The Paramify Podcast

Today, we're honored to be joined by Den Jones, Founder and CEO of 909Cyber and a veteran in cybersecurity. With a robust career that includes roles as Chief Security Officer at SonicWall, CSO at Banyan Security and Senior Director of Enterprise Security at Cisco, Den brings a wealth of experience to the table. He's a Stanford alumnus with a focus on Cyber Security and Executive Strategy, holds a Higher National Certificate in Computing from West Lothian College, and is a certified CISSP. Den also hosts 'Get IT Started. Get IT Done.', a podcast that discusses the cybersecurity industry. He’s here to share his expertise on the evolving cybersecurity landscape, tackling complex security challenges, and his approach to leadership in this crucial sector.
Learn more about Den Jones: https://www.linkedin.com/in/denwjones/
Get IT Started. Get IT Done. Podcast: https://podcasters.spotify.com/pod/show/banyan-security
Learn more about Paramify here: https://www.paramify.com/
Learn more about Kenny Scott: https://www.linkedin.com/in/kenny-g-scott/

Today, we’re honored to have Rob Sherwood on the podcast. Rob is a seasoned cybersecurity professional with extensive experience in policy management, PKI architecture, and identity management. With over two decades in the field, Rob has left a lasting impact through his dedication to standards development, including his significant contributions to the Open Security Controls Assessment Language (OSCAL). From his role as a Principal Consultant at Credentive Security to his pivotal involvement in projects like the oscal-pki-policy-converter tool, Rob's passion for advancing cybersecurity practices is evident. As an advocate for collaboration and knowledge-sharing, his insights into OSCAL offer invaluable perspectives for professionals and organizations navigating the complexities of cybersecurity policy management.
Learn more about Rob: https://www.linkedin.com/in/rob-sherwood-credentive/
Credentive Security: https://www.credentive.com/
Paramify: https://www.paramify.com/

Today we had the honor to talk with Matthew Graham, the Director of US Federal Practice at Prescient Security. Matthew is a seasoned cybersecurity expert whose extensive career has spanned technical and strategic leadership roles. With a rich background that includes high-level certifications such as CISSP, CASP+, and CCNA, Matthew brings a wealth of knowledge on FedRAMP & cybersecurity practices and trends.
In this episode, we talk about everything from FedRAMP Rev 5 to Hurricane Katrina and police interrogations.
Learn more about Matthew Graham: https://www.linkedin.com/in/msgcyberassessments/
Learn more about Prescient Security: prescientsecurity.com
Learn more about Paramify: https://www.paramify.com/

Today we had honor to talk with Brandt Keller, a distinguished software engineer and open source developer advocate with a comprehensive background that spans significant achievements in both the military and technology sectors. A veteran of the U.S. Marine Corps, Brandt has transitioned his disciplined and strategic approach from the field of communications within the military to the forefront of software engineering and cybersecurity. His recent endeavors have led him to explore the intricacies of Governance, Risk Management, and Compliance (GRC), focusing on the adoption of the Open Security Controls Assessment Language (OSCAL) by NIST to promote data freedom and enhance the automation of compliance processes. Brandt's commitment to leveraging his expertise for the advancement of technology and compliance standards showcases his dedication to innovation and continuous improvement. We're truly excited to have Brandt on the show to delve into his rich experience, explore his contributions to the field of technology, and discuss his visionary work in making compliance data more accessible and actionable.
Brandt Keller's open source project: https://github.com/defenseunicorns/lula
Brant Keller's LinkedIn: https://www.linkedin.com/in/brandtkeller/
Paramify: https://www.paramify.com/
 

Today we're honored to host Tommy Hoschouer, who currently leads the global public sector efforts at DeleteMe. Tommy's rich history at companies like Sprinklr, Medallia, SAP, and Qualtrics has equipped him with a unique perspective on using technology to enhance public sector operations, leading to significant improvements in revenue and efficiency. Now at DeleteMe, he is dedicated to defending personal and professional information from increasingly sophisticated digital threats, such as identity theft and cyber attacks. His focus on strengthening data privacy and security is crucial in our digital era. We look forward to unpacking his valuable insights on how to protect digital identities and adapt to the evolving technological landscape in the public sector.
In today's episode Kenny, Keaton, and Tommy talk about everything from data privacy, the importance of protecting your data, to our favorite ice cream shakes.
Learn more about Tommy: https://www.linkedin.com/in/tommy-h-18484087/
Learn more about DeleteMe: https://joindeleteme.com/
Learn more about Paramify: https://www.paramify.com/

Today, we had the honor to have Brian Martinez, a leading expert in governance, risk, and compliance (GRC) with over two decades of experience at Michigan State University and the broader cybersecurity community. As the Governance, Risk, and Compliance Lead at MSU, Brian has spearheaded critical security projects and compliance frameworks, contributing significantly to the university's research and security posture. Beyond MSU, Brian enriches the cybersecurity field through his roles as Founder and President of BIDE Consulting and Director at #misec, alongside his volunteer work with (ISC)² in developing the CISSP certification exam. In this episode, we'll dive into Brian's extensive career, his approach to GRC in academia, and his insights into the future of cybersecurity. It's a pleasure to have Brian join us to share his valuable experience, expertise, and perspectives.
 
