Mitch Tanenbaum
Lead Trainer
35+ years of experience in all aspects of cybersecurity and privacy governance. Domain expert in IT, cybersecurity, compliance, privacy. IT and cybersecurity contract expert. 800-171/CMMC 2.0, GLBA, NY DFS 500, HIPAA, PCI, NIST CSF/PF compliance regimes. On-going, hands-on, operational experience in all aspects of cybersecurity, IT resilience and continuity. vCISO to multiple enterprises of all sizes.
Areas of Expertise
Related to Governance
and Risk Management
Network Security
Application Security
Secure Software Development
800-171/CMMC 2.0
Financial Services
Data Centers
NY DFS 500
IR/DR/BC
HIPAA
GLBA
PCI
Cybersecurity Training for Boards
...and Executive Management
"Members of boards have fiduciary responsibilities to be informed about cybersecurity and privacy risks facing companies that they serve. This requires training. Additionally, the SEC says one or more cybersecurity experts should serve on the board. Boards can no longer ignore their responsibilites in this area.
We provide a full range of training and other support services for boards."
--Ray Hutchins, Managing Partner, Huttan Holding
- Introductory training (1-2 hours)
- Full course (6 hours)
- Quarterly briefing (1 hour)
- Annual refresher update (1-2 hours)
-Live online or pre-recorded
-Variable course options/lengths
Board Training Features:
- NOTE: Training provided by a team of two highly qualified, field-active, operational cybersecurity and privacy professionals
- Training conducted in plain English...totally non-technical
- Training style: multi-media mix of interactive trainer narrative and instruction interspersed with videos, other instructional media, and testing
- Certificates of completion awarded for documentation
- Training recording (optional) provided for future reuse and training
- Reference package: a collection of our favorite board cybersecurity and governance content. This will serve as the core of the board’s risk management reference library.
Overview of cybersecurity concepts, Cyber Threat Landscape and Cyber Risks
An overview of cybersecurity concepts, terminology, and the current threat landscape. This will help board members understand the importance of cybersecurity and the risks associated with cyber attacks.
Cybersecurity and Privacy Regulatory Landscape
A description of the cybersecurity and privacy regulatory and legal requirements that boards and organizations must be aware of and adhere to. This information will be specific to the company’s cybersecurity and privacy trends.
US National Cybersecurity Strategy
An overview of the history and release of the United States’s first National Cybersecurity Strategy released on March 1, 2023–and how this strategy directly affects boards.
Cybersecurity Governance and Oversight: The Role of the Board
Discussion of the role of the board in cybersecurity governance and the components of board cybersecurity and privacy governance. Additionally, a discussion of the board's required strategic oversight of cybersecurity policies, procedures, and controls. This typically requires the establishment of a cybersecurity committee, regular reporting, and ongoing training and awareness for board members.
Cybersecurity Strategy and Risk Oversight
Discussion of the role of the board in the formulation of the company's risk-based strategy and how that strategy must be based on best practices and applicable standard(s).
Cybersecurity/Risk Management Best Practices
Discussion of risk-based, best practices associated with detecting, assessing, and managing cyber risks. This includes conducting risk assessments, implementing risk controls, and monitoring risk levels over time. It also covers topics such as vendor risk management and secure software development.
Governance Risk Compliance (GRC) Solutions Overview
Leveraging off our latest position paper and assessment of forty GRC solutions, we discuss the features, limitations, and costs of such systems. We help board members and executives establish expectations for understanding and maximizing the value of such systems.
Insurance (D&O, cyber coverage requirements and considerations)
Discussion of the importance of cyber insurance in protecting against cyber risks for both the board and the company. This includes understanding the cyber coverage provided by D&O and company cyber insurance policies.
Cybersecurity Risk Metrics and Reporting
An explanation of the cybersecurity and privacy dashboards which are simply current assessments of the company’s cybersecurity strategy and maturity with respect to the five NIST core functions.
Emerging Technologies
Overview of emerging technologies and their impact on cybersecurity. This includes cloud computing, artificial intelligence, the Internet of Things (IoT) and quantum computing.
Building Cybersecurity and Privacy Cultures
The critical importance of developing a positive and supportive cybersecurity and privacy culture within the organization. This includes training and awareness programs for all employees, as well as the role of leadership in promoting a security-conscious culture.
Continuous Improvement
Outline of the importance of continuous improvement in cybersecurity and privacy. This includes ongoing risk assessments, updates to policies and procedures, and regular training and awareness programs.
- Demonstrates to employees, customers, vendors, investors, regulators, and insurers the leadership’s unequivocal commitment to responsible cybersecurity.
- Critical component of a sound and long-lasting cybersecurity governance posture.
- Supports increased company valuation.
- Enables a more favorable negotiation posture for D&O and other cyber insurance coverage, terms and rates.
NOTE: The Board of Directors has “risk oversight” responsibility and liability; the board does not itself manage cybersecurity risks or any other risks; instead the board manages corporate oversight of these matters.
Position Papers of Possible Interest:
The Global Cyberwar and Societal Response
Caremark and More Propels New Board Risks