AI is bringing speed and velocity never seen before. Some studies show that the output is the equivalent to what 35-40 humans can produce. This speed and velocity is applied to countless use cases across just about every economic sector. Cybersecurity compliance is laden with repetitive, redundant, and time-consuming manual tasks. While humans bring nuanced ingenuity and problem-solving capabilities, we are prone to errors, especially across such repetitive, redundant, and time-consuming tasks. Worse, cybersecurity compliance requirements are far from standardized, though there is a tremendous amount of overlap. In these circumstances, humans take short cuts. It’s not a matter of whether short cuts result in errors, only how many errors. The real power of AI in the world of cybersecurity compliance is the ability to bridge all gaps of compliance documentation with minimal to no errors. Furthermore, AI can then be trained to leverage compliance documentation to code and perform actual tasks within a system. In the world of cybersecurity, AI opens the doors to a world in which security truly is baked in from the beginning.

Today’s guest is Nic Chaillan, technology entrepreneur, software developer, cyber expert and inventor. He has over 23 years of domestic and international experience with strong technical and subject matter expertise in cybersecurity, software development, product innovation, governance, risk management and compliance. Specifically, these fields include Cloud computing, Cybersecurity, DevSecOps, Big Data, multi-touch, mobile, IoT, Mixed Reality, VR, and wearables.

Resources:

· AskSage Training Materials: https://chat.asksage.ai

Supply chain security is not new, though it certainly feels as though it is. Thanks to globalization, supply chains are ever growing in their depth, complexity, and interconnectedness. Unfortunately, like so many other systems, security of supply chains hasn’t been at the top of the list of things to consider when evaluating supply chains. Understandably, economics led the way. A supply chain exists to foster economic growth and profit-making. None of these are bad but there’s a painful irony: the less security is considered, the greater the costs, which drives down growth and profit-making. Costs aren’t just financial, either. The cost of losing a competitive edge is significant but almost impossible to quantify in dollars. It runs much deeper. As data theft has proliferated on an unprecedented scale, the need for securing supply chains has begun it’s rise to the top of our consciousness. The intriguing thing about supply chain security is that it isn’t all that different than traditional risk management activities.

Today’s guest is John Santore, Director of Cybersecurity Services here at Kratos. Together, we’ll dive into supply chain security. We’ll outline what a supply chain is, what to consider when evaluating your supply chain, some of the challenges you might encounter along the way and we’ll outline a basic supply chain risk management approach.

Resources:

The core tenants of a supply chain risk management approach:

• Inventory your supply chain
• Ensure strong relationships are in place with those in your supply chain
• Develop criteria for evaluating the risk of suppliers within your organization
• Work with your suppliers to obtain the information necessary to perform the evaluation
• Develop a process for scrutinizing suppliers that are identified as high-risk
• Repeat the process on a defined frequency
• Ensure that it is applied as part of any supplier intake

Links:

• NIST SP 800-161: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
• C-SCRM Factsheet
• NIST SP 800-218: Secure Software Development Framework
• Executive Order 14028
• OMB M-22-18
• OMB M-23-16

IT support is tricky for most businesses, especially for those not in the IT business. Thus, IT is a cost of doing business and a high cost at that. High costs drive down profits. Less profit makes it harder for businesses to invest in the products or services that they’re making and selling. Retaining IT staff is even more difficult. This is due to the extremely low unemployment rate and the higher-than-average annual salary. These two factors almost guarantee that IT staff hired by non-IT businesses will eventually get a better offer some place else. To mitigate the problem with IT staff, businesses have turned to outsourcing to managed service providers or external service providers. By doing so businesses are giving up the information necessary to make well-informed choices, instead choosing to trust the IT service providers they’re buying from. This asymmetry of information creates a market phenomenon called a market for lemons. A market for lemons phenomenon exists when sellers hold more knowledge than buyers. Because buyers are price-sensitive and are only willing to pay a certain price the market becomes distorted such that high-quality sellers are gobbled up quickly and the market is left with lemons. In sum, the market for lemons works to drive quality out of the market.

Today’s guest is Andy Paul. Andy is an engineer, data privacy professional and a Certified CMMC Assessor from Gray Analytics with more than 15 years of experience helping firms design, implement and secure everything from globally spanning networks to small boutique and highly specified and regulated networks. During our conversation, we discuss the current situation in the IT services market, the market for lemons phenomenon, how the CMMC ecosystem is setup to alleviate the problems that markets for lemons introduce, and how you can outsource confidently.

Resources:

Links:

· George Akerlof – The Quarterly Journal of Economics, Vol. 84, No. 3 (Aug. 1970), pp. 488-500

· Cyber AB Marketplace