You have been temporarily restricted. Please be more thoughtful when adding content for your portfolio. Your portfolio and digital media kit and should be reflective of the professional image you wish to convey. Accounts may be temporarily restricted if we receive reports of spamming or if the system detects excessive entries.
Membership
Publish your original ideas on the Thinkers360 platform!
This feature is available for Pro and Pro-Plus Members Only.
Speaker Bureau functionality whereby individuals can be featured speakers within our Speaker Bureau service and enterprises can find and work with speakers.
This feature is available for Pro, Pro-Plus, Premium and Enterprise Members Only.
Highlight your featured products and services within our company directory for enhanced visibility to active B2B buyers worldwide. This feature is available for Pro, Pro Plus, Premium and Enterprise Members Only.
Contribute to the Thinkers360 Member Blog and have your thought leadership featured on our web site, newsletter and social channels. Reach our opt-in B2B thought leader community and influencer marketplace with over 100M followers on social media combined!
You’ve reached your daily limit for entering quotes. Please only add personally-authored content which is reflective of your digital media kit and thought leadership portfolio.
Thinkers360 Content Library
For full access to the Thinkers360 content library, please join ourContent Planor become a contributor by posting your own personally-authored content into the system viaAdd PublicationorImport Publication.
Dashboard
Unlock your personalized dashboard including metrics for your member blogs and press releases as well as all the features and benefits of our member plans!
Work History.
Sharpe Management Consulting LLC
eForce, VP East Coast and Global Operations
The Hackett Group, Co-Founder
KPMG, Practice Leader
Booz Allen & Hamilton, Practice Leader
National Security Agency (NSA)
Formal Education.
Columbia Business School, two awards of merit
Digital Transformation, Finance, Strategy, Globalization
Value Investing
Johns Hopkins University, Masters
Systems Engineering, Operations Management, Program/ Project Management
New Jersey Institute of Technology (NJIT), BSEE
Computer Science, Math
Executive Education.
George Washington University, Engineering Economics
Carnegie Mellon University (CMU), Information Networking Institute (INI)
MIT
First Finance Institute (FFI)
Certifications.
CMMC RP
ISACA CDPSE (Certified Data Privacy Solutions Engineer)
INFOSEC (Cybersecurity) Analyst (NSA)
Cryptologic Engineer (NSA)
Mergers & Acquisitions (M&A)
Blockchain Technologies: Business Innovation and Application
Intellectual Property (IP)
Business Analytics
Globalization
Available For: Advising, Authoring, Consulting, Influencing, Speaking Travels From: Morristown, NJ Speaking Topics: Cybersecurity, Value Creation, Digital Transformation, Governance Risk Management and Compliance (GRC),, Critical Infrastructure
Speaking Fee
$1 (In-Person)
Alex Sharpe
Points
Academic
195
Author
578
Influencer
203
Speaker
209
Entrepreneur
390
Total
1575
Points based upon Thinkers360 patent-pending algorithm.
Sun Tzu and the Art of CyberSecurity (or Critical Infrastructure Protection)
This presentation is always well received especially when tailed to specific areas like Privacy, GRC, Risk Management, healthcare, Critical Infrastructure Protection, and the like.
Sun Tzu is traditionally credited as the author of The Art of War, an influential work on strategy that has affected both Western and East Asian philosophy. His works focus much more on alternatives such as stratagem, delay, the use of spies, the making and keeping of alliances, the uses of deceit.
Sun Tzu's work has been praised and employed in culture, politics, business, and sports, as well as modern warfare.
Technology Innovation While Mitigation Cyber Risk
Human productivity is driven by technical innovation. Whether it is the invention of the wheel or Artificial Intelligence (AI) the patterns are very consistent and the nature of the crucible that fuels the fire of innovation does not change. We explore these patterns, we look at current trends, and we talk through how to do this safely:
CMMC brings together national standards, and international standards, with industry-accepted principles of Global Risk Management & Compliance (GRC) to improve cyber hygiene for companies and critical infrastructure (CI). Currently mandated for suppliers to the US Department of Defense (DoD) it is being looked at all of the US Government and its Allies. The recent Executive Order (EO) and extension of EU sanction only accelerate the adoption.
This presentation is often focused on specific topics like special consideration of the Cloud, coexistence with other mandates like HIPA or GDPR, or timely topics like SolarWinds and Operational Resilience (OR).
