Podcasts about Trava

Some companies boast about earning their SOC 2 certification in just two months. While technically possible, that speed usually comes with stress, shortcuts, and costly tradeoffs.In this episode, Marie Joseph, Manager of Compliance Advisory at Trava, explains why true SOC 2 compliance takes more than 60 days. She breaks down the difference between Type 1 and Type 2 reports, outlines what a realistic timeline looks like, and highlights the team effort required to build a sustainable program.Whether you're starting from zero or in the process of certification, this is your SOC 2 reality check.Want to know what it really takes to get SOC 2 certified? Check out our blog, How To Prove SOC 2 Compliance, to see what goes into building a strong program and preparing for a successful audit. Read: https://travasecurity.com/proving-SOC2Key takeaways:The difference between SOC 2 Type 1 and Type 2 What a realistic SOC 2 timeline looks likeHow team bandwidth, funding, and tools affect SOC 2 certificationEpisode highlights:(00:00) SOC 2 in two months: Myth or reality?(03:26) The SOC 2 certification process(06:29) Understanding SOC 2 Type 1 vs. Type 2(10:37) Factors affecting SOC 2 certification speed(11:58) Do you need SOC 2 for VC funding?Connect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Marie Joseph's LinkedIn - https://www.linkedin.com/in/marie-joseph-a81394143/ Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Episódio perfeito para quem quer inovar nos ambientes pessoais e profissionais.

Oiça aqui a análise de Bernardo Ferrão, depois saber que o PSD vence Lisboa e Porto, mas que o PS consegue ganhar um bom número de câmaras municipais e recuperar algumas muito importantes. "O PSD tem duas vitórias esta noite, consegue mais câmaras do que o PS e consegue travar o Chega". See omnystudio.com/listener for privacy information.

Este boletim traz um resumo das principais notícias do dia na análise de Samuel Possebon, editor chefe da TELETIME.TELETIME é a publicação de referência para quem acompanha o mercado de telecomunicações, tecnologia e Internet no Brasil. Uma publicação independente dedicada ao debate aprofundado e criterioso das questões econômicas, regulatórias, tecnológicas, operacionais e estratégicas das empresas do setor. Se você ainda não acompanha a newsletter TELETIME, inscreva-se aqui (shorturl.at/juzF1) e fique ligado no dia a dia do mercado de telecom. É simples e é gratuito.Você ainda pode acompanhar TELETIME nas redes sociais:Linkedin: shorturl.at/jGKRVFacebook: https://www.facebook.com/Teletime/ Google News: shorturl.at/kJU35Ou entre em nosso canal no Telegram: https://t.me/teletimenews Hosted on Acast. See acast.com/privacy for more information.

A Microsoft confirmou falhas sérias no Windows 11 que afetam a reprodução de vídeos e isso impacta streamings, gamers e empresas no dia a dia digital. Donald Trump surpreendeu o mundo ao anunciar que o visto de trabalho H-1B vai custar até 100 mil dólares. Chegaram ao Brasil os óculos inteligentes Ray-Ban Meta de segunda geração. Com bateria de 7.000 mAh, Realme 15 é confirmado no Brasil. Para fechar, a Motorola lançou no Brasil o Moto G06, celular acessível com tela grande a partir de mil reais. Uma opção que chama atenção pelo custo-benefício.

O valor dos novos créditos ao consumo totalizou 726 milhões de euros, um aumento de 13% em relação ao mesmo mês do ano passadoSee omnystudio.com/listener for privacy information.

Você já sentiu que estava prestes a dar um grande salto… mas algo em você travou?O “quase líder” é aquele que sempre está perto de assumir mais, mas na hora H… recua.Não é preguiça. Não é falta de talento.É medo de se expor, de errar sob o olhar dos outros, de quebrar a imagem que construiu.E aí vem a desculpa perfeita: “não era o momento certo”.Mas lá no fundo, você sabe que era.O mais cruel é que, enquanto você espera se sentir pronto, alguém menos preparado, mas mais disposto, ocupa o espaço que poderia ser seu.E, quando percebe, já perdeu mais uma chance de crescer.Hoje eu quero te mostrar que confiança não é pré-requisito para o salto.É consequência dele.E que coragem não é ausência de medo, é decisão apesar do medo.Gostou dessa visão? Concorda ou discorda?

Com Renan Santos

Na véspera do tarifaço, o presidente Lula descartou negociar pessoalmente. Os setores mais afetados aguardam as medidas de proteção prometidas pelo governo. No Rio Grande do Norte, a sobretaxa inviabiliza a exportação de pescado e de sal marinho. Parlamentares da oposição travaram votações no Congresso em protesto contra a prisão domiciliar do ex-presidente Jair Bolsonaro. Eles exigem anistia geral e impeachment do ministro do STF Alexandre de Moraes.

