Unlock access to Thinkers360 AI to fast-track your search for analysts and influencers.
This feature is available for Enterprise Lite and Enterprise Members Only.
You have been temporarily restricted. Please be more thoughtful when adding content for your portfolio. Your portfolio and digital media kit and should be reflective of the professional image you wish to convey. Accounts may be temporarily restricted if we receive reports of spamming or if the system detects excessive entries.
Membership
Publish your original ideas on the Thinkers360 platform!
This feature is available for Pro and Pro-Plus Members Only.
Speaker Bureau functionality whereby individuals can be featured speakers within our Speaker Bureau service and enterprises can find and work with speakers.
This feature is available for Pro, Pro-Plus, Premium and Enterprise Members Only.
Highlight your featured products and services within our company directory for enhanced visibility to active B2B buyers worldwide. This feature is available for Pro, Pro Plus, Premium and Enterprise Members Only.
Contribute to the Thinkers360 Member Blog and have your thought leadership featured on our web site, newsletter and social channels. Reach our opt-in B2B thought leader community and influencer marketplace with over 100M followers on social media combined!
You’ve reached your daily limit for entering quotes. Please only add personally-authored content which is reflective of your digital media kit and thought leadership portfolio.
Thinkers360 Content Library
For full access to the Thinkers360 content library, please join ourContent Planor become a contributor by posting your own personally-authored content into the system viaAdd PublicationorImport Publication.
Dashboard
Unlock your personalized dashboard including metrics for your member blogs and press releases as well as all the features and benefits of our member plans!
Work History.
Sharpe Management Consulting LLC
eForce, VP East Coast and Global Operations
The Hackett Group, Co-Founder
KPMG, Practice Leader
Booz Allen & Hamilton, Practice Leader
National Security Agency (NSA)
Formal Education.
Columbia Business School, two awards of merit
Digital Transformation, Finance, Strategy, Globalization
Value Investing
Johns Hopkins University, Masters
Systems Engineering, Operations Management, Program/ Project Management
New Jersey Institute of Technology (NJIT), BSEE
Computer Science, Math
Executive Education.
George Washington University, Engineering Economics
Carnegie Mellon University (CMU), Information Networking Institute (INI)
MIT
First Finance Institute (FFI)
Certifications.
CMMC RP
ISACA CDPSE (Certified Data Privacy Solutions Engineer)
INFOSEC (Cybersecurity) Analyst (NSA)
Cryptologic Engineer (NSA)
Mergers & Acquisitions (M&A)
Blockchain Technologies: Business Innovation and Application
Intellectual Property (IP)
Business Analytics
Globalization
Available For: Advising, Authoring, Consulting, Influencing, Speaking Travels From: Morristown, NJ Speaking Topics: Cybersecurity, Value Creation, Digital Transformation, Governance Risk Management and Compliance (GRC),, Critical Infrastructure
Speaking Fee
$1 (In-Person)
Alex Sharpe
Points
Academic
221
Author
732
Influencer
205
Speaker
222
Entrepreneur
465
Total
1845
Points based upon Thinkers360 patent-pending algorithm.
Sun Tzu and the Art of CyberSecurity (or Critical Infrastructure Protection)
This presentation is always well received especially when tailed to specific areas like Privacy, GRC, Risk Management, healthcare, Critical Infrastructure Protection, and the like.
Sun Tzu is traditionally credited as the author of The Art of War, an influential work on strategy that has affected both Western and East Asian philosophy. His works focus much more on alternatives such as stratagem, delay, the use of spies, the making and keeping of alliances, the uses of deceit.
Sun Tzu's work has been praised and employed in culture, politics, business, and sports, as well as modern warfare.
Technology Innovation While Mitigation Cyber Risk
Human productivity is driven by technical innovation. Whether it is the invention of the wheel or Artificial Intelligence (AI) the patterns are very consistent and the nature of the crucible that fuels the fire of innovation does not change. We explore these patterns, we look at current trends, and we talk through how to do this safely:
CMMC brings together national standards, and international standards, with industry-accepted principles of Global Risk Management & Compliance (GRC) to improve cyber hygiene for companies and critical infrastructure (CI). Currently mandated for suppliers to the US Department of Defense (DoD) it is being looked at all of the US Government and its Allies. The recent Executive Order (EO) and extension of EU sanction only accelerate the adoption.
This presentation is often focused on specific topics like special consideration of the Cloud, coexistence with other mandates like HIPA or GDPR, or timely topics like SolarWinds and Operational Resilience (OR).
Corporate Governance: Maximize Your Effectiveness In The Boardroom
Wharton Business School, University of Pennsylvania
March 15, 2023
Today’s organizations are working harder than ever to adapt to a rapidly changing world. This requires effective corporate governance that can help them increase their accountability and avoid major disasters while also being more responsive to stakeholder concerns and more transparent with investors. Whether you’re already on a board or looking to join one, this program will help you navigate unexpected enterprise risks while capably monitoring financial performance. From the technical responsibilities of a board to the nuances of guiding an organization through contemporary challenges, you’ll get a comprehensive overview of the role of corporate governance and gain critical insights into the realities of board service.
