WhatsApp Privacy Policy 2021 – I told you so.
11th February 2021
There are new WhatsApp features available in markets outside of the United States that help connect the dots as to why the new policy would strip user privacy to help facilitate business-to-consumer interaction on WhatsApp. Ultimately, the privacy policy would encourage business accounts on WhatsApp to link up with Facebook’s back-end analytics infrastructure.
-- READ MORE
Human Root of Trust
14th January 2021
The Human Root of Trust is composed of the key pieces that allow someone to confidently identify a human on the Internet.
-- READ MORE
SOC 2 Compliance is Cybersecurity Customized, not Prescribed.
3rd December 2020
Does this sound familiar to you? The Sales team at your company keeps getting pushback from potential customers, particularly the larger ones. They insist on asking lots of invasive pre-sales questions about your company’s security practices, and it’s bogging down the process and you’re losing deals. The Director of Sales notices that many of the…
-- READ MORE
Free Cybersecurity Training: Good, but not Great.
24th November 2020
An employee at a company gets an email that looks like it’s from their boss, asking them to open a link or download an attachment for a project. The employee performs the task as requested, only to later discover their account was compromised! This employee was the victim of a social engineering phishing attack, where…
-- READ MORE
Three Keys to a Great Internal Audit
19th November 2020
I don’t remember much about middle school. It was the 80s, though, and things were certainly different back then. We had real chalk boards (with erasers that needed periodic clapping), gender-separated gym classes, and junk food and soda in the vending machines. One memory, in particular, has stayed with me. It happened in science class…
-- READ MORE
Password Hints: Could your ex guess your password?
12th November 2020
The first passwords I used as a kid all featured my first and favorite Pokémon, Mudkip. Sometimes I would include a number (mudkip96), or a number, uppercase, and a special character (Mudkip96!), but the passwords all featured my favorite fictional axolotl nonetheless. It was easy to remember and if I ever did forget, the password…
-- READ MORE
Announcing the First vCISO Cybersecurity Scholarship Winner!
10th November 2020
UPDATE (January 2021): The information presented in this article is out-of-date for the round of scholarship applications taking place in 2021. For up-to-date information on the scholarship, please visit this page. The original article appears unaltered below. ~~~ The world gets a little more digital every day, opening more and more cyber vulnerabilities for bad…
-- READ MORE
How to be a CSA STAR
5th November 2020
Cybersecurity standards, certifications, and frameworks read like so much alphabet soup: AICPA TSP SOC 2, CSA STAR, ISO/IEC 27001, NIST SP 800-53. What does it all mean? Is my food trying to tell me something? There are so many options with so many messy acronyms, it’s hard to keep track of them, remember what they…
-- READ MORE
When SIMPLE Simply Isn’t
15th October 2020
Our company is growing. Last year at this time, we were, collectively, three humans and two plants. Today, we are five humans, four plants, and a dog, and are in search of two more humans (and maybe some cats). And so I sat down last month with Jon Bicknell, our terrific financial planner, to help…
-- READ MORE
My Fintech Cybersecurity Journey – Out of the Bubble
30th September 2020
I’ll admit it – when I joined Fractional CISO earlier this year, I had no idea what it would really be like as a Virtual CISO. I knew that my new position — providing cybersecurity leadership to clients across all sorts of industries — would be very different than my previous eight years as a…
-- READ MORE
Elon Musk: Cybersecurity’s Iron Man
17th September 2020
Earlier this week, while taking a break from home schooling (don’t ask), I happened to be browsing a list of the world’s billionaires. You can probably guess who’s leading the pack – Bezos, Gates and Zuckerberg, of course. But did you know that Tesla founder, Elon Musk, is consistently among the top five? I have…
-- READ MORE
Virtual CISO (vCISO)
14th September 2020
A Virtual Chief Information Security Officer (vCISO) helps organizations to protect their infrastructure, data, people and customers. A vCISO is a top security expert that builds the client organization’s cybersecurity program. The Virtual CISO works with the existing management and technical teams. You may be wondering if your organization needs a vCISO. This article aims…
-- READ MORE
Pro Tip: Google Vault
25th August 2020
If you are a G Suite user and are concerned that important documents could accidentally be deleted or significantly edited, you’ll want to use Google Vault. Unlike Google Drive, which doesn’t protect against mass deletions or edits, Google Vault does! Set up is easy and it adds a layer of protection for your business-critical data. (Note that we…
-- READ MORE
Three Lessons From the Garmin Ransomware
20th August 2020
Maybe you were wondering a couple of weeks ago, why your super-fit, never-misses-a-day-of-exercise neighbor had suddenly stopped leaving the house for his morning run. Had he finally decided to join the rest of us in late-night Netflix binging and unchecked consumption of Ben and Jerry’s Chubby-Hubby ice cream? Sadly, no. He stopped running, temporarily, because Garmin — the…
-- READ MORE
COVID and Cyber Hygiene: Not That Different
16th July 2020
“We are doing a good job with social distancing. We stay inside a bubble.” I’ve heard this kind of thing from many friends and neighbors recently regarding their COVID behavior. But I’m not exactly buying it. For many, the “bubble” — the small group of close friends and relatives we have each chosen to interact with freely…
-- READ MORE
How Do You Pronounce CISO?