Com Renan Santos

Bom dia! ☕Pra manter seu hálito refrescante com freshficácia clique aqui.Faça sua simulação com a Ademicon aqui.No episódio de hoje:

Lua Cristal + Lua Nova

Most companies continually push code, launch new features, and update their infrastructure. However, for many businesses, security testing occurs only once a year. That gap leaves systems exposed to risks that go unnoticed.In this episode, Anh Pham, Director of Penetration Testing at Trava, explains the concept of Penetration Testing as a Service (PTaaS). He shares how it works and why it's more beneficial than one-time pentests. You'll also learn how AI fits into the picture and what to consider when choosing a provider.Key takeaways:The difference between PTaaS and traditional pentestingHow PTaaS supports fast-changing environmentsThe qualities of a trustworthy PTaaS provider Episode highlights:(00:00) Today's topic: Penetration Testing as a Service(03:16) PTaaS vs one-time pentests(08:36) How PTaaS works(11:59) Choosing a secure PTaaS provider(13:17) Can AI help in PTaaS?(15:22) A key reminder for businesses getting startedConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Anh Pham's LinkedIn - @anhpham11Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurityListen to past episodes:Unveiling Vulnerabilities: The Power of Pen Testing - https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/Proving Compliance and Security Effectiveness Through Pen Testing - https://travasecurity.com/learn-with-trava/podcasts/proving-compliance-and-security-effectiveness-through-pen-testing/

Governos do Brasil e Angola, países com grande número de imigrantes em Portugal, expressam preocupação com a proposta da direita ultra aprovada pelo governo Luís Montenegro. Presidente Marcelo Rebelo de Souza vê na nova lei problemas nos critérios de reagrupamento familiar de estrangeiros.

Confira o Fechamento de Mercado desta quinta-feira (10)

Bom dia! ☕️Quiz do Pod by Remessa Online. Aqui você envia dinheiro para fora.No episódio de hoje:

Many companies start penetration testing to address compliance requirements. However, it can also provide valuable insights beyond just meeting standards.In this episode, host Jara Rowe sits down with Anh Pham and Christina Annechino from Trava to talk about how pen tests uncover hidden risks and strengthen your cybersecurity. They explain compliance frameworks, typical pen test schedules, and common mistakes to avoid.Key takeaways:Compliance frameworks and their pen test requirementsThe different types of penetration testingHow to prepare your environment for a successful pen testEpisode highlights:(00:00) Today's topic: Penetration Testing and Compliance(03:42) Pen testing compliance frameworks(05:46) The difference between vulnerability scans and pen tests(09:11) How often to conduct pen tests(11:04) Qualities of a good penetration testing vendor (14:34) Making pen testing work on a budget(16:49) Scoping mistakes that limit test outcomes(18:53) Using pen tests to improve overall cybersecurityConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Anh Pham's LinkedIn - @anhpham11Christina Annechino's LinkedIn - @christinaannechinoConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurityListen to a related episode:Unveiling Vulnerabilities: The Power of Pen Testing - https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/

Continente abriga 60% dos melhores recursos solares do mundo e cerca de um terço dos minerais essenciais na transição para energia limpa; secretário-geral da ONU pede fim de esquemas de exploração que alimentam conflitos e colocam países africanos no final das cadeias de valor.

O Ricardo partilha uma reflexão poderosa inspirada por uma consultoria a um líder de mercado. Tudo parecia estar no sítio certo. Energia, Ação, Conexão. Mas algo crucial estava a faltar. E é precisamente isso que pode estar a faltar também nos teus lançamentos.  Ao longo da conversa, vais perceber por que razão lançar um produto sem visão estratégica pode ser o erro que compromete toda a tua escalada. O Ricardo mostra-te como pensar além do “lançamento imediato” e estruturar o teu plano com dois ou três passos à frente. Vais descobrir como transformar cada esforço em alavanca para os próximos, aproveitando provas sociais, feedbacks e iterações contínuas.  Este episódio não é sobre fazer mais. É sobre fazer com intenção. Planeamento sem estratégia é só esforço desperdiçado. Aqui vais encontrar o mapa para criares uma base sólida e replicável, pronta para escalar.  Pensar. Construir. Escalar.  Ouve já!  KIAI 

A justiça norte-americana suspendeu as tarifas aduaneiras impostas por Donald Trump, alegando que o presidente excedeu os seus poderes ao usar uma lei de 1977 para justificar medidas comerciais contra países com défice com os EUASee omnystudio.com/listener for privacy information.

O Aos Fatos desta quarta-feira (28) destaca o impasse envolvendo a CCR, concessionária do metrô de Salvador, que exige reequilíbrio financeiro no contrato para operar o sistema. A reivindicação pode atrasar a licitação da obra de extensão da Linha 1 do Metrô para o Campo Grande, projeto que conta com cerca de R$ 1,5 bilhão do PAC 3.

