 9386 or email us at podcast@mamamia.com.au CONTACT US Got a topic you'd like us to cover? Send us an email at thequicky@mamamia.com.au CREDITS  Host: Claire Murphy With thanks to:  Paul Haskell-Dowland - Professor of Cybersecurity Practice at Edith Cowan University  Voice actors have been used in some parts of this episode Producer: Claire Murphy Executive Producer: Kally Borg Audio Producer: Thom LionBecome a Mamamia subscriber: https://www.mamamia.com.au/subscribeSee omnystudio.com/listener for privacy information.

This week Class 5 Fellow Gabe Rudin sits down with Jena Valdetero, the Co-Chair of the Greenberg Traurig's (GT) U.S. Data Privacy and Cybersecurity Practice for a discussion on cyberlaw and incident response.   Jena and Gabe discuss Jena's path to the field, changing technologies and tactics employed by threat actors, what incident response entails, the SEC's new cybersecurity disclosure rules, and the practical demands of a cybersecurity lawyer. Resources mentioned in the episode: New SEC cybersecurity rules regarding breaches  Check out the Foundry on Instagram, Twitter, or LinkedIn and subscribe to our newsletter! If you'd like to support the show, donate to the Foundry here or reach out to us at foundrypodcasts@ilpfoundry.us. Thanks for listening, and stay tuned for our next episode! DISCLAIMER: Gabe and Jena engage with the Foundry voluntarily and in their personal capacities. The views and opinions expressed on air do not reflect on the organizations Jena and/or Gabe are affiliated with.

In this episode, we're taking you on a journey through the process of building a cybersecurity team with Edgar Acosta that's primed to defend against the digital threats of today and tomorrow.Join us as we explore:

A great thinker once said "what is right is not always popular and what is popular is not always right." Our guest on this episode has built his legacy on difficult, but hugely influential decision-making.We're joined by Cyrus Vance Jr., best known for serving as New York County's top law enforcement officer for 12 years. As Manhattan District Attorney, he oversaw everything from white-collar fraud to cybercrime, human-trafficking, and even cold-case homicides. He's now a partner at global law firm, Baker Mackenzie, where he wears three hats, sitting in its litigation and government enforcement and global investigations and compliance groups, all while serving as Global Chair of the Cybersecurity Practice. After graduating from Yale University and earning his JD from Georgetown Law Center, Cy entered his first stint in public service as an Assistant District Attorney in the office that he was later elected to lead. His career has taken him everywhere from Africa to the Pacific Northwest, and we're very fortunate to have him as a guest. Highlights: Cyrus describes his background and journey to the Manhattan DA Office(2:58) Cyrus' father's influence on his career (4:42) What it's like to run for office, and learning how to operate in the public eye (6:02) Returning to work in the office: what was the same and what was different (7:39) The benefits and problems of working with large amounts of money (11:10) Developments in anti-corruption legislation, and heightening pressure on white-collar crime (15:06) Cyrus on if he regrets leaving office amongst the current prosecution of President Trump (19:31) What Cyrus learned from a business standpoint about managing a large team at the Manhattan DA Office (20:55) Cyrus' current goals as head of cybersecurity at Baker McKenzie (22:21) Cyrus discusses potentially writing a book in the future (24:16) Cyrus' hobbies and passion for motorcycles (26:57) What Cyrus would be doing if he didn't pursue a career in law (27:57) Links:ICR TwitterICR LinkedInICR WebsiteCyrus Vance on LinkedInBaker McKenzie on LinkedInBaker McKenzie WebsiteManhattan DA Office WebsiteFeedback:If you have questions about the show, or have a topic in mind you'd like discussed in future episodes, email our producer, marion@lowerstreet.co.

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 US GAO Snapshot: Cybersecurity: Launching and Implementing the National Cybersecurity Strategy

Sean was joined by Elliot Golding of McDermott Will & Emery to discuss all things HIPAA Privacy and Security, Information Blocking, and a few more critical aspects of cybersecurity! This episode is a must for all medical practices, hospitals and health systems to ensure your compliance with the ever-changing landscape! Elliot is Sean's go-to when it comes to Data Privacy and Cybersecurity! About Elliot Golding: Elliot Golding (CIPP/US) is a partner in McDermott Will & Emery's Data Privacy and Cybersecurity Practice. Elliot provides business-oriented privacy and cybersecurity advice to a wide range of clients, with a focus on health care/life sciences, technology (including "digital health"), ecommerce, financial, and other sectors that frequently handle personal information. His practical approach helps clients balance legal risk with business needs, particularly relating to innovative issues such as “digital health” technologies, the Internet of Things, data monetization, online advertising technology, big data and Artificial Intelligence/Machine Learning tools (particularly in the health research context). He has extensive experience helping clients navigate the patchwork of evolving legal standards and best practices, including:--Federal laws, such as HIPAA/HITECH, Information Blocking and Interoperability Rules, 42 CFR Part 2, GLBA, COPPA, health research rules, marketing rules (TCPA, CANSPAM, etc.), --US state laws, such as CCPA (and for coming laws in CA, CO, VA, CT, and UH), CMIA, CalFIPA, laws governing sensitive health and financial information, and state laws governing security and breach notification--industry standards (such as DAA/NAI self-regulatory principles, PCI-DSS, and security standards (such as NIST and ISO). Elliot has also handled hundreds of breaches and security incidents through all aspects of investigation, notification, remediation and engagement with regulators. He has received awards for his expertise from numerous publications, including Bloomberg and Global Data Review. Elliot also chairs several American Bar Association committees including the Privacy, Security and Emerging Technology Division; E-Privacy Law Committee, and Biotechnology, Healthcare Technology, and Medical Device Committee.