Tags: Big Data, Business Strategy, Predictive Analytics
1 Academic Course
Machine Learning for Business Enablement!
ISACA
July 14, 2024
Machine learning is a longstanding subset of artificial intelligence that enables computers to learn from data. Machine learning excels at identifying patterns, detecting anomalies and automating routine, time-consuming tasks, making it an increasingly important business enabler in any industry. Recent advances in AI necessitate that digital trust professionals, of any discipline, possess not only a theoretical understanding of machine learning but also attain minimal hands-on vendor agnostic experience.
The material in this course is essential to effectively evaluate ML solutions, better assess risk, and aid responsible adoption. The end result is a well-informed professional poised to better support enterprise adoption and use regardless of setting.
To provide learners with practical experience we have included two hands-on labs. Labs will leverage Jupyter Notebook and Python to train two regression models from scratch.
Adjunct Professor, Cyber Fellows
New York Unviersity
January 12, 2024
The NYU Cyber Fellows program is a master’s degree initiative designed to respond to concern over the growing shortfall in the number of cybersecurity professionals, a gap estimated by several studies to be as high as 3.5 million by 2021. Recognizing that such a shortfall presents a major cyber risk in and of itself, NYU Tandon created a master’s program that overcomes the two factors that have kept individuals from pursuing degrees in this field: time and money. NYU Cyber Fellows receive scholarships that cover roughly 75% of tuition for US residents, and as a part-time program, that offers much of the course work online, it is also an accessible program for those currently working full-time.
BWG is an invite-only network for senior executives across technology, media and telecom. BWG industry professionals participate in a series of roundtables discussions, which are a valuable resource for market intelligence, business development and personal / professional networking.
Tags: Cybersecurity, Digital Disruption, Digital Transformation
Advisor to Board of Directors
Toda Financial
August 02, 2020
TECHNOLOGY TO ENABLE A NEW ECONOMY
Digital assets with speed, mobility, security, privacy & clear ownership
TODA, a decentralized protocol for ownership management, enables the secure and efficient creation, ownership, and transfer of meaningful digital assets, providing a transformational digital foundation from the bottom up. TODA can represent assets in any business setting: identity, goods, services, and of course, currency. In addition to TODA, there is also the Adot Protocol, an internet application protocol that enables interoperable digital asset trade.
Our TODA-as-a-Service platform, TaaS, gives direct access to TODA and provides unprecedented trust, efficiency, and interoperability to enterprises, banks, and governments. We provide business solutions including commodity backed digital currencies, payments, remittances, loyalty, audit, regulatory supervision and supply chains.
Tags: Blockchain, Cybersecurity, Digital Transformation
2020 IT Budgets: Iteration 6 - July 2020
BWG Strategy
July 31, 2020
We directly compare results across six versions and have committed to running this report monthly through the summer of 2020. These latest results highlight trend updates and sentiment shifts across the enterprise software ecosystem.
We found more signs of stagnating budget growth in 2020. The median rate of budget growth remains at 0% YoY, in-line with our June survey.
Tags: Business Strategy, Cybersecurity, Digital Transformation
Chair, Advisory Board
Talon Companies
June 01, 2020
Working with Talon's senior leadership to expand their services and geographic coverage.
Our highly specialized team has been doing Cybersecurity long before it became popular and mainstream. Unlike many other firms, we understand the operational needs and complexities of modern business realities. We have successfully delivered our expertise to the largest corporations, government agencies, and small to medium-sized businesses, and are ready to connect with you.
Tags: Cybersecurity, Digital Transformation, Risk Management
Columbia Technology Ventures
Columbia University
January 15, 2019
There has always been a special place in my heart for startups and innovative companies. As a Mentor for Columbia Technology Ventures and the IBM Blockchain Launch Accelerator, I work with startups in the areas of CyberSecurity, Artificial Intelligence (AI), and Blockchain to transform their ideas into sustainable businesses.
GRC: OneTrust vs. Apptega
IANS Research
January 24, 2024
A security team in the utilities industry is looking at GRC solutions, particularly OneTrust Certification Automation and Apptega. The team is leaning toward OneTrust but would like Faculty insights on the products. Specifically, the team asks:
* What insights do Faculty have on OneTrust and Apptega?
Tags: Business Strategy, Cybersecurity, Risk Management
Define Context Before Assigning Vendor Tiers
IANS Research
December 20, 2023
The Challenge
A security team in the construction/engineering industry would like Faculty’s recommendations for establishing vendor tiers for third-party risk management. Specifically, the team asks:
What differentiates a Tier 1 vendor from a Tier 3 vendor?
Keep RFIs Clear and Concise
IANS Research
December 20, 2023
The Challenge
A security team in the financial services industry would like to know how to mature their vendor request for information (RFI) process. Specifically, the team asks:
* What are best practices when sending an RFI?
* What questions should we be asking upfront?
* What is the best method for receiving RFIs?
* What teams should be involved?
* What threat intelligence exists around the RFI process?
