On this week's episode of the DIB Innovators podcast, David speaks with Matthew Titcombe, CEO and Sr. Information Security Consultant of Peak InfoSec, to explore the intricacies of cybersecurity compliance. Matt emphasizes the critical role of conducting thorough gap assessments as the first step toward achieving CMMC certification.
He discusses the common challenges organizations face, including a lack of understanding of requirements and cultural resistance to change. Additionally, Matt shares strategies for fostering a culture of security awareness and developing tailored compliance plans. He also provides valuable guidance for businesses looking to navigate the complex landscape of cybersecurity and enhance their security posture.
Topics discussed:
Guest Quotes:
“And I just literally decided I'm just kind of done. Don't want to be a government employee and punched my ticket. Been a serial entrepreneur before, so let's just go start up a security consulting business. Made the wife panic. But I'm like, security is not going away. This is guaranteed jobs. So I wasn't worried about that. Ended up, it was funny. Jumped in, got pulled in by some friends of mine, ended up doing some work for United Launch Alliance underneath IBM. And it was 2016. We were helping them and re-architect their data center, their firewalls, everything else. And in the middle of this, they're like, well, we got to deal with these 853 controls. Okay, easy peasy. I know those.”
“The moment that goes into effect and the updated version of SPRS comes online, it doesn't matter what DoD is doing, because frankly, every prime out there, everybody who's on a teaming partner with a prime, is going to mandate, ‘you need to get your stuff updated in SPRS today.’ So be ready for that pressure in that first month when this starts of updating SPRS.”
“The other thing that — because they're not doing it at the assessment objective, which breaks down the verb noun pairs against each other, so you're cross checking against them all. They don't understand the definitions and then how things fit and work with the other requirements.”
“If it sounds too easy, it is. There is no easy button in this. If they're telling you you can get certified and we can get you through this in a couple months, probably not. Most times when we're helping clients to get ready, it's typically at least a year. The problem is what we really run into. This is not an IT problem, realistically.”
Get in touch with Matthew Titcombe:
Get in touch with your host, David Graff:
Listen to more episodes: