Trava Security

Think compliance is just an IT problem? It’s a revenue problem, too. Without it, some contracts will stay out of reach. In this episode,<a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank"> Jara Rowe</a> talks with <a href="https://www.linkedin.com/in/thomas-greco-9105994/" rel="noopener noreferrer" target="_blank">Tom Greco</a>, vCISO at Trava Security, about what companies need to know about the Cybersecurity Maturity Model Certification (CMMC). It’s a Department of Defense requirement that verifies whether companies are securely handling Controlled Unclassified Information (CUI). Tom Greco explains what CMMC involves, how scoping affects your readiness, and how to maintain compliance over time. In short, if you want to win or keep federal contracts, CMMC compliance isn’t optional. Key takeaways:<ul><li>What CMMC is and why it exists</li><li>The importance of accurate scoping</li><li>Tools and tips to maintain CMMC compliance</li></ul> Episode highlights:(00:00) Today’s topic: What is CMMC?(02:20) What CMMC means for your business(06:05) The nuances of scoping(10:07) How contracts set your CMMC level&nbsp;(13:44) Self-assessment vs third-party audits(17:36) Maintaining CMMC compliance over time(22:17) Perform gap assessments ASAP Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Thomas Greco’s LinkedIn - <a href="https://www.linkedin.com/in/thomas-greco-9105994/" rel="noopener noreferrer" target="_blank">@thomas-greco</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Tom Greco

vCISO at Trava Security

Getting CMMC Right: Scope, Budget, and Certification Tips

The Tea on Cybersecurity by Trava

Blog

Linkedin

Cybersecurity—a word we hear all the time. Show of hands for those who actually understand what it means.The Tea on Cybersecurity is here to help educate the newbs on what cybersecurity is, why it is important, and everything in between. The Tea on Cybersecurity is for everyone, but especially those small and medium-sized businesses that are starting their journey in building a cyber risk management program. Each show is about 15-30 minutes long to deliver you with the facts and less fluff.

The Tea on Cybersecurity

Is your business one cyberattack away from chaos? Most companies don’t think about cybersecurity until they’re in crisis mode—but by then, the damage is done. In this episode, <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> talks with <a href="https://www.linkedin.com/in/michael-magyar-cyqual/" rel="noopener noreferrer" target="_blank">Michael Magyar</a>, an experienced virtual Chief Information Security Officer (vCISO). They cover what a vCISO does, why more companies are choosing virtual over full-time, and how to know when it’s time to bring one in. Michael shares examples of helping businesses avoid costly mistakes, explains how vCISOs assess risk, and offers advice for small teams trying to do more with less. Key takeaways:<ul><li>Common cybersecurity challenges vCISOs help solve</li><li>What a typical engagement with a vCISO looks like</li><li>Advice for SMBs with limited budgets trying to prioritize cybersecurity</li></ul> Episode highlights:(00:00) Today’s topic: Breaking down the role of a vCISO(05:32) vCISO vs. traditional in-house CISO(07:11) Why small businesses benefit from a vCISO(09:53) Real examples of vCISOs making a difference(13:52) What it’s like working with a vCISO(16:00) Key indicators your business needs a vCISO(20:54) How to prioritize cybersecurity on a budget Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Michael Magyar’s LinkedIn - <a href="https://www.linkedin.com/in/michael-magyar-cyqual/" rel="noopener noreferrer" target="_blank">@michael-magyar-cyqual</a> Connect with Trava:Website -<a href="www.travasecurity.com" rel="noopener noreferrer" target="_blank"> </a><a href="https://travasecurity.com/" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog - <a href="https://travasecurity.com/learn-with-trava/blog/" rel="noopener noreferrer" target="_blank">www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Michael Magyar