* How are other organizations managing RFIs?
Tags: Business Strategy, Cybersecurity, Risk Management
Red Team Scenarios
IANS Research
December 07, 2023
This document provides a list of red team scenarios that simulate the actions of a threat actor after infiltrating the network. Each scenario includes various stages, such as gaining initial access, malware deployment, privilege escalation, network mapping and attempts to deploy ransomware.
To keep the scenarios current while also providing for expansion, the scenarios rely on resources available through the MITRE ATT&CK knowledge base, CISA and the NSA.
Incident Response Plan Template
IANS Research
November 28, 2023
The time for putting a comprehensive incident response plan (IRP) in place is well before you face an incident.
This template is for an operational IR guide for cybersecurity incidents, and it has been updated to comply with the SEC’s latest cybersecurity rules. Items in orange require customization.
D&O Liability Insurance: CISOs Need Coverage, Too
IANS Research
September 13, 2023
Directors and officers (D&O) liability insurance covers the directors and officers of a company against lawsuits alleging a breach of duty. This report explains the importance of D&O insurance for CISOs and offers tips for getting leadership buy-in.
Tags: Cryptocurrency, Digital Disruption, Risk Management
Review of Bank Secrecy Act Regulations and Guidance
Global Digital Currency and Asset Association (Global DCA)
February 14, 2022
The Financial Crimes Enforcement Network (FinCEN) is issuing this request for information (RFI) to solicit comment on ways to streamline, modernize, and update the anti-money laundering and countering the financing of terrorism (AML/CFT) regime of the United States. In particular, FinCEN seeks comment on ways to modernize risk-based AML/CFT regulations and guidance, issued pursuant to the Bank Secrecy Act (BSA), so that they, on a continuing basis, protect U.S. national security in a cost-effective and efficient manner. This RFI also supports FinCEN's ongoing formal review of BSA regulations and guidance required pursuant to Section 6216 of the Anti-Money Laundering Act of 2020 (the AML Act). Section 6216 requires the Secretary of the Treasury (the Secretary) to solicit public comment and submit a report, in consultation with specified stakeholders, to Congress by January 1, 2022, that contains the findings and determinations that result from the formal review, including administrative and legislative recommendations.
Tags: Cybersecurity, Digital Disruption, HealthTech
56 Analyst Reports
Pulse of Cyber GRC 2025. Expert views on evolving landscapes
Sprinto
November 15, 2024
Security leaders face a complex and tumultuous threat landscape as they gear up for 2025.
The expanding cloud surface area and the rapid proliferation of innovations like AI introduce both
promise and peril. An explosion of advanced persistent threats, mounting vulnerabilities in the
supply chain, increased third-party risks, and escalating regulatory pressures only compound the
complexities.
In this climate, integrating Governance, Risk, and Compliance (GRC) into core business processes
rather than treating GRC as an add-on is the need of the hour. In fact, 61% of organizations
believe that embedding risk with business strategy is a critical priority, indicating that there’s
ample room for optimal fitment. Indeed, the most resilient companies will be those shaped by and
aligned with GRC.
However, 72% of GRC professionals say their risk management capabilities haven’t kept pace
with the world.
So, how can security leaders better leverage and align GRC to business goals, and what
technologies are best suited to support such objectives?
Start Preparing for the NIS2 Directive
IANS Research
September 10, 2024
Designed to enhance the cyber-resilience of the European Union (EU), the Network and Information Security (NIS2) Directive greatly expands the range of organizations considered covered entities. However, before organizations can comply, member states must establish specific implementation and enforcement rules. This report explains the differences between NIS1 and NIS2 and provides guidance on how covered entities can prepare for NIS2.
Tags: Business Strategy, Cybersecurity, Risk Management
Reduce the Burden of Managing Policies and Standards
IANS Research
August 12, 2024
As cybersecurity grows as a business imperative, it becomes integrated into governance, risk management and compliance (GRC) practices. It is important for cybersecurity professionals to understand those practices and adopt lessons learned. This report describes best practices for managing changes to cybersecurity policies and standards.
Tags: Business Strategy, Cybersecurity, Risk Management
California Consumer Privacy Act (CCPA) Cheat Shee
IANS Research
August 07, 2024
The California Consumer Privacy Act of 2018 (CCPA) was signed into law on June 28, 2018 and went into effect on January 1, 2020. The CCPA provided consumers more control over their personal information collected and processed by businesses. In November of 2020, the CCPA was amended by Proposition 24, the California Privacy Rights Act (CPRA) Proposition 24, the CPRA, added new privacy protections. The CPRA took effect on December 16, 2020. Many of the provisions that modified provisions of the CCPA did not become operational until January 1, 2023.
India’s Digital Personal Data Protection Act Cheat Sheet
IANS Research
August 02, 2024
The Digital Personal Data Protection Act (DPDPA) was passed on August 11, 2023. The provisions of the DPDPA are yet to be defined and enforced. The Indian government is expected to produce rules to enable implementation of the law in the coming months. When the law comes into force, it will supersede the existing patchwork of data protection legislation—most notably, the rules under section 43A of the Information Technology Act of 2000.
