Episodes

4 days ago
E055 - Turning Up FEDRAMP to 20X
4 days ago
4 days ago
In this episode of Socializing Security, Brian and Milou discuss the complexities and recent changes to the FedRAMP certification process, which is essential for cloud service providers working with the U.S. government. They explore the challenges of compliance, the costs involved, and the implications of the new FedRAMP 20X program aimed at streamlining the certification process. The conversation highlights the balance between maintaining security standards and making it easier for companies, especially startups, to engage with government contracts.
Chapters00:00 Introduction to FedRAMP and Its Importance02:44 Understanding FedRAMP Certification Levels04:58 Challenges and Costs of FedRAMP Compliance09:51 Recent Changes: FedRAMP 20X Overview16:28 Balancing Security and Efficiency in FedRAMP21:48 Government Partnering with Industry26:42 Conclusion and Looking to the Future

Tuesday Jun 24, 2025
E054 - Building a Data Governance Strategy Part 2
Tuesday Jun 24, 2025
Tuesday Jun 24, 2025
In this episode, Perry Correll joins us to demystify data governance—framing it not as a source of fear, but as a framework for smarter, safer business practices. We explore how different teams within an organization view data through different lenses, and how compliance can serve as a bridge between them to enable both innovation and accountability.
This is part two of a special edition episode that follows a tabletop framework where each of us presents our concerns with implementing a data governance strategy as different representatives from organizational units.

Tuesday Jun 17, 2025
E053 - Building a Data Governance Strategy Part 1
Tuesday Jun 17, 2025
Tuesday Jun 17, 2025
In this episode, Perry Correll joins us to demystify data governance—framing it not as a source of fear, but as a framework for smarter, safer business practices. We explore how different teams within an organization view data through different lenses, and how compliance can serve as a bridge between them to enable both innovation and accountability.
This is a special edition two-part exercise that follows a tabletop framework where each of us presents our concerns with implementing a data governance strategy as different representatives from organizational units.

Tuesday Jun 10, 2025
E052 - Analogies and Storytelling in Tech
Tuesday Jun 10, 2025
Tuesday Jun 10, 2025
In this episode, Jack Bailey joins Milou and Brian to share his extensive experience in IT and sales enablement, emphasizing the importance of effective communication in technology. He discusses the role of storytelling in making complex topics more relatable and the significance of data management strategies. The conversation also touches on the evolving nature of privacy and security, the necessity of sales enablement in startups, and the challenges of technical communication. Jack provides valuable insights into how to engage with different audiences and the importance of understanding their needs.
MEDDIC - https://meddicc.com/meddpicc-sales-methodology-and-processTire swing analogy - https://www.smart-words.org/jokes/how-it-projects-really-work.html
Chapters00:00 Introduction00:37 Introducing Jack Bailey and The Importance of Enablement05:30 Understanding Sales Enablement10:05 Using Analogies for Complex Topics19:00 Frameworks for Effective Communication25:30 The Case for Sales Enablement36:48 The Evolving Fight for Privacy and Security43:14 Reflections51:30 Outro

Tuesday Jun 03, 2025
E051 - A Year of Socializing Security - But What is Security, Really?
Tuesday Jun 03, 2025
Tuesday Jun 03, 2025
It’s been one year of Socializing Security, and in this special anniversary episode, Brian and Milou reflect on what they've learned—and unlearned—about the evolving world of cybersecurity.
From redefining what "security" even means, to unpacking the human element behind most breaches, they explore why security isn’t just a tech problem—it’s a team sport. Tune in as they discuss the shifting role of security across organizations, how privacy and security continue to intersect, and why lifelong learning is essential in this space.
Whether you're a seasoned pro or new to the field, this episode offers a thoughtful look back—and a hopeful look forward.
Chapters
00:00 Celebrating One Year of Socializing Security03:02 Defining Cybersecurity: What It Really Means05:53 Understanding Information Security vs. Cybersecurity08:53 The Importance of Collaboration in Security11:52 Lessons Learned: Evolving Perspectives on Security14:54 The Lifelong Learning Mindset in Cybersecurity21:33 The Growing Importance of Cybersecurity in Infrastructure24:20 Understanding Data Management and Recovery27:23 The Human Element in Cybersecurity29:27 Challenges for Small Businesses in Cybersecurity32:29 The Cost of Security Compliance for Startups35:47 Privacy vs. Security: A Complex Relationship40:32 Trust and Personal Data Management

