Trava Security

Some companies boast about earning their SOC 2 certification in just two months. While technically possible, that speed usually comes with stress, shortcuts, and costly tradeoffs. In this episode, <a href="https://www.linkedin.com/in/marie-joseph-a81394143/" rel="noopener noreferrer" target="_blank">Marie Joseph</a>, Manager of Compliance Advisory at Trava, explains why true SOC 2 compliance takes more than 60 days. She breaks down the difference between Type 1 and Type 2 reports, outlines what a realistic timeline looks like, and highlights the team effort required to build a sustainable program. Whether you're starting from zero or in the process of certification, this is your SOC 2 reality check. Want to know what it really takes to get SOC 2 certified? Check out our blog, How To Prove SOC 2 Compliance, to see what goes into building a strong program and preparing for a successful audit. Read: https://travasecurity.com/proving-SOC2 Key takeaways:<ul><li>The difference between SOC 2 Type 1 and Type 2&nbsp;</li><li>What a realistic SOC 2 timeline looks like</li><li>How team bandwidth, funding, and tools affect SOC 2 certification</li></ul> Episode highlights:(00:00) SOC 2 in two months: Myth or reality?(03:26) The SOC 2 certification process(06:29) Understanding SOC 2 Type 1 vs. Type 2(10:37) Factors affecting SOC 2 certification speed(11:58) Do you need SOC 2 for VC funding? Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Marie Joseph’s LinkedIn - <a href="https://www.linkedin.com/in/marie-joseph-a81394143/" rel="noopener noreferrer" target="_blank">https://www.linkedin.com/in/marie-joseph-a81394143/</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Marie Joseph

Manager of Compliance Advisory at Trava Security

SOC 2 Certification in 60 Days? Here’s What They’re Not Telling You

The Tea on Cybersecurity by Trava

Blog

Linkedin

Cybersecurity—a word we hear all the time, but do you really know what it means? The Tea on Cybersecurity breaks it down without the confusing jargon. We spill the truth about security and compliance in a way that is easy to understand and actually useful. Perfect for SaaS startups and small to medium sized businesses starting their journey in cybersecurity and compliance. We've learned to keep it short -15-30 minutes per episode - so you get the facts and none of the fluff.

The Tea on Cybersecurity

Cybersecurity can feel overwhelming with its many acronyms, shifting rules, and conflicting advice. That’s why Season 5 of The Tea on Cybersecurity is all about separating fact from fiction. Host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> kicks things off by identifying the common questions business leaders have about SOC 2 certification, automation tools, and AI policies. This season keeps episodes short and to the point, so you can get the info you need without wasting time. Subscribe, share, and send in your questions. Season 5 is just getting started. Episode highlights:(00:00) Welcome to Season 5 of The Tea on Cybersecurity(01:50) Common questions on SOC 2, automation, and AI(02:57) What’s new this season Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Introducing Season 5 of The Tea on Cybersecurity

If there’s one key takeaway from Season 4 of The Tea on Cybersecurity, it’s that cybersecurity is a shared responsibility.&nbsp; With this in mind, host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> wraps up the season by sharing valuable insights that everyone can use. She reflects on the most impactful lessons about compliance, AI, and penetration testing.&nbsp; Key takeaways:<ul><li>The importance of vCISOs and cyber engineers</li><li>How to approach penetration testing and PTaaS</li><li>Why transparency and training are essential for AI safety</li></ul> Episode highlights:(00:00) Today’s topic: Key insights from this season&nbsp;(01:16) The role of vCISOs and cyber engineers(02:47) Responsible AI use(03:51) Penetration testing and PTaaS for small teams Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Key Lessons from Season 4 of The Tea on Cybersecurity

Most companies continually push code, launch new features, and update their infrastructure. However, for many businesses, security testing occurs only once a year. That gap leaves systems exposed to risks that go unnoticed. In this episode, <a href="https://www.linkedin.com/in/anhpham11/" rel="noopener noreferrer" target="_blank">Anh Pham</a>, Director of Penetration Testing at Trava, explains the concept of Penetration Testing as a Service (PTaaS). He shares how it works and why it's more beneficial than one-time pentests. You’ll also learn how AI fits into the picture and what to consider when choosing a provider. Key takeaways:<ul><li>The difference between PTaaS and traditional pentesting</li><li>How PTaaS supports fast-changing environments</li><li>The qualities of a trustworthy PTaaS provider&nbsp;</li></ul> Episode highlights:(00:00) Today’s topic: Penetration Testing as a Service(03:16) PTaaS vs one-time pentests(08:36) How PTaaS works(11:59) Choosing a secure PTaaS provider(13:17) Can AI help in PTaaS?(15:22) A key reminder for businesses getting started Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Anh Pham’s LinkedIn - <a href="https://www.linkedin.com/in/anhpham11/" rel="noopener noreferrer" target="_blank">@anhpham11</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a> Listen to past episodes:Unveiling Vulnerabilities: The Power of Pen Testing - <a href="https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/" rel="noopener noreferrer" target="_blank">https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/</a> Proving Compliance and Security Effectiveness Through Pen Testing - <a href="https://travasecurity.com/learn-with-trava/podcasts/proving-compliance-and-security-effectiveness-through-pen-testing/" rel="noopener noreferrer" target="_blank">https://travasecurity.com/learn-with-trava/podcasts/proving-compliance-and-security-effectiveness-through-pen-testing/</a>