Security Leadership Without the Full-Time Price Tag for Small Teams

Cybersecurity lingo can be overwhelming, but once you get the hang of the essentials, staying secure becomes much easier. In this episode, host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> sits down with <a href="https://www.linkedin.com/in/marie-joseph-a81394143/" rel="noopener noreferrer" target="_blank">Marie Joseph</a>, Senior Security Advisor at Trava, to break down key terms like vCISO, PII, and cybersecurity maturity models. They also differentiate between terms like hacker vs. threat actor and firewall vs. antivirus by highlighting the nuances that matter most. Plus, Marie reveals why continuous compliance is crucial, and how concepts like attack surface and risk tolerance fit into the bigger picture of your security strategy. Key takeaways:<ul><li>Essential cybersecurity terms and definitions: vCISO, PII, and more&nbsp;&nbsp;</li><li>The importance of understanding and managing your attack surface</li><li>Why cybersecurity compliance can’t be a one-time effort</li></ul> Episode highlights:(00:00) Today’s topic: Understanding cybersecurity terms(01:47) What is a vCISO, and why it benefits small businesses(02:54) Definition of PII, BCP, SIEM, DevSecOps, and BCRA&nbsp;(08:40) Hackers vs. threat actors Explained(10:28) Why businesses need an antivirus and a firewall(13:37) Patch management and cybersecurity attack surfaces(16:04) Continuous cybersecurity compliance(21:27) Recapping cybersecurity essentials Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Marie Joseph’s LinkedIn - <a href="https://www.linkedin.com/in/marie-joseph-a81394143/" rel="noopener noreferrer" target="_blank">@marie-joseph-a81394143</a> Connect with Trava:Website - <a href="https://travasecurity.com/" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog - <a href="https://travasecurity.com/learn-with-trava/blog/" rel="noopener noreferrer" target="_blank">www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Marie Joseph

Senior Security Advisor, Trava

Cybersecurity Lingo Explained: vCISO, PII, and More

Cyber threats are evolving, security rules are tightening, and the idea of a ‘safe network’ is quickly disappearing. So what does that mean for businesses and individuals trying to stay protected?To kick off Season 4, host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> revisits key lessons from past seasons and unpacks the biggest cybersecurity trends shaping the industry today. This season will take a deeper look at AI governance, compliance challenges, and penetration testing—critical areas companies can’t afford to ignore.With cybersecurity changing fast, businesses must decide how to adapt before they fall behind. The answers start here. Key takeaways:<ul><li>Why cybersecurity is a team effort, not just IT’s job</li><li>How AI is changing both cyber defense and cybercrime</li><li>How vCISOs are filling critical security gaps for businesses</li></ul> Episode highlights:(00:00) Today’s topic: How cybersecurity is evolving (01:21) Major lessons from past seasons(05:38) Current cybersecurity trends(08:26) What to expect in season 4 Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with Trava:Website - <a href="https://travasecurity.com/" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog - <a href="https://travasecurity.com/learn-with-trava/blog/" rel="noopener noreferrer" target="_blank">www.travasecurity.com/learn-with-trava/blog/</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Jara Rowe

