The Tea on Cybersecurity

Some companies boast about earning their SOC 2 certification in just two months. While technically possible, that speed usually comes with stress, shortcuts, and costly tradeoffs.In this episode, Marie Joseph, Manager of Compliance Advisory at Trava, explains why true SOC 2 compliance takes more than 60 days. She breaks down the difference between Type 1 and Type 2 reports, outlines what a realistic timeline looks like, and highlights the team effort required to build a sustainable program.Whether you're starting from zero or in the process of certification, this is your SOC 2 reality check.Want to know what it really takes to get SOC 2 certified? Check out our blog, How To Prove SOC 2 Compliance, to see what goes into building a strong program and preparing for a successful audit. Read: https://travasecurity.com/proving-SOC2Key takeaways:The difference between SOC 2 Type 1 and Type 2 What a realistic SOC 2 timeline looks likeHow team bandwidth, funding, and tools affect SOC 2 certificationEpisode highlights:(00:00) SOC 2 in two months: Myth or reality?(03:26) The SOC 2 certification process(06:29) Understanding SOC 2 Type 1 vs. Type 2(10:37) Factors affecting SOC 2 certification speed(11:58) Do you need SOC 2 for VC funding?Connect with the host:Jara Rowe’s LinkedIn - @jararoweConnect with the guest:Marie Joseph’s LinkedIn - https://www.linkedin.com/in/marie-joseph-a81394143/ Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Cybersecurity can feel overwhelming with its many acronyms, shifting rules, and conflicting advice.That’s why Season 5 of The Tea on Cybersecurity is all about separating fact from fiction. Host Jara Rowe kicks things off by identifying the common questions business leaders have about SOC 2 certification, automation tools, and AI policies. This season keeps episodes short and to the point, so you can get the info you need without wasting time.Subscribe, share, and send in your questions. Season 5 is just getting started.Episode highlights:(00:00) Welcome to Season 5 of The Tea on Cybersecurity(01:50) Common questions on SOC 2, automation, and AI(02:57) What’s new this seasonConnect with the host:Jara Rowe’s LinkedIn - @jararoweConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

If there’s one key takeaway from Season 4 of The Tea on Cybersecurity, it’s that cybersecurity is a shared responsibility. With this in mind, host Jara Rowe wraps up the season by sharing valuable insights that everyone can use. She reflects on the most impactful lessons about compliance, AI, and penetration testing. Key takeaways:The importance of vCISOs and cyber engineersHow to approach penetration testing and PTaaSWhy transparency and training are essential for AI safetyEpisode highlights:(00:00) Today’s topic: Key insights from this season (01:16) The role of vCISOs and cyber engineers(02:47) Responsible AI use(03:51) Penetration testing and PTaaS for small teamsConnect with the host:Jara Rowe’s LinkedIn - @jararoweConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Most companies continually push code, launch new features, and update their infrastructure. However, for many businesses, security testing occurs only once a year. That gap leaves systems exposed to risks that go unnoticed.In this episode, Anh Pham, Director of Penetration Testing at Trava, explains the concept of Penetration Testing as a Service (PTaaS). He shares how it works and why it's more beneficial than one-time pentests. You’ll also learn how AI fits into the picture and what to consider when choosing a provider.Key takeaways:The difference between PTaaS and traditional pentestingHow PTaaS supports fast-changing environmentsThe qualities of a trustworthy PTaaS provider Episode highlights:(00:00) Today’s topic: Penetration Testing as a Service(03:16) PTaaS vs one-time pentests(08:36) How PTaaS works(11:59) Choosing a secure PTaaS provider(13:17) Can AI help in PTaaS?(15:22) A key reminder for businesses getting startedConnect with the host:Jara Rowe’s LinkedIn - @jararoweConnect with the guest:Anh Pham’s LinkedIn - @anhpham11Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurityListen to past episodes:Unveiling Vulnerabilities: The Power of Pen Testing - https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/Proving Compliance and Security Effectiveness Through Pen Testing - https://travasecurity.com/learn-with-trava/podcasts/proving-compliance-and-security-effectiveness-through-pen-testing/

