Kratos
Cyber Compliance & Beyond
Welcome to "Cyber Compliance and Beyond," a Kratos podcast that will bring clarity to compliance, helping put you in control of cybersecurity compliance in your organization. Kratos is a leading cybersecurity compliance advisory and assessment organization, providing services to both government and commercial clients across varying sectors including defense, space, satellite, financial services, and health care. Through "Cyber Compliance and Beyond," our cyber team of experts will share their insights on the latest compliance issues. We want to hear from you! What unanswered question would you...
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
30 - Teaching AI to Protect CUI 16.06.2026 21:49
AI is rapidly transforming how organizations identify, classify, and protect sensitive information, yet many are only beginning to understand what this means for CMMC, CUI, and their broader security programs. In this episode, we explain why understanding your data has become one of the most urgent challenges in modern cybersecurity and how AI‑driven tools can quickly reveal hidden sensitive infor...
29 - Modernizing the Shop Floor: Security, Efficiency and Survival 02.06.2026 34:14
Manufacturing sits at the heart of the Defense Industrial Base, yet many machine shops are only now grappling with what CMMC truly means for handling engineering data. In this episode, Paul Van Metre explains the practical challenges shops face, from managing drawings and CAD models that clearly qualify as CUI to updating decades-old processes never designed for cybersecurity. We discuss why CUI i...
28 - Keeping OT Safe, Secure and Online 19.05.2026 33:21
Operational Technology is everywhere and yet it's often misunderstood or overlooked in traditional security planning. We sat down with OT cybersecurity expert Todd Heflin to unpack the realities of securing systems that directly interact with the physical world, where uptime, safety, and reliability are non-negotiable. With concrete examples and engineering-minded insight, this episode lays out st...
27 - CUI Discovery for CMMC Compliance 12.05.2026 40:34
Scoping is one of the most misunderstood yet essential parts of the CMMC ecosystem. Before organizations implement controls, buy tools, or prepare for assessments, they must first define what is in scope—their data, people, processes, and systems. When done well, scoping reduces costs, limits liability, and streamlines compliance. When done poorly, it increases the risk of assessment failures, whi...
26 - Fixing What Breaks CMMC Assessments 28.04.2026 27:32
Organizations often approach CMMC as a technology problem, but many assessment failures stem from foundational decisions made long before tools and configurations. In this episode, we break down the most common pitfalls we see in CMMC Level 2 assessments—from using non-compliant cloud environments to writing SSPs at the control level instead of the assessment-objective level, creating immediate an...
25 - Building a Reward-Driven Security Culture 07.04.2026 48:07
Phishing has been one of the most reliable tools in an attacker's arsenal for decades. Despite endless simulations, mandatory trainings and a growing set of tools, the problem hasn't gone away. AI-driven targeting makes it smarter, faster and more personal. But the issue isn't just the threat itself. It's how we teach people to recognize and respond to it. In this episode, we sit down with Craig T...
24 - CMMC Architecture: Enclave, Enterprise, or Hybrid? 31.03.2026 36:03
Organizations chasing CMMC often jump straight to "what tech should we buy?" but scoping begins with people, policies, processes and how information actually flows across the business. In this episode offers Clear, candid guidance for any team wrestling with scope and architecture for CMMC and trying to do it right the first time. We walk through the real trade-offs between enclave vs. enterprise...
23 - Building a Culture of Security in the Age of AI Deception 03.03.2026 52:48
We all say security is important, but does our behavior reflect it? In this episode, we explore what it really takes to build a true culture of security inside organizations. Traditional awareness training and phishing simulations often feel surface-level and at times punitive. So how do we move beyond compliance checkboxes to meaningful behavioral change? Joining us is Robert Siciliano, cybersecu...
22 - Preparing for CMMC the Right Way: A Q&A Deep Dive 03.02.2026 17:31
In this Q&A-style episode, we revisit the CMMC landscape following the implementation of the rule and the finalization of the Title 48 procurement rule. We break down what's changed, how CMMC requirements are phased into contracts and most importantly, the types of CMMC services available to help you take your next best step. We dive into boundary identification and definition, gap analysis/assess...
21 - Managing Cyber Risk: The Insurance Component Leaders Shouldn't Overlook 06.01.2026 39:34
In this episode, we take a practical look at how cyber insurance fits into the broader world of organizational risk. While we often talk about risk from a security and compliance perspective, insurance brings its own lens, which has become increasingly important as threats evolve, and claims grow more complex. Today's guest, Mark Westcott, President & CEO of ACNB Insurance, breaks down the types o...
20 - Red Teamers and Pen Testers: Technical, Cloud and Soft Skills 02.12.2025 50:54
There's no shortage of cybersecurity tools, but most compromises don't happen because of technology failures, they happen because of a failure in organizational processes. In today's episode, we explore how penetration testing and red teaming expose the people, processes and operational weaknesses that technology alone cannot. We discuss why security is ultimately a people problem, why organizatio...
