Trava Security

If there’s one key takeaway from Season 4 of The Tea on Cybersecurity, it’s that cybersecurity is a shared responsibility.&nbsp; With this in mind, host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> wraps up the season by sharing valuable insights that everyone can use. She reflects on the most impactful lessons about compliance, AI, and penetration testing.&nbsp; Key takeaways:<ul><li>The importance of vCISOs and cyber engineers</li><li>How to approach penetration testing and PTaaS</li><li>Why transparency and training are essential for AI safety</li></ul> Episode highlights:(00:00) Today’s topic: Key insights from this season&nbsp;(01:16) The role of vCISOs and cyber engineers(02:47) Responsible AI use(03:51) Penetration testing and PTaaS for small teams Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Key Lessons from Season 4 of The Tea on Cybersecurity

Most companies continually push code, launch new features, and update their infrastructure. However, for many businesses, security testing occurs only once a year. That gap leaves systems exposed to risks that go unnoticed. In this episode, <a href="https://www.linkedin.com/in/anhpham11/" rel="noopener noreferrer" target="_blank">Anh Pham</a>, Director of Penetration Testing at Trava, explains the concept of Penetration Testing as a Service (PTaaS). He shares how it works and why it's more beneficial than one-time pentests. You’ll also learn how AI fits into the picture and what to consider when choosing a provider. Key takeaways:<ul><li>The difference between PTaaS and traditional pentesting</li><li>How PTaaS supports fast-changing environments</li><li>The qualities of a trustworthy PTaaS provider&nbsp;</li></ul> Episode highlights:(00:00) Today’s topic: Penetration Testing as a Service(03:16) PTaaS vs one-time pentests(08:36) How PTaaS works(11:59) Choosing a secure PTaaS provider(13:17) Can AI help in PTaaS?(15:22) A key reminder for businesses getting started Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Anh Pham’s LinkedIn - <a href="https://www.linkedin.com/in/anhpham11/" rel="noopener noreferrer" target="_blank">@anhpham11</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a> Listen to past episodes:Unveiling Vulnerabilities: The Power of Pen Testing - <a href="https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/" rel="noopener noreferrer" target="_blank">https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/</a> Proving Compliance and Security Effectiveness Through Pen Testing - <a href="https://travasecurity.com/learn-with-trava/podcasts/proving-compliance-and-security-effectiveness-through-pen-testing/" rel="noopener noreferrer" target="_blank">https://travasecurity.com/learn-with-trava/podcasts/proving-compliance-and-security-effectiveness-through-pen-testing/</a>

Anh Pham

Director of Penetration Testing and Security at Trava Security

Breaking Down PTaaS: Continuous Security for Modern Companies

Cyber engineering is a broad and often misunderstood field, covering everything from cloud architecture to compliance. But one thing is clear: someone needs to take responsibility for the security of your business’s digital infrastructure. In this episode, host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> is joined by Michael Magyar, vCISO at <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">Trava Security</a>, to explore the intersection of cybersecurity, compliance, and engineering. Michael shares what smart architecture looks like in practice, where organizations often fall short, and how emerging trends like AI impact cyber engineering. Key takeaways:<ul><li>How smart cyber engineering impacts security and operations</li><li>The influence of AI on cyber engineering tasks</li><li>When to seek outside help for technical implementation</li></ul> Episode highlights:(00:00) Today’s topic: Cyber engineering(05:29) The push for more security and compliance(07:44) Being intentional with security architecture(10:33) Cybersecurity engineering in the real world(13:52) Cyber engineering trends and AI&nbsp;(19:37) Discerning when to hire outside experts Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Michael Magyar’s LinkedIn - <a href="https://www.linkedin.com/in/michael-magyar-cyqual/" rel="noopener noreferrer" target="_blank">@michael-magyar-cyqual</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Michael Magyar

vCISO at Trava Security

Understanding Cyber Engineering to Build Stronger Security

The rapid adoption of AI brings opportunities, yet new risks. Strong governance enables organizations to remain innovative while maintaining trust and protecting data. In this episode, host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> welcomes <a href="https://www.linkedin.com/in/jigoldman/" rel="noopener noreferrer" target="_blank">Jim Goldman</a>, Co-Founder of <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">Trava Security</a>, to discuss how clear oversight, board engagement, and high-quality data enable the creation of ethical AI that aligns with business goals.They outline practical steps, common blind spots, and proven frameworks for trustworthy automation. Key takeaways:<ul><li>AI governance versus compliance in plain language</li><li>Why data quality shapes reliable machine output</li><li>How leaders and teams share accountability from policy to practice</li></ul> Episode highlights:(00:00) Today’s topic: AI Governance(02:46) Governance reaches the boardroom(04:09) Big shifts in NIST CSF 2.0(06:01) Governance versus compliance explained(07:45) Data quality risks in AI(10:55) Core parts of a governance framework(13:32) Roles and ownership across teams(14:55) Designing ethical, transparent AI(19:06) Proving accountability in decisions(23:37) Easing public worries with openness(26:41) Criminal abuse and law response Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Jim Goldman’s LinkedIn - <a href="https://www.linkedin.com/in/jigoldman/" rel="noopener noreferrer" target="_blank">@jigoldman</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Jim Goldman

