Trava Security

The rapid adoption of AI brings opportunities, yet new risks. Strong governance enables organizations to remain innovative while maintaining trust and protecting data. In this episode, host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> welcomes <a href="https://www.linkedin.com/in/jigoldman/" rel="noopener noreferrer" target="_blank">Jim Goldman</a>, Co-Founder of <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">Trava Security</a>, to discuss how clear oversight, board engagement, and high-quality data enable the creation of ethical AI that aligns with business goals.They outline practical steps, common blind spots, and proven frameworks for trustworthy automation. Key takeaways:<ul><li>AI governance versus compliance in plain language</li><li>Why data quality shapes reliable machine output</li><li>How leaders and teams share accountability from policy to practice</li></ul> Episode highlights:(00:00) Today’s topic: AI Governance(02:46) Governance reaches the boardroom(04:09) Big shifts in NIST CSF 2.0(06:01) Governance versus compliance explained(07:45) Data quality risks in AI(10:55) Core parts of a governance framework(13:32) Roles and ownership across teams(14:55) Designing ethical, transparent AI(19:06) Proving accountability in decisions(23:37) Easing public worries with openness(26:41) Criminal abuse and law response Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Jim Goldman’s LinkedIn - <a href="https://www.linkedin.com/in/jigoldman/" rel="noopener noreferrer" target="_blank">@jigoldman</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Jim Goldman

Co-Founder of Trava Security

The Core Pillars of AI Governance

The Tea on Cybersecurity by Trava

Blog

Linkedin

Cybersecurity—a word we hear all the time. Show of hands for those who actually understand what it means.The Tea on Cybersecurity is here to help educate the newbs on what cybersecurity is, why it is important, and everything in between. The Tea on Cybersecurity is for everyone, but especially those small and medium-sized businesses that are starting their journey in building a cyber risk management program. Each show is about 15-30 minutes long to deliver you with the facts and less fluff.

The Tea on Cybersecurity

Businesses rely on AI for everything from streamlining communication to managing hiring and forecasting trends. It’s fast, efficient, and deeply embedded in daily operations. But as AI becomes more common, one critical piece is often overlooked: compliance.In this episode, <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> sits down with <a href="https://www.linkedin.com/in/dr-marwan-omar-99a061144/" rel="noopener noreferrer" target="_blank">Dr. Marwan Omar</a>, Chief AI Officer at Insight Assurance, to talk about the growing need for AI compliance. They explore what it really means, why it’s not just a concern for tech giants, and how overlooking it could expose your business to legal, ethical, and reputational risks. Key takeaways:<ul><li>What makes AI compliance different from traditional IT compliance</li><li>Where to start with AI risk assessments</li><li>How real companies have gotten AI compliance wrong</li></ul> Episode highlights:(00:00) Today’s topic: AI compliance and why it matters&nbsp;(05:23) Key laws shaping AI compliance today(07:25) The nuances of AI compliance(10:14) First steps to build AI compliance internally(13:26) How explainability strengthens trust in AI models(15:32) Challenges with regulations and data privacy(18:24) Staying informed as AI laws evolve Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Marwan Omar’s LinkedIn - <a href="https://www.linkedin.com/in/dr-marwan-omar-99a061144/" rel="noopener noreferrer" target="_blank">@dr-marwan-omar</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Dr. Marwan Omar

