Introducing RSA Archer GRC 6 to Our Federal Community

Through the years, as federal information assurance professionals, we’ve seen a lot of adjustments and evolution. We had an arms race in buying newer and better firewalls, more secure networking devices, IDSs, IPSs, and SIEM tools. We bought generations of scanners and sensors. We watched several iterations of C&A and A&A methodologies come and go.…

Read More

Introducing RSA Archer GRC 6 – Inspiring Risk Management

There is no question organizations today are in a rapidly changing risk environment and the pressure to improve risk management practices is being driven top down from boards and executives. Managing a cultural shift from the reactive checking the box of compliance to a more proactive risk management model requires change and participation across the…

Read More
Zullys Image_road-926315_1280

Looking Back, Looking Ahead: Why I Came to RSA

As I complete six months at RSA, I wanted to reflect upon a critical decision I made a number of years ago that eventually led me here. I had been at a large tech company and over the years fostered great relationships within the company allowing me to establish myself. As a whole, the company…

Read More
businessman with blank book and arrows choice as concept s_148634498

IT Compliance: All About That Base (Standard)

When it comes to IT risk management approaches, few things spark more debate than the use of standards. To explore this is to ponder another alphabetic quagmire of acronyms, categories, and random numeric designations. So which is the best? Is there even such a thing as “best”? If not, how do you choose otherwise? Or…

Read More

The Results are In…RSA Archer Won a Stevie Award

We’re very excited to share some great news – RSA Archer won a 2015 People’s Choice Stevie Award for Favorite New Product in the Software – Governance/Risk category. As you may know, the Stevies are premier awards as part of the American Business Awards – essentially the equivalent of the film industry’s Academy Awards.  This…

Read More
2015 s_226324081

A Pivotal Year

For the past several years, the information security industry has been saddled with labels annually. 2013: year of the breach; 2014: year of the BREACH (we really mean it); 2015 year of the MEGA breach (its gotten worse!). And with those labels every year I hear the phrase ‘this is a pivotal year in the…

Read More
Screen Shot 2015-07-17 at 12.31.43 PM

LoD Blog Series: 3…2…1…Liftoff!

Prior to the launch of every spaceship that lifts high above the earth is a countdown that ends with 3…2…1…lift off! This signals the final moments before the spaceship takes off to fulfill its mission.  My blog is a play on the 3, 2, 1, liftoff analogy and how it relates to the “Three Lines…

Read More

Can businesses be resilient on their own?

Can businesses and organizations be resilient on their own? By this I mean is it enough for a business organization to build resilient internal processes, IT infrastructure, facilities, and even third party relationships and rest assured they’re prepared for the next big event that comes along. To answer this question, I think we have to…

Read More
road plain

Plan Your Journey to Wally World

Earlier this month, I wrote a blog about Information Security Metrics and their place in driving program maturity.  Every organization today is striving to be more mature in its information security program.  Given the constant deluge of media reports on hacks and attacks, security maturity has become a business imperative.  Metrics is one tool in the…

Read More