O tema do Desenrola de hoje: O que te trava na comunicação? Quando a gente pensa em alta performance profissional, logovem produtividade, organização, foco...Mas tem uma habilidade que anda lado a lado com tudo isso e que muitas mulheresevitam: falar em público.Lembre-se de avaliar o podcast com 5 estrelas.Assine a trilha do Domine a suasemana por apenas R$14,99 por mês: https://pay.hotmart.com/O95776915B?bid=1733867770803 Compartilhe o Desenrola com suas amigas!Me siga no Instagram! www.instagram.com/natgaia/Meu canal do Youtube: https://www.youtube.com/nathaliagaiaAcesse todos os **Desenrolas** no Spotify! http://bit.ly/DesenrolaNoSpotify Cheery MondayMusic from https://filmmusic.io:"Cheery Monday" by Kevin MacLeod (https://incompetech.com)Licence: CC BY (http://creativecommons.org/licenses/by/4.0/)

Cybersecurity lingo can be overwhelming, but once you get the hang of the essentials, staying secure becomes much easier.In this episode, host Jara Rowe sits down with Marie Joseph, Senior Security Advisor at Trava, to break down key terms like vCISO, PII, and cybersecurity maturity models. They also differentiate between terms like hacker vs. threat actor and firewall vs. antivirus by highlighting the nuances that matter most. Plus, Marie reveals why continuous compliance is crucial, and how concepts like attack surface and risk tolerance fit into the bigger picture of your security strategy.Key takeaways:Essential cybersecurity terms and definitions: vCISO, PII, and more The importance of understanding and managing your attack surfaceWhy cybersecurity compliance can't be a one-time effortEpisode highlights:(00:00) Today's topic: Understanding cybersecurity terms(01:47) What is a vCISO, and why it benefits small businesses(02:54) Definition of PII, BCP, SIEM, DevSecOps, and BCRA (08:40) Hackers vs. threat actors Explained(10:28) Why businesses need an antivirus and a firewall(13:37) Patch management and cybersecurity attack surfaces(16:04) Continuous cybersecurity compliance(21:27) Recapping cybersecurity essentialsConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Marie Joseph's LinkedIn - @marie-joseph-a81394143Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Aplicativo de comunicação instantânea mais popular do mundo, o WhatsApp também é alvo de golpistas e pessoas más intencionadas. Um dos golpes que é comum de ser aplicado é o Trava-Zap, um ataque cibernético que trava completamente o dispositivo apenas com o envio de uma mensagem. Nesta edição de CBN e a Tecnologia, o comentarista Gilberto Sudré fala do assunto. 

Bom dia! Esse episódio é um oferecimento de ADEMICON e TOTALPASSMUNDO: Justiça francesa tira Marine Le Pen da corrida presidencialBRASIL: Governo trava fiscalização da Usina de Itaipu TENDÊNCIA: Boysober: A tendência que faz as mulheres fugirem dos homensNEGÓCIOS: A estratégia por trás do banco que vende mais Iphones que a AppleECONOMIA: Tour pelas principais manchetes

A Primeira Turma do Supremo Tribunal Federal rejeitou todos os recursos da defesa do ex-presidente Jair Bolsonaro (PL) durante o julgamento da denúncia da Procuradoria-Geral da República. A analista de Economia da CNN Thais Herédia, o diretor da CNN em Brasília, Daniel Rittner, e Oscar Vilhena Vieira, professor de Direito da FGV-SP, comentam o assunto.

Edição de 20 Março 2025

No podcast ‘Notícia No Seu Tempo’, confira em áudio as principais notícias da edição impressa do jornal ‘O Estado de S.Paulo’ desta sexta-feira (20/12/2024): A Proposta de Emenda à Constituição que inclui o pacote de contenção de gastos proposto pelo governo foi aprovada pela Câmara com mudanças no abono salarial e no Fundo de Manutenção e Desenvolvimento da Educação Básica (Fundeb). Também foi aberto caminho para votação de projeto que limita os supersalários no funcionalismo público. As propostas para barrar os supersalários, porém, foram esvaziadas em relação ao que propunha a equipe econômica. O governo estima que os três projetos incluídos no pacote (além da PEC, existem mais dois projetos de lei) vão gerar economia de R$ 71,9 bilhões em dois anos, mas especialistas preveem um ganho menor, da ordem de R$ 40 bilhões a R$ 50 bilhões. O valor só será conhecido após a tramitação. O texto seguiu para o Senado. E mais: Economia: Dólar cai 2,27% e fecha a R$ 6,12 após intervenção recorde do BC Política: Lula aborta saída de Múcio da Defesa, mas Alckmin já é cotado para a pasta Metrópole: Prefeitura libera festival no Allianz Park; Câmara de SP pode mudar Psiu Internacional: Decisão histórica condena marido que tramou estupros da mulher na França Caderno 2: Vencedor do Oscar, Barry Jenkins dirige ‘Mufasa: O Rei Leão’, usando técnica que torna mais real a aparência dos animaisSee omnystudio.com/listener for privacy information.