15th July 2020
One of my clients pronounces it SIS-so. Another one spells out C-I-S-O. That got me thinking: why do I pronounce CISO, SEE-so? But before I answer that question, what exactly is a CISO and how can it benefit your organization? What Is a CISO? A Chief Information Security Officer (CISO) is a business leader focused…
-- READ MORE
Fintech Virtual CISO Case Study
13th July 2020
A North Carolina-based Fintech Provider needed to improve its cybersecurity. Find out how Fractional CISO helped them in our newly published case study! https://fractionalciso.com/wp-content/uploads/2020/07/Fractional-CISO-Fintech-Virtual-CISO-Case-Study-July-2020.pdf To learn more about our Fintech Virtual CISO program check out this link.
-- READ MORE
WhatsApp vs Signal vs Telegram Security in 2020
1st July 2020
Have you ever been creeped out by an advertisement showing up in your social media feed about a product you recently mentioned in a chat? Not long ago, I was chatting with a friend on Facebook Messenger about which wireless earbuds to buy. Didn’t Google it. Didn’t say it out loud. Just casually discussed it…
-- READ MORE
Pro Tip: Exercise Caution with G Suite Marketplace Apps
23rd June 2020
G Suite Marketplace Apps are “applications that can be added to an entire domain or to individual G Suite accounts.” They integrate with the Admin console and make it easy to complete common tasks (mail merges, form publishing, password management, etc.) or connect to frequently used apps like Dropbox or Zoom. And, they have a…
-- READ MORE
Managing Supply Chain Havoc
18th June 2020
I have been an Amazon customer since 1999 and a Prime member for over a decade. Until recently, I have been pleased — thrilled, on occasion — by Amazon’s ability to deliver (literally) on its promise of fast and reliable service. Lately, however, and even though I continue to pay for two-day shipping through Prime, most things I have…
-- READ MORE
SOC 2 Type 1 vs Type 2
10th June 2020
When you are getting your SOC 2, should you get a Type 1 or a Type 2? It’s easy to say to get a Type 2 but sometimes that might be difficult. In the video below We explore the various considerations around a Type 1 vs a Type 2. SOC 2 Type 1 vs Type…
-- READ MORE
How Secure Are Your Employees’ Home Networks?
21st May 2020
Everyone: “Rob, why don’t you deposit checks from your phone?” Me, Pre-Pandemic: “Use the app on my phone? Are you crazy? The bank is right around the corner. It’s so easy to deposit checks there. If my phone were stolen, the attacker would have a leg up on getting my banking information. I feel safer at the bank.”…
-- READ MORE
Starting your cybersecurity program
20th May 2020
How do you get your cybersecurity program started? We know of a lot of mid-sized companies that struggle with getting their cybersecurity program going. Before you hire cybersecurity experts there is significant progress that an organization can make on its own. Don’t believe me? Even when you hire an expert, you will need a team…
-- READ MORE
FCISO
18th May 2020
Why when you search for FCISO doesn’t the Fractional CISO website come up? I’ll tell you why… Up until this point, we haven’t cared about the FCISO search term. However, now we are going to start using #FCISO for our LinkedIn hashtag so we do care about it. Fractional CISO provides FCISO services to its…
-- READ MORE
How to set up Threat Intelligence via Slack for Free
14th May 2020
Are you finding it hard to keep up with new major cybersecurity vulnerabilities that could affect your environment? Unless cybersecurity is your full-time job, you’re probably not spending a lot of time wading through blog posts and listening to hours of podcasts just to keep up with every breaking story. Most of us really just…
-- READ MORE
SOC 2 vs ISO 27001
11th May 2020
Should you get a SOC 2 or ISO 27001? We get that question all of the time. The answer is simple… It depends. A SOC 2 is an attestation report that a CPA firm evaluates for effective security controls. ISO 27001 is a certification that says that an organization is following a set of cybersecurity…
-- READ MORE
How to Gamify Your Incident Response Planning (And Make It Fun)
7th May 2020
Zombies are attacking the perimeter. They’ve made it past the outer defense wall and are trying to breach the inner wall. You’ve bolstered your gateway defenses, but the flood of zombies found a weakness. Their attack breaks through. What do you do? Roll for initiative. No, this isn’t one of those Dungeons and Dragons articles or…
-- READ MORE
Correct Horse Battery Staple Review – Password Advice
1st May 2020
The “Correct Horse Battery Staple” piece at xkcd is still so popular! I guess if you want something to live on then make a comic about it… In the comic, you have an example of the type of password that we’ve been taught to create by IT systems over the past couple of decades (Tr0ub4dor&3)….
