GRC Academy Jacob Hill

In this episode, Jacob speaks with attorney Julie Bracker!
Julie is the whistleblower attorney for both the Penn State University and Georgia Tech University FCA complaints. These complaints essentially allege the defendants misrepresented their compliance with NIST 800-171!
They discuss the False Claims Act and the DOJ's Civil Cyber Fraud Initiative, and what federal contractors can do to avoid being the subject of a whistleblower complaint!
Here are some highlights from the episode:
What is the False Claims Act?What is the DoJ's Civil Cyber Fraud Initiative?What are the risks and rewards for whistleblowers?Who are the targets of the initiative?Can companies blindly rely on their MSP and be safe?How to quantify damages of cyber noncompliance fraudDoJ Civil Cyber Fraud settled lawsuits so farGeorgia Tech and Penn State FCA casesFollow Julie on LinkedIn: https://www.linkedin.com/in/juliekeetonbracker/
Bracker & Marcus LLP Website: https://www.fcacounsel.com/
Penn State FCA Complaint: https://cdn.grcacademy.io/web/20240325204912/penn-state-university-false-claims-act-complaint.pdf
Georgia Tech FCA Complaint: https://cdn.grcacademy.io/web/20240325204909/georgia-tech-university-false-claims-act-complaint.pdf
2023 DoJ Report of FCA settlements (more than $2.68 billion): https://www.justice.gov/opa/pr/false-claims-act-settlements-and-judgments-exceed-268-billion-fiscal-year-2023
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e21&utm_campaign=courses
Need a FedRAMP authorized Password Manager?
Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/
See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode, Jacob speaks with a panel of information security experts from universities about CMMC and their experience preparing for it!
They discuss security and compliance challenges at universities, the Penn State NIST 800-171 False Claims Act lawsuit, and much more!
Here are some highlights from the episode:
How universities are different from other types of organizationsDifferent compliance requirements for universitiesWho is involved in the execution of a government contract?The drivers of cybersecurity compliance at universitiesThoughts on the Penn State False Claims Act lawsuitHow to drive positive cybersecurity change at a universityCUI enclaves at universitiesAreas of CMMC that need clarificationHere are the panelists:
Jay Gallman - Duke University (https://www.linkedin.com/in/jay-gallman/)Kolin Hodgson - Notre Dame (https://www.linkedin.com/in/kolin-hodgson-cisa-cissp-4bbb9a/)Melissa Kimble - University of Maine (https://www.linkedin.com/in/melissa-kimble/)Wendy Epley - University of Arizona (https://www.linkedin.com/in/wendyepley/)Thanks to our sponsor Keeper Security!
Need a secure file sharing solution? Register for a webinar showing how Defense Contractors can share sensitive information using Keeper: https://grcacademy.io/ref/keeper/webinar-cmmc-file-sharing-april-2024/
Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/
See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e20&utm_campaign=courses
Need a FedRAMP authorized Password Manager?
Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/
See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode, Jacob talks to Dr. Raghuram Srinivas from MetricStream!
They discuss the beginnings of AI, how it has evolved over time, and the risks and opportunities it presents to companies around the world!
Raghuram is the Senior Vice President of Product Management at MetricStream. He is an AI expert and has worked in AI-focused roles at JPM Chase, KPMG, as well as the Watson Group at IBM.
Here are some highlights from the episode:
The history of AIHow do large language models (LLMs) work?AI for GRC & GRC for AIUsing AI in cyber operationsThe future of cyber riskFollow Ragu on LinkedIn: https://www.linkedin.com/in/raghuramsrinivas/
MetricStream website: https://www.metricstream.com/
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online cyber GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e19&utm_campaign=courses
Need a FedRAMP authorized Password Manager?
Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/
See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode, Jacob talks to Patrick Perry from Zscaler. They discuss Zscaler's experiences navigating the FedRAMP and DoD Impact Level processes as well as Zero Trust!
Pat is a cybersecurity expert with over 20 years of experience. He currently works at Zscaler as Field CTO and is responsible for the alignment of Zscaler capabilities to the DoD and IC mission sets in order to provide dynamic, mission-focused, innovative approaches to enable transformation and zero trust to warfighter organizations.
Zscaler U.S. Government Solutions enables the U.S government and their strategic partners to securely transform their networks and applications for a mobile and cloud-first world. Zscaler's FedRAMP Moderate/High/DoD IL5-authorized solutions ensure fast, secure connections between users and applications, regardless of device, location, or network.
Here are some highlights from the episode:
Zscaler's Approach to FedRAMP, DoD Impact Levels, and CMMCShared Responsibility Between Cloud Service Providers and UsersWhat Zero Trust is and how it relates to CMMCZero Trust PillarsThoughts on Federal Approach to Zero TrustFollow Patrick on LinkedIn: https://www.linkedin.com/in/perrypn2019/
Zscaler website: https://www.zscaler.com/
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e18&utm_campaign=courses
Need a FedRAMP authorized Password Manager?
Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/
See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob speaks with Derrich Phillips from Aspire Cyber about best practices and tips when filling out cybersecurity questionnaires.
Derrich Phillips is a cybersecurity expert with over 20 years of experience in the field. He started his career in the Army's security operations center, defending networks against cyber attacks. As the founder of Aspire Cyber, he focuses on helping small companies prove their cybersecurity readiness to handle information for enterprise customers.
Here are some highlights from the episode:
How Derrich get into cybersecurityThe what and why of security questionnairesHow to save time and money while filling out a security questionnairesWhen to push back on overly burdensome requirementsCheck out this video where Derrich and I discuss how ChatGPT can be used in information security compliance: https://youtu.be/IAAJPJLBeaY
Follow Derrich on LinkedIn: https://www.linkedin.com/in/derrichphillips/
Aspire Cyber website: https://www.aspirecyber.com/
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e17&utm_campaign=courses
Need a FedRAMP authorized Password Manager?
Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/
See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode Jacob speaks with Shauna Weatherly from FedSubK.com.
Shauna recently retired from the federal government after serving more than 35 years in the federal acquisition / contracting space! During her career she served as chief of contracting, contracting officer representative, and as an advisor to the Civilian Agency Acquisition Council (CAAC).
She even has direct experience in the federal rulemaking process, and contributed to FAR case 2017-016, also known as the FAR CUI rule, which will contractually require the implementation of NIST SP 800-171 on federal contracts.
Join us as we pull back the curtain on the federal rulemaking process and more!
Here are some highlights from the episode:
Shauna’s backgroundSteps and roles involved in the federal rulemaking processWhat is a FAR case?What is OIRA’s role?The relationship between the FAR and DFARSHow to provide effective public comments on regulationsImpacts of FAR case 2017-16 - CUI ruleImpacts of FAR case 2021-17 - Cyber Threat and Incident Reporting and Information Sharing regulationImpacts of FAR case 2021-019 - Standardizing Cybersecurity Requirements for Unclassified Information SystemsFollow Shauna on LinkedIn: https://www.linkedin.com/in/shauna-weatherly/
FedSubK website: https://www.fedsubk.com/
-----------
Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!
Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e16&utm_campaign=courses
Need a FedRAMP authorized Password Manager?
Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/
See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/