Na tokratnem zasedanju Tajnega društva OFC je bilo govora o rutinski zmagi proti Radomljam, kruti usodi stoženske travnate površine, naših reprezentantih, kazni s strani Uefe in njeni nenavadni interpretaciji rasizma. Na koncu pa še o zapletenem primeru, ki ga bo moral raziskati inšpektor Steve Bruce.

A fresh episode of The Sprina Sessions is live for your listening pleasure! Join Keila, Jasmine, and extra special guest co-host Tiffany as they recap the week for Spencer and Trina on General Hospital. The Rundown Includes: The power of campaigning, Trina checks Joss, Ava keeps it 100 with Trina, Jason drags Anna, and Molly ethers Kristina at Baby Irene's Memorial Service. The show wraps with Sprina Speculations for the week ahead and the Song Picks of the Week. Enjoy!Sprina Sessions Playlist Song SelectionsEverybody Breaks A Glass - LightsWhat About Your Friends - TLCFollow Keila on X: https://x.com/LadyWrestlingXFollow Jasmine on X: https://x.com/twin_fangirlFollow Tiffany on X: https://x.com/ReadingRN1

A fresh episode of The Sprina Sessions is live for your listening pleasure! Join Keila and Jasmine as they recap the week for Spencer and Trina on General Hospital. The Rundown Includes: The Pikeman Storyline ends on a sour note, Trina gets an eyeful of Jagger in his towel, Kristina yeets herself out of Ava's hotel window, and Trina's faith in Ava is shaken. The show wraps with Sprina Speculations for the week ahead and the Song Picks of the Week. Enjoy! Sprina Sessions Playlist Song SelectionsI'm Always Here - Jimi JamisonTrust In Me - Joe Cocker f/ Sass JordanFollow Keila on X: https://x.com/ladywrestlingxFollow Jasmine on X: https://x.com/twin_fangirl

We apologize for the lack of info, but Soundcloud's description limitations have our hands tied. Also, better late than never on this Podcast Episode

00:00 Reforma Tributária: Brasil deve ter maior IVA do mundo 00:31 Lista dos países com maior imposto sobre consumo do mundo 00:50 Quanto será a alíquota do IVA no Brasil 01:28 Trava da Reforma Tributária 03:08 Problema empurrado com a barriga até 2033 04:27 Estamos indo sem atalhos para o abismo 04:53 A dura realidade sobre a Reforma Tributária 06:07 Conclusão sobre a Reforma Tributária

No podcast ‘Notícia No Seu Tempo', confira em áudio as principais notícias da edição impressa do jornal ‘O Estado de S.Paulo' desta quinta-feira, (11/07/2024): O texto-base da regulamentação da reforma tributária foi aprovado ontem pela Câmara. A proposta estabelece uma trava para a alíquota do novo Imposto sobre Valor Agregado (IVA), que não deverá ultrapassar 26,5%, e amplia a cesta básica com imposto zero – deixando, porém, as carnes fora da lista de produtos isentos. Pivô dos principais embates no Congresso nos últimos dias, a demanda pela isenção das proteínas animais, defendida pelo setor de alimentos, pela bancada do agronegócio e pelo próprio presidente Luiz Inácio Lula da Silva, será analisada por meio de um destaque (sugestão de mudança ao texto principal) do PL, que lidera a oposição. Os deputados continuavam reunidos ontem à noite para concluir a votação. Encerrada a votação dos destaques, o texto segue para análise do Senado. E mais: Política: Ofícios mostram ‘rateio' irregular de emendas de bancada no Congresso Economia: Anotações mostram que ex-CEO ‘acompanhava' fraudes ‘de perto', diz PF Metrópole: Prédio da Boate Kiss começa a ser demolido Internacional: Aliados da Otan enviam primeiros caças F-16 para guerra na Ucrânia  Esportes: Argentino Ramón Díaz é confirmado como técnicoSee omnystudio.com/listener for privacy information.

