Resilient Cyber

Nikki - You have a varied background between being a security engineer, consultant, manager, etc. What made you decide to focus more on the compliance aspects of cybersecurity?

Chris - It is often said "Compliance doesn't equal Security". Why do you think this phrase has taken hold, do you think its accurate and how do we evolve beyond it? 

Nikki -  Based on some of your posts about compliance - one specifically about implementing frameworks and guidance from NIST and the CMMC standards - do you think there's a need in the industry to focus more on implementation guides or do you feel like organizations are to complex to create guides? 

Chris - On the topic of compliance frameworks, we seem to be so reactionary, with new frameworks coming after incidents etc. and organizations struggle to keep up. Do you think we have a framework sprawl problem?

Chris - On the topic of 800-171 and CMMC, there's a lot of talk on the topic of affordability and cost and the impact to the small businesses in the DIB, which has already seen massive consolidation. What are your thoughts on this, and how do we balance compliance/security with the need for a robust DIB of suppliers?

Nikki -  What do you think the future of compliance looks like? CMMC and otherwise - do you foresee more legislation around compliance coming down the pike?