Cyber engineering is a broad and often misunderstood field, covering everything from cloud architecture to compliance. But one thing is clear: someone needs to take responsibility for the security of your business’s digital infrastructure.In this episode, host Jara Rowe is joined by Michael Magyar, vCISO at Trava Security, to explore the intersection of cybersecurity, compliance, and engineering. Michael shares what smart architecture looks like in practice, where organizations often fall short, and how emerging trends like AI impact cyber engineering.Key takeaways:How smart cyber engineering impacts security and operationsThe influence of AI on cyber engineering tasksWhen to seek outside help for technical implementationEpisode highlights:(00:00) Today’s topic: Cyber engineering(05:29) The push for more security and compliance(07:44) Being intentional with security architecture(10:33) Cybersecurity engineering in the real world(13:52) Cyber engineering trends and AI (19:37) Discerning when to hire outside expertsConnect with the host:Jara Rowe’s LinkedIn - @jararoweConnect with the guest:Michael Magyar’s LinkedIn - @michael-magyar-cyqualConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

The rapid adoption of AI brings opportunities, yet new risks. Strong governance enables organizations to remain innovative while maintaining trust and protecting data.In this episode, host Jara Rowe welcomes Jim Goldman, Co-Founder of Trava Security, to discuss how clear oversight, board engagement, and high-quality data enable the creation of ethical AI that aligns with business goals.They outline practical steps, common blind spots, and proven frameworks for trustworthy automation.Key takeaways:AI governance versus compliance in plain languageWhy data quality shapes reliable machine outputHow leaders and teams share accountability from policy to practiceEpisode highlights:(00:00) Today’s topic: AI Governance(02:46) Governance reaches the boardroom(04:09) Big shifts in NIST CSF 2.0(06:01) Governance versus compliance explained(07:45) Data quality risks in AI(10:55) Core parts of a governance framework(13:32) Roles and ownership across teams(14:55) Designing ethical, transparent AI(19:06) Proving accountability in decisions(23:37) Easing public worries with openness(26:41) Criminal abuse and law responseConnect with the host:Jara Rowe’s LinkedIn - @jararoweConnect with the guest:Jim Goldman’s LinkedIn - @jigoldmanConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Businesses rely on AI for everything from streamlining communication to managing hiring and forecasting trends. It’s fast, efficient, and deeply embedded in daily operations. But as AI becomes more common, one critical piece is often overlooked: compliance.In this episode, Jara Rowe sits down with Dr. Marwan Omar, Chief AI Officer at Insight Assurance, to talk about the growing need for AI compliance. They explore what it really means, why it’s not just a concern for tech giants, and how overlooking it could expose your business to legal, ethical, and reputational risks.Key takeaways:What makes AI compliance different from traditional IT complianceWhere to start with AI risk assessmentsHow real companies have gotten AI compliance wrongEpisode highlights:(00:00) Today’s topic: AI compliance and why it matters (05:23) Key laws shaping AI compliance today(07:25) The nuances of AI compliance(10:14) First steps to build AI compliance internally(13:26) How explainability strengthens trust in AI models(15:32) Challenges with regulations and data privacy(18:24) Staying informed as AI laws evolveConnect with the host:Jara Rowe’s LinkedIn - @jararoweConnect with the guest:Marwan Omar’s LinkedIn - @dr-marwan-omarConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Many companies start penetration testing to address compliance requirements. However, it can also provide valuable insights beyond just meeting standards.In this episode, host Jara Rowe sits down with Anh Pham and Christina Annechino from Trava to talk about how pen tests uncover hidden risks and strengthen your cybersecurity. They explain compliance frameworks, typical pen test schedules, and common mistakes to avoid.Key takeaways:Compliance frameworks and their pen test requirementsThe different types of penetration testingHow to prepare your environment for a successful pen testEpisode highlights:(00:00) Today’s topic: Penetration Testing and Compliance(03:42) Pen testing compliance frameworks(05:46) The difference between vulnerability scans and pen tests(09:11) How often to conduct pen tests(11:04) Qualities of a good penetration testing vendor (14:34) Making pen testing work on a budget(16:49) Scoping mistakes that limit test outcomes(18:53) Using pen tests to improve overall cybersecurityConnect with the host:Jara Rowe’s LinkedIn - @jararoweConnect with the guest:Anh Pham’s LinkedIn - @anhpham11Christina Annechino’s LinkedIn - @christinaannechinoConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurityListen to a related episode:Unveiling Vulnerabilities: The Power of Pen Testing - https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/

