Defense Contractors: CMMC Is Here — And the Clock Is Ticking
In our latest Cybersecurity America episode (42), I had the privilege of speaking with Jim Goepel, a true leader in cybersecurity and compliance — and someone who has helped shape the very ecosystem he now advises. Jim is the CEO of Fathom Cyber, a consulting firm in North Wales, PA specializing in: 🔹 CMMC assessment preparation 🔹 CUI education and compliance strategy 🔹 Expert witness services His unique background — lawyer, engineer, author, educator, and one of the architects behind the CMMC ecosystem — means he’s seen this challenge from every angle: technical, legal, business, and regulatory. Jim has not only helped companies prepare for and achieve some of the first-ever CMMC certifications, he literally helped create the framework, launch The Cyber AB, and build the financial and training models that sustain the program today. 💡 In our conversation, Jim and I covered: Why CMMC is less about stopping attacks — and more about building resilience The cultural and leadership challenges that make compliance harder than the tech How other governments are now looking to adopt CMMC-like frameworks What small and mid-size businesses must do now to turn compliance into a competitive advantage Whether you’re in manufacturing, defense, or any sector touching sensitive government data, this episode is a must-listen if you want to understand not just what’s coming, but how to strategically position your organization before the surge. 🎧 Listen here: [https://youtu.be/E0M61k5Z3KI] #CyberSecurity #CMMC #Compliance #RiskManagement #DefenseIndustry #DoD #CyberResilience Sponsored by, www.darkstack7.com - Cyber Defense https://www.linkedin.com/company/cyber-security-america-podcast/posts/?feedView=all&viewAsMember=true
--------
29:34
--------
29:34
From Combat Boots to Cybersecurity - Nia Luckey on her journey
In this episode of the Cybersecurity America Podcast, sponsored by DarkStack7, host Joshua Nicholson sits down with Nia Luckey — Army veteran, published author, and cybersecurity leader — to talk about her powerful journey from military service to the frontlines of cyber defense. Nia shares lessons on resilience, leadership, and transitioning from military to civilian life, while also unpacking the evolving challenges in today’s cybersecurity landscape. From the importance of attention to detail, to burnout among cyber leaders, to the risks and opportunities of AI in security and governance, this episode is packed with insight for both aspiring professionals and seasoned experts. Key Topics Covered: - Nia’s journey from Army communications to cybersecurity leadersh- ip - Building resilience and avoiding burnout in high-pressure environments - Specialization vs adaptability in cyber careers - AI, risk quantification, and governance in today’s security programs - The future of work in cybersecurity Whether you’re a veteran, a cybersecurity professional, or simply interested in how resilience and adaptability shape careers, this episode has something for you. 👉 Don’t forget to like, comment, and subscribe for more conversations with today’s cybersecurity leaders. #CyberSecurity #VeteransInTech #cyberresilience #leadership #cybercareers #aiincybersecurity #riskmanagement #ciso #cyberpodcast #NiaLuckey #cybersecurityamerica
--------
53:08
--------
53:08
Cybersecurity’s Golden Rule: The Legal Blueprint No One Shares
In this episode, sponsored by Darkstack7, Joshua sits down with Chris Cronin, partner at Halock Security Labs and founding partner of Reasonable Risk, to explore the intersection of cybersecurity, risk management, and the legal principles behind “reasonable” safeguards. Chris unpacks the DoCRA Standard and CIS RAM, sharing how historical and legal frameworks can guide today’s cybersecurity strategies. From his journey in academia to his leadership in cyber risk, Chris offers practical insights on balancing risk, ensuring compliance, and applying reasonable security measures that stand up to regulatory and legal scrutiny. The discussion covers real-world risk assessments, notable legal cases, and emerging tools that automate and enhance risk management. Key Topics: - How the DoCRA Standard and CIS RAM shape practical risk analysis Applying “reasonableness” from legal precedent to cybersecurity Balancing regulatory specificity with operational flexibility The role of community and professional standards in defining reasonable safeguards Historical analogies, insurance considerations, and executive decision-making in risk management Timestamps: 00:00 Introduction to Cybersecurity Challenges 00:26 Meet Chris: A Cybersecurity Expert 01:25 Chris’s Journey into Cybersecurity 02:50 Where Law Meets Cybersecurity 04:37 Defining Reasonable Security Measures 06:37 Regulations and Compliance in Practice 08:24 The Legal Concept of Reasonableness 10:22 Translating Legal Standards into Cyber Practices 14:53 Practical Risk Analysis Steps 21:20 Balancing Flexibility and Specificity in Regulations 24:54 Professional Standards That Shape Reasonableness 25:49 Certifications and Industry Benchmarks 26:17 How Community Shapes Standards 26:34 Lessons from Aviation for Cybersecurity 28:29 The CIS RAM and Risk Assessment Methods 30:51 Legal Implications of Adopting Reasonableness 32:16 Insurance and Risk Management 34:38 Challenges in Incident Response Reporting 39:40 Risk Assessments for Executive Decision-Making 46:02 Closing Thoughts and Call to Action www.darkstack7.com
--------
48:07
--------
48:07
Memory-Only Malware: The Threat You’re Probably Missing
In episode 39, host Josh Nicholson is joined by memory forensics expert Andrew Case, co-developer of the Volatility framework and co-author of The Art of Memory Forensics. Together, they explore the critical role of memory analysis in modern incident response—uncovering hidden malware, insider threats, and ransomware techniques invisible to traditional disk forensics or EDR tools. Andrew breaks down what’s new in Volatility 3, how memory-only malware operates, and why CISA now recommends memory imaging in its emergency directives. Whether you're a responder, analyst, or just curious about advanced DFIR, this episode is packed with practical insight and real-world experience. 🎧 Stay secure—and subscribe for more expert cyber content. https://youtu.be/2q4z9Z2_cwc www.darkstack7.com
--------
51:27
--------
51:27
Digital Forensics & Incident Response (DFIR) with Surefire Cyber.
Cyber threats aren't slowing down—and neither are we. In episode 38 of Cyber Security America, I sit down with two powerhouses from Surefire Cyber—Karla Reffold and Billy Cordio—to pull back the curtain on what’s really happening in today’s incident response and threat intelligence landscape. 💡 What we cover: 📈 Real-world ransomware trends (like longer dwell times and SSH backdoors) 📨 Surging business email compromise tactics—attachments are the new attack vector 🔐 Why incident response retainers are more valuable than ever 🔥 Rapid resiliency: 5 key misconfigurations every business must address 🧠 How threat actors are using AI (and why they still don’t need it to win) 💬 Candid career advice for aspiring DFIR and intel pros Whether you’re a CISO, SOC leader, or cyber-curious professional, this episode gives you front-line insights from the experts handling these threats daily. 🎧 Listen now and secure your edge: [https://www.darkstack7.com/podcast] #CyberSecurity #IncidentResponse #DFIR #ThreatIntelligence #Ransomware #BEC #SurefireCyber #CyberSecurityAmerica #Podcast #EDR #mfa #Resilience #digitalforensics https://www.linkedin.com/in/joshuanicholson/
On the front lines of technology and business there is a battle of survival. Behind the scenes, businesses are on a mission to keep a vigilant watch for threats in an ongoing Cyber War. But it’s not just about malware, ransomware, and breaches anymore. The obstacles and barriers companies face today are bigger and badder than ever — and these cyber threats are forcing them to prove they’re secure for the future. So when you need answers to win the battle, tune into Cyber Security America with your host Joshua Nicholson. You’ll learn what it’s like running cyber security operations teams inside some of the world’s largest companies. It’s a cyber backstage pass and real world advice for cyber defenders, CISOs, and security professionals.
Sverige