-- READ MORE
Pro Tip: Sending Secrets via Signal
20th April 2020
How do you send a secret key or password to another team member? You can’t just hand someone a sticky note! That’s why we recommend downloading and using the Signal app. Signal has end-to-end encryption and has been vetted by some of the top security minds. We use Signal when sharing passwords, birthdates, files containing confidential materials and…
-- READ MORE
Fast and Easy Video Conferencing Comes With a Price
10th April 2020
Back when I was a kid, my grandfather would never talk about money on the phone. Even face-to-face, if he had to say the word out loud, he would whisper it, as if speaking normally would somehow invite a visit from nefarious forces. I can’t really blame him. He was a first generation American whose Jewish parents had…
-- READ MORE
G Suite Access Control Audit Tip
29th March 2020
Here’s a G Suite tip that will save you lots of time figuring out who your administrators are. From the admin console go to Reports > Users > Account Activity. Admin Status will tell you who is a “Super Admin,” “Admin” or “None.” Hey Google, “Can you make this easier to find?”
-- READ MORE
Are You Treating Your Cybersecurity Like a Rental Car?
19th March 2020
My wife and I took our two kids down to Sarasota, Florida a few weeks ago, to visit my parents. There was a fair amount of rental car logistics involved (don’t ask), and when it came time to pick up the car, I brought along my dad. I signed the papers, grabbed the keys and…
-- READ MORE
Why the Corp.com Sale Matters to You
24th February 2020
The Corp.com website is being sold (likely price: $1.7 million). Why should you care? Because many companies use corp.com as their second level domain for their Active Directory. As explained in this helpful article, it means that, “[W]hoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being…
-- READ MORE
Every Company Needs a Jessica
20th February 2020
Where I live, you’re not allowed to park on the street overnight. Unless, that is, you apply for and receive an official town parking pass. So I called my town hall to learn more. Who answered the phone? Jessica. (Not her real name.) Who processes the parking applications? Jessica. Who is also responsible for block…
-- READ MORE
Should I become a Virtual CISO? What I wish I had read 30 months ago
12th February 2020
This article is written as advice for aspiring Virtual CISOs (vCISO). This is the third part in a series. If you haven’t read the 18-month and 25-month ones, you should. They’re here: https://fractionalciso.com/18-months-in-what-ive-learned-starting-a-cybersecurity-company/ https://fractionalciso.com/25-months-in-what-ive-learned-starting-a-cybersecurity-company/ Know, like, trust, buy These magic words: “know, like, trust, buy” are the key to success in the Virtual CISO business….
-- READ MORE
Just Okay Is Not Okay
16th January 2020
These days, I don’t watch much live TV. The exception is sports. And with football playoffs in full swing, I’ve seen a fair number of commercials along the way. One that has stood out involves a surgeon: Here, too, just okay is not okay. Security is Fundamental to IT MSPs face a big challenge. They support…
-- READ MORE
Don’t Click That Link!
19th December 2019
Anyone who says there is no difference between boys and girls, has never coached youth basketball. I coach at our local YMCA — 3rd/4th graders with my son; 1st/2nd graders with my daughter. And let me tell you, I’m not even sure these two populations are of the same species. Here’s a prime example… When…
-- READ MORE
Disney+ Account Compromise
5th December 2019
There are many Disney Plus accounts available for sale by fraudsters. Attackers use Credential Stuffing and Password Spraying attacks to gain access to these accounts. CNBC has more details on the compromises. What are Credential Stuffing and Password Spraying Attacks? Credential Stuffing is when attackers take known email addresses and passwords from one site compromise…
-- READ MORE
SSCP: Gliding into a New Security Career
3rd December 2019
How many paragliding instructors do we have out there? Okay, not a lot. But what if you were one looking to make a career change into cybersecurity? Take it from this former paragliding instructor, here’s the way to glide into a new cybersecurity career. Before I found out about the SSCP certification, the landscape of…
-- READ MORE
Can You Hear Me Now?