Renowned founder, lawyer, professor, and journalist Darren Heitner joins hosts David Lat and Zach Sandberg in the latest episode of Movers, Shakers & Rainmakers. Together, they delve into the captivating story of a true industry innovator. Darren's extraordinary legal journey, which began with a sports blog in late 2005, soon skyrocketed his career to heights he never initially imagined. In this enthralling conversation, Darren explains the different roles of sports agents and sports lawyers, investigates the nuances of player unions across professional sports leagues, and dispels the alluring image of sports agents as depicted in "Jerry Maguire." Our hosts then interview Darren, widely acknowledged as a leading expert on Name, Image and Likeness (NIL) issues, about the influence NIL has exerted and will continue to exert in the realm of sports. For their moves, Zach brings attention to Orrick's acquisition of a four-partner IP litigation group from Milbank, while  David focuses on Fenwick strengthening its Privacy and Cybersecurity Practice through the addition of partner Michael Sussmann. This episode is an essential listen for law and sports enthusiasts alike. As always, be sure to rate, review and subscribe!

In this episode, Wayne Pollock, the founder of the Law Firm Editorial Service, interviews David Zetoony, Co-Chair of Greenberg Traurig's U.S. Data Privacy and Cybersecurity Practice. David is a prolific writer, creating upwards of 200 articles a year regarding cybersecurity and data privacy issues.The National Law Journal named David a “Cybersecurity and Data Privacy Trailblazer,” JD Supra recognized him four times as one of the most widely read names when it comes to data privacy, cyber security, or the collection and use of data, and Lexology identified him fourteen times as the top “legal influencer” in the area of technology, media, and telecommunications in the United States, the European Union, and in the context of cross-border transfers of information. He is the author of "Building a Law Practice One Article at a Time," published by the American Bar Association, as well as the ABA's primary publication on the European General Data Protection Regulation (GDPR) and the ABA's Desk Reference Companion to the California Privacy Rights Act (CPRA).In this episode, David and Wayne discuss, among other things: - Why attorneys should be prolific with their thought leadership content- How content is a client service tool as much as it is a marketing and business development tool- Why your clients hold the key to your content creation- David's process for writing 200 articles a year- Why tying your thought leadership content to news articles makes it less valuable- What lawyers get wrong about how thought leadership is supposed to work- Why content that doesn't take a position reflects poorly on the attorney writing it- Why attorneys shouldn't hand off their thought leadership content drafting to associatesYou can watch this episode on YouTube:https://www.youtube.com/watch?v=ZO5aKl8pRpsAbout David ZetoonyDavid's online bio: https://www.gtlaw.com/en/professionals/z/zetoony-david-aDavid's LinkedIn profile: https://www.linkedin.com/in/davidzetoony/David's posts on Greenberg Traurig's "Data Privacy Dish" blog: https://www.gtlaw-dataprivacydish.com/author/zetoonydDavid's book, "Building a Law Practice One Article at a Time": https://www.americanbar.org/products/inv/book/406698992 About Wayne Pollock/the Law Firm Editorial ServiceLearn more about Wayne Pollock, the host of Legally Contented: https://www.linkedin.com/in/waynepollockLearn more about the Law Firm Editorial Service: http://www.lawfirmeditorialservice.comDo you have any idea how much money your firm is losing when its lawyers write thought leadership marketing and business development content themselves? Learn how much with the Law Firm Editorial Service's Thought Leadership Cost Calculator:  https://www.lawfirmeditorialservice.com/thought-leadership-cost-calculatorCheck out blog posts and videos designed to help you and your colleagues improve their content marketing and thought-leadership marketing efforts: https://www.lawfirmeditorialservice.com/bloghttps://www.lawfirmeditorialservice.com/videosDo you know a lawyer, law firm, or company serving the legal industry doing big things with their content marketing and/or thought leadership marketing that we should feature? Please email us at hello@legallycontented.com

Paul Giorgi of XM Cyber, a man who told me his favorite way to learn new skills is to break things and put them back together, walked me through the basics of setting up your own cybersecurity practice lab at home for not too much money. But watch out because he says that once you start, your excitement about hands-on practice and buying old servers on eBay can get overwhelming! 0:00 - Build your own cybersecurity practice lab1:30 - How to practice with a home cybersecurity lab5:48 - Resource requirements for a cybersecurity lab8:48 - Cost of a cybersecurity lab10:28 - First projects for a cybersecurity lab13:02 - Learn more about Paul Giorgi and XM Cyber13:42 - OutroAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023

