35+ years of experience in all aspects of cybersecurity and privacy governance. Domain expert in IT, cybersecurity, compliance, privacy. IT and cybersecurity contract expert. 800-171/CMMC 2.0, GLBA, NY DFS 500, HIPAA, PCI, NIST CSF/PF compliance regimes. On-going, hands-on, operational experience in all aspects of cybersecurity, IT resilience and continuity. vCISO to multiple enterprises of all sizes.
Network Security
Application Security
Secure Software Development
800-171/CMMC 2.0
Financial Services
Data Centers
NY DFS 500
IR/DR/BC
HIPAA
GLBA
PCI
Cybersecurity Training for Boards
...and Executive Management
"Members of boards have fiduciary responsibilities to be informed about cybersecurity and privacy risks facing companies that they serve. This requires training. Additionally, the SEC says one or more cybersecurity experts should serve on the board. Boards can no longer ignore their responsibilites in this area.
We provide a full range of training and other support services for boards."
--Ray Hutchins, Managing Partner, Huttan Holding
Board Training Features:
Overview of cybersecurity concepts, Cyber Threat Landscape and Cyber Risks
An overview of cybersecurity concepts, terminology, and the current threat landscape. This will help board members understand the importance of cybersecurity and the risks associated with cyber attacks.
Cybersecurity and Privacy Regulatory Landscape
A description of the cybersecurity and privacy regulatory and legal requirements that boards and organizations must be aware of and adhere to. This information will be specific to the company’s cybersecurity and privacy trends.
US National Cybersecurity Strategy
An overview of the history and release of the United States’s first National Cybersecurity Strategy released on March 1, 2023–and how this strategy directly affects boards.
Cybersecurity Governance and Oversight: The Role of the Board
Discussion of the role of the board in cybersecurity governance and the components of board cybersecurity and privacy governance. Additionally, a discussion of the board's required strategic oversight of cybersecurity policies, procedures, and controls. This typically requires the establishment of a cybersecurity committee, regular reporting, and ongoing training and awareness for board members.
Cybersecurity Strategy and Risk Oversight
Discussion of the role of the board in the formulation of the company's risk-based strategy and how that strategy must be based on best practices and applicable standard(s).
Cybersecurity/Risk Management Best Practices
Discussion of risk-based, best practices associated with detecting, assessing, and managing cyber risks. This includes conducting risk assessments, implementing risk controls, and monitoring risk levels over time. It also covers topics such as vendor risk management and secure software development.
Governance Risk Compliance (GRC) Solutions Overview
Leveraging off our latest position paper and assessment of forty GRC solutions, we discuss the features, limitations, and costs of such systems. We help board members and executives establish expectations for understanding and maximizing the value of such systems.
Insurance (D&O, cyber coverage requirements and considerations)
Discussion of the importance of cyber insurance in protecting against cyber risks for both the board and the company. This includes understanding the cyber coverage provided by D&O and company cyber insurance policies.
Cybersecurity Risk Metrics and Reporting
An explanation of the cybersecurity and privacy dashboards which are simply current assessments of the company’s cybersecurity strategy and maturity with respect to the five NIST core functions.
Emerging Technologies
Overview of emerging technologies and their impact on cybersecurity. This includes cloud computing, artificial intelligence, the Internet of Things (IoT) and quantum computing.
Building Cybersecurity and Privacy Cultures
The critical importance of developing a positive and supportive cybersecurity and privacy culture within the organization. This includes training and awareness programs for all employees, as well as the role of leadership in promoting a security-conscious culture.
Continuous Improvement
Outline of the importance of continuous improvement in cybersecurity and privacy. This includes ongoing risk assessments, updates to policies and procedures, and regular training and awareness programs.
Position Papers of Possible Interest:
The Global Cyberwar and Societal Response
Caremark and More Propels New Board Risks
Cybersecurity and privacy training for board members
In this short video, cybersecurity professionals Mitch Tanenbaum and Ray Hutchins discuss their strategic approach to cybersecurity governance and risk managment. They explain the critical role boards play in risk management and how board members can reduce their personal risk exposure by being more informed on cybersecurity and privacy issues. They also explain why having them on your team is like having money in the bank.