Business Cyber Risk

01/23/2025

General Counsels (GCs) and Chief Information Security Officers (CISOs) should pay close attention to the growing wave of state-level data privacy legislation sweeping the U.S. With at least seven s…

10/03/2024

The first episode of my new podcast is out: GC+CISOconnection!

The GC+CISO Connection Show explores how we can better foster collaboration between organizations’ legal departments and security teams, with a focus on the ...

08/24/2024

Many thanks to SecureWorld for including my thoughts in this article.

Halliburton, one of the world’s leading oilfield service companies, confirms corporate network impacts likely caused by an unspecified cyberattack.

05/03/2023

Shawn Tuma, cyber attorney at Spencer Fane, will present May 18 at SecureWorld Houston on why strategic leadership and an understanding of roles, personalities, and psychology is important for building effective cybersecurity teams. See the conference agenda and register here: https://hubs.li/Q01Nrn6D0

03/31/2023

SecureWorld returns to Houston on May 18th to host the cybersecurity community for a full day of learning, networking, and growth. See the conference agenda and register today! https://hubs.li/Q01JT04N0

03/29/2023

Following the outstanding SecureWorld Boston event, my friends at SecureWorld shared Highlights and Insights from SecureWorld Boston 2023 and were kind enough to include a few quotes from my lunch keynote -- let me know what you think and please offer your perspective on these ideas: The final keynote session was given by Shawn Tuma, Co-Chair of the Data Privacy & Cybersecurity Practice at Spencer Fane LLP....

Following the outstanding SecureWorld Boston event, my friends at SecureWorld shared Highlights and Insights from SecureWorld Boston 2023 and were kind enough to include a few quotes from my lunch …

03/27/2023

On Tuesday, March 28, 2023, I will be teaching a class on Real-World Cyber Risk Management and Resilience Planning as part of Enterprise Bank & Trust’s education program for business leaders and professionals! Join me for this course, and take a look at all of the live, virtual courses available at no cost to you this spring:

On Tuesday, March 28, 2023, I will be teaching a class on Real-World Cyber Risk Management and Resilience Planning as part of Enterprise Bank & Trust’s education program f…

03/20/2023

On March 8, 2023, the U.S. Department of Health and Human Services (HHS) released its HPH Sector Cybersecurity Framework Implementation Guide (the Guide) to help healthcare organizations leverage the NIST Cybersecurity Framework. This Guide is not only a must-read for all healthcare "covered entities," especially small and midsize organizations, but it is excellent advice for all organizations -- healthcare and non-healthcare alike as it demonstrates practical implementation and use of the NIST Cybersecurity Framework.

On March 8, 2023, the U.S. Department of Health and Human Services (HHS) released its HPH Sector Cybersecurity Framework Implementation Guide (the Guide) to help healthcare organizations leverage t…

03/17/2023

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) routinely release a Joint Cybersecurity Advisory (CSA) as part of an ongoing effort to publish advisories for network defenders that detail ransomware variants and ransomware threat actors. On March 16, 2023, they released the following Joint Cybersecurity Advisory…...

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) routinely release a J…

03/15/2023

I am super excited to share that next week I will be headed to Boston to speak at one of my absolute favorite conferences each year -- the United States' preeminent cybersecurity conference -- SecureWorld! On Thursday, March 23, 2023, I will present the lunch keynote on Cybersecurity Really Is a Team Sport, since folks apparently did not get the message the last time I spoke on this subject in 2019 (...

03/10/2023

"The devil is in the details" -- that about sums up my take on the White House Cybersecurity Plan. Many thanks to Lily Newman for including this and some other points from our discussion in her Wired article The High-Stakes Blame Game in the White House Cybersecurity Plan. I appreciate that the Administration is talking about cybersecurity. Just like in a company, if you want to create a culture of cybersecurity here in America, we have to start talking more about cybersecurity and it works best if the leaders at the top are engaged in the discussion....

“The devil is in the details” — that about sums up my take on the White House Cybersecurity Plan. Many thanks to Lily Newman for including this and some other points from our disc…

02/23/2023

I am super excited to share that next week I will be headed to Charlotte, North Carolina to speak at one of my absolute favorite conferences each year -- the United States' preeminent cybersecurity conference -- SecureWorld! On Wednesday, March 1, 2023, I will be leading a full day workshop for SecureWorld Plus registrants on Real-World Cyber Risk Management and Resilience Planning…...

I am super excited to share that next week I will be headed to Charlotte, North Carolina to speak at one of my absolute favorite conferences each year — the United States’ preeminent cy…