In this episode Eric Poppe, a Director in Cherry Bekaert's Government Contractor Industry practice, leads a panel discussion on the current state of the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 program. He and the panel draw from the Firm's own experience with the assessment process, having undergone a Level 2 assessment to receive authorization from the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, Inc. (The Cyber AB) as a CMMC Third-Party Assessment Organization (C3PAO).Listen in to hear from Neal Beggan, Partner and leader of Cherry Bekaert's Risk Advisory and Information Technology Audit Group, Matthew Schiavone, Managing Director and Brian Kirk, Senior Manager, from the Firm's Information Assurance & Cybersecurity Practice as they share insights into:Current state of CMMCStatus of the Final Rule – Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204.7021, or the “CMMC Clause”What we are seeing in contractsWhat a C3PAO meansAssessment pitfallsJoint Surveillance Voluntary Assessments program in partnership with the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC)Catch up on Cherry's Bekaert's previous guidance pertaining to CMMC 2.0:Podcast: What's New with CMMC 2.0?: August 2022 UpdatePodcast: CMMC 2.0 Brings Major Program ChangesOn-demand webinar: CMMC 2.0 Brings Major Program ChangesIf you have any questions regarding CMMC, Cherry Bekaert's Information Assurance & Cybersecurity and Government Contracting advisors are available to discuss your situation with you.View all Government Contracting Podcasts

Where does the Cybersecurity Maturity Model Certification (CMMC) 2.0 program currently stand? Neal Beggan, leader of Cherry Bekaert's Risk Advisory Services and a Principal in Cherry Bekaert's Information Assurance & Cybersecurity Practice and Eric Poppe, a Director in the Firm's Government Contractor Services Group, discuss the latest information about the Department of Defense (DoD) CMMC 2.0 program.Listen in to find out about:The CMMC accreditation body - now called “The CYBER AB”CAP, a pre-decisional draft of the CMMC assessment process (CAP) released by The CYBER ABFedRAMP certification and NIST SP 800-171Recent DoD memorandum and DoJ Comprehensive Cyber Review highlighting enforcement mechanisms for compliance with cybersecurity requirements Voluntary assessments, which are now allowed prior to the interim final rule for CMMC, and expected to begin in late summer/early fall of 2022 If you haven't already, catch up on Cherry's Bekaert's previous guidance on CMMC 2.0:On-demand webinar: CMMC 2.0 Brings Major Program ChangesPodcast: CMMC 2.0 Brings Major Program ChangesIf you have any questions regarding CMMC, Cherry Bekaert's Risk Advisory and GovCon Consultants are available to discuss your situation with you.

Product cybersecurity expert Ken Hoyme shared with us how he built the product security practice at Boston Scientific, why he chose this profession, and gives his practical recommendations for product security teams. Ken is an expert in everything product cybersecurity and has held key positions at Boston Scientific and Honeywell. He is a senior technical leader with demonstrated capabilities to drive broad cross-functional teams to create effective solutions to complex problems, with particular emphasis on safety and security-critical, regulated industries.

Catherine Castaldo and Christine Gartland discuss the recent National Institute of Standards and Technology (NIST) guidance on practices for software supply chain security and how it can be applied to private businesses and their respective software supply chains and cybersecurity practices.

In this episode Neal Beggan, leader of Cherry Bekaert's Risk Advisory Services and a Principal in Cherry Bekaert's Information Assurance & Cybersecurity Practice, selected as one of the first Provisional Assessors nationwide by the CMMC Accreditation Body, and Eric Poppe, a senior manager in the Firm's Government Contractor Services Group, discuss the current state of the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 program and share insights on what contractors and subcontractors in the defense industrial base (DIB) should be doing now to prepare.Discussion includes:The Pentagon's shift of responsibility for the CMMC program to the DoD CIOChange in leadership at the CMMC Accreditation BodyDebunking some of the rumors around the CMMC 2.0 rollout, including:DoD's rollback on the number of companies who would have been allowed to self-attest, increasing the number of contractors that may require a third-party assessment The expected length of the rulemaking process and when the actual requirements will be incorporated into procurementsThe Government Accountability Office (GAO) report on the CMMC rolloutWhat companies should be doing now to prepare for CMMC Incentives being considered by DoD to encourage early adoption of certificationIf you haven't already, catch up on Cherry's Bekaert's previous guidance on CMMC 2.0:On-demand webinar: CMMC 2.0 Brings Major Program ChangesPodcast: CMMC 2.0 Brings Major Program ChangesIf you have any questions regarding CMMC, Cherry Bekaert's Risk Advisory and GovCon Consultants are available to discuss your situation with you.

