Jacob Hill

GRC Academy

Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform for GRC professionals, executives, and anyone else who wants to increase their knowledge in the GRC space!

Author

Jacob Hill

Category

Technology

Podcast website

grcacademy.io

Latest episode

Nov 18, 2025

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Deltek's Journey to FedRAMP Moderate Equivalency 18.11.2025

I have a surprise for you --- the last GRC Academy podcast! In this last episode, Michael Greenman from Deltek shares the journey to FedRAMP Moderate Equivalency for Deltek Costpoint GovCon Cloud Moderate (GCC-M). And let me tell you, it's quite a story: changes in the control baseline, new policy from the DoW, and lessons learned. Here are some of the biggest takeaways: The real-world implication...

What's Next for GRC Academy and Jacob Hill 04.09.2025

I have an incredible announcement to share! 👀 Before that though, let me share some of my history with you. Back in 2016, I started a side-business called TEKFused LLC focused on web design/hosting. Fast forward to 2022, I launched GRC Academy, and since then I’ve released 3 CMMC courses, released 50+ podcast episodes, and partnered with some amazing companies. Earlier this year, life threw me a...

The Business Case for CMMC - Surviving DOGE 19.06.2025

CMMC certification could be the key to surviving DOGE cuts! 👀 In this episode, I’m joined by Derek Kernus of Aethon Security to discuss the business case for CMMC! This episode was really refreshing to me. Yes, our discussions about deep CMMC topics are important, but learning how to convince your company leadership to make the CMMC investment is even more critical. Here are some takeaways: How C...

The Compliance Playbook to Cybersecurity 05.06.2025

"Compliance is the security referee - frameworks are the playbooks." In this episode, I’m joined by Tim Golden, Founder of Compliance Scorecard, to unpack the misunderstood, and mission-critical world of cyber GRC. Tim shares what he’s learned from decades of hands-on work - from implementing NIST frameworks before “GRC” was even a term, to helping teams understand why writing policies is just as...

How HITRUST Fixes What’s Broken in Cybersecurity Compliance 27.05.2025

Cybersecurity frameworks can learn a lot from HITRUST. In this episode, Ryan Patrick of HITRUST explains how HITRUST approaches the assurance problem, from centralizing the certification process to frequent updates to the control sets based on threat data. I barely knew anything about HITRUST going in, but it’s clear they’re tackling the cybersecurity assurance problem in a radically different way...

CUI Masterclass with Ryan Bonner 09.05.2025

"Outread the others" - that's how Ryan Bonner mastered CUI. If you're confused about Controlled Unclassified Information (CUI) - you're not alone. Many defense contractors (not to mention DoD themselves) misunderstand what is CUI, where it comes from, and how to handle it. In this episode, Ryan Bonner, CEO of DEFCERT, gives a masterclass in understanding CUI from the actual laws and regulations -...

Small Business Achieves CMMC Level 2 Certification: Reynolds Construction's DIY Success Story 24.04.2025

HR guy leads his company to CMMC level 2 certification! 👀 In this episode I’m joined by Eric Fields of Reynolds Construction to learn how he led his business to CMMC level 2 certification! I call him "Eric the Great" - you'll see why in a moment. Eric's background was in HR and business operations. He had no background in IT or cybersecurity. They did it in-house - with just two people and smart...

The FASTEST Way to CMMC Compliance - CUI Enclaves 10.04.2025

CMMC rolls out in a few months and there are STILL companies who are JUST getting started! In this episode I’m joined by Daniel Akridge of Summit 7 to talk about the real challenges facing the Defense Industrial Base - and the FASTEST path to CMMC certification. To CUI Enclave, or not to CUI enclave - that is the question! 👉 Here are some of the highlights: What the big primes are saying about th...

