Training, Threat modeling, Privacy

CMMC Program and the DIB Preparation, Part 1 – Doug Landoll – SCW #75

June 8, 2021

Doing business with the Federal government has always had its share of requirements and regulations, especially when it comes to storing, processing, or transmitting any sensitive data. In fact, organizations doing business with the Federal government involving sensitive data are well acquainted with the cybersecurity controls they must implement based on controls from well-known frameworks such as the National Institute of Standards and Technology (NIST) Special Publication 800-53 (NIST SP 800-53) and NIST SP 800-171. However, in the last several years these controls (and the method by which organizations must demonstrate compliance have drastically changed, culminating in the Cybersecurity Maturity Model Certification (CMMC) Framework.

Segment Resources:
Official DoD Acquisition Site for CMMC Program Info: https://www.acq.osd.mil/cmmc/

Official Site of the CMMC Program: https://cmmcab.org/

Official NIST Site for publications such as 800-53, 800-171: https://csrc.nist.gov/publications Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

CMMC Program and the DIB Preparation, Part 1

Guests

Doug Landoll

Doug Landoll - CEO at Lantego

@DougLandoll

Douglas Landoll has over three decades of information security experience. He has led security risk assessments and established security programs for top corporations and government agencies. He is an expert in security risk assessment, security risk management, security criteria, and building corporate security programs and the author of three cybersecurity books. His background includes evaluating cybersecurity at the National Security Agency (NSA), North Atlantic Treaty Organization (NATO), Central Intelligence Agency (CIA), the Federal Bureau of Investigations (FBI), and other government agencies; co-founding the Arca Common Criteria Testing Laboratory, co-authoring the systems security engineering capability maturity model (SSE-CMM); teaching at NSA’s National Cryptologic School; and speaking at national and international cybersecurity conferences. Doug has founded or directed four information security firms including the southwest security services at Exodus Communications, Veridyn (sold to EnPointe Technologies), the Risk and Compliance Management division at Accuvant (now Optiv) and Lantego. Doug is currently the CEO of Lantego, specializing in risk assessment, policy development, and training. He is a CISSP. He holds a BS degree from James Madison University and an MBA from the University of Texas at Austin. In his 30+ years in the industry he has performed over 100 cybersecurity risk assessment, written policies for scores of organizations, and instructed over 2500 CISSP and CISA candidates. Doug Landoll is dynamic speaker, perceptive author, and information security expert, who always brings a unique mix of business strategy, keen insight, and technical know-how to current cybersecurity topics.

Hosts

Fredrick

Fredrick "Flee" Lee - CSO at Gusto

@fredrickl

Fredrick "Flee" Lee is the Chief Security Officer at Gusto, where he leads information and physical security strategies including consumer protection, compliance, governance and risk. Before Gusto, Lee spent more than 15 years leading global information security and privacy efforts at large financial services companies and technology startups, most recently as Square's Head of Information Security. He previously held senior security and privacy roles at Bank of America, NetSuite and Twilio. Lee was born and raised in Mississippi and holds a bachelor's degree in computer engineering from the University of Oklahoma.

Josh Marpet

Josh Marpet - Executive Director at RM-ISAO

@quadling

Executive Director, RM-ISAO Co-founder, MJM Growth IANS Faculty Blockchain Patent Holder MISTI Instructor Entrepreneurship Curmudgeon Board Member BSidesDE Board Member BSidesDC Ex-cop and Fireman

Scott Lyons

Scott Lyons - CEO at Red Lion

@Csp3r

CEO at Red Lion

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

  • Security Weekly is ecstatic to announce that Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Call for presentations & early registration for Security Weekly listeners is open now! Visit securityweekly.com/unlocked to submit your presentation & register for the early registration price before it expires!

prestitial ad