CMMC Field Notes

Livestream: How to Communicate Cyber Strategy to the C-Suite

Livestream: How to Communicate Cyber Strategy to the C-Suite

Let folks who’ve seen it tell you what to expect from this one-hour livestream:
• We need more of this out there in the wild. Great stuff!
• Beautifully done. Love the opening point (we see with the brain) and the value of knowing your audience and speaking to them in terms that appeal to their interests. Brava!
• Fantastic presentation!

read more
M&A Helps Make the Business Case for Cybersecurity

M&A Helps Make the Business Case for Cybersecurity

The growing importance of cybersecurity posture in the structure of M&A deals is another way to quantify the benefits of a good stance.

See how we have used this topic to successfully engage senior stakeholders at the level of the Board of Directors and the C-suite of Fortune 500 companies and leveraged it as a component in the overall business case for better cybersecurity.

(2.3 minute read)

read more
How We Know What Done Looks Like

How We Know What Done Looks Like

While cybersecurity standards and best practices advise what to do, they rarely define how much to do. It is critical to understand that cyber risk can never be eliminated and, at a certain point, there are diminishing returns on investment. Setting the goal for what is “good enough” is both a business decision and a judgement call by experienced security practitioners.

Our cybersecurity maturity journey is the story of “how we know what done looks like”. The SecuriThink team has already made the journey so we can show you the way.

read more
Livestream: CMMC Momentum on Simply Cyber

Livestream: CMMC Momentum on Simply Cyber

Dr. Gerald Auger and co-host Eric Taylor have weekly discussions called “What’s On Your Radar?” on the SimplyCyber YouTube channel.

On May 20th they invited SecuriThink principal, Linda Rust, to share her observations on the news about the Cybersecurity Maturity Model Certification (CMMC) timeline announced May 9th by the Department of Defense (DoD).

read more
Why Cybersecurity Maturity Model Certification (CMMC)?

Why Cybersecurity Maturity Model Certification (CMMC)?

Attacks significantly targeting suppliers more than prime contractors are driving the Department of Defense (DoD) contract requirement for Cybersecurity Maturity Model Certification (CMMC) to confront the historic lack of compliance with requirements in place since 2017.

read more
Secure the Perimeter

Secure the Perimeter

23 Workstreams over 2 years deployed many technologies and policy changes in support of a “Defense In Depth” InfoSec strategy

read more

What Else We Do

Step Zero™ Rapid Cybersecurity Cost Estimates

Step Zero™ Rapid Cybersecurity Cost Estimates

This unique approach, with a known range of verified accuracy, was first field-tested on 12 Fortune 500 Merger and Acquisition (M&A) deals yet it also supports data-driven investment decisions for cybersecurity compliance.

read more
Managing Up and Out™ Security Strategy and Education

Managing Up and Out™ Security Strategy and Education

Tap the 30+ years combined experience of our team to align stakeholders from Boards of Directors and C-suite to critical asset owners or front-line team members. Whether it’s a business case, strategy roadmap, or key presentation, we can cross-train, ghostwrite, or deliver on your behalf.

read more
CMMC Readiness

CMMC Readiness

Cybersecurity Maturity Model Certification (CMMC) is the evolution of cybersecurity contractual requirements from the Department of Defense (DoD) with which SecuriThink practitioners have been involved for over 10 years.

Our journey satisfying these requirements is the story of “how we know what done looks like” for cybersecurity as we state on our website homepage.

read more
SecuriThink Field-Tested Data Classification Solution

SecuriThink Field-Tested Data Classification Solution

Get higher returns on your project investment with a field-tested data classification solution based on two Fortune 500 projects involving 12,000 and 50,000 team members, respectively.

Our Data Classification Solution integrates technology with business transformation methods to manage factors too often left out of a security project. We leverage what’s already going well in your organization, while shifting to higher potential.

read more
SecuriThink Field-Tested OT / IT Integration

SecuriThink Field-Tested OT / IT Integration

Readily create dollars from Operational Technology (OT) data using our field-tested approach to Information Technology (IT) integration based on success at 42 facilities across 15 different business divisions

read more
Cultural Armour™

Cultural Armour™

Optimizing your company’s information security
Takes more than the latest technology
Or a staff trained to use it.
It takes a shift in thinking.
A shift in acting.

read more
Field-Tested Proactive Insider Threat Program

Field-Tested Proactive Insider Threat Program

Over 90% of most companies’ value now comes from intangible assets. In addition to Intellectual Property (IP), brand reputation, competitive advantage, supplier network, employee retention, and customer loyalty are measurably affected by cyberattacks. Research shows some of the most damaging losses coming from trusted insiders with malicious intent, also called Insider Threat.

The biggest gains come from proactive attention to Insider Threat, that is, don’t chase after the horse that’s gotten away, keep it from leaving the stable.

read more
Supply Chain Cybersecurity

Supply Chain Cybersecurity

Threat actors are increasingly exploiting the path of least resistance in the supply chain to attack their real targets. While more large companies have built a reasonable cybersecurity posture, malicious actors still find easy ingress through abundant open doors in smaller suppliers.

Supply chain attacks have skyrocketed to the point where targeted companies are motivated to manage their own risk by managing the risk hiding in their supply chain.

read more