"Multi-factor authentication? You better get it today. Don't wait till tomorrow." – Jim GoldmanWe talk a lot about SaaS companies in this show, but today, we're bringing you something a little different. Jim Goldman, CEO of Trava and one of our favorite cybersecurity experts, joins host Jara Rowe to discuss the complexities of cybersecurity across healthcare and banking, including their unique challenges and regulatory requirements.Jim discussed how healthcare organizations navigate a web of medical providers, claims processors, and pharmacies while adhering to the stringent HIPAA regulations. He also discusses how banking and finance sectors have long led the way in cybersecurity, thanks to rigorous compliance standards meant to protect both consumer data and financial integrity. He offers compelling analyses and real-world examples, like how a simple multi-factor authentication (MFA) oversight can lead to billion-dollar repercussions.In this episode, you'll learn:How the banking and healthcare industries keep our sensitive information safe and how it all comes back to those pesky (yet essential!) regulationsThe importance of regulations like HIPAA and how they help guard this vast data network and ensure your health information stays secureYet another reason why Multi-Factor Authentication (MFA) is a cybersecurity must-haveJump into the conversation: [00:00 - 00:46] Introduction to cybersecurity beyond SaaS and Jim Goldman[00:47 - 02:58] How cybersecurity differs in Healthcare and Banking vs. SaaS[02:58 - 05:41] The most pressing cybersecurity threats facing healthcare organizations today[05:41 - 08:25] How healthcare institutions are adapting their cybersecurity to ensure data integrity[09:17 - 13:00] ​​Key cybersecurity risks in banking and finance and how they are mitigating these risks[13:01 - 14:33] What is GDPR? [14:34 - 15:11] What is PCI DDS?[15:11 - 16:11] How financial institutions prioritize cybersecurity initiatives to maintain compliance[16:45 - 19:48] Jara's receiptsConnect with the Guest:Jim Golman's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.comBlog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