Think compliance is just an IT problem? It’s a revenue problem, too. Without it, some contracts will stay out of reach.In this episode, Jara Rowe talks with Tom Greco, vCISO at Trava Security, about what companies need to know about the Cybersecurity Maturity Model Certification (CMMC). It’s a Department of Defense requirement that verifies whether companies are securely handling Controlled Unclassified Information (CUI). Tom Greco explains what CMMC involves, how scoping affects your readiness, and how to maintain compliance over time. In short, if you want to win or keep federal contracts, CMMC compliance isn’t optional.Key takeaways:What CMMC is and why it existsThe importance of accurate scopingTools and tips to maintain CMMC complianceEpisode highlights:(00:00) Today’s topic: What is CMMC?(02:20) What CMMC means for your business(06:05) The nuances of scoping(10:07) How contracts set your CMMC level (13:44) Self-assessment vs third-party audits(17:36) Maintaining CMMC compliance over time(22:17) Perform gap assessments ASAP Connect with the host:Jara Rowe’s LinkedIn - @jararoweConnect with the guest:Thomas Greco’s LinkedIn - @thomas-grecoConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Is your business one cyberattack away from chaos? Most companies don’t think about cybersecurity until they’re in crisis mode—but by then, the damage is done.In this episode, Jara Rowe talks with Michael Magyar, an experienced virtual Chief Information Security Officer (vCISO). They cover what a vCISO does, why more companies are choosing virtual over full-time, and how to know when it’s time to bring one in. Michael shares examples of helping businesses avoid costly mistakes, explains how vCISOs assess risk, and offers advice for small teams trying to do more with less.Key takeaways:Common cybersecurity challenges vCISOs help solveWhat a typical engagement with a vCISO looks likeAdvice for SMBs with limited budgets trying to prioritize cybersecurityEpisode highlights:(00:00) Today’s topic: Breaking down the role of a vCISO(05:32) vCISO vs. traditional in-house CISO(07:11) Why small businesses benefit from a vCISO(09:53) Real examples of vCISOs making a difference(13:52) What it’s like working with a vCISO(16:00) Key indicators your business needs a vCISO(20:54) How to prioritize cybersecurity on a budgetConnect with the host:Jara Rowe’s LinkedIn - @jararoweConnect with the guest:Michael Magyar’s LinkedIn - @michael-magyar-cyqualConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Cybersecurity lingo can be overwhelming, but once you get the hang of the essentials, staying secure becomes much easier.In this episode, host Jara Rowe sits down with Marie Joseph, Senior Security Advisor at Trava, to break down key terms like vCISO, PII, and cybersecurity maturity models. They also differentiate between terms like hacker vs. threat actor and firewall vs. antivirus by highlighting the nuances that matter most. Plus, Marie reveals why continuous compliance is crucial, and how concepts like attack surface and risk tolerance fit into the bigger picture of your security strategy.Key takeaways:Essential cybersecurity terms and definitions: vCISO, PII, and more  The importance of understanding and managing your attack surfaceWhy cybersecurity compliance can’t be a one-time effortEpisode highlights:(00:00) Today’s topic: Understanding cybersecurity terms(01:47) What is a vCISO, and why it benefits small businesses(02:54) Definition of PII, BCP, SIEM, DevSecOps, and BCRA (08:40) Hackers vs. threat actors Explained(10:28) Why businesses need an antivirus and a firewall(13:37) Patch management and cybersecurity attack surfaces(16:04) Continuous cybersecurity compliance(21:27) Recapping cybersecurity essentialsConnect with the host:Jara Rowe’s LinkedIn - @jararoweConnect with the guest:Marie Joseph’s LinkedIn - @marie-joseph-a81394143Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Cyber threats are evolving, security rules are tightening, and the idea of a ‘safe network’ is quickly disappearing. So what does that mean for businesses and individuals trying to stay protected?To kick off Season 4, host Jara Rowe revisits key lessons from past seasons and unpacks the biggest cybersecurity trends shaping the industry today. This season will take a deeper look at AI governance, compliance challenges, and penetration testing—critical areas companies can’t afford to ignore.With cybersecurity changing fast, businesses must decide how to adapt before they fall behind. The answers start here.Key takeaways:Why cybersecurity is a team effort, not just IT’s jobHow AI is changing both cyber defense and cybercrimeHow vCISOs are filling critical security gaps for businessesEpisode highlights:(00:00) Today’s topic: How cybersecurity is evolving (01:21) Major lessons from past seasons(05:38) Current cybersecurity trends(08:26) What to expect in season 4Connect with the host:Jara Rowe’s LinkedIn - @jararoweConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blog/LinkedIn - @travasecurityYouTube - @travasecurity