In 2021, artificial intelligence emerged as a viable technology, which warranted a conversation about the legal and policy considerations underlying modern society. We'll look back at the ethical, legal, and policy considerations discussed in May of 2021 and ask where are we now? What more needs to be done in order to maximize a successful implementation and minimize potential risk? Speakers: Behnam Dayanim, Partner, Global Chair of Privacy & Cybersecurity Practice and Chair, Advertising & Gaming Practice, Paul Hastings LLP Kacy Zurkus, Content Strategist, RSAC

On November 4, the Department of Defense (DoD) announced the strategic direction of the Cybersecurity Maturity Model Certification (CMMC) program, which marks the completion of an internal program assessment led by senior leaders across DoD. CMMC 2.0 brings about a number of changes which DoD will be pursue through the rulemaking process and will include public comment periods. Listen to Neal Beggan, a Principal in Cherry Bekaert's Information Assurance & Cybersecurity Practice, selected as one of the first Provisional Assessors nationwide by the CMMC Accreditation Body, and Eric Poppe, a senior manager in the Firm's Government Contractor Services Group, as they discuss DoD's modifications and their potential impact on contractors and subcontractors in the defense industrial base (DIB). Changes include: Eliminating levels 2 and 4 of the framework and using National Institute of Standards and Technology (NIST) cybersecurity standardsCompanies at Level 1, and a subsection of companies at Level 2 will only be required to demonstrate compliance through annual self-assessmentsTriannual third-party assessments at Level 2 for critical national security information, as well as triannual government-led assessments at Level 3Increase in oversight of professional and ethical standards of third-party assessorsNew waiver processes for select requirements - DoD indicated: “Under certain limited circumstances”, companies can make “Plans of Action & Milestones (POA&Ms)” to achieve certification“Under certain limited circumstances”, waivers to CMMC requirements will be allowed DoD is also suspending the current CMMC pilot program for select contracts and will not approve any CMMC requirements in DoD solicitations while the rulemaking is underway. The Defense Department further indicated that it is looking at providing incentives to contractors who voluntarily obtain certification during the interim period and more information will be forthcoming. 

Jerich Beason is joined by Erik Weinick. Erick's experience includes privacy, cybersecurity, bankruptcy, commercial torts, defamation/slander, regulatory to name a few. He is also the co-founder of Otterburg's Privacy & Cybersecurity Practice and has contributed multiple pieces of thought leadership on cyber security. Jerich and Erik discuss why an organization should consider retaining a cyber attorney, when they should consider taking that step and how an introductory conversation would go if an organization called to use his services.

Description: Join Jay Ryerse, VP of Cybersecurity Sales, and Cristelle Michael, Director of Partner Marketing, to find out how the ConnectWise Partner Program for Cybersecurity can help you build or grow your cybersecurity practice. Learn more about the Partner Program here: https://www.connectwise.com/company/partner-services/partner-program

Join Cherry Bekaert, a Registered Practitioner Organization (“RPO”) and Candidate Certified Third-Party Assessment Organizations (C3PAO), for part five of our podcast series discussing the various elements of the Department of Defense's (“DoD”) Cybersecurity Maturity Model Certification (“CMMC”) program.Neal Beggan, a Principal in Cherry Bekaert's Information Assurance & Cybersecurity Practice, selected as one of the first Provisional Assessors nationwide by the CMMC Accreditation Body, leads the series along with Eric Poppe from the Firm's Government Contractor Services Group, to provide contractors with the latest information on CMMC and navigating its impact on the government contracting community.In part five of the series, Neal and Eric discuss the current status of CMMC, includingIs the rule final yet?How does it relate to the Executive Order?Recent News Articles and changes at the DoDImpact on small and medium businessesWhat should I be doing now?If you haven't already, catch up on the series:Part 4: How to Prepare for a CMMC C3PAO Assessment for CertificationPart 3: What to Expect in an Upcoming CMMC C3PAO Assessment & How to PreparePart 2: CMMC and the DFARS ClausePart 1: Current State of CMMC

In this episode of the podcast, Brooke chairs a roundtable discussion at the intersection of risk, scenario planning and cybersecurity. His guests are Sanjay Khanna, Strategic Advisor and Foresight Expert, and Advisor to The Decision Lab; Alan Iny, Global Lead for Creativity and Scenarios at the Boston Consulting Group (BCG), and Michael Coden, Global Lead for BCG Platinion's Cybersecurity Practice. Together they discuss the human and systemic vulnerabilities that expose us to cybersecurity risks, and how scenario planning and creative problem solving can help mitigate such threats. Drawing from countless real-world examples of major global crises, they argue that although our best thought-out plans may never materialize, the process of planning itself is invaluable. Some topics discussed include: The guests' recent thought leadership on cybersecurity, including two potential future cybersecurity scenarios - one reflecting greater multi-stakeholder cooperation, the other reflecting a more fragmented, individualistic response. Balancing a need for individual awareness and responsibility around cybersecurity with a wider systematic approach to the challenge. If human error is the root cause of cybersecurity breaches, how can we help people avoid such errors? The case for scenario planning, not as a prediction tool, but as a mechanism to prepare for a range of plausible scenarios. Real-world examples of how scenario planning has enabled international organisations to prepare for risks that bear similarities to events such as Brexit and the COVID-19 pandemic.

A graduate of Harvard Business School, Denrich Sananda has over 20 years of experience in the process automation sector. He's been based all over the world – in the Middle East, India, in parts of the former Soviet Union and Turkey. Denrich recently moved to Toronto, Canada and started his own Cybersecurity Practice. We discuss: How to effectively communicate a company's vision during meetings [01:26] A mind-boggling Harvard course that takes managers to a different level [05:01] Overqualification as a trigger to become an entrepreneur [06:44] Why cybersecurity is a great niche to in which to start a business [08:33] Helpful resources to get going during a launch process [12:17] The power of four essential steps when starting a business [15:10] A structure and strategy for achieving visibility on LinkedIn [16:38] Learn more about Denrich at https://www.aristatechnologies.ca/ (https://www.aristatechnologies.ca/) and https://www.linkedin.com/in/denrichsananda/ (LinkedIn).

As an MSP, you may be ready to start offering your clients cybersecurity services. But what can you do to get your practice ready? ConnectWise's Clint Maddox, Chief Revenue Officer, and Jay Ryerse, VP of Cybersecurity Initiatives, reveal what you need to know and how ConnectWise can support you. Listen now.

LS Black, a general contractor based in Minneapolis, has needed to be at the forefront of construction cybersecurity because of government contracts. Peyton Kringlie is one of the team members driving the development of sophisticated cybersecurity practices and policies throughout the company. Peyton shares some great lessons learned for other contractors starting a similar journey.

President Biden signed an Executive Order (“EO”) on May 12th aimed at improving and preparing for cybersecurity defenses for public and private sector companies. The EO is aimed at improving protective measures to federal networks, information-sharing between the U.S. government and the private sector on cyber issues and the collective ability to respond when incidents occur. The EO addresses initiatives and directives in many areas, which Cherry Bekaert summarized in a recent alert.Susan Moser, leader of Cherry Bekaert’s Government Contractor Services Group, John Ford, a senior consultant in the Firm’s GovCon Group and Neal Beggan, a Principal in Cherry Bekaert’s Information Assurance & Cybersecurity Practice discuss the impacts and timing of the EO, including a general discussion on the authority of Executive Orders, how the EO impacts the Department of Defense’s (“DoD”) Cybersecurity Maturity Model Certification (“CMMC”) program, and what companies should be doing now to protect their systems and data.Cherry Bekaert will continue to keep contractors updated in future podcasts on the EO and CMMC as circumstances and timelines change. Never has the protection of data been more important, and the threats against it more present. Cyber breaches not only affect an organization’s bottom line but can negatively impact its reputation and brand. We help strengthen your organization with a comprehensive program of security technology, services and insurance. We customize your solution based on your specific needs and risks, as well as your line of business, industry and budget.

In this episode, channel cybersecurity expert Joy Beland shares insight for MSPs on building a formidable data defense practice. The former IT services business owner and trainer discusses some of her early challenges and experiences, and hits hard on the opportunities and best practices for channel professionals. Joy emphasizes the value of compliance frameworks and industry standards. As an educator in channel cybersecurity (who develops and conducts training for MSPs), she unveils some of the most valuable business and professional resources for the IT services community. How can MSPs boost their teams’ cybersecurity proficiencies? What services do businesses really need to adequately protect their data and operations, and most importantly, their people, today? Listen to this episode of Confessions of an IT Business Owner to find out.

This week's top story: Why protecting your printer is an essential cybersecurity practice, with Josh Johnston, Senior Director of Engineering at Kount, an Equifax company. Also this week, Emily and Lacey dive into the record breaking losses to romance scams, reflect back on a decade of friendly fraud, discuss how eCommerce helped uplift retail in 2020, and finally, discuss of how fraudsters have offered 400 million ‘ghost' COVID vaccines to officials in the EU. #Kount5in5

In this episode, we start with a dramatization of a ransomware attack, which leads us to the ransomware lifecycle in real life. What is a ransomware attack incident response really like? How should you respond in the first hours? What does a 72-hour ransomware response look like? What should you do in the weeks and months following? Hear real-life examples and learn best practices from attorney Shawn Tuma, Co-Chair of the Data Privacy and Cybersecurity Practice at Spencer Fane. Also, don't miss Trend Micro's 2020 State of Ransomware report, available for free download, below. Resource Links: • Shawn Tuma on LinkedIn: https://www.linkedin.com/in/shawnetuma/ • Trend Micro report, "State of Ransomware: 2020's Catch-22": http://bit.ly/TM_SOR20 •  SecureWorld virtual conferences: https://www.secureworldexpo.com/events The SecureWorld Sessions podcast gives you access to people and ideas that impact your cybersecurity career and help you secure your organization.

Vishal Salvi, SVP, CISO and Head of the Cybersecurity Practice at Infosys, discusses the future of cybersecurity. The discussion covers a recent breach of SolarWinds, the history of cybersecurity, and the evolution of CISO role over the years. Hosted by Yulia De Bari, Cybersecurity Lead and Podcast Producer for the Infosys Knowledge Institute.