Corporate Governance: Maximize Your Effectiveness In The Boardroom
Wharton Business School, University of Pennsylvania
March 15, 2023
Today’s organizations are working harder than ever to adapt to a rapidly changing world. This requires effective corporate governance that can help them increase their accountability and avoid major disasters while also being more responsive to stakeholder concerns and more transparent with investors. Whether you’re already on a board or looking to join one, this program will help you navigate unexpected enterprise risks while capably monitoring financial performance. From the technical responsibilities of a board to the nuances of guiding an organization through contemporary challenges, you’ll get a comprehensive overview of the role of corporate governance and gain critical insights into the realities of board service.
BWG is an invite-only network for senior executives across technology, media and telecom. BWG industry professionals participate in a series of roundtables discussions, which are a valuable resource for market intelligence, business development and personal / professional networking.
Tags: Cybersecurity, Digital Disruption, Digital Transformation
Advisor to Board of Directors
Toda Financial
August 02, 2020
TECHNOLOGY TO ENABLE A NEW ECONOMY
Digital assets with speed, mobility, security, privacy & clear ownership
TODA, a decentralized protocol for ownership management, enables the secure and efficient creation, ownership, and transfer of meaningful digital assets, providing a transformational digital foundation from the bottom up. TODA can represent assets in any business setting: identity, goods, services, and of course, currency. In addition to TODA, there is also the Adot Protocol, an internet application protocol that enables interoperable digital asset trade.
Our TODA-as-a-Service platform, TaaS, gives direct access to TODA and provides unprecedented trust, efficiency, and interoperability to enterprises, banks, and governments. We provide business solutions including commodity backed digital currencies, payments, remittances, loyalty, audit, regulatory supervision and supply chains.
Tags: Blockchain, Cybersecurity, Digital Transformation
2020 IT Budgets: Iteration 6 - July 2020
BWG Strategy
July 31, 2020
We directly compare results across six versions and have committed to running this report monthly through the summer of 2020. These latest results highlight trend updates and sentiment shifts across the enterprise software ecosystem.
We found more signs of stagnating budget growth in 2020. The median rate of budget growth remains at 0% YoY, in-line with our June survey.
Tags: Business Strategy, Cybersecurity, Digital Transformation
Chair, Advisory Board
Talon Companies
June 01, 2020
Working with Talon's senior leadership to expand their services and geographic coverage.
Our highly specialized team has been doing Cybersecurity long before it became popular and mainstream. Unlike many other firms, we understand the operational needs and complexities of modern business realities. We have successfully delivered our expertise to the largest corporations, government agencies, and small to medium-sized businesses, and are ready to connect with you.
Tags: Cybersecurity, Digital Transformation, Risk Management
Columbia Technology Ventures
Columbia University
January 15, 2019
There has always been a special place in my heart for startups and innovative companies. As a Mentor for Columbia Technology Ventures and the IBM Blockchain Launch Accelerator, I work with startups in the areas of CyberSecurity, Artificial Intelligence (AI), and Blockchain to transform their ideas into sustainable businesses.
Tags: Business Strategy, Cybersecurity, Risk Management
Red Team Scenarios
IANS Research
December 07, 2023
This document provides a list of red team scenarios that simulate the actions of a threat actor after infiltrating the network. Each scenario includes various stages, such as gaining initial access, malware deployment, privilege escalation, network mapping and attempts to deploy ransomware.
To keep the scenarios current while also providing for expansion, the scenarios rely on resources available through the MITRE ATT&CK knowledge base, CISA and the NSA.
Incident Response Plan Template
IANS Research
November 28, 2023
The time for putting a comprehensive incident response plan (IRP) in place is well before you face an incident.
This template is for an operational IR guide for cybersecurity incidents, and it has been updated to comply with the SEC’s latest cybersecurity rules. Items in orange require customization.
D&O Liability Insurance: CISOs Need Coverage, Too
IANS Research
September 13, 2023
Directors and officers (D&O) liability insurance covers the directors and officers of a company against lawsuits alleging a breach of duty. This report explains the importance of D&O insurance for CISOs and offers tips for getting leadership buy-in.