We’ve come to the end of another Season of The Tea on Cybersecurity and you know what that means. Join host Jara Rowe in her ultimate receipts from season 3. She highlights the most important things she has learned from her guests this season including why MFA is key to keeping yourself safe online, how to manage vulnerabilities, what steps you need in preparing for cybersecurity incidents, and how to cultivate trust and transparency within your organizations.Listen in as Jara revisits her conversations with all of our Season 3 guests including Trava CEO Jim Goldman, Craig Saldanha and Mario Vlieg with Insight Insurance, and John Boomershine with BlankInkIT, among others. In this episode, you’ll learn:Multi-Factor Authentication (MFA) is Your Best Friend: It's like adding an extra lock to your door to keep the bad guys out—and who doesn’t want that extra peace of mind? Enabling MFA can be a game-changer in protecting against cyber vulnerabilities. It's easy to implement and adds that essential layer of security without the hassle!Bring Your Own Device (BYOD) Take Control of Your Digital Inventory: This is a deep dive on how to make sure all devices, company-owned or personal, are secure and compliant in this digitally diverse world. This is super relevant for those offering flexible work arrangements and want to stay ahead in your cybersecurity game.Establishing Trust and Transparency is Key: This isn’t just about securing your systems but also about earning and maintaining the trust of your customers and stakeholders— whether it’s securing communications through encryption or ensuring third-party vendors are just as vigilant. Jump into the conversation:[00:00 - 00:41] Introduction to the Tea on Cybersecurity podcast[00:41 - 3:46] The importance of MFA[03:47 - 05:07] MFA in cyber hygiene[05:08 - 06:02] Employee training as a vital part of cybersecurity defense strategy[06:52 - 07:45] BOYD (bring your own device) and the challenges of inventory management[07:45 - 10:07] A different way to think about risk[10:08 - 12:12] The difference between risks and vulnerabilities[12:18 - 13:24] The difference between breaches and incidents[13:25 - 14:15] What to do if an incident should occur[14:19 - 16:17] Steps to take if an incident were to occur with a third-party vendor[16:18 - 17:58] Why trust is foundational to cybersecurity[17:59 - 19:03] How a compliance framework is like a cookbook[19:03 - 21:21] Cybersecurity in healthcare and bankingConnect with the host:Jara Rowe’s LinkedInConnect with Trava:Website www.travasecurity.comBlog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

"Multi-factor authentication? You better get it today. Don't wait till tomorrow." – Jim GoldmanWe talk a lot about SaaS companies in this show, but today, we’re bringing you something a little different. Jim Goldman, CEO of Trava and one of our favorite cybersecurity experts, joins host Jara Rowe to discuss the complexities of cybersecurity across healthcare and banking, including their unique challenges and regulatory requirements.Jim discussed how healthcare organizations navigate a web of medical providers, claims processors, and pharmacies while adhering to the stringent HIPAA regulations. He also discusses how banking and finance sectors have long led the way in cybersecurity, thanks to rigorous compliance standards meant to protect both consumer data and financial integrity. He offers compelling analyses and real-world examples, like how a simple multi-factor authentication (MFA) oversight can lead to billion-dollar repercussions.In this episode, you’ll learn:How the  banking and healthcare industries keep our sensitive information safe and how it all comes back to those pesky (yet essential!) regulationsThe importance of regulations like HIPAA and how they help guard this vast data network and ensure your health information stays secureYet another reason why Multi-Factor Authentication (MFA) is a cybersecurity must-haveJump into the conversation: [00:00 - 00:46] Introduction to cybersecurity beyond SaaS and Jim Goldman[00:47 - 02:58] How cybersecurity differs in Healthcare and Banking vs. SaaS[02:58 - 05:41] The most pressing cybersecurity threats facing healthcare organizations today[05:41 - 08:25] How healthcare institutions are adapting their cybersecurity to ensure data integrity[09:17 - 13:00] ​​Key cybersecurity risks in banking and finance and how they are mitigating these risks[13:01 - 14:33] What is GDPR? [14:34 - 15:11] What is PCI DDS?[15:11 - 16:11] How financial institutions prioritize cybersecurity initiatives to maintain compliance[16:45 - 19:48] Jara’s receiptsConnect with the Guest:Jim Golman’s LinkedInConnect with the host:Jara Rowe’s LinkedInConnect with Trava:Website www.travasecurity.comBlog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

