Episode #
34
Eric Adams of Federal Cyber Defense Solutions on Controls, Context, and Compliance
Show Notes
In this week's episode of the Future of Cyber Risk podcast, David speaks to Eric Adams, CEO/CISO at Federal Cyber Defense Solutions. They discuss what FedRAMP and FISMA are, how to use NIST as a roadmap to federal compliance, and what controls you need to implement for those requirements. They also talk about the need for vulnerability context and continuous monitoring, the importance of having leadership support behind your compliance efforts, and how AI will impact the future of security — but only if it's used for good.
Topics discussed:
How to understand the differences in NIST, FISMA, and FedRAMP and how NIST is the roadmap that can lead you to federal compliance.
How to better understand the controls you need to apply for something like FedRAMP compliance.
Why you need to have leadership commitment and support behind your security compliance efforts.
Why you can be compliant but not secure and what questions and suggestions can guide your efforts to increase security.
Why vulnerability prioritization based on context and continuous monitoring needs to be part of your compliance approach.
How the future of security will include more automation and AI — but only if it's used properly.
Quotes from Episode
#1.)
"NIST is a government framework, and it's updated by many people that are working on the NIST program, and there's many additional documents within the NIST publication set that come out and they're updated. And so NIST has been around for a while. FISMA, the law of federal information systems, has been around since 2002. So FISMA is the law. NIST is kind of the roadmap of how to go about the compliances for government systems." (3:40-4:12)
#2.)
"You can be compliant and still not be secure. The way that you should approach it is, you first pass, you can make sure that you're compliant with the controls." (15:35)