"Every business today runs on technology. Every business is a technology business. Right? Even a taco cart uses a little payment thing that you swipe your card in to do that." - Michael MagyarMichael Magyar, a seasoned cybersecurity expert with a decade of experience, joins host Jara Rowe on this episode of The Tea on Cybersecurity to give us the tea on third-party risks. As a penetration tester and a virtual Chief Information Security Officer (vCISO) with Trava, Michael brings unparalleled insight into the challenges and solutions surrounding vendor security. Michael and Jara discuss the complex subject of third-party risks and why every business, big or small, needs to be cautious about their vendors' security practices. From identifying potential risks to evaluating security measures, Michael offers essential steps businesses should take if a vendor experiences a security incident, stressing the importance of containment, breach notification, and calling in the right experts for help.Key Takeaways:Third-Party risks are everywhere and to understand where these gaps could be, think about a vendor or third-party as “outsourced staff”What to look out for when working with any vendor or third - party, namely Public Statements of SecurityHow to handle a situation if a vendor or third-party of yours is breachedTimestamps:[00:00 - 01:24] Introducing Identifying Third-Party Vendor Risks with Michael Magyar, Trava[01:25 - 02:36] Expanding understanding of vendors and third parties[03:59 - 05:25] Real-world examples of third-party risks - SolarWinds in 2020 and XZ Utils in 2024[02:36 - 03:59] How to identify risks associated with vendors and third parties[05:25 - 07:53] Red flags to look out for, plus Microsoft breach [07:54 - 09:16] Penetration testing and third-party security[09:16 - 11:19] Other ways that businesses can help evaluate the security practices of a third-party[11:19 - 12:54] Key cybersecurity measures to look for when working with a vendor[12:54 - 13:40] Why it's essential for businesses to regularly check in on their external partners' cybersecurity efforts[13:41 - 15:42] Cybersecurity steps my company needs to take when signing on with a new vendor[16:41 - 20:02] Jara's ReceiptsConnect with the Guest:Michael Magyar's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.comBlog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“Especially if this is the first time an organization is creating a plan like this, the focus should really be working on it piece by piece to not be overwhelmed. So, start outsmall. What are the designated roles and responsibilities that you have? Then, determine how the plan can best fit your needs. This can be done by assessing what types of incidents are most detrimental to your organization.” - Christina AnnechinoHost Jara Rowe and guest Christina Annechino delve into incident response plans and tabletop exercises in this week's episode. We'll identify common challenges with developing incident response plans and the ins and outs of tabletop exercises. Gain tips on forming an incident response plan and insight into the documentation and testing requirements and compliance standards such as NIST, SOC 2, PCI DSS, and ISO 27001. We provide a comprehensive understanding of the critical elements and processes involved in incident response planning, compliance, and tabletop exercises.In this episode, you'll learn: What defines an incident, and what to include in an incident response plan to be prepared and compliant. Why tabletop exercises are essential for identifying any gaps in the documented processes and procedures and preparing teams for emergencies.How incident response plans and tabletop exercises are crucial in compliance readiness and maintaining security certifications. Things to listen for:[01:58 - 02:40] Definition of an incident and incident response plan[03:55 - 04:34] Tips for creating an incident response plan[04:51 - 05:25] The role of incident response plans in overall risk management[05:33 - 06:00] How incident response plan maintain security and annual certifications[06:21 - 07:05] Definition of a tabletop exercise and its role in incident response plans[07:10 - 08:18] How often to conduct tabletop exercises and their challenges and benefits[08:34 - 09:19] Addressing compliance-related aspects through tabletop exercises[09:30 - 09:59] Compliance standards and the importance of testing incident response capabilities[10:06 - 10:36] Demonstrating a functional incident response plan during compliance audits[10:47 - 10:56] Structure of documentation for incident response plans and tabletop exercises[11:07 - 11:43] Tips on creating an incident response plan and the purpose of tabletop exercises[12:1 - 15:15] Jara's receiptsResources:Data Security 101: Decoding Incidents and BreachesData Breach Preparedness: Developing an Incident Response Plan7 Tips for Talking to Your Customers After Getting HackedConnect with the Guest:Christina Annechino's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“Keeping the inventory up to date, make sure that you have all possible points of entry covered and accounted for, similar to a building. When people try to put safeguards for a building, you're doing it, but just like on a network that you can't really physically see if you're missing an asset, that is a hole for an attacker to get into, and we do not want to give them easy access to things for sure.” - Marie JosephThis episode's conversation covers the basics of asset inventories and asset management with host Jara Rowe and guest Marie Joseph, Senior Security Solutions Engineer at Trava. We discuss the categories of assets and the challenges of establishing a comprehensive asset inventory.Hear how tracking and managing hardware and software within an organization is necessary for cybersecurity compliance. We dissect the impact of Bring Your Own Device (BYOD) policies on asset management, the concept of shadow IT, and the role of automated tools and technologies in asset management tasks.In this episode, you'll learn: Why asset inventories are a crucial part of cybersecurity and compliance and the challenges of continuous upkeep.How “Bring Your Own Device” (BYOD) policies help and hinder operations, including cybersecurity risk levels.Why most compliance frameworks require companies to maintain different types of inventories to ensure that security and privacy measures are in place and monitored to meet regulatory requirements. Things to listen for:[00:00 - 00:18] Intro to The Tea on Cybersecurity[00:48 - 02:44] The definition of asset inventory and asset management[04:06 - 04:34] Maintaining an accurate software inventory for compliance with licensing agreements[04:34 - 05:51] Common challenges with establishing a complete asset inventory[07:42 - 09:27] Explanation of shadow IT, traditional asset management, and cybersecurity efforts[09:34 - 10:29] How asset management contributes to maintaining compliance.[12:04 - 13:30] Using automated tools in asset management tasks for continuous compliance[13:48 - 14:55] The importance of tracking all devices connected to a network[15:23 - 17:48] Jara's receiptsResources:From Bonnie and Clyde to Hackers: Taking the First Step to Protecting Your Digital AssetsRegular Software Updates and Patching: The Importance of Staying on Top of ThisConnect with the Guest:Marie Joseph's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“Not only do we need to understand what risks might exist, but we need to understand what impact that might have. That goes into both the chance that they're going to happen and the chance that they're going to be successful in creating damage, and then also the likely damage that's going to happen from them.” - Michael MagyarOn this week's episode, host Jara Rowe gets the tea on risk management with Trava's vCISO consultant, Michael Magyar. Hear what risk management is, how it differs from crisis management, and what considerations fall under each to maintain compliance. This episode serves as a comprehensive guide for listeners looking to gain a better understanding of risk management, compliance, and general cybersecurity practices. Michael encourages a proactive approach to risk assessment and management to enhance organizational cybersecurity with actionable advice. What you're learn:Why risk management is proactive and crisis management is reactive, and how to approach both from a preparation standpoint.What components of risk management realistically fall under compliance, and why understanding this helps you mitigate potential risk.How to start small with risk assessment to identify possible risks and how they might impact your business to build a foundation for effective risk management and cybersecurity practices. Things to listen for:[02:57 - 03:28] Explanation of risk as exposure to danger, harm, or loss[05:45 - 06:53] The importance of risk management for businesses[06:59 - 07:54] Comparison of risk management and crisis management[08:14 - 10:00] Key components of being proactive in cybersecurity[10:07 - 12:27] The role of risk management in compliance efforts[12:37 - 14:38] Challenges and tips in aligning risk management with compliance standards[15:17 - 17:47] Michael's advice for organizations and general cybersecurity[17:55 - 20:32] Jara's receiptsResources:How to Choose the Right Cyber Risk Management Solution ProviderWhat is Risk Management?Connect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

Hablamos con la creadora del Librero de Valentina Trava, para conocer la historia detrás de una de las figuras más influyentes en Youtube como « Booktuber », uno de los fenómenos literarios que tanto atrae a los lectores. Hablamos sobre su oficio, sobre cómo se contagia este amor a los libros, sobre la experiencia de los clubes de lectura, su relación con tantos lectores, y claro, sobre sus libros recomendados