No effective date has been established. There is no official timeline for the overall implementation. It is expected the law will come into force in a phased manner over the next 12 months. Two key milestones are required:
1. the data protection board must be established. The data protection board is the independent agency charged with enforcing the DPDPA.
2. The Indian government must complete rulemaking to establish the specifics, procedural steps and enforcement mechanisms.
Japan APPI Cheat Sheet
IANS Research
August 02, 2024
In Japan, The Act on the Protection of Personal Information Act No. 57 (APPI) was first passed in 2003.
The APPI gets a check-up every three years to ensure it remains relevant. In 2017, the APPI underwent a
major change to protect a special type of data. In 2020, the APPI was modified to strengthen the rules
when data is shared outside Japan and expanded the rules regarding data breaches.
Japan is among the countries that have enacted comprehensive consumer privacy laws, focusing on
giving residents control over their personal information and imposing specific obligations on businesses
regarding the handling of consumer data. Japan has one of the longest standing privacy frameworks.
Japan also requires compliance with sector-specific requirements issued by different parts of the
Japanese government. For example, the Ministry of Health, Labor and Welfare issued guidelines like the
Guidance for the Appropriate Handling of Personal Information by Medical or Care-related Service
Providers.
NIST CSF 2.0: What’s new and how to use it
OneTrust Data Protection Leader (DPL)
July 31, 2024
Version 2.0 of the Cyber Security Framework (CSF) treats cybersecurity as a business discussion. Cyber is a risk managed alongside other business risks, especially when it comes to risks driven by technology and data like privacy, supply chain, artificial intelligence (AI), and other forms of emerging technology. The word ‘risk’ appears in three times more subcategories than in version 1.1.
Tags: Business Strategy, Cybersecurity, Risk Management
New Jersey Data Protection Act Cheat Sheet
IANS Research
July 19, 2024
The New Jersey Data Protection Act (NJDPA) was passed on Jan. 16, 2024. It becomes effective and enforceable on Jan. 15, 2025. New Jersey is among the states that have enacted comprehensive consumer privacy laws, focusing on giving residents control over their personal information and imposing specific obligations on businesses regarding the handling of consumer data.
Utah Consumer Privacy Act Cheat Sheet
IANS Research
July 12, 2024
The Utah Consumer Privacy ACT (UCPA) was passed on March 24, 2022. It became effective on Dec. 31, 2023. Utah is among the states that have enacted comprehensive consumer privacy laws, focusing on giving residents control over their personal information and imposing specific obligations on businesses regarding the handling of consumer data.
Colorado Privacy Cheat Sheet for Infosec Professionals
IANS Research
July 12, 2024
The Colorado Privacy ACT (CPA) was passed on July 7, 2021. It became effective on July 1, 2023. Colorado is among the states that have enacted comprehensive consumer privacy laws, focusing on giving residents control over their personal information and imposing specific obligations on businesses regarding the handling of consumer data.
AI Resilience: A Revolutionary Benchmarking Model for AI Safety
Cloud Security Alliance (CSA)
May 05, 2024
The rapid evolution of Artificial Intelligence (AI) promises unprecedented advances. However, as AI systems become increasingly sophisticated, they also pose escalating risks. Past incidents, from biased algorithms in healthcare to malfunctioning autonomous vehicles, starkly highlight the consequences of AI failures. Current regulatory frameworks often struggle to keep pace with the speed of technological innovation, leaving businesses vulnerable to both reputational and operational damage.
This publication from the CSA AI Governance & Compliance Working Group addresses the urgent need for a more holistic perspective on AI governance and compliance, empowering decision makers to establish AI governance frameworks that ensure ethical AI development, deployment, and use. The publication explores the foundations of AI, examines issues and case studies across critical industries, and provides practical guidance for responsible implementation. It concludes with a novel benchmarking approach that compares the (r)evolution of AI with biology and introduces a thought-provoking concept of diversity to enhance the safety of AI technology.
The Role of Zero Trust in Reducing Your Cost of Security
The Audit Board
November 20, 2023
What is the zero trust security model and how does it work? How can it be used to reduce cost of compliance, cost of security, and cost of privacy?
Alex Sharpe provides a foundational understanding of zero trust and explains how you can leverage the model to achieve reductions in the cost of security.
Practitioners’ Guide to Managing AI Security
KPMG
June 21, 2023
The race to integrate AI into internal operations, and bring AI-based products and services to market, is moving faster than almost anyone could have imagined. Some security leaders have expressed concern that in the excitement over AI’s potential, critical security and assurance considerations are being overlooked.
Recognizing the disconnect between AI innovation and AI security, Global Resilience Federation convened a working group and asked KPMG to facilitate in-depth discussions among AI and security practitioners from more than 20 leading companies, think tanks, academic institutions, and industry organizations.
The output of this working group is the Practitioners’ Guide to Managing AI Security. The guide aims to provide insights and considerations that strengthen collaboration between data scientists and AI security teams across five tactical areas identified by the working group: Securing AI, Risk & Compliance, Policy & Governance, AI Bill of Materials, and Trust & Ethics.
