My Cloud Journey as an Early Adopter

Ever heard the saying, “The Cloud is just someone else’s computer”? This is one of the many arguments I encountered as I became an early adopter in 2010. While it is technically true, it misses the point: the inherent flexibility and benefits of the “Cloud” maximize the chances of differentiating your company from its competitors, […]

Read More
Information Security Team

InfoSec Can Be Taxing, So Here’s a Taxonomy

Information Security can sometimes feel like death by documentation, like a bunch of red tape just to keep regulators and auditors at bay. Throw in differences in lexicon, and seeing how all the many pieces fit together can be quite difficult. Getting everyone, practitioner and leadership alike, on the same page when it comes to […]

Read More

Essential Steps to Strengthening Cybersecurity

  Many organizations know they must have the basics: hire a CISO, perform a risk assessment, and find security vendors to fill up the holes. Unfortunately, these are often mere boxes to check. Cathie Brown offers a few simple considerations in each of those steps that will strengthen your cybersecurity posture, like what to look […]

Read More

Organizational Risk Management Is Not Just About Compliance

  Organizational risk management is too often treated as a compliance issue with complex rules that result in a back office tracking of risks that don’t see the light of day.  This presentation contrasts a traditional view of organizational risk management with an alternative view provided in a Harvard Business Review article by Robert S. […]

Read More

Presentations at COV Information Security Conference

2018 COV Presentation: NICE and the Cybersecurity Workforce Framework Presenter(s): Dave Zaras and Eddie McAndrew The National Initiative for Cybersecurity Education (NICE) has produced the Cybersecurity Workforce Framework (CWF) with the intent of closing the cybersecurity talent gap. The NICE CWF identifies seven broad categories of security roles which comprise thirty-two specialty areas. Detailed work […]

Read More

Cybersecurity Doesn’t Work Without Culture Change

Article Summary: A culture of cybersecurity only truly takes root when it’s embedded into daily decision-making and a part of everyone’s roles, including the C-Suite. Annual training videos can be effective, but only if they are supplemented with ongoing, engaging activities, combined reward structures or competitions. Workforce members outside of security and IT need seats […]

Read More

Too Many Organizations Overlook One of These Cybersecurity Building Blocks

While most organizations have made some investments in each of the three building blocks of cybersecurity, many overemphasize “technology.” The most overlooked component are the “people,” which will actually make or break the effectiveness of your cybersecurity. As the former Deputy Chief Information Security Officer of the Commonwealth of Virginia, Cathie Brown has seen it […]

Read More

HIMSS Analytics Maturity Models: You’ll Need a Partner

HIMSS Analytics is solely-focused on supporting and measuring healthcare transformation enabled by information technology. As an expert global market intelligence resource, HIMSS Analytics brings all the complexity together into a centralized repository of methodologies, promoting common language, and ensuring organizations are directionally-aligned and challenged at the industry level. Impact Makers has significant in-market experience partnering […]

Read More