Marketing Manager, Trava

Introducing Season 4 of The Tea on Cybersecurity

We’ve come to the end of another Season of The Tea on Cybersecurity and you know what that means. Join host Jara Rowe in her ultimate receipts from season 3. She highlights the most important things she has learned from her guests this season including why MFA is key to keeping yourself safe online, how to manage vulnerabilities, what steps you need in preparing for cybersecurity incidents, and how to cultivate trust and transparency within your organizations. Listen in as Jara revisits her conversations with all of our Season 3 guests including Trava CEO Jim Goldman, Craig Saldanha and Mario Vlieg with Insight Insurance, and John Boomershine with BlankInkIT, among others.&nbsp; In this episode, you’ll learn: <ul><li>Multi-Factor Authentication (MFA) is Your Best Friend: It's like adding an extra lock to your door to keep the bad guys out—and who doesn’t want that extra peace of mind? Enabling MFA can be a game-changer in protecting against cyber vulnerabilities. It's easy to implement and adds that essential layer of security without the hassle!</li><li>Bring Your Own Device (BYOD) Take Control of Your Digital Inventory: This is a deep dive on how to make sure all devices, company-owned or personal, are secure and compliant in this digitally diverse world. This is super relevant for those offering flexible work arrangements and want to stay ahead in your cybersecurity game.</li><li>Establishing Trust and Transparency is Key: This isn’t just about securing your systems but also about earning and maintaining the trust of your customers and stakeholders— whether it’s securing communications through encryption or ensuring third-party vendors are just as vigilant.&nbsp;</li></ul> Jump into the conversation: [00:00 - 00:41] Introduction to the Tea on Cybersecurity podcast[00:41 - 3:46] The importance of MFA[03:47 - 05:07] MFA in cyber hygiene[05:08 - 06:02] Employee training as a vital part of cybersecurity defense strategy[06:52 - 07:45] BOYD (bring your own device) and the challenges of inventory management[07:45 - 10:07] A different way to think about risk[10:08 - 12:12] The difference between risks and vulnerabilities[12:18 - 13:24] The difference between breaches and incidents[13:25 - 14:15] What to do if an incident should occur[14:19 - 16:17] Steps to take if an incident were to occur with a third-party vendor[16:18 - 17:58] Why trust is foundational to cybersecurity[17:59 - 19:03] How a compliance framework is like a cookbook[19:03 - 21:21] Cybersecurity in healthcare and banking Connect with the host:<a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe’s LinkedIn</a> Connect with Trava:Website <a href="http://www.travasecurity.com/" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog <a href="http://www.travasecurity.com/blog" rel="noopener noreferrer" target="_blank">www.travasecurity.com/blog</a>LinkedIn <a href="https://www.linkedin.com/company/travasecurity/?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube <a href="https://www.youtube.com/@travasecurity?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">@travasecurity </a>

Craig Saldanha 

Associate Director of Technology Risk and Assurance at Insight Assurance

John Boomershine

Vice President of Security and Compliance at BlackInk IT

Mario Vlieg

ISO Practice Manager at Insight Assurance

Jim Goldman

CEO of Trava Security

Recap on Season 3 - Receipts on The Tea on Cybersecurity

"Multi-factor authentication? You better get it today. Don't wait till tomorrow." – Jim Goldman We talk a lot about SaaS companies in this show, but today, we’re bringing you something a little different. Jim Goldman, CEO of Trava and one of our favorite cybersecurity experts, joins host Jara Rowe to discuss the complexities of cybersecurity across healthcare and banking, including their unique challenges and regulatory requirements. Jim discussed how healthcare organizations navigate a web of medical providers, claims processors, and pharmacies while adhering to the stringent HIPAA regulations. He also discusses how banking and finance sectors have long led the way in cybersecurity, thanks to rigorous compliance standards meant to protect both consumer data and financial integrity. He offers compelling analyses and real-world examples, like how a simple multi-factor authentication (MFA) oversight can lead to billion-dollar repercussions. In this episode, you’ll learn:<ul><li>How the&nbsp; banking and healthcare industries keep our sensitive information safe and how it all comes back to those pesky (yet essential!) regulations</li><li>The importance of regulations like HIPAA and how they help guard this vast data network and ensure your health information stays secure</li><li>Yet another reason why Multi-Factor Authentication (MFA) is a cybersecurity must-have</li></ul> Jump into the conversation:&nbsp;[00:00 - 00:46] Introduction to cybersecurity beyond SaaS and Jim Goldman[00:47 - 02:58] How cybersecurity differs in Healthcare and Banking vs. SaaS[02:58 - 05:41] The most pressing cybersecurity threats facing healthcare organizations today[05:41 - 08:25] How healthcare institutions are adapting their cybersecurity to ensure data integrity[09:17 - 13:00] ​​Key cybersecurity risks in banking and finance and how they are mitigating these risks[13:01 - 14:33] What is GDPR?&nbsp;[14:34 - 15:11] What is PCI DDS?[15:11 - 16:11] How financial institutions prioritize cybersecurity initiatives to maintain compliance[16:45 - 19:48] Jara’s receipts Connect with the Guest:<a href="https://www.linkedin.com/in/jigoldman" rel="noopener noreferrer" target="_blank">Jim Golman’s LinkedIn</a> Connect with the host:<a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe’s LinkedIn</a> Connect with Trava:Website <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog <a href="http://www.travasecurity.com/blog" rel="noopener noreferrer" target="_blank">www.travasecurity.com/blog</a>LinkedIn <a href="https://www.linkedin.com/company/travasecurity/?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube <a href="https://www.youtube.com/@travasecurity?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">@travasecurity </a>