21st November 2019
Here is a sentence you have probably never heard: “Alexa, send our company banking credentials to a cyber-criminal.” Nobody, of course, would deliberately invite their smart speaker to share confidential information with bad actors. And the software itself (Alexa, Google Home, etc.) is not designed to do bad things. But, that doesn’t mean bad things…
-- READ MORE
3 Tips to Make Your Vulnerability Report Pop
6th November 2019
Have you ever been the victim, I mean, read a vulnerability report? It looks like the world is about to end with all of the red tens and lots of numbers all over the place. Technical humans trying to make sense of the information mumble things like, “I guess we have to patch” or “um,…
-- READ MORE
Sales troubles? Call the cybersecurity specialist!
29th October 2019
It is so non-intuitive. Yet, each time I try to explain it, I get puzzled looks. This is usually how it goes…. “I help business leaders create a cybersecurity program and story to unblock sales.” “Huh?” But it is true. More often than not our clients make the decision to hire us because they are…
-- READ MORE
How many organizations have access to my email?
11th September 2019
Here’s a scenario: You are sending a confidential email to an employee at another company that’s based overseas. You need to share the information with the person at that company, but you don’t want the information to get out beyond that connection. How many organizations will have access to that email? Answer: More than you…
-- READ MORE
SOC 2 Certification: How to Get One
29th August 2019
There has been a huge trend in the US for technology companies to get their SOC 2 attestation report. How do we know? We’ve helped a number of companies achieve their compliance. This blog post explores many of the considerations that our clients go through in their quest for a SOC 2. Why SOC 2?…
-- READ MORE
25 months in: What I’ve learned starting a cybersecurity company
31st July 2019
This is the second part in a series. If you haven’t read the 18 month one, you should. It’s here: https://fractionalciso.com/18-months-in-what-ive-learned-starting-a-cybersecurity-company/ After re-reading my 18-month blog post I couldn’t believe how much has changed with our business and with me in just six months. Okay, seven months but I started writing this post at the…
-- READ MORE
vCISO video
8th July 2019
Have you ever wondered what a vCISO is or why you should hire one? Now in just 71 seconds with this vCISO video you can learn everything you have ever wanted to about what a Virtual CISO is and how they can help your organization. Want to watch the vCISO video on YouTube? Check it…
-- READ MORE
IoT Platforms: The Top Six
30th May 2019
I recently finished a small consulting engagement where the client asked me about if they should build an IoT platform. I’ll give you the same advice I gave them, but for free. “Don’t do it.” Let’s talk about the underlying challenges with today’s IoT platforms. It’s a very weird market. Think of it this way:…
-- READ MORE
Fractional CISO in the news
3rd April 2019
We’ve gotten some great first quarter 2019 press exposure covering a range of cybersecurity topics. First, our article covering the Four Signs You’re Ready for a Virtual CISO was published by the Security Ledger in February. We walk you through the key reasons for choosing a vCISO including because of customer input, regulatory requirements, mergers…
-- READ MORE
Meraki Review: Is it the right Security Appliance for your organization?
27th March 2019
You may be considering making changes to your network or starting a new company or branch office. What should you do to minimize your organization’s cybersecurity risk? When we moved into a new office, I was responsible for setting up the network. This included selecting the right network equipment for our organization. As a security…
-- READ MORE
Pen Test. Do I need one?
13th March 2019
“Yes, but…” That is the right answer 95% of the time. Almost every organization needs a penetration test or pen test. Organizations with mature security programs don’t need to ask the question. They already know the answer based on their program and plan. Organizations that are asking that question are operating from the right mindset….