The SEC’s Cyber Disclosures
Harvard Law School forum on Corporate Governance
June 03, 2022
This post is based on a comment letter on the SEC’s cyber disclosures submitted jointly by me, Shiva Rajgopal, and my co-author, Alex Sharpe. I chair both the Cybersecurity and Board Director programs for Columbia Business School, entitled Leading Cybersecurity at Your Organization and Corporate Governance Program: Developing Exceptional Board Leaders respectively. Alex Sharpe is long-time cybersecurity and business strategy professional with real-world operational experience. He has over 30 years of experience working in these areas nationally and internationally for both the public and private sectors including the U.S. Intelligence Community and regulators.
Tags: Cybersecurity, Digital Disruption, Risk Management
Federal Reserve. Central Bank Digital Currency (CBDC) “Money and Payments: The U.S. Dollar in the Age of Digital Transformation”
Global Digital Currency and Asset Association (Global DCA)
May 20, 2022
The Federal Reserve sought feedback on the pros and cons of a potential U.S. central bank digital currency (CBDC) to determine whether and how a CBDC could improve the safe and efficient domestic payments system.
Our submission:
- suggested guardrails and regulatory environment to provide trust and stability to foster adoption
- talks about the need for the U.S. to move out on a CBDC to remain the world's fiat currency
- potentially becomes an additional tool for monetary policy
- the possible use of a wholesale token (almost all suggestions to date have been retail-based)
- talks about how a CBDC could bank the unbanked and could also be used to
- potential for financial inclusion.
The Often-Forgotten Organizational Dimensions of Resilience and Digital Trust
ISACA Now Blog
August 30, 2024
Simply put, resilience is about remaining viable amidst adversity and being better for it. That means aligning technology strategy with business strategy and operations. It means moving away from a strategy of continually layering controls to mitigate cyber risk to a strategy where we consider different forms of risk treatments with an eye toward a collaboration among technology, people, processes and the organization.
Phil Venables, the CISO for Google Cloud and the Co-Chair of the Presidential Counsel of Advisors on Science and Technology (PCAST), said it best: “Connect the tone at the top with the resources in the ranks.”
Tags: Business Strategy, Cybersecurity, Risk Management
Malicious Cyber Activity Against Operational Technology (OT), especially Water: What You Can Do Today
Linkedln
December 10, 2023
The Energy, Food and beverage, Manufacturing, and Healthcare sectors are also affected.
Soon after the series of coordinated armed incursions into Israel by Hamas and the subsequent response by Israel, we saw a significant uptick in malicious cyber operations from Advanced Persistent Threat (APT) associated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC).
Tags: Business Strategy, Cybersecurity, Digital Transformation
Protecting Our Water Supply from Cyber Attacks
Linkedin
December 10, 2023
Soon after the series of coordinated armed incursions into Israel by Hamas and the subsequent response by Israel, we saw a significant uptick in malicious cyber operations from Advanced Persistent Threat (APT) associated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC).
The Energy, Food and beverage, Manufacturing, and Healthcare sectors are also affected.
Bottom Line: Basic blocking and tackling go a long way toward improving your cyber resilience. You must be especially mindful if your organization uses Israeli-made Unitronic’s Vision Series programmable logic controllers (PLCs). The hackers are prioritizing organizations using components manufactured by Israeli companies.
• Implement Multi-Factor Authentication (MFA)
• Use strong, Unique Passwords
• Check the PLCs for default passwords.
Tags: Business Strategy, Cybersecurity, National Security
The Zero Trust Device Pillar from NSA's Collaboration Center
Linkedin
October 21, 2023
This cybersecurity information sheet (CSI) provides recommendations for maturing
devices—the Zero Trust device pillar—to effectively ensure all devices seeking access
earn trust based on device metadata and continual checks to determine if the device
meets the organization’s minimum bar for access. The primary capabilities of the device
pillar are:
identification, inventory, and authentication
detection of unknown devices and configuration compliance checks of known
ones
device authorization using real time inspections
remote access protections
hardware updates and software patches
device management capabilities
endpoint detection and response for threat detection and mitigation
"The human element is the most common threat vector; it was the root cause of 82% of data breaches." Data Breach Investigations Report, 2022
Linkedin
October 19, 2023
Recent incidents at MGM and @Ceasers have demonstrated the real-world impact.
“Amateurs hack systems, professionals hack people.”
Bruce Schneier
Earlier this week, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and @Multi-State Information Sharing and Analysis Center (MS-ISAC) released guidance to raise awareness of the increased threat of #phishing as part of social engineering campaigns.
Tags: Business Strategy, Cybersecurity, National Security
SEC Cyber Security Rules - More Than Regulations and Transparency
Linkedin
August 01, 2023
It was hard to miss the SEC’s passing of the first of three proposed Cyber Rule (File Number S7-09-22) last week. A lot has been written about the specifics but very little has been written about the bigger picture, its impact on senior leadership, and the long-term significance.