CEO of Trava

Beyond SaaS: What Cybersecurity Looks Like in Healthcare and Banking

"Every business today runs on technology. Every business is a technology business. Right? Even a taco cart uses a little payment thing that you swipe your card in to do that." - Michael Magyar Michael Magyar, a seasoned cybersecurity expert with a decade of experience, joins host Jara Rowe on this episode of The Tea on Cybersecurity to give us the tea on third-party risks. As a penetration tester and a virtual Chief Information Security Officer (vCISO) with Trava, Michael brings unparalleled insight into the challenges and solutions surrounding vendor security.&nbsp;Michael and Jara discuss the complex subject of third-party risks and why every business, big or small, needs to be cautious about their vendors' security practices. From identifying potential risks to evaluating security measures, Michael offers essential steps businesses should take if a vendor experiences a security incident, stressing the importance of containment, breach notification, and calling in the right experts for help. Key Takeaways: <ul><li>Third-Party risks are everywhere and to understand where these gaps could be, think about a vendor or third-party as “outsourced staff”</li><li>What to look out for when working with any vendor or third - party, namely Public Statements of Security</li><li>How to handle a situation if a vendor or third-party of yours is breached</li></ul> Timestamps:[00:00 - 01:24] Introducing Identifying Third-Party Vendor Risks with Michael Magyar, Trava[01:25 - 02:36] Expanding understanding of vendors and third parties[03:59 - 05:25] Real-world examples of third-party risks - SolarWinds in 2020 and XZ Utils in 2024[02:36 - 03:59] How to identify risks associated with vendors and third parties[05:25 - 07:53] Red flags to look out for, plus Microsoft breach&nbsp;[07:54 - 09:16] Penetration testing and third-party security[09:16 - 11:19] Other ways that businesses can help evaluate the security practices of a third-party[11:19 - 12:54] Key cybersecurity measures to look for when working with a vendor[12:54 - 13:40] Why it's essential for businesses to regularly check in on their external partners' cybersecurity efforts[13:41 - 15:42] Cybersecurity steps my company needs to take when signing on with a new vendor[16:41 - 20:02] Jara's Receipts Connect with the Guest:<a href="https://www.linkedin.com/in/michael-magyar-2a6506139/" rel="noopener noreferrer" target="_blank">Michael Magyar's LinkedIn</a> Connect with the host:<a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe’s LinkedIn</a> Connect with Trava:Website <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog <a href="http://www.travasecurity.com/blog" rel="noopener noreferrer" target="_blank">www.travasecurity.com/blog</a>LinkedIn <a href="https://www.linkedin.com/company/travasecurity/?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube <a href="https://www.youtube.com/@travasecurity?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">@travasecurity&nbsp;</a>

Recent Episodes

SEASON 4

Getting CMMC Right: Scope, Budget, and Certification Tips

Security Leadership Without the Full-Time Price Tag for Small Teams

Cybersecurity Lingo Explained: vCISO, PII, and More

Introducing Season 4 of The Tea on Cybersecurity

SEASON 3

Recap on Season 3 - Receipts on The Tea on Cybersecurity

Beyond SaaS: What Cybersecurity Looks Like in Healthcare and Banking

Identifying Third-Party Vendor Risks with Michael Magyar, Trava

About The Show

The Tea on Cybersecurity

Jara Rowe

Marketing Manager at Trava