Brian's LinkedIn: https://www.linkedin.com/in/brianrmartinez/
 
Learn more about Paramify: https://www.paramify.com/

Today we had the honor to speak with Troy Fine, the Senior Advisor at Geels Norton,  where he's making significant strides in cybersecurity and compliance. With a rich history in the field, including key positions at Drata and Schneider Downs, Troy's credentials—boasting certifications like ISO 27001:2013 Lead Auditor and CISSP—speak volumes of his expertise. Beyond his professional acumen, Troy captures the cybersecurity community's attention with insightful, humorous memes on LinkedIn, making the dense world of GRC and IT audit accessible and engaging. His memes commonly refer to SOC 2 not being a certification.
In today's episode we talk about everything from SOC 2 not being a certification, Troy's legendary memes to Troy's history and how he started his career in Cybersecurity. 
 
Troy Fine's LinkedIn: https://www.linkedin.com/in/troyjfine/
Learn more Geels Norton: geelsnorton.com
Learn More about Paramify: paramify.com

Today we had the honor to talk to Beau Butaud, a visionary in the compliance and cybersecurity field and the co-founder of Render Compliance. With a background that includes leading roles in risk advisory and compliance management at Moss Adams, and significant contributions at BDO USA, LLP, and Peterson Sullivan LLP, Beau brings a wealth of expertise to the forefront of cybersecurity. His credentials, including AWS Security Fundamentals, CISA, and CPA certifications, underscore his deep commitment to the industry. Beau's innovative approach to SOC 2 assessments at Render Compliance is redefining standards, making security compliance both accessible and impactful for businesses striving to build trust in today's digital landscape. Learn more about Paramify: https://www.paramify.com/ Learn more about Beau Butaud: https://www.linkedin.com/in/beaubutaud/ Learn about Beau's approach: https://rendercompliance.com/approach/

Today we had the honor to talk to Jack Rumsey, the Head of GRC at Swimlane. With a rich background in IT security and audit, including roles at DaVita, Schellman, and KPMG, Jack is an expert in compliance standards like SOC II, ISO27001, GDPR, and FedRAMP. Holding a Bachelor's degree in Computer and Information Systems Security from Illinois State University.
In today's episode, we talk about everything from the difficulties of explaining a GRC career to someone outside of GRC, to building GRC tools in OSCAL.
Learn more about Paramify here: https://www.paramify.com/blog/accurate-fedramp-high-ssp-in-less-than-4-hours
Jack Rumsey's LinkedIn: https://www.linkedin.com/in/jack-rumsey-83303469/
The GRC Destroyer: https://grcdestroyer.substack.com/
Learn about Swimlane here: https://swimlane.com/cpg-swimlane-turbine/?utm_source=google&utm_medium=cpc&utm_campaign=17300073347&creative=691938325323&keyword=swimlane&matchtype=b&network=g&device=c&gad_source=1&gclid=CjwKCAiA6KWvBhAREiwAFPZM7qRRyeO8sghv0oF3G_HDQGIORB22_EHb64pCZJFTFI5L-4mIBwcj8hoC8goQAvD_BwE

Today, we're excited to welcome a true luminary in the field of cybersecurity, Fernando Machado. Not only is he the Managing Principal and CISO at Cybersec Investments, LLC, but Fernando is also a recognized Certified Third-Party Assessment Organization (C3PAO) leader. His extensive experience spans over two decades with key roles in companies like L3Harris Technologies and Raytheon. Fernando is the author of "CMMC Simplified," a pivotal resource for understanding the complexities of the Cybersecurity Maturity Model Certification.
In today's episode, Fernando tells us about his invaluable insights on cybersecurity's evolving landscape and the nuances of CMMC 2.0.
Fernando Machado's book CMMC Simplified: https://www.amazon.com/CMMC-Simplified-
Fernando-Machado/dp/1088207707 Fernando Machado's LinkedIn: https://www.linkedin.com/in/fernando-machado-cissp-cism-cca-ccp-5b5581124/
Learn more about Paramify here: https://www.paramify.com/