Areas of expertise
Security compliance
Did a customer say some alphabet soup that sounded something like SOC2 and ISO 27001? Or maybe you started charging credit cards and realize you need to comply with PCI? Maybe you’re just looking for a solid industry standard framework to guide the maturity and development of your Security program?
Whatever your security compliance needs may be, I can help. Read my blog post about how Security compliance can be a profit center for your business and unlock new business!
Governance
The world of governance is all about establishing the right policies and processes to bring quality into everything you do. Never underestimate the power of a well designed process: it brings ownership, accountability, consistency, and quality where it is most needed.
I’ve have a lot of governance experience: data governance, security governance, risk governance, third party governance. Let me know what you need help with!
Security risk
Risk risk risk. The idea is so simple and yet it gets infinitely complex as soon as you pull back the curtain. Cybersecurity risk is one of the most challenging areas of risk because it is so hard to measure or gauge effectiveness. And yet, the risk management program should underpin the entire Security function.
Let me help you figure out what methodology makes the most sense for your business (or create a new custom methodology just for you). I can help you perform your risk assessments, generate a prioritized list of risks, and build treatment plans to address them. Risk management done right can accelerate the business by taking informed risks and mitigating unacceptable ones.
Security
There are so many different areas of Security: endpoint security, application security, infrastructure security, identity and access management, detection and response, network security, offensive security, vulnerability management… the list goes on.
Whether you’re just looking for the very basics of what a 10 person company should care about or whether you’re looking for a maturity model and roadmap to guide a Security organization, I can help you!
Third party risk
Third party risk is a hot topic these days. How do you know you can trust your vendors? How do you hold them accountable for protecting your data or infrastructure? What about fourth party risks? What do you do when a vendor is breached? How do you do all this without drowning in asinine security questionnaires?
When there’s a will, there’s a way! I’ve built third party risk programs and matured them alongside the business.
AI risk
AI risk - an even hotter topic than third party risk (although the two tend to overlap as well). Trying to figure out if using a generative AI coding tool is putting your source code IP at risk? Or are you concerned that employees are using confidential business information in prompts with ChatGPT?
We don’t want to slow the business down. We want them to use these tools, but in a responsible and safe manner. Let me help you build both the paper policies and technical controls to manage these risks.
Privacy
Privacy by design is challenging to get right, but businesses, regulators, and consumers are looking for stronger Privacy programs that truly protect end user privacy.
Privacy Principles are simple, but implementation is challenging. I can help you design and implement strong Privacy Principles across your business.