Recklesss Compliance Max Aulakh

Max Aulakh and Uliya Sparks, an ISSM at SAF Mission Partners Environment, discuss the potential of AI in federal compliance. They explore ISSMs' challenges, including managing multiple systems and navigating complex policies like NIST and FedRAMP. Uliya highlights the slow adoption of AI due to concerns about data sensitivity and job displacement, stressing the need for human expertise in validating AI-generated responses.
Topics we discuss:
Artificial Intelligence in context of Control ResponsesTool limitations and how we as humans can address themBringing awareness of our work to a younger generation

Max Aulakh Bio:
Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.
Max Aulakh on LinkedIn
Ignyte Assurance Platform Website

In this episode, Max discusses the fundamental concepts of Control Inheritance and System Reciprocity, highlighting their differences, applications, and importance in the realms of cybersecurity and organizational governance. This topic ties in closely with his recent LinkedIn post about the need for a credit system for security work being done within different parts of the DoD. 
Topics Covered
Control Inheritance:Definition and significance in cybersecurity.Examples of control inheritance, such as identity management systems.Utilization of control catalogs, like NIST's 800-53, for formal control inheritance.System Reciprocity:Explanation of reciprocity agreements between organizations.Distinction between Authority to Connect (ATC) and Authority to Operate (ATO).Intersection of Inheritance and Reciprocity:Clarification of the relationship between control inheritance and reciprocity processes.Ensuring compliance with controls and agreements for establishing reciprocity.Common misconceptions and reasons for conflating inheritance with reciprocity.Resources
Control Inheritance Blog
RMF Process and Reciprocal Agreements 
DISA Connection Approval Process for Authority to Connect
DISN Connect Process Guide
Max Aulakh Bio:
Max is the Managing DIrector of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.
Max Aulakh on LinkedIn
Ignyte Assurance Platform Website

Max Aulakh invites Reuben Patton to discuss the implementation of enclaves in the context of CMMC (Cybersecurity Maturity Model Certification). Reuben, with his experience in both the classified sector and cybersecurity, provides insights on how enclaves, traditionally used in classified environments, are now being applied to manage CMMC requirements. He dives into strategies for handling Operational Technology and Research & Development in relation to CMMC, discussing the challenges and considerations of incorporating these areas into compliance frameworks. The conversation also touches on the practicalities and complexities of managing enclaves, offering valuable guidance for organizations navigating CMMC compliance.

Topics we discuss:
Understanding EnclavesEnclaves in Operational TechnologyStrategic Implementation of Enclaves
Max Aulakh Bio:
Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.
Max Aulakh on LinkedIn
Ignyte Assurance Platform Website

In this episode, we explore how global entities can serve the US and European governments. Joseph Keenan, Global Head of Security and CISO at Airbus OneWeb breaks down some challenges and provides insight into managing CMMC, Security strategy, FedRAMP while selling Commercial Off-the-shelf products into the defense market . This episode focuses on the stressors of an international company in the age of CMMC as well as dives into the differences between the US and European operations that he is experiencing in his current role.
Topics we discuss:
What is it like to manage US public sector compliance when your organization is distributed?Stressors of an international company in the age of CMMC How do you manage GDPR?What are the notable differences between the US and European Operations?Max Aulakh Bio:
Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.
Max Aulakh on LinkedIn
Ignyte Assurance Platform Website

The podcast features Steve Demersky, the Chief Compliance Officer and Chief Legal Officer at 1010 Data. He discusses the importance of legal and compliance officers in the cybersecurity and risk management field. Data privacy is a major concern for SaaS companies, and they need to ensure they are handling client data safely and in compliance with regulations. The podcast also touches on the use of SOC audits and the need for credible auditors who can identify and address organizational flaws.

Topics we discuss:
Role of Legal at 1010 DataRisk Management SaaS Security ComplianceSupplier RiskCertifications & External AttestationsImproving SOC 2, FedRAMP and similar compliance initiatives
Max's Bio
Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.
Max Aulakh on LinkedIn
Ignyte Assurance Platform Website

Our guest today is Naveed Mirza, Senior Solutions Arcitect at Okta. This episode focuses on the importance of authorization boundaries and how to not only understand them but how to develop them. Naveed shares his background as a government contractor supporting the U S Marine Corps, highlighting the transferable skills and experiences that have prepared him for his role as SSA at Okta. 
Topics we discuss:
Authorization boundaryWhat is it, why is it important? How can it help?Can a boundary establishment exercise be harmful when it comes to DevSecOps?What all goes into it developing a boundary?Complex boundaries and its relationship to Systems of Systems thinkingMax Aulakh Bio:
Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance leader delivering DoD-tested security strategies and compliance that safeguard mission-critical IT operations. He has trained and excelled while working for the United States Air Force. He maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global unclassified and classified networks.
Max Aulakh on LinkedIn
Ignyte Assurance Platform Website