Tuesday May 27, 2025
E050 - Navigating RSAC
Tuesday May 27, 2025
Tuesday May 27, 2025
In this episode of Socializing Security, the hosts discuss their experiences at the RSA Conference with guest Bharat Jogi, a seasoned attendee. They explore the evolution of the conference, the importance of networking, and share valuable tips for first-time attendees. The conversation also touches on the role of AI in cybersecurity and the significance of making meaningful connections at such events.
Bharat's previous episode: Episode 34 - Researching Threatshttps://youtu.be/Kfbe_FaYwlc https://www.socializingsecurity.com/e/e034-researching-threats
Socialize with Bharat on LinkedIn: https://www.linkedin.com/in/bharat-jogi-3a680b13/
Chapters00:00 Introduction and RSA Experience08:11 Making the Most of Conferences15:50 Evolving Experiences and Technology at Conferences20:41 Tips for RSAC First Timers25:42 Reflections on Conference Experiences28:36 Focusing On The Advantages of In-Person36:02 Closing Out and Outro

Tuesday May 20, 2025
E049 - Assessing Cybersecurity
Tuesday May 20, 2025
Tuesday May 20, 2025
In this episode, Brian interviews Doug Landoll, a cybersecurity expert and assessment specialist with over 30 years of experience. They discuss the nuances of cybersecurity assessments versus compliance, the importance of continuous improvement in security practices, and common mistakes organizations make. Doug shares insights on navigating maturity models in cybersecurity and the ongoing battle between privacy and security, emphasizing that the fight for privacy is as relevant as we allow it to be.Chapters 00:00 Introduction 06:18 Introduction to Cybersecurity Assessments 11:34 Common Assessment Discoveries 15:34 Validating What You Think You Have 20:10 Understanding Maturity Models in Cybersecurity 22:29 The Intersection of Privacy and Security 25:19 Reflections 26:57 The Importance of Security Assessments 29:14 Cybersecurity Maturity

Tuesday May 13, 2025
E048 - IT Priorities
Tuesday May 13, 2025
Tuesday May 13, 2025
In this episode, Brian and Milou socialize with Greg, a Director of IT and Security, discussing various aspects of the IT landscape, particularly in the context of the RSA Conference. They explore the challenges of vendor selection and the importance of building relationships with vendors. The conversation also touches on the cultural shifts within IT organizations, the role of AI in IT support, and the skills needed for hiring in the IT sector. As always, they address the ongoing debate between privacy and security.You can socialize with Greg on LinkedIn: https://www.linkedin.com/in/gregknChapters00:00 Introduction03:05 The RSA Experience and Mobile Studio Setup06:18 Introducing Greg Karp-Neufeld and RSAC07:44 Vendor Selection and Partnership13:37 Helping Vendors Find the Right Market Fit16:13 Building IT to Support Employees24:27 Building IT Teams to Support the Business35:06 Wrapping Up and the Fight for Privacy39:01 Reflections49:20 Outro

Tuesday May 06, 2025
P047 - RSA Conference Recap
Tuesday May 06, 2025
Tuesday May 06, 2025
In this episode, Brian and Milou reflect on their experiences at the RSA Conference, discussing the importance of in-person networking, strategic planning, and the spontaneity that comes with attending such events. They share insights on their expectations, the challenges of balancing work and networking, and the excitement of recording live content. The conversation highlights the growth of their podcasting venture and their commitment to continuing to engage with their audience and industry professionals. Chapters 00:00 Introduction to RSA Conference Experience 02:50 Prioritizing In-Person 09:42 Strategic Planning for Conference Attendance 12:20 Spontaneity and Flexibility at Conferences 21:33 Socializing In Person at RSA 28:25 A Year of Socializing Security 33:25 Wrapping up and Outro

Tuesday Apr 29, 2025
E046 - Is The Cloud Safe?
Tuesday Apr 29, 2025
Tuesday Apr 29, 2025
In this episode of Socializing Security, the hosts dive into the question of whether the cloud is safe. They discuss the evolution of cloud security, comparing it to on-premises solutions, and emphasize the importance of understanding the shared responsibility model between cloud providers and users. The conversation also covers different types of cloud services, compliance, and the significance of data control. Ultimately, they conclude that the cloud can be a safer option for data storage and management, provided users are informed and vigilant.And if you've ever wanted to know how The Chum Bucket and leaky buckets relate to cloud security, this is the episode for you.Chapters00:00 Introduction02:32 Understanding Cloud Security Practices09:25 Defining Cloud Types15:20 Shared Responsibility19:29 A SpongeBob Reference?20:08 You Still Need to Secure Data In The Cloud25:18 Pick Your Clouds Wisely29:03 Summarizing Cloud Safety31:52 Outro