CMMC Will BREAK Your MSP - Axiom's CMMC Level 2 Journey 25.03.2025

“We built a second company from scratch…” Is that what it takes for MSPs to get CMMC'd!?! 👀 In this episode I’m joined by Bobby Guerra and Kaleigh Floyd from Axiom, an IT Managed Service Provider (MSP). They explain exactly what it took to achieve CMMC level 2 certification - after 4 years of effort. Most MSPs aren’t ready for CMMC. Many believe it's just another checkbox, but it’s a complete ope...

CMMC Level 2 Assessments - What to Expect and How to Avoid Disaster 11.03.2025

Preparing for a CMMC assessment, but don't know what to expect? Get ready to learn from CMMC Lead Assessor Fernando Machado as he explains EXACTLY what happens in each phase of the CMMC assessment process! Fernando is the Managing Principal of Cybersec Investments which is an authorized C3PAO. Fernando has been involved with CMMC starting in 2020 as a member of the Cyber AB's Standards Management...

CMMC Mistakes COST Villa-Tech $485,000 25.02.2025

🔥 "I Could Have Saved $300K on CMMC!" 🔥 Miguel is the founder of Villa-Tech, a small but powerful tech company that is breaking into the defense contracting space. Miguel shares a raw and honest look at the costly missteps, lessons learned, and strategies that could save small businesses hundreds of thousands of dollars preparing for CMMC certification! 👉 Here are some highlights: How he could...

CMMC Compliance in AWS Cloud Just Got a LOT Easier 11.02.2025

CMMC and DFARS compliance is hard - especially in the cloud. Got AWS? They've given you tools that make compliance much easier! In this episode, I sit down with Travis Goldbach from Amazon Web Services (AWS) to break down the solutions AWS has created to simplify CMMC and DFARS compliance. 👉 Here are some highlights: AWS compliance automation - reducing manual effort and risk Shared Responsibilit...

CMMC 2.0 Is FINALLY Here - What Happens Next (with Stacy Bostjanick) 07.01.2025

It’s been a long and wild ride on this #cmmc ship! ⛵ In this episode, I speak with Stacy Bostjanick who is the Director of the CMMC program at DoD CIO! Here are some highlights from the episode: Expectations for the initial phase in of CMMC Who determines CMMC levels for contracts? How will CMMC waivers work? Criteria for CMMC level 2 self-assessments and CMMC level 3 Early use of NIST 800-171 r3...

CMMC Disaster: What MSPs Aren't Telling You 19.12.2024

Your MSP could be a CMMC disaster. 💥💣💥 I wish I was joking. In this episode I speak with Joy Beland about the critical role IT Managed Service Providers (MSPs) play in the CMMC space and why so many of them will cause their clients to fail their CMMC assessments. Here are some of the highlights: The NEW critical CMMC requirement for MSPs Why so many MSPs will cause their clients to fail CMMC as...

Healthcare Cybersecurity: Lives are at Stake 13.12.2024

Should you NEVER pay after a ransomware attack? In this episode I speak with Frank Riccardi about cybersecurity in healthcare and the event that triggered much more cyber accountability for the C-suite. Here are some of the highlights: Why healthcare workers are prone to social engineering attacks Reasons you SHOULD and should NOT pay after ransomware attacks Managing shadow IT after acquisitions/...

My MSP Was Hacked - Should I Fire Them? 04.12.2024

Should you fire your MSP?!? 🔥🔥🔥 In this episode, I speak with cybersecurity attorney Sarah Anderson about how to evaluate IT Managed Service Providers and how businesses can protect themselves when relying on them. Here are some of the highlights: How you should evaluate MSPs What to do after your MSP is hacked Managing the cyber incident Cyber insurance pitfalls Should you fire your hacked MSP...

SOC 2 Compliance: ALL The Essentials Simplified 26.11.2024

SOC 2 isn't the only SOC out there! 🧦 In this episode Cera Adams breaks down these SOC reports and what to expect in a SOC audit! Here are a few highlights from this episode: Why CPAs are involved What SOC 1 / SOC 2 / SOC 3 reports mean to providers and consumers Difference between SOC 2 Type 1 and Type 2 reports How SOC scoping and audits work SOC consulting/audit independence requirements Cera...

