I want to talk about something that’s been on my mind a lot lately: corporate account takeover (CATO). As someone who has worked in the cybersecurity space for most of my career, I know firsthand...

If you are new to managing cybersecurity for a financial institution, I’m sure you’ll have a lot of questions. More specifically, “Where do I start?” Managing cybersecurity for a financial...

Over the next few months, Information Security leaders will be presenting their annual security update to the Board as required by the Gramm Leach Bliley Act (GLBA). It is meant to provide a summary...

What exactly is a user access review? In its simplest form, this review is a process that certifies that users’ (including vendors’) access within systems are appropriate and legitimate leveraging...

The worst time to develop an Incident Response Plan for dealing with a security incident is during an actual incident. It’s not a matter of “if” but “when” your organization will be the victim of a...

It’s common practice for financial institutions to outsource some or all of their Information Technology (IT) functions to a Managed Service Provider (MSP) to gain access to higher levels of...

I recently participated in an executive meeting at a bank where we discussed the real value of “checking the box” also known as the bare minimum, just to satisfy an auditor or examiner. Financial...

As cybersecurity budgets increase, I’ve been posed with the question of “When will it ever be enough?” In my opinion, we are either getting better or getting worse as there is no “standing still” in...

It’s been a long and crazy two years since Covid showed up and changed the world. Yes, a lot of things are different now, but I’d like to take a few minutes to discuss the impact as it relates to...

It’s easy to use the terms “Information Technology (IT)” and “Information Security (IS)” interchangeably. They are equally important but serve different roles within organizations. Information...