"Every business today runs on technology. Every business is a technology business. Right? Even a taco cart uses a little payment thing that you swipe your card in to do that." - Michael MagyarMichael Magyar, a seasoned cybersecurity expert with a decade of experience, joins host Jara Rowe on this episode of The Tea on Cybersecurity to give us the tea on third-party risks. As a penetration tester and a virtual Chief Information Security Officer (vCISO) with Trava, Michael brings unparalleled insight into the challenges and solutions surrounding vendor security. Michael and Jara discuss the complex subject of third-party risks and why every business, big or small, needs to be cautious about their vendors' security practices. From identifying potential risks to evaluating security measures, Michael offers essential steps businesses should take if a vendor experiences a security incident, stressing the importance of containment, breach notification, and calling in the right experts for help.Key Takeaways:Third-Party risks are everywhere and to understand where these gaps could be, think about a vendor or third-party as “outsourced staff”What to look out for when working with any vendor or third - party, namely Public Statements of SecurityHow to handle a situation if a vendor or third-party of yours is breachedTimestamps:[00:00 - 01:24] Introducing Identifying Third-Party Vendor Risks with Michael Magyar, Trava[01:25 - 02:36] Expanding understanding of vendors and third parties[03:59 - 05:25] Real-world examples of third-party risks - SolarWinds in 2020 and XZ Utils in 2024[02:36 - 03:59] How to identify risks associated with vendors and third parties[05:25 - 07:53] Red flags to look out for, plus Microsoft breach [07:54 - 09:16] Penetration testing and third-party security[09:16 - 11:19] Other ways that businesses can help evaluate the security practices of a third-party[11:19 - 12:54] Key cybersecurity measures to look for when working with a vendor[12:54 - 13:40] Why it's essential for businesses to regularly check in on their external partners' cybersecurity efforts[13:41 - 15:42] Cybersecurity steps my company needs to take when signing on with a new vendor[16:41 - 20:02] Jara's ReceiptsConnect with the Guest:Michael Magyar's LinkedInConnect with the host:Jara Rowe’s LinkedInConnect with Trava:Website www.travasecurity.comBlog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity 

“Trust is foundational to both the relationship, interpersonal relationship, B2B relationship. Then also we're having to convey that trust to our customers," - John BoomershineJohn Boomershine– also known as Boomer– sits down with host, Jara Rowe in this episode of The Tea on Cybersecuity to talk about trust and transparency in cybersecurity. As the Vice President of Security and Compliance at BlackInk IT, Boomer brings nearly 40 years of experience in the IT realm, and a wealth of knowledge particularly focused on cybersecurity and compliance. Boomer and Jara discuss why trust and transparency are absolute bedrocks in the world of cybersecurity. Boomer elaborates on the importance of effective communication, revealing how businesses can use privacy policies and FAQ sections to build consumer confidence. He takes us through the game-changing NIST and CIS frameworks and why adopting these can fortify your cybersecurity strategy. Additionally, he stresses the importance of having a solid incident response plan when things go south and emphasizes that cybersecurity is a team effort—everyone has a role to play, from implementing MFA to raising your hand when in doubt.In this episode, you’ll learn: Trust is foundational for cybersecurity in any organization and the cornerstone of a great client relationshipWhy you need to have a superhero plan for cyber incidents to tackle any problem that may come up quickly and efficiently.To boost your customer confidence and safety, you need to adopt a cybersecurity framework to act as your compass, guiding you on what’s essential to protect your business and your data. Things to listen for:[00:00- 00:55]  Introduction to The Tea on Cybersecurity[01:53 - 03:16] Trust is foundational in cybersecurity and business[03:16 - 05:34] Effectively communicating data handling with your customers [05:35 - 08:41] CIS controls framework: 18 sections, 153 safeguards.[08:42 - 11:10] Data collection transparency and where companies should focus on[11:15 - 12:46] Some of the biggest challenges businesses face in maintaining transparency and trust[12:46 - 14:12] Combating cyber threats with teamwork and commitment[14:14 - 16:03] Final thoughts from Boomer[16:17 - 19:55] Jara’s ReceiptsResources:How SOC2 helps you build trust with clients7 Tips for Talking to Your Customers After Getting HackedConnect with the Guest:John Boomershine’s LinkedInConnect with the host:Jara Rowe’s LinkedInConnect with Trava:Website www.travasecurity.comBlog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity 

