SOC 2 isn't the only SOC out there! 🧦

In this episode Cera Adams breaks down these SOC reports and what to expect in a SOC audit!

Here are a few highlights from this episode:

• Why CPAs are involved
• What SOC 1 / SOC 2 / SOC 3 reports mean to providers and consumers
• Difference between SOC 2 Type 1 and Type 2 reports
• How SOC scoping and audits work
• SOC consulting/audit independence requirements

Cera is the Director of IT Assurance Services and leads OCD Tech's SOC 2 and IT Audit Practices. She has more than 20 years of experience in information security!

I've spent most of my career working in the NIST cybersecurity space, so this was very interesting to me!

I thought that the SOC 3 report was interesting, especially since many other frameworks don't have an equivalent.

What were your takeaways? What is your best SOC pun? Let me know in the comments!

Follow Cera on LinkedIn: https://www.linkedin.com/in/ceraadams/

OCD Tech Website: https://ocd-tech.com/

-----------

Thanks to our sponsor Vanta!

Want to save time filling out security questionnaires?

Experience questionnaire automation here: https://vanta.com/grcacademy

-----------

Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!

Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e39&utm_campaign=courses

#soc2 #cybersecurity #informationsecurity

Do you use Android at work, but don't really understand it?

In this episode Hahna Kane Latonick teaches an Android cybersecurity masterclass for cyber GRC teams:

Here are a few highlights from this episode:

• How the Android project is managed
• How Android devices are compromised
• The many steps to update Android devices
• Most important steps to secure Android devices
• Is Apple more secure than Android?

Hahna is the Director of Security Research at Dark Wolf Solutions. Some of her focuses include Android reverse engineering and exploit development. She has been featured on national media outlets including Fox Business News, ABC News, and many others!

Too often companies integrate mobile devices at work without truly understanding how they work and the risks involved.

Hahna explained these concepts so well! And of course, we had some back and forth on what is more secure, Android or Apple.

I really enjoyed this episode and learned more about Android myself! What were your takeaways?

Follow Hahna on LinkedIn: https://www.linkedin.com/in/hahnakane/

Dark Wolf Solutions Website: https://darkwolfsolutions.com/

Android Security Research Playbook: https://asrp.darkwolf.io/

-----------

Thanks to our sponsor Vanta!

Want to save time filling out security questionnaires?

Experience questionnaire automation here: https://vanta.com/grcacademy

-----------

Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!

Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e38&utm_campaign=courses

#android #cybersecurity #informationsecurity

Introducing the Penn State Whistleblower.

In this episode, the whistleblower explains how he tried to stop Penn State from allegedly LYING to the government about their NIST 800-171 compliance and what he has faced since he blew the whistle!

Whistleblower attorney Julie Bracker also shares what the media got wrong in this case and the latest on the Georgia Tech FCA case!

Here are a few highlights from this episode:

- Hear directly from the whistleblower in this False Claims Act case

- What the media got wrong

- Recommendations to universities

- Advice for other whistleblowers

Matthew Decker was the Chief Information Officer at the Applied Research Laboratory at Penn State from 2015 until 2023 and the interim Vice Provost and CIO responsible for all of Penn State from January 2016 until September 2016. Matthew currently serves as the Chief Data and Information Officer at NASA’s Jet Propulsion Laboratory since 2023.

It was fascinating to learn that the university assumed compliance with their own AD95 security policy meant they were automatically compliant (at least to some measure) with NIST 800-171. This is a great reminder that the details always matter!

Special thanks to Matt for sharing his story with us, and to Julie Bracker for coordinating this interview!

Follow Julie on LinkedIn: https://www.linkedin.com/in/juliekeetonbracker/

Bracker & Marcus LLC Website: https://www.fcacounsel.com/

Connect with Matt on LinkedIn: https://www.linkedin.com/in/matt-decker-cio/

Whistleblower's Handbook: https://www.amazon.com/New-Whistleblowers-Handbook-Step-Step/dp/1493028812/

-----------

Thanks to our sponsor Vanta!

Want to save time filling out security questionnaires?

Experience questionnaire automation here: https://vanta.com/grcacademy

-----------

Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!

Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e37&utm_campaign=courses

#whistleblower #cmmc #cybersecurity