Cybersecurity presentation to veterans in Seattle

“Choosing the right GRC platform is hard, but knowing what’s most important for you and your organization is key to choosing the right one. Ultimately, what matters most is that you find a platform with all the features listed above that will enable your team to maintain compliance without the headache of manual processes or inflexible legacy solutions.”

An organization that doesn’t understand or appreciate security won’t be able to adequately identify and prioritize risk, nor articulate its tolerance for those risks based on business goals and objectives, says Kayne McGladrey, director of security and IT for Pensar Development and a member of the professional association IEEE (The Institute of Electrical and Electronics Engineers).

“The CIO won’t see the business impact if there’s not a culture of risk mitigation,” McGladrey says. “A culture where security is seen as someone else’s problem will derail any conversation around security, so the biggest thing for CISOs is to make the conversation with CIOs around risk – not around technologies or shiny objects but around risks to the business.”

“You can never get risk to zero, but you can mitigate risk to an acceptable level for that agency or that project,” McGladrey says. “You need to know what risks you can accept and what you have done to mitigate the potential damage associated with those risks.”

“McGladrey told us there is a grain of truth to the claim made in the Facebook post. He says on certain office landline phones, like corporate PBX systems, pressing a variation of those digits allows a call transfer to happen. But this does not affect cell phones or residential landlines.”

The security industry can do a better job of promoting emerging technologies in security environments by linking their solutions to measurable outcomes that matter to CISOs. Those outcomes could be to either reduce sales friction or to show measurable progress in key risk indicators that board members care about. For example, while according to the recent “The Impact of Technology in 2025 and Beyond: an IEEE Global Study,” 48% of technologists said that the top application for AI in 2025 will be real-time cybersecurity vulnerability identification and attack prevention, vendors should still be prepared to explain how investments in their solutions can produce progress over time and support agreed-upon business objectives, outside of the technical benefits. Unfortunately, most emerging technologies primarily discuss technical benefits and features, not business outcomes. For example, if a CISO cares about multifactor authentication coverage, vendors should explain how their solution improves coverage and ties that to higher business resiliency. That would also reduce friction in B2B sales where a high degree of MFA coverage could be cited as a key control in a SOC 2 type 2 report, for example.

Tune in to KRLD-AM Dalls at 1 PM Eastern for a live interview about the intersection of cyber security, healthcare, and the Internet of Things.