“Education is by far the most cost-effective tool that you can deploy in your organization before any other types of information, security controls, or complex tools or any additional services. Using the hygiene analogy, you can buy the most expensive toothbrush, and you can buy the fanciest toothpaste. But if you don't teach your child that they need to brush their teeth every night, they're still going to get cavities.” - Mario VliegHost Jara Rowe and guests Craig Saldanha and Mario Vlieg discuss good digital hygiene practices in this episode. We dive into best digital hygiene practices, common weak spots, and digital breach response plans.Learn more about technology trends like AI and machine learning that enhance cyber defenses, practical tips and resources for improving cyber hygiene habits, and future challenges and opportunities in the field. We also explore regulatory standards, frameworks, and compliance, emphasizing their contribution to robust cyber hygiene practices. In this episode, you’ll learn: Why employees should be educated about the latest cyber threats, recognize phishing attempts, and adopting best practices in cybersecurity. What steps organizations and individuals can take to assess and recover effectively in a data breach.Why advancements in technologies are enhancing cyber hygiene efforts even as they introduce new risks. Things to listen for:[01:20 - 02:14] Definition of cyber hygiene[03:12 - 03:59] The role of Employee training and awareness in cyber hygiene[03:59 - 04:52] How often organizations and individuals should review digital hygiene practices[05:08 - 06:00] Emerging technologies that can help with cyber hygiene efforts[06:00 - 08:23] Tips and resources for improving cyber hygiene habits[08:26 - 09:18] Challenges and opportunities in the future of cyber hygiene[09:20 - 10:04] The most cost-effective cyber security tool for early SaaS companies and founders [10:17 - 11:56] What steps organizations should take to assess the impact and recover from a data breach[12:00 - 13:56] How compliance standards and frameworks improve cyber hygiene practices[13:56 - 15:39] Proactive steps to improve cyber hygiene practices[15:47 - 19:15] Jara’s receiptsResources:Cyber Hygiene ExplainedCybersecurity Awareness Training is Not an Option, It’s EssentialData Security 101: Decoding Incidents and BreachesWhy Human Error is the Cause of Most Data BreachesConnect with the Guest:Craig Saldanha’s LinkedInMario Vlieg’s LinkedInConnect with the host:Jara Rowe’s LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“Especially if this is the first time an organization is creating a plan like this, the focus should really be working on it piece by piece to not be overwhelmed. So, start outsmall. What are the designated roles and responsibilities that you have? Then, determine how the plan can best fit your needs. This can be done by assessing what types of incidents are most detrimental to your organization.” - Christina AnnechinoHost Jara Rowe and guest Christina Annechino delve into incident response plans and tabletop exercises in this week’s episode. We’ll identify common challenges with developing incident response plans and the ins and outs of tabletop exercises. Gain tips on forming an incident response plan and insight into the documentation and testing requirements and compliance standards such as NIST, SOC 2, PCI DSS, and ISO 27001. We provide a comprehensive understanding of the critical elements and processes involved in incident response planning, compliance, and tabletop exercises.In this episode, you’ll learn: What defines an incident, and what to include in an incident response plan to be prepared and compliant. Why tabletop exercises are essential for identifying any gaps in the documented processes and procedures and preparing teams for emergencies.How incident response plans and tabletop exercises are crucial in compliance readiness and maintaining security certifications. Things to listen for:[01:58 - 02:40] Definition of an incident and incident response plan[03:55 - 04:34] Tips for creating an incident response plan[04:51 - 05:25] The role of incident response plans in overall risk management[05:33 - 06:00] How incident response plan maintain security and annual certifications[06:21 - 07:05] Definition of a tabletop exercise and its role in incident response plans[07:10 - 08:18] How often to conduct tabletop exercises and their challenges and benefits[08:34 - 09:19] Addressing compliance-related aspects through tabletop exercises[09:30 - 09:59] Compliance standards and the importance of testing incident response capabilities[10:06 - 10:36] Demonstrating a functional incident response plan during compliance audits[10:47 - 10:56] Structure of documentation for incident response plans and tabletop exercises[11:07 - 11:43] Tips on creating an incident response plan and the purpose