The Virtual CISO Podcast

40 Episodes
Subscribe

By: John Verry

The Virtual CISO Podcast is a frank discussion that provides the very best information security advice and insights for Security, IT and Business leaders. If you’re looking for the latest strategies, tips, and trends from seasoned information security practitioners, want no-B.S. answers to your biggest security questions, need a perspective on how your peers are addressing the same issues, or just simply want to stay informed and proactive, then welcome to the show. Our moderator, John Verry, chats with industry thought leaders to ensure you have what you need to be confident in your security and compliance. John wi...

✂️ Turn this podcast into clips
Episode 160: Managing Identity in the Age of AI Agents With Geoffrey Mattson
Episode 160: Managing Identity in the Age of AI Agents With Geoffrey Mattson episode artwork
Yesterday at 6:46 PM


Episode 159: The New Security Stack: Doors, Data, and AI With Jeffrey Friedman
Episode 159: The New Security Stack: Doors, Data, and AI With Jeffrey Friedman episode artwork
06/10/2026


Episode 158: AI Is Increasing Your Cyber Risk – Can It Also Reduce It? With Mike Armistead
Episode 158: AI Is Increasing Your Cyber Risk – Can It Also Reduce It? With Mike Armistead episode artwork
04/28/2026


Episode 157: AI Security: Testing, Exploits, and Threat Feeds With Marco Figueroa
Episode 157: AI Security: Testing, Exploits, and Threat Feeds With Marco Figueroa episode artwork
04/03/2026


Episode 156: AI Security: Threat Modeling & Pipeline Evolution with Jason Rebholz
Episode 156: AI Security: Threat Modeling & Pipeline Evolution with Jason Rebholz episode artwork
#156
02/25/2026


Episode 155: Incident Response Testing in Cloud Forward Organizations with Matt Lea
Episode 155: Incident Response Testing in Cloud Forward Organizations with Matt Lea episode artwork
#155
12/17/2025


Ep 154: How DORA Will Impact US Companies with Dejan Kosutic
Ep 154: How DORA Will Impact US Companies with Dejan Kosutic episode artwork
11/06/2025


Ep 153: Inside ISO 42001: The Future of AI Governance with Danny Manimbo
Ep 153: Inside ISO 42001: The Future of AI Governance with Danny Manimbo episode artwork
09/22/2025


EP 152: Granular, Persistent, Zero Trust: The Case for File-Level Security
EP 152: Granular, Persistent, Zero Trust: The Case for File-Level Security episode artwork
#152
08/12/2025


EP 151: Trust, But Verify: How HITRUST is Reshaping Assurance
EP 151: Trust, But Verify: How HITRUST is Reshaping Assurance episode artwork
#151
07/01/2025

In this episode of the Virtual CISO Podcast, host John Verry and guest Chris Schaeffer discuss
the HITRUST framework, its evolution, and its significance in the cybersecurity landscape. They
delve into the Common Security Framework (CSF), the different assessment models (E1, I1,
R2), and how HITRUST compares to other frameworks like SOC 2 and ISO 27001. The
conversation also touches on the future of HITRUST, including potential reciprocity with other
standards and the impact of emerging technologies like AI.


Ep 150: Is OSCAL the Future of Security Documentation (& FedRAMP)?
Ep 150: Is OSCAL the Future of Security Documentation (& FedRAMP)? episode artwork
#150
04/29/2025

In this episode of the Virtual CISO Podcast, John Verry speaks with Kenny Scott, founder and CEO of Paramify, about the challenges of cyber risk management and the potential of OSCAL (Open Security Controls Assessment Language) in simplifying compliance and documentation processes. They discuss the importance of structured digital communication in security, the complexities of FedRAMP, and how OSCAL can streamline the documentation process, ultimately reducing costs and improving efficiency in security programs. In this conversation, Kenny and John discuss the challenges and strategies for adopting OSCAL (Open Security Controls Assessment Language) in organizations. They explore the importance of understanding...


Ep 149: Unlocking the Future: Passkeys and Passwordless Authentication with Anna Pobletts
Ep 149: Unlocking the Future: Passkeys and Passwordless Authentication with Anna Pobletts episode artwork
#149
03/06/2025


Episode 148: Cloud Detection & Response
Episode 148: Cloud Detection & Response episode artwork
02/11/2025

In this episode, John Verry interviews Eric Gumanofsky, Vice President for Product Innovation at Tenable Security, about the concept of Cloud Detection and Response (CDR). They discuss the similarities and differences between CDR and Endpoint Detection and Response (EDR), as well as the integration of CDR into a comprehensive Cloud Native Application Protection (CNAP) solution. They also explore the challenges and benefits of automating response in the cloud and the importance of risk-based decision-making. The conversation highlights the evolving nature of the cloud security space and the need for organizations to stay informed and make informed decisions.


Episode 147: Why vCISO Engagements Fail
Episode 147: Why vCISO Engagements Fail episode artwork
01/29/2025

In this episode, John Verry and Matt Webster discuss the evolving landscape of virtual CISO services, exploring the common pitfalls and failures associated with these projects. They emphasize the importance of clear expectations, the distinction between a virtual CISO and a virtual security team, and the necessity of executive buy-in for successful cybersecurity initiatives. The conversation also highlights the need for specialized expertise in various cybersecurity domains and the challenges of maintaining focus amidst tactical distractions. They explore the tactical challenges organizations face, the importance of redundancy in virtual CISO services, and how breaches can impact these engagements. The discussion...


Episode 146: Dark Web Monitoring
Episode 146: Dark Web Monitoring episode artwork
#146
01/07/2025

In this conversation, John Verry interviews Steph Shample, Cybercrime Analyst for DarkOwl, about the dark web and its implications for cybersecurity professionals. They discuss: 
The basics of the dark web, its purpose, and the types of activities that take place there. 
They also explore the value of darknet data for threat intelligence and how it can be used to understand and combat cyber threats.  
Cybersecurity professionals can benefit from understanding the dark web to gain insights into the tactics, techniques, and procedures used by threat actors. 
Additionally, they touch on the evolving nature of cyber attacks and t...


Episode 145: CMMC: The Final Rule
Episode 145: CMMC: The Final Rule episode artwork
#145
12/02/2024

In this episode of the Virtual See-So Podcast, host John Verry speaks with Sanjeev Verma, chairman and co-founder of Prevail, about the intricacies of CMMC compliance and the importance of cybersecurity. They discuss: 
The delays in CMMC implementation, key elements of the new regulation, and the importance of being prepared for compliance.  
The complexities of compliance with CMMC regulations, the importance of documentation, and the implications of using cloud services and VDI.  
They emphasize that compliance is an ongoing process requiring annual affirmation and that organizations must be proactive in their cybersecurity measures. T 
They highlight the ne...


Episode 144: TxRAMP or StateRAMP or AZRAMP or FedRAMP? What’s right for your company?
Episode 144: TxRAMP or StateRAMP or AZRAMP or FedRAMP? What’s right for your company? episode artwork
#140
10/17/2024

In this episode of The Virtual CISO Podcast, your host John Verry is joined by Mike Craig to break down the differences between FedRAMP, TxRAMP, AZRAMP, and StateRAMP.

Together, they discuss:How the Naoris Protocol establishes decentralized trust for compute endpoints.
 Key distinctions between the RAMP frameworks and how they impact an organization's path to Authorization to Operate (ATO).How Organizationally Defined Parameters (ODPs) shape the implementation of controls across different RAMPs.The impact of Federal Acquisition Regulations (FAR) on FedRAMP technical architecture and cost recovery.Why nearly 60% of FedRAMP projects fail, and how strategic planning can h...


Episode 143: Is Decentralized Proof of Security Leveraging Blockchain the future of Cybersecurity?
Episode 143: Is Decentralized Proof of Security Leveraging Blockchain the future of Cybersecurity? episode artwork
#143
09/23/2024

In this episode of The Virtual CISO Podcast, your host, John Verry, sits down with David Carvalho, a cryptography and cybersecurity expert with over 25 years of experience, to explore the next frontier in cybersecurity: decentralized security models and post-quantum cryptography.


How the Naoris Protocol establishes decentralized trust for compute endpoints. The importance of a decentralized security baseline for digital trust.Real-world applications in cyber insurance and regulatory compliance.The growing threat of quantum computing and the need for post-quantum security.And more!If you're considering federal cybersecurity compliance or just want to stay ahead in cloud security, f...


Episode 142: CNAPP - Secure Cloud Apps in a Snap
Episode 142: CNAPP - Secure Cloud Apps in a Snap episode artwork
#142
08/21/2024


Episode 141: Stopping Business Email Compromise with a Novel Malicious File Reconstruction Approach
Episode 141: Stopping Business Email Compromise with a Novel Malicious File Reconstruction Approach episode artwork
07/11/2024

In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with Aviv Grafi, CTO and founder of Votiro, as they discuss innovative solutions to combat business email compromise. Join us as we discuss:
The mechanisms of business email compromise How malicious files are used in cyberattacks The limitations of traditional security methods The benefits of malicious file reconstruction technologyAnd more! If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast. For updates on cybersecurity, digital technology, and more, fol...


Episode 140: DIB/CMMC Cybersecurity – Interesting Observations from a Significant Study
Episode 140: DIB/CMMC Cybersecurity – Interesting Observations from a Significant Study episode artwork
06/27/2024

Join us for an engaging episode of the Virtual CISO Podcast with host John Verry. This episode features Chris Petersen, co-founder of LogRhythm and current CEO of Radical. Chris brings over two decades of experience in cybersecurity, offering deep insights into the industry's challenges and advancements. In this episode, we'll explore:

 - The surprising results from Radical’s DIB Cybersecurity Survey, including the incongruity between high self-assessed security skills and other survey responses.
 - The critical issue of poor scoping in System Security Plans (SSPs) and its impact on the effectiveness of security monitoring within the Defense Indu...


Episode 139: How adding Crisis Management to your Incident Response Plan can save your bacon?
Episode 139: How adding Crisis Management to your Incident Response Plan can save your bacon? episode artwork
06/07/2024

Join us for an engaging episode of the Virtual CISO Podcast with host John Verry. This episode features Kevin Dinino, President of KCD PR, who delves into the critical aspects of crisis management and communications. Kevin brings over 20 years of experience in guiding companies through the complexities of strategic communications, particularly in the cybersecurity, financial, and technology sectors. In this episode, we'll explore:

 The nuances of differentiating between an incident and a crisis, and how to handle the transition from one to the other.The essential components of a comprehensive crisis management plan and the importance of integrating c...


Episode 138: Is Consuming SaaS an Information Security Faustian Bargain? w/ William Eshagh
Episode 138: Is Consuming SaaS an Information Security Faustian Bargain? w/ William Eshagh episode artwork
05/16/2024


Episode 137: Strategies and Insights w/ Sagi Brody
Episode 137: Strategies and Insights w/ Sagi Brody episode artwork
05/01/2024


Episode 136: AI Risk Management – Is ISO 42001 the Solution? w/ Ariel Allensworth
Episode 136: AI Risk Management – Is ISO 42001 the Solution? w/ Ariel Allensworth episode artwork
#136
04/10/2024


Episode 135: Can Distributed Ledger Technology Simplify Privacy Compliance? W/ Zenobia Godschalk
Episode 135: Can Distributed Ledger Technology Simplify Privacy Compliance? W/ Zenobia Godschalk episode artwork
#135
03/28/2024

In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with guest Zenobia Godschalk, Senior Vice President of Hedera Hashgraph, as they discuss distributed ledger technology and its effects on privacy compliance.

Join us as we discuss the following: 
The erosion of Privacy Online
Distributed Ledger Technology (DLT) and how it enables Web 3
How DLT can be used to improve security and compliance with Privacy regulations

If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to t...


Episode 134: Understanding TISAX w/ Alexander Häusler
Episode 134: Understanding TISAX w/ Alexander Häusler episode artwork
#134
03/11/2024


Kubernetes Security – Simplified Shauli Rozen, CEO of ARMO
Kubernetes Security – Simplified Shauli Rozen, CEO of ARMO episode artwork
#133
02/27/2024

In this episode of The Virtual CISO Podcast, your host, John Verry, engages in a conversation with guest Shauli Rozen, CEO and Co-Founder of ARMO, exploring the intricacies of Kubernetes, the orchestration tool that's reshaping how we deploy, scale, and manage containerized applications.

Join us as we discuss:
What a container isImplications of containers on securityHow you can leverage Kubescape to improve application securityAnd more!If you want to learn more about cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the Virtual CISO Podcast.

For updates on the state...


Episode 132: Optimize Your SOC 2 - Lessons Learned from the 2023 Benchmark Study w/ Scott Woznicki
Episode 132: Optimize Your SOC 2 - Lessons Learned from the 2023 Benchmark Study w/ Scott Woznicki episode artwork
#132
02/09/2024


Episode 131: The New CMCC Proposed Rule w/ Jeff Carden & Warren Hylton
Episode 131: The New CMCC Proposed Rule w/ Jeff Carden & Warren Hylton episode artwork
#131
02/02/2024


Episode 130: Revolutionizing Security Training with Kevin Paige CISO and VP of Product Strategy at Uptycs
Episode 130: Revolutionizing Security Training with Kevin Paige CISO and VP of Product Strategy at Uptycs episode artwork
01/15/2024


Episode 129: Empowering Diversity in the Cybersecurity Industry with Larry Whiteside Jr.
Episode 129: Empowering Diversity in the Cybersecurity Industry with Larry Whiteside Jr. episode artwork
#129
01/04/2024