Tags: Business Strategy, Cybersecurity, National Security
A Must Read: Posture Statement of General Paul M. Nakasone, Commander US Cyber Command
Linkedin
April 06, 2023
I am sure you have thought about the bad guys harming us – whether they be hackers seeking financial gains through #Ransomware or #APTs stealing our #IntellectualProperty. Have you ever asked yourself, who do we have? What is our offensive cyber capability that keeps the bad guys up at night? The answer is the U.S. Cyber Command.
Our offensive Cyber capability is increasingly engaged in neutralizing our adversaries.
Tags: Business Strategy, Cybersecurity, National Security
Steganography: the ability to hide secret messages
National Cryptologic Museum
January 19, 2023
An excellent video from the National Cryptologic Museum. We talk about things like #cybersecurity #criticalinfrastructureprotection #nationalsecurity and the like, but we forget the truly scary #threats are from the #APTs and their tradecraft.
#Steganography is the craft of hiding messages like invisible ink. It is gaining renewed interest, most recently from #AI.
https://lnkd.in/e_Q9vsDv
The National Cryptologic Museum sponsors many wonderful programs. You can email them here to find more. cchevents@nsa.gov
Tags: Cybersecurity, National Security, Risk Management
Featured Article: The Board's Role in Advancing Digital Trust
Information Systems Audit and Control AssociationInformation Systems Audit and Control Association (ISACA)
November 23, 2022
Tags: Business Strategy, Cybersecurity, Risk Management
Digital Trust Takes a Village
Information Systems Audit and Control AssociationInformation Systems Audit and Control Association (ISACA)
August 17, 2022
The World Economic Forum (WEF) estimates about 60% of the Global Economy comes from digital and that is only going to grow. Fostering Digital Trust is necessary as it becomes increasingly demanded by shareholders, customers, business partners, and regulators. Historically, digital has been the domain of I.T. That is no longer the case especially when it comes to building trust. Trust begins with the tone from the top and requires a concerted effort from the entire organization.
Tags: Business Strategy, Digital Transformation, Risk Management
DNA Is Also Data - The bad guys want it. How do we protect it?
Linkedin
July 18, 2022
The cyber industry has a long history of dealing with data and information in both paper and in digital formats. The information in our DNA is different. DNA is who we are. When compromised, it is not something we can change like a lost password or username or even a Social Security Number (SSN). We cannot even conceive of its value. There is no practical way of quantifying the financial impact of its loss.
Tags: Cybersecurity, Digital Transformation, Risk Management
USA: Are employers liable for breaches resulting from employee actions and what should they do about it?
https://www.dataguidance.com/
June 29, 2022
Now that 'cybersecurity' is a board-level conversation, the question of whether employers are liable for breaches resulting from employee actions is frequently discussed. While the answer is straightforward, what to do about it is much more nuanced. Alex Sharpe, Principal at Sharpe Management Consulting LLC, discusses a framework and the key questions to ask to protect, detect, and recover, resulting in five steps that may make a real difference.
Tags: Business Strategy, Cybersecurity, Risk Management
USA: Executive Order on Improving the Nation's Cybersecurity: What's different this time?
DataGuidance
May 18, 2021
"The art of [cyber] war is of vital importance to the State. It is a matter of life and death, a road either to safety or to ruin. Hence it is a subject of inquiry which can on no account be neglected."
- Sun Tzu.
On Wednesday, 12 May 2021, the Biden Administration issued an Executive Order on Improving the Nation's Cybersecurity. The fact sheet lists '...SolarWinds, Microsoft Exchange, and the Colonial Pipeline...' as recent motivations. Alex Sharpe, Principal at Sharpe Consulting LLC, takes a look at the historical context behind the Executive Order and analyzes what's different, and how to implement.
USA: Is CMMC enough to protect my business? Three things to consider today
DataGuidance
January 06, 2021
In the first two articles in the series Alex Sharpe, Principal at Sharpe Management Consulting LLC discussed low-cost things you can do today and what is not readily apparent until you start moving through your assessment. In this article, Alex addresses what the Cybersecurity Maturity Model Certification ('CMMC') does not cover that you will want to consider for your business.
Tags: Cybersecurity, Digital Transformation, Risk Management
USA: CMMC - what lies beneath
Data Protection Leader
November 02, 2020
In the first article in the series, USA: CMMC as competitive advantage and five things you can do today, Alex Sharpe, Principal at Sharpe Management Consulting LLC discussed why one shouldn't wait and the low-cost things you can do today to make your lives easier. In this article, Alex discusses what is not readily apparent until you start moving through your assessment. Think of it as an iceberg without the luxury liner. In the next article of the series, Alex will address what the Cybersecurity Maturity Model Certification ('CMMC') does not cover that may be critical to keeping your business, your customers and your partners secure. As always, your mileage may vary.
Tags: Cybersecurity, Digital Transformation, Risk Management
"Iran and Russia Interfering with our election – What You Can Do to Protect Your Vote.”
