Cyberspin Redspin

In this episode of Cyberspin, join Rob Teague and Dr. Thomas Graham as they talk CMMC with special guests, Jennifer Simpson, Sr. Director, of Corporate Cyber Assurance and Shari Pettersson Director, of Information Security Authorizations & Decisions (ISAD) at BAE Systems, Inc.
Learn how BAE Systems, Inc. embarked on their CMMC journey early with a Joint Surveillance Voluntary Assessment (JSVA). From early preparations to final assessments, get an insider’s perspective on how one of the leading defense contractors navigates the complexities of CMMC, ensuring the security and compliance of their operations. This discussion sheds light on how to prepare for CMMC directly from a prime contractor who has taken early steps to demonstrate cybersecurity maturity through CMMC.
 
Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

Contractors serving the DoD are in a constant battle to safeguard their data in compliance with the CMMC. Listen to this episode of Cyberspin as our experts explore how managed cloud services can accelerate the Cybersecurity Maturity Model Certification (CMMC) journey and how they are the fastest and easiest way to accommodate a segment of your organization that handles CUI data.
Subscribe & Stream: Gear up for your CMMC journey with "Cyberspin," available on Apple iTunes, Spotify, and redspin.com. Subscribe for the latest insights on navigating your cybersecurity landscape.

Contractors working with the Department of Defense (DoD) who store, process, and/or transmit CUI face a crucial challenge: ensuring that their technical security controls, documentation, policies, and processes are robust enough to meet the stringent demands of CMMC. With a range of Cloud offerings available, understanding how each aligns with CMMC standards can be quite a challenge.
 
Listen as we tackle the most prevalent misconceptions surrounding Azure Cloud and its ability to satisfy CMMC requirements. We'll break down the differences between Azure Commercial 365, Government Community Cloud (GCC), and GCC High. You'll learn when it's appropriate to choose GCC over GCC High, especially concerning ITAR data considerations, and whether FIPS Encryption is adequately provided for the communication and storage of Controlled Unclassified Information (CUI) data.
 
We'll also tackle the challenges that remote companies face in meeting CMMC's network criteria and explain why waiting until 2027 to address CMMC could be a misstep.
 
Tune in as we debunk myths and shed light on the essential criteria that will help you navigate your CMMC journey.
 
Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this episode, we sit down with Robert Hill, the Founder and CEO of Cyturus, to unravel the WHY behind the Cybersecurity Maturity Model Certification (CMMC).
 
Our conversation kicks off with the pressing question: Why do small defense contractors need the same level of security as industry giants like Boeing and Raytheon? Robert Hill walks us through the tactical why, painting a vivid hypothetical scenario. Imagine a seemingly minor 4-millimeter adversarial change in the dimensions of a gasket from a subcontractor manufacturer. This breach has the potential to infect the Department of Defense like a virus, leading to the grounding of a warfighter jet and the potential to impact lives.
 
The discussion extends beyond supply chain issues, delving into the critical need to protect intellectual property. Hill emphasizes that the true threat lies not just in information breaches but in the subsequent manipulation of data—a concept with long-term real-world implications.
 
Join us as we explore the technical aspects. However, our conversation takes a turn as we point out CMMC is not merely about IT controls; it's about fostering a culture of cybersecurity. CMMC is not a checkbox compliance but a movement that requires business buy-in and a deep understanding of the WHY.
 
Tune in to gain insights into the world of cybersecurity, understand the genuine need to protect national defense information, and recognize that CMMC is more than compliance—it's a cybersecurity movement.
 
Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

Celebrate Cybersecurity Awareness Month with Redspin! We’re here to guide you through CMMC (Cybersecurity Maturity Model Certification). To mark this important month, we’ll be shining a spotlight on our CMMC guides each week.
In this episode, we're excited to introduce Dr. Thomas Graham, a seasoned professional with a unique perspective on the world of cybersecurity, particularly from a Department of Defense (DoD) lens. With experience spanning the DHA, Navy medicine, from the governance perspective, and even a Federal Health IT Award-winning team, Thomas is well-equipped to shed light on the intricacies of this critical field.
Join us as we uncover the historical roots of Controlled Unclassified Information (CUI) and "read the tea leaves" of the Cybersecurity Maturity Model Certification (CMMC), positioning itself as a unifying force for cybersecurity requirements across various government agencies. Thomas, an expert in discerning the nuances of language, shares his insights into the future of CMMC and its potential impact on the DoD and other federal agencies.
Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.
 

Celebrate Cybersecurity Awareness Month with Redspin! We're here to guide you through CMMC (Cybersecurity Maturity Model Certification). To mark this important month, we'll be shining a spotlight on our CMMC guides each week.
In this episode, we chat with John Fitch, Azure expert who works with OSCs in building a secure encalve. John emphasizes CMMC offers significant value to both large and small contractors. It effectively safeguards against advanced persistent threats (APTs), particularly those targeting sensitive national information. Unlike a mere compliance checklist, CMMC prioritizes accountability making it a valuable addition to the future of national cybersecurity.
Throughout the month, we'll be featuring Subject Matter Experts in the world of CMMC. These are the leaders who are actively engaged in safeguarding sensitive data within our ecosystem. Join us to learn about their roles, their history working with the Department of Defense, and their insights into the impact that CMMC will have. Together, we can strengthen our cybersecurity defenses and protect what matters most.







Listen in at redspin.com or your favorite podcast platform.