Android Security Masterclass: What Every Cyber GRC Team Must Know 19.11.2024

Do you use Android at work, but don't really understand it? In this episode Hahna Kane Latonick teaches an Android cybersecurity masterclass for cyber GRC teams: Here are a few highlights from this episode: How the Android project is managed How Android devices are compromised The many steps to update Android devices Most important steps to secure Android devices Is Apple more secure than Android?...

Penn State Cybersecurity False Claims Scandal: Meet the Whistleblower 11.11.2024

Introducing the Penn State Whistleblower. In this episode, the whistleblower explains how he tried to stop Penn State from misrepresenting their NIST 800-171 compliance to the DoD and what he has faced since he blew the whistle! Whistleblower attorney Julie Bracker also shares what the media got wrong in this case and the latest on the Georgia Tech FCA case! Here are a few highlights from this epi...

Microsoft 365 GCC High: The Inside Story with Richard Wakeman 05.11.2024

Confused about Microsoft 365 and DFARS/CMMC compliance? In this episode, I speak with Richard Wakeman, Chief Architect for cybersecurity of Aerospace & Defense @ Microsoft! We discuss the history of the government clouds, the need behind GCC and GCC High, and much more! Here are some highlights: The origins of the Microsoft clouds Which clouds support DFARS 7012 compliance When will GCC High b...

MSP Cyber Exchange: Shield Your MSP from Hackers (MSPCyberX) 01.11.2024

Is your MSP a cybersecurity liability? In this episode, I speak with Brian Hubbard, President of Evolved Cyber Solutions and the MSP Cybersecurity Exchange! We discuss the state of MSP cybersecurity and how MSPCyberX is elevating the security posture of MSPs everywhere! Here are some highlights: Why MSPs are so critical to our nation's security The inevitable regulations that will target MSPs MSPs...

FREE CMMC Cybersecurity Services You NEED to Know About! 01.10.2024

FREE CMMC gap assessments!! FREE penetration tests!! FREE SOC & incident response!! This is a hidden CMMC treasure that no one's talking about! In this episode, I speak with Darren Mott about the FREE cybersecurity services offered to the DIB by the National Cybersecurity Operations Center! Here are some of the FREE services they offer: CMMC gap assessments Penetration testing SOC & Incide...

Mastering GRC - What I Learned from Big Tech! (with Kenneth Moras) 24.09.2024

Want a high paying job in GRC? Want to build a powerful GRC team? In this episode, I spoke with Kenneth Moras, Security GRC Lead at Plaid. Kenneth has worked in critical GRC roles in big tech companies like Adobe and Meta! He was heavily involved in the cyber response to international regulators after severe breaches. Here are some highlights: What you need to do and know to get a job in GRC How t...

Digital Identity Wallets: How They Work and What Big Tech Is Hiding 17.09.2024

Throw away your plastic driver's license - digital IDs have entered the chat! In this episode, I spoke with Dr. Paul Ashley, the CTO of Anonyome Labs. Paul explains how widespread online surveillance is, the evolution of digital identity from centralized to decentralized models, how digital wallets work, and what big tech doesn't want you to know! Here are a few highlights from this episode: Big t...

Georgia Tech Cybersecurity False Claims Scandal: Meet the Whistleblowers 10.09.2024

Introducing the Georgia Tech Whistleblowers. In this episode, the whistleblowers explain how they tried to stop Georgia Tech from allegedly LYING to the government about their NIST 800-171 compliance and what they have faced since they blew the whistle! Whistleblower attorney Julie Bracker also shares what could come next and how much Georgia Tech may have to pay out! Here are a few highlights fro...

Listen to the GRC Academy podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.