Talon Cyber Tec
October 23, 2020
US Intelligence Officials warned, state actors from Iran and Russia are using email to “intimidate voters, incite social unrest, and damage [the election]”. Apparently, they have obtained voter registration data and are sending threatening emails.
What can we as individuals and business units do to not be a victim?
Tags: Cybersecurity, Digital Transformation, Risk Management
"Is Social Media Critical Infrastructure?"
LinkedIN
October 22, 2020
Social Media is getting lots of attention especially with the upcoming election. Given the way it has woven its way into the way we work and live is it time to declare it Critical Infrastructure?
Tags: Business Continuity, Cybersecurity, Digital Transformation
USA: CMMC as competitive advantage and five things you can do today
OneTrust Data Guidance Insights
September 02, 2020
In this insight, Alex Sharpe, Principal at Sharpe Management Consulting LLC, who consults on cybersecurity, privacy, digital transformation, disruption, and other areas, draws on his experiences and provides a look into the Cybersecurity Maturity Model Certification, its advantages for organizations, and the key steps businesses can be taking to prepare. | Read more http://ow.ly/6jMQ50BfzRH
Tags: Cybersecurity, Digital Transformation, Risk Management
Digital Transformation – Adoption Requires a Catalyst - COVID the Ultimate Digital Disruptor
LinkedIN
August 20, 2020
COVID may prove to be the ultimate digital disruptor. In weeks we experienced between 5 and 10 years of digital adoption. It also accelerated Creative Destruction by the same amount and made the Cloud, Video and Collaboration the new mission critical applications.
Tags: Business Strategy, Digital Disruption, Digital Transformation
Disruption - What a Great Time to Pivot
LinkedIN
April 22, 2020
The CORONA Virus is rocking our worlds – no doubt. It is a scary time with lots of uncertainty. History tells us times like this cause a disruption which also means opportunity. Digital Adoption and Creative Destruction are both accelerated. Sir Isaac Newton created many of his foundational works while self-isolating from the plague. Many notable and highly successful companies have been started in the midst of
disruption. Apple, 3M, Microsoft, Burger King, Disney, and CNN just to name a few. Warren Buffet started what would become Berkshire Hathaway just before a market down turn. These scary times present opportunities for those willing to ask the right questions.
Tags: Business Strategy, Digital Disruption, Digital Transformation
When Blue Skies Meet Thin Air
LinkedIN
February 18, 2020
It’s a common scenario: The strategy gurus create a brilliant strategy – bold, forward-looking, expertly presented – but it completely fails when implemented. Why? Was it all thin air? Why do brilliant strategies fail? A successful implementation means that 1) Your organization is completely aligned with the new products, services or the new way of doing business, 2) Suppliers, re-sellers, analysts, distributors, analysts and customers think of you in terms of the new strategy, and 3) The business earns more money. This article talks about what happens when execution is not addressed in the planning phases.
Building the Corporate Intranet
Wiley
November 26, 1996
Building a corporate intranet requires integrating two very different technologies; web development tools and enterprise-wide legacy systems. Few people possess enough experience in both areas to successfully make these technologies work together. The authors, leading consultants at BSG, explain the tools and techniques necessary for building an Intranet system. This book show how to plan, design and build a corporate intranet system, including how to modify the business model, automate the business processes and the content.
Tags: Business Strategy, Cybersecurity, Digital Transformation
11 Coursewares
NYU Cyber Fellows Governance Module 2
New York Unviersity (NYU)
June 30, 2024
This week, we will begin by reviewing Risk Management concepts and the objective of risk mitigation. We will define Governance and outline the elements thereof. We will see how RM aligns with business objectives. Finally, we will cover standards, frameworks and regulations which govern the field.
Tags: Business Strategy, Cybersecurity, Risk Management
NYU Cyber Fellows Resilience Review Module 8
New York Unviersity (NYU)
May 06, 2024
This is the final week of class. There are no readings, but your final reflection is due in the discussion section. Our final lecture session will be a review and discussion. So make sure to bring any questions about the course content (or send them ahead of time).
Tags: Business Strategy, Cybersecurity, Risk Management
NYU Cyber Fellows Monitoring and Testing Module 7
New York Unviersity (NYU)
April 29, 2024
This week we will continue to hear from out partners at DTCC on the topic of cyber resiliency monitoring and testing. We will learn the importance of both functional and non-functional requirements, and explore resiliency testing methods such as assessments, failure mode analysis, service verification, and chaos experimentation. The challenges associated with testing cyber resiliency will also be addressed.
Tags: Business Strategy, Cybersecurity, Risk Management
NYU Cyber Fellows Security by Design & Default Module 6
New York Unviersity (NYU)
April 22, 2024
This week will feature a guest lecture from our partners at Depository Trust & Clearing Corporation (DTCC). We will delve into the necessity of designing for resilience within the financial industry, emphasizing the interconnectedness of various sectors and the importance of both business and technology resilience. Use cases and scenarios illustrate the types of failures, both physical and logical, that can occur, along with real-world examples. The delivery framework is outlined, detailing the DTCC technology model and its collaboration with AWS to implement a multi-region infrastructure tailored for financial services.
