Author Archives: RedZone

How to Communicate the Actual Readiness of your IT Security Program for PCI 3.0, Omnibus HIPAA, BAAs, New Bank Regs, NCUA

This webinar was developed in response to new developments with PCI 3.0, Omnibus HIPAA, BAAs, New Bank regulations, and NCUA regulations. We reviewed important approaches to managing what I consider to be ground shaking changes with IT Security Processes, Capabilities, Communications, and Budgeting. The content will focus on what our customers are getting from regulators and banks as the deleterious effects of IT Security events over the past 12 months start to percolate into the market. The webinar, and the accompanying slides can be found below.

Continue reading

CIO Jason Kasch Interview|Podcast Ep 1

Jason Kasch

Jason Kasch – CIO Structural Group

I recently caught up with Jason and we discussed several topics related to IT Security, DR, and Infrastructure.

You can stream this podcast to your phone using the links below to Soundcloud on your PC or get the app on your phone.

Jason is a world class technologist, businessman, and CIO. He also has a seat at the table (Board). I know this because I have sat next to him in the board room and have observed Jason who brings a unique and diverse perspective to business. He works directly with the CFO regarding finance and with Sales and Marketing as well. He is the glue for many parts of the business.

In our discussion we covered the following areas:

Continue reading

$250Million: A World Class CEO needs to spend to protect his Shareholders and Customers from Cyber Security Threats

This is what JP Morgan Chase is spending this year on IT Security in 2014. The 1000 people are the number of IT Security professionals he will need to employ in 2014.

Jamie Dimon, CEO of JP Morgan in his letter to shareholders report highlighting page 22 of his cyber security plan.

This $250 million number is up from $200 million in 2012.

The 1000 people is up from 600 people in 2012. Stunning numbers.

Continue reading

A CEO needs 8 Skills from his Information Security Leadership

3D Small People - Multi Manager

Does the Perception of your IT Information Security Program Match to Reality? How do you know?

Here are some recent conversations I am having with CIOs.

1.CIO- “My Board and CEO still doesn’t care about IT security unless I can show them that loss if they don’t do something.” The board and CEO of this public company are concerned about supply chain impact security concerns and what would happen if this were impacted.

2.Director of IT – “The banks are pressing me for me for more IT Security details now. It used to be relatively easy to fill out but now it is hours and hour of work. I failed one line of the questionnaire. I was certain my answer was not a big deal, but it was. I don’t want to risk

Continue reading

What are 5 reasons for the CIO to get the CEO off Dropbox|Box|OneDrive|Etc etc?

Cloud Computing Service Concept Illustration

Here is a quick true story of a recent conversation with an CIO Leader of a multi thousand person company who successfully moved his CEO off Dropbox. He is a friend of mine, however

before I get into the specifics, I wanted to let you know I have also included 18 CIO benefits (his ancillary wins that were created with) moving his CEO off Dropbox.

Ok, how did the CIO get the CEO to this point? This is a 4000 employee company, as a matter of reference; and I mention this just to highlight the importance of business file synch technology has not waned since the hype started 3 years ago. The virtual CIO events that I originally hosted on this topic 3 years ago garner quite a bit of attention so one would think that everyone has this figured out by now. Rarely do I find CIOs have figured this problem out. Usually, in our conversation, they get very excited because they might have recently inked a deal with a vendor who they are hoping will deliver everything they need. Rarely do I hear about important conversations with the CEO: regarding securing digital assets, governance, legal, risk, HR, Employee expectations, training, etc.

Continue reading