The Paramify Podcast

Whether you’re launching a brand-new security program or fine-tuning your existing one, this episode has everything you need to know.
Kenny and Mike are breaking down the 𝗰𝗼𝗻𝘁𝗿𝗼𝗹 𝗮𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 𝗽𝗵𝗮𝘀𝗲𝘀 – why they matter and how they can transform your security processes.
Here’s what’s on deck in this episode of The Paramify Podcast:- How to plan your security framework so it’s rock-solid from the start.- Common pitfalls in frameworks like FedRAMP (and how to avoid them, no trench runs required).- The importance of boundaries, collaboration, and a digital-first approach.- Real-world lessons (and Star Wars stories) for simplifying security challenges.
𝗟𝗶𝘀𝘁𝗲𝗻 𝗻𝗼𝘄 and learn how planning, assessing, and reporting can level up your risk management game.

We’ve heard you. We all want to know just how much it cost The Empire when the first Death Star was blown to oblivion by a young boy from Tatooine? How could the Empire let this happen?
Kenny Scott and Mike Schreiner dive deep into risk management and cybersecurity—all through the lens of Star Wars.
Kenny uses Star Wars analogies to break down key concepts like:• 𝗔𝘀𝘀𝗲𝘁𝘀  (Death Stars)• 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀  (Thermal Exhaust Ports)• 𝗧𝗵𝗿𝗲𝗮𝘁𝘀 (X-wings)• 𝗖𝗼𝗻𝘁𝗿𝗼𝗹𝘀 (Force fields, turrets, the Dark Side and Darth Vader)• 𝗥𝗶𝘀𝗸 𝗧𝗿𝗲𝗮𝘁𝗺𝗲𝗻𝘁 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝗶𝗲𝘀:     • 𝗠𝗶𝘁𝗶𝗴𝗮𝘁𝗲 all by yourself     • 𝗦𝗵𝗮𝗿𝗲 risk like pizza     • 𝗧𝗿𝗮𝗻𝘀𝗳𝗲𝗿 it to some do-gooder     • 𝗔𝗰𝗰𝗲𝗽𝘁 the risk (aka, just flat out ignore it)     • 𝗔𝘃𝗼𝗶𝗱 the risk it cuz you’re just too scared.
Whether you're looking to build a risk management program OR just geek out over Star Wars references, this episode has something for you.

Today we’re talking to Tony Bai. He’s got 25 years of experience in cyber defense and operations, Tony Bai serves as the Chief Solutions Officer at RISCPoint. A United States Air Force veteran and lots of leadership experience at leading consulting organizations. Tony specializes in FedRAMP, CMMC and other NIST frameworks and is a leading voice on their latest developments that seem to be pretty intense these days. This is a great episode!
 
Learn more about Tony Bai:
https://www.linkedin.com/in/williamtbai/
 
Learn more about RISCPoint:
RISCPoint is an industry-leading management consulting firm, specializing in cybersecurity, compliance, and risk management, providing both strategy and tactical implementation. Our founding vision is a seamless integration with your team, focusing on creating impactful solutions to help you achieve your objectives.
https://www.riscpoint.com/ https://www.riscpoint.com/services/public-sector
https://www.riscpoint.com/contact
 
Learn more about Kenny Scott:
https://www.linkedin.com/in/kenny-g-scott/
 
Learn more about Paramify:
https://www.paramify.com/

We're talking with Mandy Andress, Chief Information Security Officer (CISO) at Elastic. Mandy is making a huge impact in the security industry as the author of Surviving Security: How to Integrate People, Process, and Technology, a Top 100 CISO (C100) Award recipient, and a LinkedIn Top Voice. Her leadership goes well beyond her role as CISO – she's also a trusted advisor to many organizations, a frequent speaker at global conferences like BlackHat and Networld + Interop, and a driving force behind Elastic's IPO success.
Learn more about Mandy Andress:Mandy's Linkedin: https://www.linkedin.com/in/mandyandress/
Learn more about Elastic:Elastic's Website: https://www.elastic.co/
Learn more about Kenny Scott:Kenny's LinkedIn: https://www.linkedin.com/in/kenny-g-scott/
Learn more about Paramify:Paramify's website: https://www.paramify.com/

Today, we’re honored to have Michael Carter on the show! Michael is the Managing Partner and Co-founder of Fortreum. Michael brings over two decades of expertise in cybersecurity and compliance, specializing in FedRAMP, FISMA, PCI, and more. He has held key leadership roles at Coalfire and Veris Group, shaping compliance strategies for top organizations across both government and commercial sectors. Michael’s deep insights into security and risk management make him a leading voice in the industry.
Learn more about Michael Carter: / carte2ms
Learn more about Fortreum: https://fortreum.com/
Learn more about Kenny Scott: / kenny-g-scott
Learn more about Paramify: https://www.paramify.com/