Anh Pham

Director of Penetration Testing and Security at Trava Security

Breaking Down PTaaS: Continuous Security for Modern Companies

Cyber engineering is a broad and often misunderstood field, covering everything from cloud architecture to compliance. But one thing is clear: someone needs to take responsibility for the security of your business’s digital infrastructure. In this episode, host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> is joined by Michael Magyar, vCISO at <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">Trava Security</a>, to explore the intersection of cybersecurity, compliance, and engineering. Michael shares what smart architecture looks like in practice, where organizations often fall short, and how emerging trends like AI impact cyber engineering. Key takeaways:<ul><li>How smart cyber engineering impacts security and operations</li><li>The influence of AI on cyber engineering tasks</li><li>When to seek outside help for technical implementation</li></ul> Episode highlights:(00:00) Today’s topic: Cyber engineering(05:29) The push for more security and compliance(07:44) Being intentional with security architecture(10:33) Cybersecurity engineering in the real world(13:52) Cyber engineering trends and AI&nbsp;(19:37) Discerning when to hire outside experts Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Michael Magyar’s LinkedIn - <a href="https://www.linkedin.com/in/michael-magyar-cyqual/" rel="noopener noreferrer" target="_blank">@michael-magyar-cyqual</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Michael Magyar

vCISO at Trava Security

Understanding Cyber Engineering to Build Stronger Security

The rapid adoption of AI brings opportunities, yet new risks. Strong governance enables organizations to remain innovative while maintaining trust and protecting data. In this episode, host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> welcomes <a href="https://www.linkedin.com/in/jigoldman/" rel="noopener noreferrer" target="_blank">Jim Goldman</a>, Co-Founder of <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">Trava Security</a>, to discuss how clear oversight, board engagement, and high-quality data enable the creation of ethical AI that aligns with business goals.They outline practical steps, common blind spots, and proven frameworks for trustworthy automation. Key takeaways:<ul><li>AI governance versus compliance in plain language</li><li>Why data quality shapes reliable machine output</li><li>How leaders and teams share accountability from policy to practice</li></ul> Episode highlights:(00:00) Today’s topic: AI Governance(02:46) Governance reaches the boardroom(04:09) Big shifts in NIST CSF 2.0(06:01) Governance versus compliance explained(07:45) Data quality risks in AI(10:55) Core parts of a governance framework(13:32) Roles and ownership across teams(14:55) Designing ethical, transparent AI(19:06) Proving accountability in decisions(23:37) Easing public worries with openness(26:41) Criminal abuse and law response Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Jim Goldman’s LinkedIn - <a href="https://www.linkedin.com/in/jigoldman/" rel="noopener noreferrer" target="_blank">@jigoldman</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Jim Goldman

Co-Founder of Trava Security

The Core Pillars of AI Governance

Businesses rely on AI for everything from streamlining communication to managing hiring and forecasting trends. It’s fast, efficient, and deeply embedded in daily operations. But as AI becomes more common, one critical piece is often overlooked: compliance.In this episode, <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> sits down with <a href="https://www.linkedin.com/in/dr-marwan-omar-99a061144/" rel="noopener noreferrer" target="_blank">Dr. Marwan Omar</a>, Chief AI Officer at Insight Assurance, to talk about the growing need for AI compliance. They explore what it really means, why it’s not just a concern for tech giants, and how overlooking it could expose your business to legal, ethical, and reputational risks. Key takeaways:<ul><li>What makes AI compliance different from traditional IT compliance</li><li>Where to start with AI risk assessments</li><li>How real companies have gotten AI compliance wrong</li></ul> Episode highlights:(00:00) Today’s topic: AI compliance and why it matters&nbsp;(05:23) Key laws shaping AI compliance today(07:25) The nuances of AI compliance(10:14) First steps to build AI compliance internally(13:26) How explainability strengthens trust in AI models(15:32) Challenges with regulations and data privacy(18:24) Staying informed as AI laws evolve Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Marwan Omar’s LinkedIn - <a href="https://www.linkedin.com/in/dr-marwan-omar-99a061144/" rel="noopener noreferrer" target="_blank">@dr-marwan-omar</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Recent Episodes

SEASON 5

SOC 2 Certification in 60 Days? Here’s What They’re Not Telling You

Introducing Season 5 of The Tea on Cybersecurity

SEASON 4

Key Lessons from Season 4 of The Tea on Cybersecurity

Breaking Down PTaaS: Continuous Security for Modern Companies

Understanding Cyber Engineering to Build Stronger Security

The Core Pillars of AI Governance

Don’t Overtrust the Robots: The Real Tea on AI Compliance

About The Show

The Tea on Cybersecurity

Jara Rowe

Marketing Manager at Trava