“Find a compliance platform, it'll make life a lot easier. Then I would develop the policies and procedures, if you don't already have those, and then collect evidence to justify, to prove everything you're doing that's in the framework. It's going to be important for audits and just internal or external audits.” - Scott SchlimmerIn this episode, host Jara Rowe is once again joined by cyber risk specialist Scott Schlimmer with a deep dive into the world of compliance frameworks and certifications. Listen as we explain the challenges of compliance and non-compliance with certification programs in cybersecurity. Learn which regulated industries must follow specific frameworks and how noncompliance can affect business opportunities and your bottom line. We also unravel Fedramp, CMMC, CCPA, and CPRA, offering a clearer understanding of their cybersecurity roles. In this episode, you'll learn:How to follow a compliance framework without having the certification, though having the certification can demonstrate to partners and customers that your organization has strong cybersecurity measures.The significance of certifications and the value of the NIST framework as a reliable source for general cybersecurity best practices.What the legal and financial consequences of noncompliance for different industries may be, such as failing to follow frameworks like Fedramp or CMMC when working with the government. Things to listen for:[00:47 - 01:27] The relationship between compliance frameworks and certification programs[01:27 - 02:54] The difference between regulated and non-regulated industries[02:54 - 04:40] Explanation of the NIST framework and insights into other compliance acronyms[04:40 - 08:59] Multiple compliance frameworks, compliance audits, and non-compliance issues[08:59 - 10:54] Improving cybersecurity posture, security assessment, and maturity models[10:54 - 13:56] Preparation for compliance audits and the importance of a compliance platform[13:56 - 14:31] How to become compliant or get certified and reasons for external assistance[14:38 - 17:20] Jara's receiptsResources:Cracking the Code: Understanding Cybersecurity Compliance FrameworksWhat is the NIST Framework?Conquer Compliance Jargon: Download the Free Cybersecurity Compliance GlossaryConnect with the Guest:Scott Schlimmer's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

Tengo como invitado a Oso Trava, conductor de Cracks, uno de los podcasts de negocios más escuchados de Latinoamérica, con más de 25 millones de descargas.Pero Cracks ya no es solo un podcast, sino un ecosistema de negocios en torno a su audiencia, que incluye una empresa de educación, una comunidad de empresarios y el Cracks Fund, un fondo de inversión en startups.Antes de Cracks, Oso fue fundador de Instafit, una plataforma de fitness que levantó cerca de 1 millón de dólares, pero eventualmente se dio cuenta de que no era una negocio compatible con el modelo del venture capital.-Este episodio es presentado por Zendesk, la plataforma en la que confían miles de startups y empresas globales como Slack, Shopify y Airbnb para gestionar su atención al cliente. Prueba Zendesk completamente gratis por 6 meses registrándote en: https://bit.ly/3SqKvCV-Hoy Oso y yo conversamos:   •De su decisión de dejar el camino del venture capital como emprendedor   •Del riesgo de poner toda tu identidad en tu empresa cuando la probabilidad de fracasar es tan alta   •De cómo evaluar el potencial y carácter de un emprendedor, basado en sus más de 250 entrevistas   •Y de por qué decidió levantar un fondo de venture capital Por favor ayúdame dejando una reseña en Spotify o Apple Podcasts: https://ratethispodcast.com/startupeableNotas del episodio: https://startupeable.com/baubap/Para más contenido síguenos en:YouTube  | Sitio Web -Este episodio es presentado por Zendesk, la plataforma en la que confían miles de startups y empresas globales como Slack, Shopify y Airbnb para gestionar su atención al cliente.Gracias a la plataforma omnicanal de Zendesk que integra todos tus canales de comunicación en un solo lugar, puedes gestionar tickets, ofrecer un gran experiencia, aumentar tus ventas, pero sobre todo construir relaciones cercanas con tus clientes.Como beneficio exclusivo por escuchar Startupeable, prueba el CRM de Zendesk completamente gratis por 6 meses registrándote en: https://bit.ly/3SqKvCV