Tags: Business Strategy, Cybersecurity, Risk Management
NYU Cyber Fellows Security by Design & Default Module 5
New York Unviersity (NYU)
April 15, 2024
This week, we will learn about the concept of Security by Design & Default and what this concept means for businesses and customers. We will discuss the motivation leading to development of Security by Design & Default and explore the strategy and guidance supporting its implementation. Finally, we will do a deep dive into the principals supporting, and tactics for applying, Security by Design & Default.
Tags: Business Strategy, Cybersecurity, Risk Management
NYU Cyber Fellows Zero Trust Module 4
New York Unviersity (NYU)
April 08, 2024
This week, we will explore the Zero Trust Model. We will define Zero Trust and see how it differs from traditional models and how it better aligns with contemporary business models and IT operations. Will will discuss the role of Zero Trust in cyber resiliency and discuss the most current Zero Trust model, standards and initiatives.
Tags: Business Strategy, Cybersecurity, Risk Management
NYU Cyber Fellows Threat Landscape Module 3
New York Unviersity (NYU)
April 01, 2024
This week will provide an overview of the contemporary cyber threat landscape. We will delve into examples of threats facing organizations. We will look at the characteristics of threat actors and discuss the most common types of threat actors and their motivations. We will also cover the vulnerabilities that actors target.
Tags: Business Strategy, Cybersecurity, Risk Management
Resilience Overview and Origins - Module 1
New York Unviersity (NYU)
March 30, 2024
In this first week, we will start by going over the class structure and requirements. We will broach the topic of Cyber Resiliency Management by defining resilience and highlighting its importance. We will explore a overview of the core elements and prerequisites for resilience, while also placing it within a historical context.
Tags: Business Strategy, Cybersecurity, Risk Management
Special Topics in Computer Science, Cyber Resiliency Management
New York Unviersity
January 15, 2024
Resiliency management will introduce students to the concepts and applications of operational, business, and technology resiliency at the end of the course students will understand the history of resiliency, how to apply resiliency principles to their business and operations departments and enable resiliency architecture and testing into their technology development lifecycle. The Intention of the course is for the student to be empowered with a resiliency mindset and the frameworks to enable resiliency into all parts of any organization.
The IANS Faculty are at the core of our Decision Support service. This group of over 100 hands-on practitioners understands the key issues you face and delivers actionable recommendations, research, and step-by-step guidance. Our collection of independent experts spans nearly every field. For each security problem you need to address, IANS can connect you with someone "in the trenches."
Annual listing of 10 companies that are at the forefront of providing Cyber Security Service and transforming businesses
CIO Review Magazine
December 06, 2021
CIO Magazine Web Businenss 50/50 Award
CIO Magazine
July 01, 1999
Each year CIO magazine recognizes 50 Internet and 50 intranet/extranet sites that go beyond customary Web commerce practices to deliver outstanding business value. The Hackett Group's intranet-based knowledge management system called Mind~Share was awarded for its sophisticated knowledge engine and expansive knowledge base which seamlessly integrates structured and unstructured information to provide vital support to everyone in the company.
Tags: Business Strategy, Cybersecurity, Risk Management
Zero Trust Training (ZTT) Contributor
Cloud Security Alliance (CSA)
December 20, 2022
Earners of the Zero Trust Training (ZTT) Contributor badge have contributed to the content creation of the Cloud Security Alliance's ZTT courseware. They have demonstrated expertise in Zero Trust principles and pillars and collaborated with CSA to provide a comprehensive education course. With their contribution, they prioritized student understanding, accessibility, and vendor neutrality to ensure student success.
CCA's assess an organizations' adequacy and sufficiency of meeting the standard set forth by the Cybersecurity Maturity Model Certification (CMMC).
The CMMC program was established by the Department of Defense (DoD) to raise the cyber hygiene of the Defense Industrial Base (DIB). Theft of intellectual property (IP) and disruptions by Advanced Persistent Threats (APTs) weaken our National Defense, compromises the war fighters, and costs the U.S. economy north of $60B per year.
Tags: Business Continuity, Cybersecurity, Risk Management
3 Industry Council Chairs
Cloud Security Alliance (CSA) Zero Trust Leadership
Cloud Security Alliance (CSA)
November 15, 2022
Working Group Overview
This working group aims to develop Zero Trust standards to achieve consistency for cloud, hybrid and mobile endpoint environments. The topic of group discourse includes Zero Trust benefits, architecture, automation, and maturity models, publication reviews, and relevant industry forums and events.
What do we discuss?
During our meetings, we typically discuss changes in the industry and collaborate on projects the group is currently working on. This group will have the following nine workstreams:
* Zero Trust as a Philosophy & Guiding Principles
* Zero Trust Organizational Strategy & Governance
* Pillar: Identity
* Pillar: Device
* Pillar: Network/Environment
* Pillar: Applications & Workload
* Pillar: Data
* Automation, Orchestration, Visibility & Analytics
* Zero Trust Architecture, Implementation, and Maturity Model