Part IV: How to Prepare for a CMMC C3PAO Assessment for CertificationJoin Cherry Bekaert, a Registered Practitioner Organization (“RPO”) and one of the first Certified Third-Party Assessment Organizations (C3PAO) accredited to perform certification assessments for the Department of Defense’s (“DoD”) new Cybersecurity Maturity Model Certification (“CMMC”) program, for part four of our podcast series discussing the various elements of CMMC.Neal Beggan, a Principal in Cherry Bekaert’s Information Assurance & Cybersecurity Practice, selected as one of the first Provisional Assessors nationwide by the CMMC Accreditation Body, leads the series along with Eric Poppe from the Firm’s Government Contractor Services Group, to provide contractors with the latest information on CMMC and navigating its impact on the government contracting community.In part four of the series, Neal and Eric discuss how best to prepare for a CMMC C3PAO assessment for certification. As part of this podcast they discuss:Current Status & Estimated TimelinePreparing for Assessments: Three-Phased ApproachTypes of evidence needed to obtain a certificationIndependence ConsiderationsIf you haven’t already, catch up on the series:Part 1: Current State of CMMC Part 2: CMMC and the DFARS ClausePart 3: What to Expect in an Upcoming CMMC C3PAO Assessment & How to Prepare

In this episode of CHATTINN CYBER, Marc Schein interviews Sean Hoar, of Lewis Brisbois and chair of the Data Privacy & Cybersecurity Practice. He has extensive experience managing responses to digital crises and effectively marshaling resources to contain and remediate information security incidents. He served as the lead cyber attorney for the U.S. Attorney’s Office in Oregon, and he worked closely with the Computer Crime & Intellectual Property Section in Washington D.C. He holds the Certified Information Systems Security Professional (CISSP), the Global Information Security Professional (GISP), and the Certified Information Privacy Professional/United States (CIPP/US. Sean served in the US Attorney’s Office for many years where he handled career cases that exposed him to the digital world of electronic surveillance. He believes that cyber hackers have evolved fast and have become more sophisticated over the years, leveraging the systems and applications. Sean explains that as long as cybercriminals are able to monetize data; ransom and other exploits are going to continue, the most dangerous of which right now is extortion. Sean explains how he advises his clients to give information to the FBI who gather evidence across the country and attribute each case to malicious actors, they hold them accountable, and criminally charge them. Sean explains why security starts with setting up foundational basics in an organization. He also describes the criteria they use to ensure advanced cybersecurity for their clients: they make sure the internal teams understand what they’re supposed to do, and the external teams stay in touch with their obligations. Companies need to put cyber procedures in place to avoid financial consequences in the long run if they are not proactive. “But for me, it’s a matter of helping them really visualize what it will look like, and until they understand that, it’s going to be hard to get them to take action.” Companies that carry cyber insurance are well educated and have immediate attention and deployment of resources they need to go from one side to the other, which limits the expense and the impact of the attack. Companies without insurance, on the other hand, struggle on who they should call because they don’t have the education and systems in place to go from one side to the other. They contact the wrong people which results in more confusion and expenses. What You Will Learn: The danger of cyber ransom exploits and extortion in risking data privacy online. Why cybercrimes are only going to increase in the future and become more dangerous How Sean helps his clients visualize their cyber exposure procedure as a long-term financial investment. The difference between companies that carry cyber insurance and those who don’t. The tools that Sean created to deal with information security control assessments and response planning for the private sector. The power of building a stable effective team with the right attitude.

Part Three - What to Expect in an Upcoming CMMC C3PAO Assessment & How to PrepareJoin Cherry Bekaert’s Government Contractor Services Group for part three of our podcast series discussing the Department of Defense’s (“DoD”) new Cybersecurity Maturity Model Certification (“CMMC”). Neal Beggan, a Principal in Cherry Bekaert’s Information Assurance & Cybersecurity Practice, selected as one of the first Provisional Assessors nationwide by the CMMC Accreditation Body, leads the series along with Eric Poppe from the Firm’s Government Contractor Services Group, to provide contractors with the latest information on CMMC and navigating its impact on the government contracting community. In part three of the series, Neal and Eric continue their discussion on what you can expect in an upcoming CMMC Certified Third Party Assessment Organization (“C3PAO”) assessment for certification and how best to prepare now. As part of this podcast they will:Provide an overview of the assessment processDiscuss types of evidence needed to obtain a certificationWalk through the process of remediating findingsDiscuss the dispute resolution process put in place by the CMMC-ABIf you haven’t already, catch up on part one and two of the series:Part 1: Current State of CMMCPart 2: CMMC and the DFARS Clause

In this episode of S&C's Critical Insights podcast series, Nicky Friedlander, co-head of S&C's Cybersecurity Practice, and Eric Kadel, co-head of the Firm's Economic Sanctions and Financial Crime practice, are joined by associate Trevor Chenoweth to discuss two recent Treasury Department advisories on payments made in connection with ransomware attacks.   Nicky and Eric provide an overview of ransomware, malicious software used by cybercriminals to encrypt computer systems and data until a demand for ransom is paid. They explain the new advisories issued by the Financial Crimes Enforcement Network concerning the need for financial institutions to detect and report ransomware payments, and by the Office of Foreign Assets Control concerning the risks of transacting with sanctioned parties in connection with ransomware attacks.  Nicky and Eric explore why both agencies have released these advisories, what banks should do if they know a requested payment will be made in connection with a ransomware attack, and potential future enforcement in this area.

