Resilient Cyber

Resilient Cyber

Playback speed
×
Share post
Share post at current time
0:00
/
0:00
Transcript

Resilient Cyber w/ Mitch Herckis - Securing the Public Sector

Chris Hughes's avatar
Chris Hughes
Oct 15, 2025
Share
Transcript

In this episode, I sit down with Mitchel Herckis, Global Head of Government Affairs at cloud security leader Wiz.

We will be discussing all things public sector and cybersecurity, including the evolution of the FedRAMP program, modernizing vulnerability management and the future of Continuous ATO (cATO).

Thanks for reading the Resilient Cyber Newsletter! Subscribe for FREE and join 40,000+ readers to receive weekly updates with the latest news across AppSec, Leadership, AI, Supply Chain, and more for Cybersecurity.

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 40,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

Prefer to Listen?

Spotify

Apple Podcasts

Be sure to leave a rating and review!

We covered a lot of ground, including:

  • Mitch’s background both at Wiz and inside Government at roles such as OMB

  • How Wiz is working with Federal agencies and Defense Industrial Base (DIB) partners on Cloud Security, including the long-needed overhaul of FedRAMP with FedRAMP 20x’s efforts.

  • The move towards real Continuous Monitoring (ConMon) with real-time visibility of cloud environments, as well as the need for machine-readable artifacts, automations, and streamlined security control assessments.

  • The modernization of vulnerability management, including factors such as attack paths, reachability, exploitability, known exploitation, and the importance of focusing on real risks versus noise.

  • Moving away from paper-based compliance exercises and bridging the gap between security and compliance.

  • Wiz’s role as a CVE Numbering Authority (CNA) and the broader CVE program, including its importance for both the Government and industry when it comes to vulnerability management.

  • To evolving usage of SBOMs and broader supply chain security.

  • Disjointed efforts around the Government at both the Federal at State levels when it comes to Continuous ATO (cATO) and how we can move towards a more cohesive approach to modern system assessment and authorization.

  • The importance of Government Affairs and bridging the divide between industry and Government, including bringing in tech leaders into Government, influencing policy, and improving outcomes for citizens and warfighters alike.

  • The dual-edged sword that is AI adoption in the public sector.

Discussion about this video

User's avatar
© 2025 Chris Hughes
PrivacyTermsCollection notice
Start your SubstackGet the app
Substack is the home for great culture