Recklesss Compliance

EXPLORE

Society & Culture

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/0c/83/45/0c8345e3-7947-72a6-d662-634a05dbac05/mza_2480539896911402896.jpg/600x600bb.jpg

Recklesss Compliance

Max Aulakh

16 episodes

1 hour ago

Send us a text In this episode of the Reckless Compliance podcast, Max talks with Justin Paquette from NtelSec about a bold idea: helping small contractors achieve “CMMC in a day” by working inside a pre-secured enclave—CUI Vault—instead of overhauling their entire enterprise. Justin explains how NtelSec’s government collaboration platform SectorNet (which recently achieved FedRAMP Readiness) informed the commercial offering, and why treating the provider as a cloud service (CSP)—not a manage...

Show more...

All content for Recklesss Compliance is the property of Max Aulakh and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Send us a text In this episode of the Reckless Compliance podcast, Max talks with Justin Paquette from NtelSec about a bold idea: helping small contractors achieve “CMMC in a day” by working inside a pre-secured enclave—CUI Vault—instead of overhauling their entire enterprise. Justin explains how NtelSec’s government collaboration platform SectorNet (which recently achieved FedRAMP Readiness) informed the commercial offering, and why treating the provider as a cloud service (CSP)—not a manage...

Show more...

Episodes (16/16)

Recklesss Compliance

CMMC in a Day? NtelSec’s “Enclave” Approach to Fast-Track Compliance

Send us a text In this episode of the Reckless Compliance podcast, Max talks with Justin Paquette from NtelSec about a bold idea: helping small contractors achieve “CMMC in a day” by working inside a pre-secured enclave—CUI Vault—instead of overhauling their entire enterprise. Justin explains how NtelSec’s government collaboration platform SectorNet (which recently achieved FedRAMP Readiness) informed the commercial offering, and why treating the provider as a cloud service (CSP)—not a manage...

2 months ago

25 minutes

Recklesss Compliance

Valid Eval’s FedRAMP Journey: Lessons in Scaling, Security, and Government Partnerships

Send us a text Description: In this episode of the Reckless Compliance podcast, Max is joined by the CTO of Valid Eval, who shares the journey of achieving FedRAMP Ready status and securing an IATO from NASA. From early career work on advanced defense systems to building a SaaS platform that streamlines proposal evaluation for government agencies, this episode dives deep into the realities of navigating federal compliance. The conversation highlights strategic investments in Kubernetes and o...

5 months ago

46 minutes

Recklesss Compliance

CMMC Compliance Insights with Swimlane's Head of GRC, Jack Rumsey

Send us a text In this episode of the Reckless Compliance podcast, Max is joined by Jack Rumsey, Head of GRC at Swimlane. Jack shares his journey of navigating the world of compliance as Swimlane grows its presence in the federal market. The discussion covers Swimlane’s move toward CMMC Level 1, the challenges of balancing federal compliance with commercial certifications like SOC 2 and ISO, and the complexities of managing government systems. Jack also explains Swimlane’s experience with GRC...

8 months ago

29 minutes

Recklesss Compliance

Unpacking SBOMs: Software Supply Chain Risks & Compliance Challenges

Send us a text Welcome to this episode of the Reckless Compliance podcast, brought to you by Ignyte, where we share our expertise on cyber risk and help you navigate the complexities of federal compliance. I am your host, Max Aulakh. Our guest today is Aaron Bray, co-founder of Phylum, a company specializing in securing software supply chains. We discuss: What is an SBOM? Understanding the Software Bill of Materials and its role in risk managementOpen-source security risks: How third-party...

9 months ago

21 minutes

Recklesss Compliance

NSA's Secret Weapon for Small Business FedRAMP and CMMC Security

Send us a text Welcome to this episode of the Reckless Compliance podcast, brought to you by Ignyte, where we explore cyber risk and compliance in the defense sector. I am your host, Max Aulakh. Today’s guest is Rose, an NSA liaison specializing in cybersecurity collaboration. Topics we discuss: The NSA’s cybersecurity mission and its role in protecting the defense industrial base (DIB)NSA’s free cybersecurity services for small businesses, including threat intelligence collaboration, attack ...

10 months ago

21 minutes

Recklesss Compliance

DIBCAC Assessments: Lessons from Belcan's Chief Security and Data Officer, Matt King

Send us a text Long Description: In this episode, Max is joined by Matt King, Chief Security and Data Officer at Belcan. Matt shares his story of transitioning from Anthem to Belcan, where he has been instrumental in building a security program to meet the stringent requirements of federal compliance. The conversation dives into the DIBCAC assessment process, the challenges of implementing NIST 800-171 controls, the importance of limiting scope, and strategies for pushing back on govern...

1 year ago

28 minutes

Recklesss Compliance

FedRAMP Equivalency Memo with GRC Analyst, Michael Rasmussen

Send us a text Max Aulakh and Michael Rasmussen, GRC analyst and CEO of GRC Report, discuss the recent FedRAMP Equivalency Memo released by the DoD in January 2024. They go into depth about the memo, what is involved, the requirements, as well as how this directly effects the CSP. Topics we discuss: What is FedRAMP, and who is it for?How long has FedRAMP been around?Challenges with FedRAMPWhat is Equivalency, and why is it important?Is Equivalency a good or bad thing?What type of firms ...

