Blog
Navigating the New SEC Regulation S-P: Why Financial Services Need a vCISO to Bridge Compliance and Framework Integration
The updated SEC Regulation S-P, adopted in May 2024, represents the most significant overhaul of customer data protection requirements for financial institutions since the rule's original introduction in 20001. With compliance deadlines fast approaching—December 3,...
Why I Chose a Cybersecurity Masters in Science Degree Over the CISSP Certification
After spending ~8 years actively managing and learning about cybersecurity — I chose to pursue a MS in Cybersecurity degree over pursuit of a slew of professional certifications. I initially struggled with that decision and my rationale was primarily driven by 4...
I use 3 steps to create Third-Party Cybersecurity Risk Assessments for Small Business
Third Party (vendor) cybersecurity risks are critical for small businesses to understand and mitigate. Fortunately, third party risk assessments are a cottage industry for laws firms and compliance companies.
NIST CSF and 800-53 For The Win!
One of a vCISO’s first tasks should be to pick or affirm an industry cybersecurity framework to use for building and evaluating a cybersecurity program. The NIST Cybersecurity Framework should be considered – but it is too high level to effectively audit and implement without further guidance.
Executive Privacy Under Siege: 8 Critical Steps to Protect Your Leadership Team
In an era where 72% of senior executives face targeted cyberattacks(1) and data breaches cost businesses $4.88 millionon average and $6.08 million on average for financial services firms(2), protecting leadership team privacy has become non-negotiable. The convergence of AI-powered threats, remote work vulnerabilities, and data-hungry apps demands urgent action—both for personal security and corporate survival.