In this episode, Jacob speaks with Penetration Tester & Social Engineer Chris Silvers!

Chris Silvers is the founder of CG Silvers Consulting! Chris has a vast amount of experience ranging from CMMC assessments to penetration testing. He even won the prestigious DEF CON black badge during the DEF CON 24 Social Engineering Capture the Flag (SECTF)!

In this episode they focus on how organizations can defend against social engineering attacks!

Here are some highlights from the episode:

• Winning the DEF CON SECTF black badge
• Social engineering tactics and tools
• CEO impersonation / fraud attacks
• How can GRC help defend against social engineering?
• Why businesses shouldn't start with a penetration test

Follow Chris on LinkedIn: https://www.linkedin.com/in/cgsilvers/

Chris's Website: https://www.cgsilvers.com/

-----------

Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!

Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e24&utm_campaign=courses

Need a FedRAMP authorized Password Manager?

Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/

See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode, Jacob speaks with ISO 27001 expert Aron Lange!

Aron is the founder of the GRC Lab, and a Udemy instructor with more than 11,000 students! He is an experienced auditor for management systems based on ISO 27001, ISO 9001, ISO 27018 and ISO 22301.

In this episode they discuss the essentials of ISO 27001 including the history of the standard and the changes in the latest revision, but also the significance of the organizations involved and the danger of ISO “certification paper mills.”

Here are some highlights from the episode:

• The history of ISO 27001
• Changes in ISO 27001:2022
• Who are the IAF, accreditation bodies, and certification bodies?
• The importance of hiring an IAF affiliated certification body
• ISO scoping
• Maintaining an ISO certification
• Best practices for internal audits

Follow Aron on LinkedIn: https://www.linkedin.com/in/aronlange/

Aron’s Udemy courses: https://www.udemy.com/user/aron-lange/

Aron’s Website: https://www.aronlange.com/

-----------

Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!

Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e23&utm_campaign=courses

Need a FedRAMP authorized Password Manager?

Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/

See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

In this episode, Jacob speaks with cybersecurity researcher Patrick Garrity!

Patrick Garrity is a seasoned security researcher at VulnCheck where he focuses on vulnerabilities, vulnerability exploitation and threat actors.

In this episode they discuss the importance of integrating threat intelligence into vulnerability management using the Exploit Prediction Scoring System (EPSS), CISA Known Exploited Vulnerabilities Catalog, and the changes in CVSS 4.0!

Here are some highlights from the episode:

• How Exploit Prediction Scoring System (EPSS) can predict exploitation
• How vulnerability scanners integrate EPSS
• CISA's Known Exploited Vulnerabilities (KEV) Catalog
• The national security implications of vulnerability management

Follow Patrick on LinkedIn: https://www.linkedin.com/in/patrickmgarrity/

VulnCheck Website: https://vulncheck.com/

Thanks to our sponsor Keeper Security!

Need a FedRAMP authorized Password Manager? See how Keeper can help you comply with CMMC: https://www.keepersecurity.com/cmmc/?utm_source=grcacademy&utm_medium=display&utm_campaign=cmmc_video

Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/

-----------

Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!

Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e22&utm_campaign=courses