Tags: Cryptocurrency, Digital Disruption, Risk Management
Review of Bank Secrecy Act Regulations and Guidance
Global Digital Currency and Asset Association (Global DCA)
February 14, 2022
The Financial Crimes Enforcement Network (FinCEN) is issuing this request for information (RFI) to solicit comment on ways to streamline, modernize, and update the anti-money laundering and countering the financing of terrorism (AML/CFT) regime of the United States. In particular, FinCEN seeks comment on ways to modernize risk-based AML/CFT regulations and guidance, issued pursuant to the Bank Secrecy Act (BSA), so that they, on a continuing basis, protect U.S. national security in a cost-effective and efficient manner. This RFI also supports FinCEN's ongoing formal review of BSA regulations and guidance required pursuant to Section 6216 of the Anti-Money Laundering Act of 2020 (the AML Act). Section 6216 requires the Secretary of the Treasury (the Secretary) to solicit public comment and submit a report, in consultation with specified stakeholders, to Congress by January 1, 2022, that contains the findings and determinations that result from the formal review, including administrative and legislative recommendations.
Tags: Cybersecurity, Digital Disruption, HealthTech
45 Analyst Reports
The Role of Zero Trust in Reducing Your Cost of Security
The Audit Board
November 20, 2023
What is the zero trust security model and how does it work? How can it be used to reduce cost of compliance, cost of security, and cost of privacy?
Alex Sharpe provides a foundational understanding of zero trust and explains how you can leverage the model to achieve reductions in the cost of security.
Practitioners’ Guide to Managing AI Security
KPMG
June 21, 2023
The race to integrate AI into internal operations, and bring AI-based products and services to market, is moving faster than almost anyone could have imagined. Some security leaders have expressed concern that in the excitement over AI’s potential, critical security and assurance considerations are being overlooked.
Recognizing the disconnect between AI innovation and AI security, Global Resilience Federation convened a working group and asked KPMG to facilitate in-depth discussions among AI and security practitioners from more than 20 leading companies, think tanks, academic institutions, and industry organizations.
The output of this working group is the Practitioners’ Guide to Managing AI Security. The guide aims to provide insights and considerations that strengthen collaboration between data scientists and AI security teams across five tactical areas identified by the working group: Securing AI, Risk & Compliance, Policy & Governance, AI Bill of Materials, and Trust & Ethics.
The SEC’s Cyber Disclosures
Harvard Law School forum on Corporate Governance
June 03, 2022
This post is based on a comment letter on the SEC’s cyber disclosures submitted jointly by me, Shiva Rajgopal, and my co-author, Alex Sharpe. I chair both the Cybersecurity and Board Director programs for Columbia Business School, entitled Leading Cybersecurity at Your Organization and Corporate Governance Program: Developing Exceptional Board Leaders respectively. Alex Sharpe is long-time cybersecurity and business strategy professional with real-world operational experience. He has over 30 years of experience working in these areas nationally and internationally for both the public and private sectors including the U.S. Intelligence Community and regulators.
Tags: Cybersecurity, Digital Disruption, Risk Management
Federal Reserve. Central Bank Digital Currency (CBDC) “Money and Payments: The U.S. Dollar in the Age of Digital Transformation”
Global Digital Currency and Asset Association (Global DCA)
May 20, 2022
The Federal Reserve sought feedback on the pros and cons of a potential U.S. central bank digital currency (CBDC) to determine whether and how a CBDC could improve the safe and efficient domestic payments system.
Our submission:
- suggested guardrails and regulatory environment to provide trust and stability to foster adoption
- talks about the need for the U.S. to move out on a CBDC to remain the world's fiat currency
- potentially becomes an additional tool for monetary policy
- the possible use of a wholesale token (almost all suggestions to date have been retail-based)
- talks about how a CBDC could bank the unbanked and could also be used to
- potential for financial inclusion.
Tags: Business Continuity, Business Strategy, Digital Transformation
SolarWinds Breach Insight Report and Executive Briefing
BWG Strategy
December 21, 2020
80% of Fortune 500 Companies are affected.
We conducted an Insight Report on the recently announced SolarWinds exploit. Dozens of vendors are covered in this report, with actionable content. Security executives clarify key changes as budgets reshuffle in response to this crisis.
Tags: Cybersecurity, Digital Transformation, Risk Management
Solar Winds Breach - Insight Report and Executive Briefing
BWG Strategy
December 15, 2020
This 58 page report shows the impact of the breach on the software and cybersecurity industries. The report provides a nice analysis of winners, losers, and effects on IT budgets.