1 year ago

27 minutes

Recklesss Compliance

Use of Artificial Intelligence for NIST Controls Responses - Perspective from Air Force ISSM

Send us a text Max Aulakh and Uliya Sparks, an ISSM at SAF Mission Partners Environment, discuss the potential of AI in federal compliance. They explore ISSMs' challenges, including managing multiple systems and navigating complex policies like NIST and FedRAMP. Uliya highlights the slow adoption of AI due to concerns about data sensitivity and job displacement, stressing the need for human expertise in validating AI-generated responses. Topics we discuss: Artificial Intelligence in context o...

1 year ago

28 minutes

Recklesss Compliance

Control Inheritance vs. Reciprocity

Send us a text In this episode, Max discusses the fundamental concepts of Control Inheritance and System Reciprocity, highlighting their differences, applications, and importance in the realms of cybersecurity and organizational governance. This topic ties in closely with his recent LinkedIn post about the need for a credit system for security work being done within different parts of the DoD. Topics Covered Control Inheritance:Definition and significance in cybersecurity.Examples of co...

1 year ago

12 minutes

Recklesss Compliance

Enclaves in the Era of CMMC with Reuben Patton

Send us a text Max Aulakh invites Reuben Patton to discuss the implementation of enclaves in the context of CMMC (Cybersecurity Maturity Model Certification). Reuben, with his experience in both the classified sector and cybersecurity, provides insights on how enclaves, traditionally used in classified environments, are now being applied to manage CMMC requirements. He dives into strategies for handling Operational Technology and Research & Development in relation to CMMC, discussing the ...

1 year ago

34 minutes

Recklesss Compliance

The Role of a Chief Legal Officer with Steven Dimirsky

Send us a text The podcast features Steve Demersky, the Chief Compliance Officer and Chief Legal Officer at 1010 Data. He discusses the importance of legal and compliance officers in the cybersecurity and risk management field. Data privacy is a major concern for SaaS companies, and they need to ensure they are handling client data safely and in compliance with regulations. The podcast also touches on the use of SOC audits and the need for credible auditors who can identify and address organi...

1 year ago

34 minutes

Recklesss Compliance

Max Discusses Authorization Boundaries with Naveed Mirza from Okta

Send us a text Our guest today is Naveed Mirza, Senior Solutions Arcitect at Okta. This episode focuses on the importance of authorization boundaries and how to not only understand them but how to develop them. Naveed shares his background as a government contractor supporting the U S Marine Corps, highlighting the transferable skills and experiences that have prepared him for his role as SSA at Okta. Topics we discuss: Authorization boundaryWhat is it, why is it important? How can it h...

1 year ago

37 minutes

Recklesss Compliance

CMMC and DIBCAC Audit Journey w/Anthony Fisic (CISO) from Battelle

Send us a text Our guest today is Anthony Fisic, Chief Information Security Officer at Battelle, who conducts research and development, designs and manufactures products, and delivers critical services for government and commercial customers. This podcast episode focuses on federal compliance's impact on defense industry businesses. Anthony shares his background in law enforcement and military service, highlighting the transferable skills and experiences that have prepared him for his role as...

1 year ago

34 minutes

Recklesss Compliance

DCSA Authorization Official - Alex Hubert - ATO in a Day - Is it real?

Send us a text Alexander Hubert talks about his journey to becoming an authorization official in the public sector. He explains how he transitioned from being a weatherman in the Air Force to becoming an IT guy and then delves into his interest in cybersecurity. Alex shares that he has worked various positions within the risk management framework, including information assurance manager and security controls assessor. As an AO, his role is to accept risk on behalf of the government and determ...

1 year ago

32 minutes

Recklesss Compliance

Public Sector Compliance Terminology 101

Send us a text Welcome to the first episode of the Reckless Compliance podcast, brought to you by Ignyte, In this episode, Max gives a high-level overview of the different key compliance terminology that will be discussed on the podcast. He provides context, definitions, and use cases. Topics we discuss: Private Sector Defense Industrial BaseCloud Service ProvidersPublic Sector Divisions of software companiesFederal Agencies DoD/Armed ServicesIntelligence AgenciesMax Aulakh Bio: Ma...

1 year ago

28 minutes

Recklesss Compliance

Welcome to Reckless Compliance - Meet Your Host Max Aulakh

Send us a text Welcome to episode zero of the Reckless Compliance Podcast, brought to you by Ignyte Assurance Platform, where we discover the unintended consequences of compliance. I am your host, Max Aulakh. In this inaugural episode, we cover the following topics: Overview of topics that will be covered in the podcastOverview of the goals of the podcastMax’s promise to listeners and subscribers Max Aulakh Bio: Max is the CEO of Ignyte Assurance Platform and a Data Security and Compliance le...

1 year ago

8 minutes