19 - Zero Trust 04.11.2025 32:08
In this episode, we dive into Zero Trust and how organizations can put it into practice. With the rise of cloud computing, traditional on-prem networking architectures began to fade. Yet the need for strong security never went away – it evolved. That's where Zero Trust comes in. At its core, Zero Trust isn't just about technology. It's about people, access, and trust – starting with the principle...
18 - The False Claims Act 25.09.2025 29:08
Waste, fraud, and abuse. These three words usually make headlines when government resources are misused on a massive scale. But the truth is, efforts to eliminate waste, fraud, and abuse extend far beyond the headline-grabbing cases. In this episode, our experts explore how the government combats waste, fraud, and abuse, and why cybersecurity is now front and center in the conversation. Over the p...
17 - Cybercrime – Email Threats – Part 4/4 05.08.2025 55:19
Email remains the most common form of non-verbal communication in organizations worldwide. It's where our professional and personal lives often collide – making it a prime target for malicious actors. While the junk mail of the digital age – spam – has mostly faded into the background, the threats haven't gone away. In fact, they've grown far more sophisticated. Our experts explore how email threa...
16 - The Cyber Workforce 02.07.2025 38:53
The cyber workforce is as diverse as the challenges it faces. From process designers and behavioral analysts to business strategists and communicators, cybersecurity thrives on a diversity of skill sets. It's important to understand what it takes to join the field, especially given the current shortage of cybersecurity professionals. In today's episode, we're breaking down the misconception that c...
15 - Cybercrime – Identity Management – Part 3/4 10.06.2025 46:27
Managing identities may be the most difficult and complex task facing any organization today. Often treated as an afterthought in system development, mishandling identity management can lead to serious consequences. Because identities aren't just people — they're also systems and facilities, and managing them effectively requires more than just technology. From powerful service accounts to poorly...
14 - The Intersection of Business and Cybersecurity 06.05.2025 39:42
What are the real costs of cybersecurity implementation? Spoiler alert: it's far more complex than it appears on the surface. Cybersecurity is a people and process problem, not a technology problem. Most of implementation costs come in the form of time, effort and coordination throughout the organization. In this episode, we reach back to the classroom for a refresher on how to conduct effective r...
13 - Cybercrime – Credential Theft – Part 2/4 01.04.2025 51:24
Nothing introduces more complexity to an organization than access control as with access comes privileges. Privileges are needed for many activities within an organization. Couple the need for privileges with the complexity organizational structures and the usual personnel churn and an already complex problem becomes nearly unmanageable. Attackers target credentials for this very reason. Compromis...
12 - Mobile Platform Security 11.03.2025 50:04
Mobile devices have become an extension of ourselves, seamlessly integrated into our daily lives like never before. But as we prioritize convenience—wanting our devices to "just work"—we often overlook security. This episode dives into the growing cybersecurity challenges that come with mobile adoption and what individuals and organizations can do to stay protected. We'll go over: Why reliance on...
11 - CMMC Rollout – Q&A 13.02.2025 28:42
Rolling out a new program always comes with challenges and CMMC has been no exception. Fortunately, we've moved into the implementation phase, with assessments now underway. This milestone not only helps organizations see the real value of the program but also gives us the chance to address lingering questions and clarify uncertainties that could only be resolved through full implementation. With...
10 - The CMMC Training and Certification Ecosystem 07.01.2025 50:13
The CMMC training and certification ecosystem is ambitious as it aims to support training material development and certification of both instructors and assessors. It is currently on a path to providing a strong foundation for CMMC as a whole. In this episode our cybersecurity experts dive into the details and nuances of the training and certification requirements in the CMMC ecosystem. Hear them...
9 - Cybercrime–The Landscape – Part 1/4 03.12.2024 52:23
The news about cybercrime is overwhelming to those who fight to secure our organizations. Cybercrime organizations are sophisticated and constantly changing. But there's a hidden truth in cybercrime attacks: cybercriminals exploit the same weaknesses they've been exploiting for years. This should give us some hope; we know where our organizations are weakest, which gives us a good place to start....
8 - The CMMC Rule … Finally 05.11.2024 26:12
CMMC's security requirements are not new. What is new about CMMC is the level of rigor. With the recent publication of the CMMC rule, DoD is ever closer to requiring contractors to comply with CMMC security requirements and back them up with an assessment. The CMMC Rule, like any new regulation, is packed with details. Details that have been rumored, speculated, and drafted. Now that they're known...
7 - AI and Cyber Compliance 01.10.2024 45:36
AI is bringing speed and velocity never seen before. Some studies show that the output is the equivalent to what 35-40 humans can produce. This speed and velocity is applied to countless use cases across just about every economic sector. Cybersecurity compliance is laden with repetitive, redundant, and time-consuming manual tasks. While humans bring nuanced ingenuity and problem-solving capabiliti...
6 - Supply Chain Security 03.09.2024 39:54
Supply chain security is not new, though it certainly feels as though it is. Thanks to globalization, supply chains are ever growing in their depth, complexity, and interconnectedness. Unfortunately, like so many other systems, security of supply chains hasn't been at the top of the list of things to consider when evaluating supply chains. Understandably, economics led the way. A supply chain exis...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.