-- READ MORE
WiFi Pineapple: Can Still Compromise Your Network in 2019
30th January 2019
Suppose you see a few people in a rented car, parked across a street at a hotel, next to an office. Does this sound suspicious to you at all? Not at all! Right? In a real-life version of this story, those people were attempting to perform a cyber-attack on the Organization for the Prevention of…
-- READ MORE
Cybersecurity Breach Bankruptcy: It Does Happen
23rd January 2019
“Companies don’t go out of business due to a cybersecurity breach,” say several well-versed cybersecurity experts. When I give them counter-examples to disprove their point, they list it as an aberration. Here’s a less catchy but more accurate statement: “Large companies usually don’t go out of business due to a large cybersecurity breach. They can…
-- READ MORE
NIST Cybersecurity Resources During the Shutdown
9th January 2019
They did what? During the government shutdown, which has now gone on for over two weeks, the clever folks at the National Institute of Standards and Technology (NIST) took down many of the resources that the cybersecurity community relies on to help protect society. The NIST Cybersecurity department has indispensable frameworks and other tools that…
-- READ MORE
Top Fractional CISO blogs of 2018
26th December 2018
It’s that time of year… the top lists of 2018. Here at Fractional CISO we are not immune to the phenomenon. So, we’ll shamelessly follow suit with our top blogs of 2018. #6 Actual breaking news… Typeform Data Breach: 100,000 Records and Counting We are usually a commentary site. But sometimes we get a scoop….
-- READ MORE
3 Reasons Why Cryptocurrency Won’t Become Mainstream
19th December 2018
Some say to never kick a cryptocurrency when its down. But I will. The recent Bitcoin crash has brought the question to light of the long-term viability of cryptocurrencies. Will they come back, or won’t they? I don’t know. What I do know is that cryptocurrencies have some serious structural challenges. These challenges will prevent…
-- READ MORE
SOC 2 Audit: How to Comply with the Tough New Changes
11th December 2018
SOC 2 Audit: How to Comply with the Tough New Changes Companies that want SOC 2 audit certification are scrambling to get in front of new requirements from the American Institute of Certified Public Accountants (AICPA). The AICPA has released additional information on what’s needed for a SOC 2 audit. SOC 2 audits finished after…
-- READ MORE
18 months in: What I’ve learned starting a cybersecurity company
28th November 2018
After twentyish years working for someone else, I quit my corporate job and started a cybersecurity consulting company. While it seemed risky at the time, now I can’t imagine doing anything else. When I first quit, I got questions like, “You have clients lined up, right?” and “What are you really doing?” The answers, “no”…
-- READ MORE
Does your organization need a Password Manager?
6th November 2018
Yes, your organization needs a Password Manager! Now that we’ve answered one of the most frequently asked questions, let’s spend the rest of this blog post explaining why. How else would a person keep track of the 191 passwords an average employee needs to manage? Here are some of the possible solutions for managing the…
-- READ MORE
Understanding IoT Identity
9th October 2018
What is a surefire way to mess up the security of your IoT implementation? Use the same secret for all of your devices? Allow former employees to access the devices in the system? How about leave default passwords on devices? It turns out that there are a lot of surefire ways to mess things up….
-- READ MORE
Four steps to securing your IoT Identity from ex-employees
6th September 2018
When you see one of those cybersecurity stories about how an ex-employee “hacked” a company with terrible consequences, do you think that could never be us? Or do you think, I’m glad we don’t have anyone like that around! Many companies are exposed to the former insider risk, they fortunately haven’t been tested by a…
-- READ MORE
Is your website about to go dark?
1st August 2018
Encryption hasn’t always been a standard on the Internet – in earlier days, most webmasters simply used HTTP, instead of the HTTPS format. HTTP means no encryption for the website. So all the private information- names, addresses, passwords, that are collected can be “heard” by any one “listening in”. These days, many companies are moving…
-- READ MORE
Typeform Data Breach: 100,000 Records and Counting
12th July 2018
The list of customers affected by the Typeform data breach has grown in the past week. So has the number of personal records exposed. This article aims to collect all of this data in one location. What is Typeform? Typeform conducts customer surveys and quizzes for other companies using their service. The web-based platform allows…
-- READ MORE
Cybersecurity Risk Assessment – A Better Way
8th June 2018
What do cybersecurity pros mean when they talk about a “high vulnerability” or “high risk?” – if you’ve ever scratched your head listening to someone present a cybersecurity risk assessment, you’re not alone. Many of us have these questions about risk: What does a high vulnerability mean to a business? How do we rank cybersecurity...
-- READ MORE
IoT cybersecurity standards
29th May 2018
Fractional CISO’s own Rob Black is featured in the current Security Ledger podcast discussing IoT cybersecurity standards. Rob discusses the state of IoT security standards, the challenges the industry faces and what is next for IoT security standards. Check out the podcast here. Coverage of the podcast and the upcoming Security of Things Forum here….
