S6E2: Resilient Cyber w/ Jacob Horne

In this episode of Resilient Cyber, host Chris Hughes sits down with Jacob Horne, a cybersecurity expert specializing in the Defense Industrial Base (DIB) and Department of Defense (DoD) compliance. The discussion covers the complex world of NIST 800-171, CMMC (Cybersecurity Maturity Model Certification), and the evolving landscape of DIB compliance.

Key Highlights:

• Jacob’s background as the Chief Cybersecurity Evangelist at Summit 7 and his deep knowledge of DoD Acquisitions, cybersecurity, and compliance.

• Overview of CMMC 2.0 and the importance of verifying long-standing security requirements in DoD contracts.

• The history and significance of NIST 800-171, including its role in securing sensitive unclassified information like Controlled Technical Information (CTI).

• Discussion on the cost of compliance and allowable costs for DIB contractors, and how contractual obligations impact companies' cybersecurity posture.

• The potential for consolidation within the DIB as a result of increasing compliance costs and requirements.

• Cloud Service Providers (CSPs) and Managed Service Providers (MSPs): How the FedRAMP equivalency requirement affects third-party providers and supply chain security.

• Clarifying the common misconception that "compliance isn’t security" and why following standards like NIST 800-171 is crucial for both compliance and effective security.