CMMC Proof

In this episode of the CMMC Proof Podcast, host Derrich Phillips sits down with Doug Landoll, CEO of Lantego and the author of the bestselling CMMC Assessment Handbook. Doug shares his journey into cybersecurity, offering a unique perspective on the importance of collaboration within the cybersecurity community. What you'll learn in this episode: Doug's experience as an author, focusing on CMMC and its impact on organizations. Insights into the CMMC assessment process, its challenges, and how it compares to frameworks like SOC 2 or ISO 27001. The future of CMMC compliance and why proactive preparation is essential for organizations. The value of CISSP training and clear success definitions in building a fulfilling cybersecurity career. Why consulting should center on empowering organizations for better assessments. Whether you're a defense contractor preparing for CMMC compliance, a cybersecurity professional seeking expert advice, or someone exploring a career in the field, this episode is packed with actionable insights and inspiration. Subscribe for the latest CMMC updates and insights. Visit www.cmmcproof.com

In this episode of the CMMC Proof Podcast, host Derrich Phillips interviews Melissa Burant, a supply chain project manager at Iowa State University CIRAS, to uncover the compliance challenges defense contractors face under the Cybersecurity Maturity Model Certification (CMMC). Melissa shares insights into bridging the gap between federal requirements and current compliance practices, emphasizing the importance of simplifying complex regulations and providing actionable steps for small and medium-sized manufacturers. She sheds light on the shortcomings of the current CMMC ecosystem, such as the lack of resources mapping back to federal requirements and the overwhelming information contractors must navigate. The conversation dives into: The effectiveness of virtual boot camps in empowering companies to implement cybersecurity practices. How false claims and noncompliance cases impact small businesses. The importance of connecting cybersecurity efforts to revenue. Collaborative strategies to support manufacturers in the cybersecurity industry. Building targeted resources and simplifying the compliance journey for contractors. Melissa's practical advice and passion for helping small businesses make this episode a must-watch for anyone navigating the complexities of CMMC compliance. Subscribe Visit www.cmmcproof.com

In this compelling episode, we explore the recent whistleblower lawsuit filed by the United States Department of Justice against Georgia Tech and Georgia Tech Research Corporation. This case, which alleges significant cybersecurity breaches, has sent shockwaves through the defense contracting and academic communities. Key Takeaways: Specific Contracts and Violations: We break down the particular contracts involved and the critical cybersecurity lapses, including failure to implement a System Security Plan (SSP) and the use of a false cybersecurity score. Egregious Violations: The case highlights the most serious violations—such as operating without anti-virus protection, submitting a fictitious SPRS score, and creating a false SSP based on a non-existent campus IT system. Intentional Misconduct: We delve into how Georgia Tech and GTRC knowingly violated federal cybersecurity requirements, particularly in handling Controlled Unclassified Information (CUI). Evidence and Documentation: Explore the evidence presented, including incriminating emails, text messages, and sworn testimonies that reveal a pattern of non-compliance and false claims. Impact on the Government: Learn about the damage done to the U.S. government, including millions of dollars paid for services that did not meet contractual obligations due to these cybersecurity failings. This episode is a must-watch for anyone involved in government contracting, cybersecurity, or compliance. We provide insights into how these violations were uncovered, the legal implications, and what this means for the future of cybersecurity in federally funded research. 🔔 Don't forget to subscribe stay updated with our latest episodes on cybersecurity, legal developments, and more! Useful Links: DOJ Filing- https://www.justice.gov/opa/pr/united-states-files-suit-against-georgia-institute-technology-and-georgia-tech-research

Join Derrich Phillips in an engaging discussion with Daniel Eliot, the lead for small business engagement at NIST, on the latest episode of CMMC Proof podcast. They explore the updated NIST Cybersecurity Framework and its Small Business Quick Start Guide, focusing on practical insights and challenges faced by small businesses in implementing cybersecurity measures. Highlights include Daniel's role at NIST, key changes in the cybersecurity framework, and strategies for small businesses to adopt a risk-based approach. Discover actionable steps across the framework's functions: identify, protect, detect, respond, and recover, tailored for improving cybersecurity resilience. Key Takeaways: Insights into adapting cybersecurity behaviors and practices for organizational growth. The significance of prioritization in cybersecurity efforts, addressing critical vulnerabilities. NIST's community-driven approach to framework development, with valuable input and resources. Practical tools such as implementation examples, quick start guides, and community profiles to aid businesses in their cybersecurity journey.

In this conversation, Jim Dempsey discusses his book 'Cybersecurity Law Fundamentals' and the current state of cybersecurity and privacy laws in the United States. He highlights the patchwork of laws and regulations that exist, the need for a comprehensive cybersecurity law, and the importance of asset inventory and risk assessment for companies. Jim also discusses the role of whistleblowers in addressing cyber fraud and the potential impact of the False Claims Act on improving cybersecurity compliance. The current state of cybersecurity and privacy laws in the United States is a patchwork of regulations and standards, with no comprehensive cybersecurity law in place. Companies need to prioritize asset inventory and risk assessment as part of their cybersecurity practices. Whistleblowers play a crucial role in addressing cyber fraud, and the False Claims Act provides incentives for individuals to come forward and report non-compliance. There is a need for more enforcement and accountability in cybersecurity and privacy practices, with a focus on reasonable requirements and third-party assessments. The intersection of the False Claims Act and the implementation of the Cybersecurity Maturity Model Certification (CMMC) could lead to improved compliance and accountability in government contracts. Link to purchase Jim's book- Cybersecurity Law Fundamentals (2024) https://iapp.org/resources/article/cybersecurity-law-fundamentals/ Visit www.aspirecyber.com to learn more about how to Get CMMC Compliant ASAP.

In this episode of the CMMC Proof Podcast, attorney Julie Bracker joins us to discuss her unsealed whistleblower cases involving False Claims Act (FCA) claims for cybersecurity noncompliance against Penn State and Georgia Tech. Julie outlines the history and purpose of the False Claims Act, the role of whistleblowers in exposing fraud, waste, and abuse, and the recent focus on cybersecurity in False Claims Act cases. She shares insights into the Georgia Tech case and her experience working with the Department of Justice. Since 2006, Julie Bracker has focused her practice exclusively on representing whistleblowers around the country in False Claims Act litigation. In 2015, with her partner Jason Marcus, she founded Bracker & Marcus LLC. Visit http://www.fcacounsel.com/ to if you would like to contact attorney Julie Bracker. Join the CMMC Proof LinkedIn Group: https://www.linkedin.com/groups/14363176/ Visit www.aspirecyber.com Follow Derrich on LinkedIn: https://www.linkedin.com/in/derrichphillips/