of tabletop exercises[12:1 - 15:15] Jara’s receiptsResources:Data Security 101: Decoding Incidents and BreachesData Breach Preparedness: Developing an Incident Response Plan7 Tips for Talking to Your Customers After Getting HackedConnect with the Guest:Christina Annechino’s LinkedInConnect with the host:Jara Rowe’s LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“Keeping the inventory up to date, make sure that you have all possible points of entry covered and accounted for, similar to a building. When people try to put safeguards for a building, you're doing it, but just like on a network that you can't really physically see if you're missing an asset, that is a hole for an attacker to get into, and we do not want to give them easy access to things for sure.” - Marie JosephThis episode's conversation covers the basics of asset inventories and asset management with host Jara Rowe and guest Marie Joseph, Senior Security Solutions Engineer at Trava. We discuss the categories of assets and the challenges of establishing a comprehensive asset inventory.Hear how tracking and managing hardware and software within an organization is necessary for cybersecurity compliance. We dissect the impact of Bring Your Own Device (BYOD) policies on asset management, the concept of shadow IT, and the role of automated tools and technologies in asset management tasks.In this episode, you’ll learn: Why asset inventories are a crucial part of cybersecurity and compliance and the challenges of continuous upkeep.How “Bring Your Own Device” (BYOD) policies help and hinder operations, including cybersecurity risk levels.Why most compliance frameworks require companies to maintain different types of inventories to ensure that security and privacy measures are in place and monitored to meet regulatory requirements. Things to listen for:[00:00 - 00:18] Intro to The Tea on Cybersecurity[00:48 - 02:44] The definition of asset inventory and asset management[04:06 - 04:34] Maintaining an accurate software inventory for compliance with licensing agreements[04:34 - 05:51] Common challenges with establishing a complete asset inventory[07:42 - 09:27] Explanation of shadow IT, traditional asset management, and cybersecurity efforts[09:34 - 10:29] How asset management contributes to maintaining compliance.[12:04 - 13:30] Using automated tools in asset management tasks for continuous compliance[13:48 - 14:55] The importance of tracking all devices connected to a network[15:23 - 17:48] Jara’s receiptsResources:From Bonnie and Clyde to Hackers: Taking the First Step to Protecting Your Digital AssetsRegular Software Updates and Patching: The Importance of Staying on Top of ThisConnect with the Guest:Marie Joseph's LinkedInConnect with the host:Jara Rowe’s LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“Not only do we need to understand what risks might exist, but we need to understand what impact that might have. That goes into both the chance that they're going to happen and the chance that they're going to be successful in creating damage, and then also the likely damage that's going to happen from them.” - Michael MagyarOn this week’s episode, host Jara Rowe gets the tea on risk management with Trava’s vCISO consultant, Michael Magyar. Hear what risk management is, how it differs from crisis management, and what considerations fall under each to maintain compliance. This episode serves as a comprehensive guide for listeners looking to gain a better understanding of risk management, compliance, and general cybersecurity practices. Michael encourages a proactive approach to risk assessment and management to enhance organizational cybersecurity with actionable advice. What you’re learn:Why risk management is proactive and crisis management is reactive, and how to approach both from a preparation standpoint.What components of risk management realistically fall under compliance, and why understanding this helps you mitigate potential risk.How to start small with risk assessment to identify possible risks and how they might impact your business to build a foundation for effective risk management and cybersecurity practices. Things to listen for:[02:57 - 03:28] Explanation of risk as exposure to danger, harm, or loss[05:45 - 06:53] The importance of risk management for businesses[06:59 - 07:54] Comparison of risk management and crisis management[08:14 - 10:00] Key components of being proactive in cybersecurity[10:07 - 12:27] The role of risk management in compliance efforts[12:37 - 14:38] Challenges and tips in aligning risk management with compliance standards[15:17 - 17:47] Michael's advice for organizations and general cybersecurity[17:55 - 20:32] Jara’s receiptsResources:How to Choose the Right Cyber Risk Management Solution ProviderWhat is Risk Management?Connect with the host:Jara Rowe’s LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity