CSA Security Update John DiMaria; Director of Operations Excellence

In our latest episode, we delve into the innovative approach of auditing "themes" as introduced in the ISO/IEC 27001:2022 revision. This reorganization of domains marks a significant shift in how we think about and implement information security management. By centering our conversation on auditing themes, we explore how this new structure enhances the alignment of security practices with organizational goals and risks. We'll discuss the rationale behind this change, practical insights on tra...

In this exclusive interview, we have the honor of speaking with a representative from the Cloud Security Alliance (CSA), the esteemed recipient of the 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training. This award acknowledges CSA's groundbreaking Certificate of Competence in Zero Trust (CCZT), the industry's first authoritative training and certification program dedicated to Zero Trust architecture, components, and best practices.During this session, we will delve into the dev...

In the ever-expanding digital world, securing applications and the infrastructure they rely on is critical. This episode tackles three key security field acronyms: Application Security Posture Management (ASPM), Cloud Security Posture Management (CSPM), and Cloud-Native Application Protection Platform (CNAPP). While all focused on bolstering security posture, these target different aspects of one's security program.Listen as we interview Karthik Swarnam, Chief Security and Trust Officer at Ar...

In this episode, John DiMaria & Cameron Kline, Director of Attest Services at BARR Advisory, delve into the relationship between CSA STAR Level 2 and ISO 27001 standards, emphasizing the significant overlap in best practices, procedures, and controls for cloud service providers (CSPs) operating in medium- to high-risk environments. They highlight how collaboration with an auditing firm certified in both frameworks can expedite the compliance process, offering practical tips for streamlini...

In a world where the speed of business is only outpaced by the speed of regulatory changes, staying compliant without slowing down has become the new competitive edge. In this episode, we delve into the heart of agile compliance with a special guest Travis Howerton; Co-Founder and Chief Executive Officer of RegScale, a pioneering company at the forefront of compliance automation.Discover how automated technology and continuous monitoring is revolutionizing the way organizations approach compl...

In the latest CSA Security Update Podcast episode, we delve into the fascinating world of cybersecurity attestations and explore why CPA firms are increasingly leading the charge in this domain. Host John DiMaria is joined by Pawel Wilczynski, Cybersecurity Manager at Baker Newman Noyes (BNN), a top-ranked tax, assurance, and advisory firm and an accredited CSA STAR Assessment Firm.The episode delves into why CPA firms, traditionally known for financial audits, are exceptionally well-suited f...