Co-Founder of Trava Security

The Core Pillars of AI Governance

Businesses rely on AI for everything from streamlining communication to managing hiring and forecasting trends. It’s fast, efficient, and deeply embedded in daily operations. But as AI becomes more common, one critical piece is often overlooked: compliance.In this episode, <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> sits down with <a href="https://www.linkedin.com/in/dr-marwan-omar-99a061144/" rel="noopener noreferrer" target="_blank">Dr. Marwan Omar</a>, Chief AI Officer at Insight Assurance, to talk about the growing need for AI compliance. They explore what it really means, why it’s not just a concern for tech giants, and how overlooking it could expose your business to legal, ethical, and reputational risks. Key takeaways:<ul><li>What makes AI compliance different from traditional IT compliance</li><li>Where to start with AI risk assessments</li><li>How real companies have gotten AI compliance wrong</li></ul> Episode highlights:(00:00) Today’s topic: AI compliance and why it matters&nbsp;(05:23) Key laws shaping AI compliance today(07:25) The nuances of AI compliance(10:14) First steps to build AI compliance internally(13:26) How explainability strengthens trust in AI models(15:32) Challenges with regulations and data privacy(18:24) Staying informed as AI laws evolve Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Marwan Omar’s LinkedIn - <a href="https://www.linkedin.com/in/dr-marwan-omar-99a061144/" rel="noopener noreferrer" target="_blank">@dr-marwan-omar</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Dr. Marwan Omar

Chief AI Officer at Insight Assurance

Don’t Overtrust the Robots: The Real Tea on AI Compliance

Many companies start penetration testing to address compliance requirements. However, it can also provide valuable insights beyond just meeting standards. In this episode, host <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe</a> sits down with <a href="https://www.linkedin.com/in/anhpham11/" rel="noopener noreferrer" target="_blank">Anh Pham</a> and <a href="https://www.linkedin.com/in/christina-annechino/" rel="noopener noreferrer" target="_blank">Christina Annechino</a> from Trava to talk about how pen tests uncover hidden risks and strengthen your cybersecurity. They explain compliance frameworks, typical pen test schedules, and common mistakes to avoid. Key takeaways:<ul><li>Compliance frameworks and their pen test requirements</li><li>The different types of penetration testing</li><li>How to prepare your environment for a successful pen test</li></ul> Episode highlights:(00:00) Today’s topic: Penetration Testing and Compliance(03:42) Pen testing compliance frameworks(05:46) The difference between vulnerability scans and pen tests(09:11) How often to conduct pen tests(11:04) Qualities of a good penetration testing vendor&nbsp;(14:34) Making pen testing work on a budget(16:49) Scoping mistakes that limit test outcomes(18:53) Using pen tests to improve overall cybersecurity Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Anh Pham’s LinkedIn - <a href="https://www.linkedin.com/in/anhpham11/" rel="noopener noreferrer" target="_blank">@anhpham11</a>Christina Annechino’s LinkedIn - <a href="https://www.linkedin.com/in/christina-annechino/" rel="noopener noreferrer" target="_blank">@christinaannechino</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a> Listen to a related episode:Unveiling Vulnerabilities: The Power of Pen Testing - <a href="https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/" rel="noopener noreferrer" target="_blank">https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/</a>

Christina Annechino

Security Advisor at Trava

Director of Penetration Testing & Security at Trava

Proving Compliance and Security Effectiveness Through Pen Testing

Think compliance is just an IT problem? It’s a revenue problem, too. Without it, some contracts will stay out of reach. In this episode,<a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank"> Jara Rowe</a> talks with <a href="https://www.linkedin.com/in/thomas-greco-9105994/" rel="noopener noreferrer" target="_blank">Tom Greco</a>, vCISO at Trava Security, about what companies need to know about the Cybersecurity Maturity Model Certification (CMMC). It’s a Department of Defense requirement that verifies whether companies are securely handling Controlled Unclassified Information (CUI). Tom Greco explains what CMMC involves, how scoping affects your readiness, and how to maintain compliance over time. In short, if you want to win or keep federal contracts, CMMC compliance isn’t optional. Key takeaways:<ul><li>What CMMC is and why it exists</li><li>The importance of accurate scoping</li><li>Tools and tips to maintain CMMC compliance</li></ul> Episode highlights:(00:00) Today’s topic: What is CMMC?(02:20) What CMMC means for your business(06:05) The nuances of scoping(10:07) How contracts set your CMMC level&nbsp;(13:44) Self-assessment vs third-party audits(17:36) Maintaining CMMC compliance over time(22:17) Perform gap assessments ASAP Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Thomas Greco’s LinkedIn - <a href="https://www.linkedin.com/in/thomas-greco-9105994/" rel="noopener noreferrer" target="_blank">@thomas-greco</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Tom Greco

Getting CMMC Right: Scope, Budget, and Certification Tips

The Tea on Cybersecurity by Trava

Blog

Linkedin

Cybersecurity—a word we hear all the time. Show of hands for those who actually understand what it means.The Tea on Cybersecurity is here to help educate the newbs on what cybersecurity is, why it is important, and everything in between. The Tea on Cybersecurity is for everyone, but especially those small and medium-sized businesses that are starting their journey in building a cyber risk management program. Each show is about 15-30 minutes long to deliver you with the facts and less fluff.

Key Lessons from Season 4 of The Tea on Cybersecurity

DESCRIPTION

Today's Host

Jara Rowe

Recent Episodes