-- READ MORE
Do I need a CISO? A guide for NY Financial Advisors
18th August 2017
New York State has instituted significant cybersecurity regulations. Do they apply to Registered Investment Advisors (RIA)? While the Department of Financial Services does not regulate RIAs, following their guidance can help to protect the organization. Additionally, RIAs that handle insurance or certain other securities are subject to the regulation. Appointing a Chief Information Security Officer…
-- READ MORE
What small RIAs need to do to comply with NY DFS cybersecurity regulations
23rd March 2017
The State of New York is the first state in the country to issue a regulation that specifically requires certain cybersecurity policies, procedures, controls and personnel for financial firms. This regulation affects all organizations regulated by the New York State Department of Financial Services (DFS). That includes everyone registered under the Banking Law, Insurance Law…
-- READ MORE
Announcing RIA Cybersecurity Risk Worksheet
13th February 2017
Introducing the complementary RIA Cybersecurity Risk Worksheet! The RIA Cybersecurity Risk Worksheet is a great tool for Registered Investment Advisors (RIAs) to do a quick initial investigation into your firm’s cyber security practices. RIA Cybersecurity risk worksheet The risk worksheet is an eighteen question multiple choice self-evaluation of your firm’s current cybersecurity practices. After answering…
-- READ MORE
Mothers, don’t let your babies grow up to use the ‘admin’ username
31st January 2017
There are many blog posts, articles, training materials and all sorts of content admonishing people to pick good passwords. But there is not nearly the same volume of content discussing good username selection. Administrators especially should be cognizant of good usernames to reduce the risk of an attack. Here at Fractional CISO we took a…
-- READ MORE
Why a virtual CISO for your medium-sized business makes sense
9th November 2016
You know you need better security for your organization. The security consultants you hired ran a penetration test on your website but did they look comprehensively at your organization’s security posture? Did they talk with your executive management about their business goals and risk tolerance for the organization? Often in the security space there is…
-- READ MORE
Password Advice – xkcd
6th October 2016
“What about ‘correct horse battery staple’ style passwords?” has been the response to our password manager post. There is a famous xkcd comic posted above suggesting that using four ‘random words’ together would make a great password. Here at Fractional CISO we have a view of the security of such passwords… eh. It is true that…
-- READ MORE
Password advice from the wicked
25th September 2016
Internet ransomers, hackers, and scammers all have password advice for you… keep your passwords simple, don’t change them and use the same ones for every site. Unfortunately many of us follow this terrible advice. Not having a good password scheme can lead to significant financial, privacy, social and career problems. Instead of following what…
-- READ MORE
Business Email Compromise
19th May 2016
“Please wire $70,000 to the account below.” If your staff got these instructions from “you” via email, would they do it? Would they confirm in person with you first? What policies, procedures and systems do you have in place to prevent such an action when the “you” is not you? You may believe that this…
-- READ MORE
How to check if someone is really a CISSP
30th April 2016
The Certified Information Systems Security Professional (CISSP) is the most prestigious security certification. People with the certification demonstrate a comprehensive understanding of many aspects of security as well as many years of relevant experience in the security space. The test is one of the more challenging tests with a fair number of experienced security professionals…
-- READ MORE
Temporary CISO
28th March 2016
A Temporary CISO is the interim appointment of a CISO at an organization for a period of transition. Often an Temporary CISO is needed during a period of crisis for instance during a security breach, because of a key departure or because the existing CISO needs to take a leave of absence for personal reasons. However, it may…
-- READ MORE
Interim CISO
25th February 2016
An Interim CISO is the temporary appointment of a CISO at an organization for a period of transition. Often organizations need an Interim CISO during a period of crisis. The organization needs to hire the Interim CISO quickly due to a departure. Sometimes the existing CISO may need to take a leave of absence for health…
-- READ MORE
How Registered Investment Advisors can avoid the SEC’s cybersecurity wrath
7th December 2015
In the course of providing investment guidance to consumers, Registered Investment Advisors (RIAs) collect significant personal and financial information for their clients. Hackers have learned that targeting RIAs can be a fruitful source of valuable information. The Security and Exchange Commission (SEC) has turned its attention toward RIA cybersecurity, issuing strong guidance on how RIAs…
-- READ MORE
Welcome to Fractional CISO!
2nd November 2015
Fractional CISO is intended to solve the challenges that we have encountered being responsible for security at a medium-sized cloud company. Many cloud companies charters do not have security as the primary responsibility but security is one of the first questions that customers ask and one of the biggest risks to your company’s success. Many leaders…
-- READ MORE