Part Two - CMMC and the DFARS Clause Join Cherry Bekaert’s Government Contractor Services Group for part two of a new podcast series discussing the Department of Defense’s (“DoD”) new Cybersecurity Maturity Model Certification (“CMMC”). Neal Beggan, a Principal in Cherry Bekaert’s Information Assurance & Cybersecurity Practice, selected as one of the first Provisional Assessors nationwide by the CMMC Accreditation Body, leads the series along with Eric Poppe from the Firm’s Government Contractor Services Group, to provide contractors with the latest information on CMMC and navigating its impact on the government contracting community. In part two of the series, Neal and Eric continue their discussion on the recent Defense Federal Acquisition Regulation Supplement (“DFARS”) interim rule, Assessing Contractor Implementation of Cybersecurity Requirements, breaking down the components of the rule and the level of assessments, as well as providing some insight into assessors and a discussion of potential next steps. If you haven’t already, catch up on part one of the series:Part 1: Current State of CMMC

In this episode, CSS’s Director of Cyber IT Services E.J Yerzak speaks with Chair of the Privacy & Cybersecurity Practice at Mintz, Cynthia Larose to continue Cybersecurity Awareness Month. The California Consumer Privacy Act, or CCPA, is the first law in the US to set up a comprehensive set of rules around consumer data, akin to the European Union’s General Data Protection Regulation, or GDPR. Since going into effect, industry and privacy advocates have been battling over the fine print. Is it just another compliance requirement or is it going to drive real change towards greater protection of consumer’s privacy and data?

Part One - Current State of CMMCJoin Cherry Bekaert’s Government Contractor Services Group for part one of a new podcast series discussing the Department of Defense’s (“DoD”) new Cybersecurity Maturity Model Certification (“CMMC”). The CMMC landscape has been taking shape and changing over the past few years and is approaching the finish line.Neal Beggan, a Principal in Cherry Bekaert’s Information Assurance & Cybersecurity Practice, selected as one of 72 Provisional Assessors in the country by the CMMC Accreditation Body, will lead this series along with Eric Poppe from the Firm’s Government Contractor Services Group, to provide contractors with the latest information on CMMC and navigating its impact on the government contracting community.In part one of the series, Neal and Eric will discuss: Current state of CMMCInterim Rule ChangeCurrent state of CMMC assessmentsTips and advice to government contractors hoping to become certified

In this episode we invite special guests Drew Spaniel, Lead Researcher, Institute for Critical Infrastructure Technology (https://icitech.org), James Russell, Worldwide Group Leader, Wireless Connectivity Specialists and IoT Security Team, Microchip Technology (https://www.microchip.com) and Paul Phillips, Principal Embedded Solution Engineer, Microchip Technology. We also hear from privacy expert Kirk Nahra, Partner and Co-Chair of Privacy and Cybersecurity Practice at WilmerHale. This second episode in a multi-part series is packed full of information and trends related to IoT cybersecurity regulation and emerging practices. We hear from experts on the Europe and UK regulations as well as garner perspective from Kirk Nahra who lends insight from a legal and privacy standpoint on consumer best practices for IoT cybersecurity regulation. Topics covered include:Emerging regulatory requirements for IoT cybersecurity in United KingdomRelevant guidance from NIST in the U.S.Impact of IoT cybersecurity regulatory requirements for both manufacturers and retailersHow companies can integrate IoT cybersecurity in the real worldFuture looking trends and considerationsGuests:Drew Spaniel, Lead Researcher, Institute for Critical Infrastructure TechnologyJames Russell, Worldwide Group Leader, Wireless Connectivity Specialists and IoT Security Team, Microchip TechnologyPaul Phillips, Principal Embedded Solution Engineer, Microchip TechnologySpecial Commentary by:Kirk Nahra, Partner and Co-Chair of Privacy and Cybersecurity Practice at WilmerHale. Hosts:Malcolm Harkins, Chief Security and Trust Officer, Cymatic(https://www.linkedin.com/in/malcolmharkins/)Chad Boeckmann, Founder/CEO, TrustMAPP(https://www.linkedin.com/in/chadboeckmann/)Sponsor: TrustMAPP (https://trustmapp.com)

Christine Czuprynski and MH Business Exchange host Michael Witzke examine the new year’s key cybersecurity trends on the 36th episode of the podcast series of McDonald Hopkins LLC. The episode’s release coincides with International Data Privacy Day on Tuesday, Jan. 28, 2020. Czuprynski is a member of McDonald Hopkins’ national Data Privacy and Cybersecurity Practice and focuses her practice specifically in the area of data privacy and cybersecurity. Topics she focuses on during the podcast include the unique challenges posed by the November election, how employers providing remote access for employees can also create opportunities for cyber criminals, new demands in recent ransomware attacks, the ongoing worry over attempts to compromise business email, and potential impacts of new cybersecurity legislation.