Today, we're honored to have Alexander Stein on the show. Alexander has a host of experience in Cybersecurity. He has worked as an IT Cybersecurity Specialist at the National Institute of Standards and Technology (NIST). With over two years at NIST focusing on Information Technology and Vulnerability Management, Alex has also held key roles at Flexion Inc. as a Security Practice Lead and Application Security Engineer,
and at BAM Technologies Learn more about Alexander Stein here: LinkedIn:   / alexanderjstein  
GitHub: github.com/aj-stein.
Learn more about NIST: https://www.nist.gov/
 
Learn more about Kenny Scott: LinkedIn:   / kenny-g-scott   Learn more about Paramify: Website: https://www.paramify.com/ LinkedIn:   / dashboard  

Today, we're honored to have Michael Clauser, on the show. Mike is the Founder & Managing Director of Ark where he helps tech and defense companies navigate government relations. He is a seasoned professional in government affairs, cybersecurity, and national security. Michael has led pivotal roles at Okta, Access Partnership, Analog Devices, and Fujitsu Limited, and served as a national security aide in the Pentagon. With a decade as an Intelligence Officer in the U.S. Navy, he has also held leadership roles supporting veterans and contributing to public policy. 
Learn more about Michael Clauser: LinkedIn: https://www.linkedin.com/in/michaelaclauser/
Learn more about Ark: https://ark.ga/
Learn more about Kenny Scott: LinkedIn: https://www.linkedin.com/in/kenny-g-scott/
Learn more about Paramify: Website: https://www.paramify.com/
LinkedIn: https://www.linkedin.com/company/80788473/admin/dashboard/

Today we're honored to have Matt Hillary on the podcast. Matt is the Vice President of Security and Chief Information Security Officer at Drata. He is a seasoned cybersecurity leader with 15 years of experience and a passion for enabling innovation. 
Learn more about Matt Hillary:LinkedIn: https://www.linkedin.com/in/matthewhillary/Matt Hillary's Forbes Article: https://www.forbes.com/sites/forbestechcouncil/2024/06/20/privacy-by-design-and-its-impact-on-security-and-grc/
Learn More about Drata:Drata's Website: https://drata.com/Drata's LinkedIn: https://www.linkedin.com/company/drata/posts/?feedView=all
Learn more about Paramify: Paramify's Website: https://www.paramify.com/Paramify's LinkedIn: https://www.linkedin.com/company/80788473/admin/dashboard/
Matt Hillary brings over 15 years of experience in executive security leadership, risk management, and compliance. His impressive track record includes roles at Lumio, Weave HQ, Workfront, and Instructure. Matt holds a Master’s in Information Systems Management from Brigham Young University and is a CISA-certified professional. Known for his strong technical background, positive leadership style, and effective communication, Matt is dedicated to building tailored security solutions that drive measurable success.

Today we're honored to have Eric Evans on the show! Eric is the Founder and CTO of HanaByte, he is a cloud security and compliance expert. He has led security initiatives for startups to Fortune 10 companies and is a renowned public speaker on cloud security and compliance automation.
Learn more about Hanabyte:
https://www.hanabyte.com/ https://www.linkedin.com/company/hanabyte/posts/?feedView=all
Hanabyte's write-up on the OMB Memo:
https://www.hanabyte.com/a-look-at-the-modernizing-fedramp-memo/
Eric Evans's LinkedIn: https://www.linkedin.com/in/ericgonzalesevans/
Kenny Scott's LinkedIn: https://www.linkedin.com/in/kenny-g-scott/
Learn more about Paramify: https://www.paramify.com/

Today, we're honored to be joined by Den Jones, Founder and CEO of 909Cyber and a veteran in cybersecurity. With a robust career that includes roles as Chief Security Officer at SonicWall, CSO at Banyan Security and Senior Director of Enterprise Security at Cisco, Den brings a wealth of experience to the table. He's a Stanford alumnus with a focus on Cyber Security and Executive Strategy, holds a Higher National Certificate in Computing from West Lothian College, and is a certified CISSP. Den also hosts 'Get IT Started. Get IT Done.', a podcast that discusses the cybersecurity industry. He’s here to share his expertise on the evolving cybersecurity landscape, tackling complex security challenges, and his approach to leadership in this crucial sector.
Learn more about Den Jones: https://www.linkedin.com/in/denwjones/
Get IT Started. Get IT Done. Podcast: https://podcasters.spotify.com/pod/show/banyan-security
Learn more about Paramify here: https://www.paramify.com/
Learn more about Kenny Scott: https://www.linkedin.com/in/kenny-g-scott/