Episode 128: Understanding the ISO 27001:2022 Update with Andrew Frost and Leigh Ronczka
Episode 128: Understanding the ISO 27001:2022 Update with Andrew Frost and Leigh Ronczka episode artwork
#128
12/19/2023

In this episode of The Virtual CISO Podcast, your host, John Verry, sits down with Andrew Frost and Leigh Ronczka of CBIZ Pivot Point Security to discuss the updates needed to successfully transition from ISO27001:2013 to ISO 27001:2022.
Join us as we discuss:
How simplistic it is for a company to transition to ISO 27001:2022The level of effort required to implement the changesWhat auditors are looking for when organizations make an updateAnd more!
If you want to learn more about the realm of cybersecurity, follow The Virtual CISO Podcast on your favorite streaming platforms and subscribe to the...


Ep 127: The Future of Security: Unraveling the World of Social Engineering
Ep 127: The Future of Security: Unraveling the World of Social Engineering episode artwork
#127
12/19/2023


Ep 126: Unlocking AI's Potential: Risks, Optimism & Challenges in the Current Wave of AI Technology
Ep 126: Unlocking AI's Potential: Risks, Optimism & Challenges in the Current Wave of AI Technology episode artwork
#126
11/21/2023


Ep: 125 - Understanding the New FTC Safeguards Rule: Key Changes and Requirements Explained
Ep: 125 - Understanding the New FTC Safeguards Rule: Key Changes and Requirements Explained episode artwork
#125
11/08/2023

Tune into an insightful conversation with Jeremy Price, co-leader of a national cybersecurity practice. In this engaging discussion, Jermey explains the updated FTC safeguard rules that went into effect in June and what they’re intended to do. In this episode, your host, John Verry, and Jeremy Price discuss: - The Gramm Leach Bliley Act updates and how that affects financial institutions, and companies that offer things like consumer financial products and services - The extended and new definition of financial institutions - How to determine whether or not your company falls under the new definition of financial institutions and wh...


An Introduction to AI and its Place in the Work Place with CEO of Private AI Patricia Thaine
An Introduction to AI and its Place in the Work Place with CEO of Private AI Patricia Thaine episode artwork
#124
10/10/2023

Join us for an insightful conversation with Patricia Thaine, Founder and CEO of Private AI, as we delve into the world of artificial intelligence, language models, and data privacy. In this engaging discussion, Patricia sheds light on the transformative potential of AI, particularly language models like GPT-3.5, in various industries.
In this episode, your host, John Verry, and Patricia Thaine discuss:
how specialized AI models are revolutionizing tasks such as sentiment analysis and personal information identification, all while ensuring data remains private and secure.responsible AI practices and preparing the next generation to harness AI's power responsibly.the...


Ep 123: Navigating IT-OT Dynamics: Cybersecurity, Integration, and Collaboration
Ep 123: Navigating IT-OT Dynamics: Cybersecurity, Integration, and Collaboration episode artwork
09/22/2023


Ep 122: Navigating New Horizons: CMMC, NIST 800-171 Updates, and Compliance Insights
Ep 122: Navigating New Horizons: CMMC, NIST 800-171 Updates, and Compliance Insights episode artwork
08/31/2023

In this episode of the "Virtual CISO Podcast," your host John Verry speaks with guest Warren Hylton, a FedRisk consultant at CBIZ Pivot Point Security, to explore recent updates in cybersecurity regulations. The conversation revolves around the Cybersecurity Maturity Model Certification (CMMC) and the updated NIST Special Publication 800-171 (R2 to R3).

Join us in this week’s episode as we discuss
The potential outcomes of the DOD’s rules package submission to OMBNIST 800-171's Revision 3 updatesThe transition from DoD-led to commercial-led assessments regarding CMMCAnd more!To hear this episode and many more like it, we enco...


Ep 121: Strategies for Reducing the Cost of Your Cyber Liability Insurance Policy
Ep 121: Strategies for Reducing the Cost of Your Cyber Liability Insurance Policy episode artwork
#121
07/11/2023

Like many other businesses, law firms are at significant risk of cyber-attack and increasingly are turning to cyber liability insurance (CLI) to transfer some of their cyber risk. But many are being denied coverage or face high premiums due to shortfalls in their cybersecurity controls.

In this episode, your host John Verry, CBIZ Pivot Point Security Managing Director, sits down with Jack Liljeberg, Assistant Broker at Thompson Flanagan. Jack helps give business and security leaders in the legal vertical, as well as anyone seeking CLI coverage, a comprehensive update on the state of the CLI marketplace and critical...