Chief AI Officer at Insight Assurance

Don’t Overtrust the Robots: The Real Tea on AI Compliance

Many companies start penetration testing to address compliance requirements. However, it can also provide valuable insights beyond just meeting standards. In this episode, host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> sits down with <a href="https://www.linkedin.com/in/anhpham11/" rel="noopener noreferrer" target="_blank">Anh Pham</a> and <a href="https://www.linkedin.com/in/christina-annechino/" rel="noopener noreferrer" target="_blank">Christina Annechino</a> from Trava to talk about how pen tests uncover hidden risks and strengthen your cybersecurity. They explain compliance frameworks, typical pen test schedules, and common mistakes to avoid. Key takeaways:<ul><li>Compliance frameworks and their pen test requirements</li><li>The different types of penetration testing</li><li>How to prepare your environment for a successful pen test</li></ul> Episode highlights:(00:00) Today’s topic: Penetration Testing and Compliance(03:42) Pen testing compliance frameworks(05:46) The difference between vulnerability scans and pen tests(09:11) How often to conduct pen tests(11:04) Qualities of a good penetration testing vendor&nbsp;(14:34) Making pen testing work on a budget(16:49) Scoping mistakes that limit test outcomes(18:53) Using pen tests to improve overall cybersecurity Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Anh Pham’s LinkedIn - <a href="https://www.linkedin.com/in/anhpham11/" rel="noopener noreferrer" target="_blank">@anhpham11</a>Christina Annechino’s LinkedIn - <a href="https://www.linkedin.com/in/christina-annechino/" rel="noopener noreferrer" target="_blank">@christinaannechino</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a> Listen to a related episode:Unveiling Vulnerabilities: The Power of Pen Testing - <a href="https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/" rel="noopener noreferrer" target="_blank">https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/</a>

Christina Annechino

Security Advisor at Trava

Anh Pham

Director of Penetration Testing & Security at Trava

Proving Compliance and Security Effectiveness Through Pen Testing

Think compliance is just an IT problem? It’s a revenue problem, too. Without it, some contracts will stay out of reach. In this episode,<a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank"> Jara Rowe</a> talks with <a href="https://www.linkedin.com/in/thomas-greco-9105994/" rel="noopener noreferrer" target="_blank">Tom Greco</a>, vCISO at Trava Security, about what companies need to know about the Cybersecurity Maturity Model Certification (CMMC). It’s a Department of Defense requirement that verifies whether companies are securely handling Controlled Unclassified Information (CUI). Tom Greco explains what CMMC involves, how scoping affects your readiness, and how to maintain compliance over time. In short, if you want to win or keep federal contracts, CMMC compliance isn’t optional. Key takeaways:<ul><li>What CMMC is and why it exists</li><li>The importance of accurate scoping</li><li>Tools and tips to maintain CMMC compliance</li></ul> Episode highlights:(00:00) Today’s topic: What is CMMC?(02:20) What CMMC means for your business(06:05) The nuances of scoping(10:07) How contracts set your CMMC level&nbsp;(13:44) Self-assessment vs third-party audits(17:36) Maintaining CMMC compliance over time(22:17) Perform gap assessments ASAP Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Thomas Greco’s LinkedIn - <a href="https://www.linkedin.com/in/thomas-greco-9105994/" rel="noopener noreferrer" target="_blank">@thomas-greco</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Tom Greco

vCISO at Trava Security

Getting CMMC Right: Scope, Budget, and Certification Tips

Is your business one cyberattack away from chaos? Most companies don’t think about cybersecurity until they’re in crisis mode—but by then, the damage is done. In this episode, <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> talks with <a href="https://www.linkedin.com/in/michael-magyar-cyqual/" rel="noopener noreferrer" target="_blank">Michael Magyar</a>, an experienced virtual Chief Information Security Officer (vCISO). They cover what a vCISO does, why more companies are choosing virtual over full-time, and how to know when it’s time to bring one in. Michael shares examples of helping businesses avoid costly mistakes, explains how vCISOs assess risk, and offers advice for small teams trying to do more with less. Key takeaways:<ul><li>Common cybersecurity challenges vCISOs help solve</li><li>What a typical engagement with a vCISO looks like</li><li>Advice for SMBs with limited budgets trying to prioritize cybersecurity</li></ul> Episode highlights:(00:00) Today’s topic: Breaking down the role of a vCISO(05:32) vCISO vs. traditional in-house CISO(07:11) Why small businesses benefit from a vCISO(09:53) Real examples of vCISOs making a difference(13:52) What it’s like working with a vCISO(16:00) Key indicators your business needs a vCISO(20:54) How to prioritize cybersecurity on a budget Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Michael Magyar’s LinkedIn - <a href="https://www.linkedin.com/in/michael-magyar-cyqual/" rel="noopener noreferrer" target="_blank">@michael-magyar-cyqual</a> Connect with Trava:Website -<a href="www.travasecurity.com" rel="noopener noreferrer" target="_blank"> </a><a href="https://travasecurity.com/" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog - <a href="https://travasecurity.com/learn-with-trava/blog/" rel="noopener noreferrer" target="_blank">www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Michael Magyar