Privacy varies widely across borders and within nations. The norms and expectations of privacy even vary across demographics and generations. So how can multinationals keep up with changes in privacy law and compliance requirements? Joining me to share her insight on privacy and cybersecurity issues is Liisa Thomas. Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Practice Group Leader of the Privacy and Cybersecurity Practice. Liisa is the author of a definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, and she is a contributor to the Sheppard Mullin Eye on Privacy blog. What We Discuss in This Episode: When does the CCPA go into effect and when will it be enforced? What types of disclosure does the new privacy law in California require of organizations? The two approaches that privacy legislation entail Is there a difference between information ownership and information use? In a simplified way, what are the basics of U.S. privacy law requirements? What is the European Union’s GDPR law? Why should tech companies (or companies that use a lot of technology) and companies that suffered data breaches be the most concerned with GDPR compliance? What tools exist to help companies identify consumers (and why is that necessary)? Why it’s important for companies to discuss information protection How are privacy laws being enforced on the State and Federal levels? What affect do politics have on the enforcement of privacy laws? Where should you focus your attention, a business leader, at this very moment? Contact Information: Liisa’s Sheppard Mullin attorney profile lmthomas@sheppardmullin.com Blog – www.eyeonprivacy.com Thank you for listening! Don’t forget to SUBSCRIBE to the show to receive every new episode delivered straight to your podcast player every Wednesday. If you enjoyed this episode, please help us get the word out about this podcast. Rate and Review this show in Apple Podcasts, Stitcher Radio, or Google Play. It helps other listeners find this show. Be sure to connect with us and reach out with any questions/concerns: LinkedIn Facebook Twitter Sheppard Mullin website This podcast is for informational and educational purposes only. It is not to be construed as legal advice specific to your circumstances. If you need help with any legal matter, be sure to consult with an attorney regarding your specific needs.

This week we bring you our second installment of the 26th Annual IPLJ Symposium, “Data Governance Regimes Panel.” Moderated by Olivier Sylvain, Professor of Law at Fordham University of Law, The Data Governance Regimes panel will discuss the challenges in maintaining the privacy and confidentiality of data as it continues to accumulate. Panelists will evaluate current compliance obligations and the effectiveness of the FTC in providing standardized frameworks for effective governance, depending on the type of data that companies collect. Panelists will review recommendations for and against more expansive federal and state privacy legislation, looking at whether current regulations support modern business models and innovation in the digital sphere. Panelists include: Lisa J. Sotto, Partner and Chair, Privacy and Cybersecurity Practice at Hunton Andrews Kurth LLP; Boris Segalis, Partner and Global Vice Chair, Cyber/Data/Privacy at Cooley LLP; Andrew Kopelman, Vice President, Assistant General Counsel, and Chief Privacy Counsel at Medidata Solutions; Anthony Ford, Senior Data Privacy Counsel at Medidata Solutions. Our theme song is Roller Blades by Otis McDonald. Subscribe to us on Apple Podcasts and leave us a review! Website: www.fordhamiplj.org Twitter: @FordhamIPLJ Instagram: @Fordhamiplj Facebook: www.facebook.com/FordhamIPLJ Patreon: www.patreon.com/fordhamiplj

** Our 200th numbered episode! **   A note from Raf:  Thanks to everyone who has been listening to us, tweeting us, and sharing the links to our podcast. We are absolutely floored with the support and listenership we've received. The average show now gets just under 2,500 downloads when released in the first week, and that number goes up every week. So from the bottom of my heart, I humbly thank you and hope you'll continue to listen, share, and comment. This week's episode is titled "Privacy, Security, Risk and Law Collide" as we host Dr. Chris Pierson and our recurring legal eagle from the great state of Texas, Shawn Tuma. If you don't have Shawn added on Twitter, you should go follow him right now. In this week's episode we discuss the increasingly overlapping world of what was once "IT security" which has now started coming together with privacy, risk and law. Chris is uniquely poised to talk on the subject, as you will hear his credentials speak for themselves. You'll want to get comfortable, pay attention, and give this episode a careful listen as we take you down the security rabbithole for the 200th time.   Guest: Dr. Chris Pierson, CSO and General Counsel, Viewpost Dr. Chris Pierson is the EVP, Chief Security Officer & General Counsel for Viewpost. Dr. Pierson serves on the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee and is a Distinguished Fellow of the Ponemon Institute.  Previously, Chris was the first Chief Privacy Officer, SVP for the Royal Bank of Scotland’s U.S. banking operations leading its privacy and data protection program.  Chris was also a corporate attorney for Lewis and Roca where he established it’s Cybersecurity Practice representing companies on security and data breach matters. Chris is a graduate of Boston College (B.A., M.A.) and The University of Iowa (Ph.D., J.D.) and gives keynotes/speaks at national events and is frequently quoted on cybersecurity.