“It's hard to have privacy without security and to have effective security that requires strong protection of personal identifiable information, or PII. So security, privacy, and compliance really must go hand in hand. If one is prioritized over the other, it can have an adverse effect.” - Christina AnnechinoOn this episode, we welcome back both Christina Annechino and Marie Joseph to bring us back to a little more 101 on Cybersecurity. With host Jara Rowe, the team breaks down terms and buzzwords that you need to know to keep you and your company's data safe. Find out the difference between a breach and an incident, the nuances of security, privacy, and compliance, and gain insights into the crucial importance of cyber hygiene. We'll also explore the key differences between data security and data protection, understanding acronyms like GDPR, CCPA, HIPAA, and PIPEDA, and grasping the significance of maintaining asset inventories.In this episode, you'll learn: The difference between a breach, when a threat actor gains unauthorized access, and an incident, where data is compromised, is crucial for proactive security measures.Understand frameworks vs. standards: Frameworks provide an overview of requirements for compliance and certification, while standards outline specific criteria that must be met, forming the foundation of cybersecurity best practices.The importance of cyber hygiene or the tools, processes, and policies you need to maintain a strong security posture, enabling constant improvement in cybersecurity health within organizations.Things to listen for:[00:24 - 02:47] Introduction to episode and compliance series[02:57 - 04:25] The difference between security and privacy and compliance[04:28 - 06:08] The challenges in balancing security, privacy and compliance[06:26 - 07:24] The difference between risk and control[07:31 - 09:46] The difference between a breach and an incident[09:58 - 11:03] The difference between data security and protection[11:03 - 12:18] The most common data protection regulations[12:31 - 13:10] The difference between frameworks and standards[13:22 - 14:50] What is RBAC and how it relates to cybersecurity[14:50 - 16:45] The meaning of IoT and maintaining inventory assets[16:50 - 18:00] What does Cyber Hygiene mean[18:01 - 20:37] Jara's receiptsResources:Conquer Compliance Jargon: Download the Free Cybersecurity Compliance GlossaryData Security 101: Decoding Incidents and BreachesSafeguarding Your Connected Devices: A Practical Approach to IoT SecurityConnect with the Guest:Marie Joseph's LinkedInChristina Annechino's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“There's a converging of several forces or several trends going on right now that I think are going to potentially cause significant changes in 2024.”@Jim Goldman, CEO of Trava Security, knows a thing or two about cybersecurity. In this episode, Jim and host @Jara Rowe dive into the latest scoop on what's happening in the world of cybersecurity and compliance and what you need to know to keep your business safe and secure in 2024. They discuss how ransomware is alive and well, and federal governments worldwide are taking a stand, which is great news for us, bad news for the cyber terrorists. They also talk about the changes in the compliance landscape in 2024, with a big focus on changing breach disclosures and cybersecurity risk management. They also filled us in on a very helpful resource – CISA, Cybersecurity and Infrastructure Security Agency – available for all of us to stay up-to-date on compliance. In this episode, you'll learn: Ransomware is a real and growing threat. Learn how federal governments are joining forces to tackle this issue, and discover proactive measures like multifactor authentication to keep your business safe.Compliance equality through new regulations are ensuring that all companies, public and private alike, are held to the same standard for cybersecurity risk management and breach disclosures.How to secure company laptops and contractor access to ensure remote work resilienceThings to listen for:[01:51 -5:14] Overview of Cybersecurity and Compliance Landscape in 2024[5:14 - 6:38] Proactive Measures we can take to mitigate Ransomware attacks[8:34 - 9:58] Cyber Insurance [9:59 - 13:40] Changes in Compliance Frameworks in 2024[16:16 - 19:01] Other threats to be on the lookout in 2024 include work-from-home issues[21:53 - 23:28] How to stay agile and resilient[24:25 - 25:36] Final thoughts from Jim[25:48 - 28:54] Jara's receiptsResources:Unlocking Cybersecurity and Compliance Success in 2024A Global Escalation: Ransomware Threats, Trends, and Solutions for 2024Cybersecurity for Remote Workers: Best Practices for Securing Your Home OfficeISO 27001 Certification: What Is It and Why Does It Matter?Connect with the Guest:Jim Goldman's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

Acompanhe O Antagonista no canal do WhatsApp.  Boletins diários, conteúdos exclusivos em vídeo... e muito mais.  Link do canal:  https://whatsapp.com/channel/0029Va2SurQHLHQbI5yJN344 Ser Antagonista é fiscalizar o poder. Aqui você encontra os bastidores do poder e análises exclusivas. Apoie o jornalismo independente assinando O Antagonista | Crusoé:  https://hubs.li/Q02b4j8C0 Não fique desatualizado, receba as principais notícias do dia em primeira mão se inscreva na nossa newsletter diária: https://bit.ly/newsletter-oa Leia mais em www.oantagonista.com.br  |  www.crusoe.com.br

En este capítulo Oso Trava me explicó porqué la famosa “fuerza de voluntad” es nuestra enemiga, porqué el fracaso y el éxito van de la mano, porqué cuando intentamos complacer expectativas ajenas la terminamos regando, cómo desestancarnos después de un intento fallido de lograr nuestras metas, cuáles son los hábitos que te alejan del éxito y de qué manera construir un sistema coherente y eficiente para llegar a nuestro objetivo más profundo. ¡Cuéntame qué opinas de este capítulo en @lamagiadelcaos! Learn more about your ad choices. Visit megaphone.fm/adchoices

Uno de los tiburones de Shark Tank visitó al rincón, ¡Qué platica tan enriquecedora!Productividad, familia, liderazgo y otros temas hablamos con Oso, un gran ser humano. Disfruta de este episodio hasta el final  Síguenos en nuestros canales:https://www.instagram.com/elrincondeloserrores/https://www.tiktok.com/@elrincondeloserrores Si quieres navegar por el rincón en un solo lugar, visita nuestra webhttps://elrincondeloserrores.com/