Security Leadership Without the Full-Time Price Tag for Small Teams

Cybersecurity lingo can be overwhelming, but once you get the hang of the essentials, staying secure becomes much easier. In this episode, host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> sits down with <a href="https://www.linkedin.com/in/marie-joseph-a81394143/" rel="noopener noreferrer" target="_blank">Marie Joseph</a>, Senior Security Advisor at Trava, to break down key terms like vCISO, PII, and cybersecurity maturity models. They also differentiate between terms like hacker vs. threat actor and firewall vs. antivirus by highlighting the nuances that matter most. Plus, Marie reveals why continuous compliance is crucial, and how concepts like attack surface and risk tolerance fit into the bigger picture of your security strategy. Key takeaways:<ul><li>Essential cybersecurity terms and definitions: vCISO, PII, and more&nbsp;&nbsp;</li><li>The importance of understanding and managing your attack surface</li><li>Why cybersecurity compliance can’t be a one-time effort</li></ul> Episode highlights:(00:00) Today’s topic: Understanding cybersecurity terms(01:47) What is a vCISO, and why it benefits small businesses(02:54) Definition of PII, BCP, SIEM, DevSecOps, and BCRA&nbsp;(08:40) Hackers vs. threat actors Explained(10:28) Why businesses need an antivirus and a firewall(13:37) Patch management and cybersecurity attack surfaces(16:04) Continuous cybersecurity compliance(21:27) Recapping cybersecurity essentials Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Marie Joseph’s LinkedIn - <a href="https://www.linkedin.com/in/marie-joseph-a81394143/" rel="noopener noreferrer" target="_blank">@marie-joseph-a81394143</a> Connect with Trava:Website - <a href="https://travasecurity.com/" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog - <a href="https://travasecurity.com/learn-with-trava/blog/" rel="noopener noreferrer" target="_blank">www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Marie Joseph

Senior Security Advisor, Trava

Cybersecurity Lingo Explained: vCISO, PII, and More

Cyber threats are evolving, security rules are tightening, and the idea of a ‘safe network’ is quickly disappearing. So what does that mean for businesses and individuals trying to stay protected?To kick off Season 4, host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> revisits key lessons from past seasons and unpacks the biggest cybersecurity trends shaping the industry today. This season will take a deeper look at AI governance, compliance challenges, and penetration testing—critical areas companies can’t afford to ignore.With cybersecurity changing fast, businesses must decide how to adapt before they fall behind. The answers start here. Key takeaways:<ul><li>Why cybersecurity is a team effort, not just IT’s job</li><li>How AI is changing both cyber defense and cybercrime</li><li>How vCISOs are filling critical security gaps for businesses</li></ul> Episode highlights:(00:00) Today’s topic: How cybersecurity is evolving (01:21) Major lessons from past seasons(05:38) Current cybersecurity trends(08:26) What to expect in season 4 Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with Trava:Website - <a href="https://travasecurity.com/" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog - <a href="https://travasecurity.com/learn-with-trava/blog/" rel="noopener noreferrer" target="_blank">www.travasecurity.com/learn-with-trava/blog/</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Recent Episodes

SEASON 4

The Core Pillars of AI Governance

Don’t Overtrust the Robots: The Real Tea on AI Compliance

Proving Compliance and Security Effectiveness Through Pen Testing

Getting CMMC Right: Scope, Budget, and Certification Tips

Security Leadership Without the Full-Time Price Tag for Small Teams

Cybersecurity Lingo Explained: vCISO, PII, and More

Introducing Season 4 of The Tea on Cybersecurity

About The Show

The Tea on Cybersecurity

Jara Rowe

Marketing Manager at Trava