Tags: Cybersecurity, Digital Transformation, Risk Management
BWG IT Budget Pulse Dec 2020
BWG Strategy
December 15, 2020
December showed a QoQ acceleration of IT spending by at least a margin of 2:1.
Each month, BWG surveys its IT decision-makers' network across several areas of spend to develop a time series of budget expectations for 2020 and beyond.
Tags: Business Strategy, Cybersecurity, Digital Transformation
BWG Insight Report IT Budget Nov 2020
BWG Strategy
November 20, 2020
The average budget in our survey is expected to expand by 2% for full-year 2020, vs expectations of a 1% contraction in our prior report.
This is BWG’s 8th IT spend report, which we developed at the onset of COVID-19 to track key spending trends. Each month, BWG surveys its network of IT decision makers across several areas of spend to develop a time series of budget expectations for 2020 and beyond.
Malicious Cyber Activity Against Operational Technology (OT), especially Water: What You Can Do Today
Linkedln
December 10, 2023
The Energy, Food and beverage, Manufacturing, and Healthcare sectors are also affected.
Soon after the series of coordinated armed incursions into Israel by Hamas and the subsequent response by Israel, we saw a significant uptick in malicious cyber operations from Advanced Persistent Threat (APT) associated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC).
Tags: Business Strategy, Cybersecurity, Digital Transformation
Protecting Our Water Supply from Cyber Attacks
Linkedin
December 10, 2023
Soon after the series of coordinated armed incursions into Israel by Hamas and the subsequent response by Israel, we saw a significant uptick in malicious cyber operations from Advanced Persistent Threat (APT) associated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC).
The Energy, Food and beverage, Manufacturing, and Healthcare sectors are also affected.
Bottom Line: Basic blocking and tackling go a long way toward improving your cyber resilience. You must be especially mindful if your organization uses Israeli-made Unitronic’s Vision Series programmable logic controllers (PLCs). The hackers are prioritizing organizations using components manufactured by Israeli companies.
• Implement Multi-Factor Authentication (MFA)
• Use strong, Unique Passwords
• Check the PLCs for default passwords.
Tags: Business Strategy, Cybersecurity, National Security
The Zero Trust Device Pillar from NSA's Collaboration Center
Linkedin
October 21, 2023
This cybersecurity information sheet (CSI) provides recommendations for maturing
devices—the Zero Trust device pillar—to effectively ensure all devices seeking access
earn trust based on device metadata and continual checks to determine if the device
meets the organization’s minimum bar for access. The primary capabilities of the device
pillar are:
identification, inventory, and authentication
detection of unknown devices and configuration compliance checks of known
ones
device authorization using real time inspections
remote access protections
hardware updates and software patches
device management capabilities
endpoint detection and response for threat detection and mitigation
"The human element is the most common threat vector; it was the root cause of 82% of data breaches." Data Breach Investigations Report, 2022
Linkedin
October 19, 2023
Recent incidents at MGM and @Ceasers have demonstrated the real-world impact.
“Amateurs hack systems, professionals hack people.”
Bruce Schneier
Earlier this week, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and @Multi-State Information Sharing and Analysis Center (MS-ISAC) released guidance to raise awareness of the increased threat of #phishing as part of social engineering campaigns.
Tags: Business Strategy, Cybersecurity, National Security
SEC Cyber Security Rules - More Than Regulations and Transparency
Linkedin
August 01, 2023
It was hard to miss the SEC’s passing of the first of three proposed Cyber Rule (File Number S7-09-22) last week. A lot has been written about the specifics but very little has been written about the bigger picture, its impact on senior leadership, and the long-term significance.
Tags: Business Strategy, Cybersecurity, National Security
A Must Read: Posture Statement of General Paul M. Nakasone, Commander US Cyber Command
Linkedin
April 06, 2023
I am sure you have thought about the bad guys harming us – whether they be hackers seeking financial gains through #Ransomware or #APTs stealing our #IntellectualProperty. Have you ever asked yourself, who do we have? What is our offensive cyber capability that keeps the bad guys up at night? The answer is the U.S. Cyber Command.
Our offensive Cyber capability is increasingly engaged in neutralizing our adversaries.
Tags: Business Strategy, Cybersecurity, National Security
Steganography: the ability to hide secret messages
National Cryptologic Museum
January 19, 2023
An excellent video from the National Cryptologic Museum. We talk about things like #cybersecurity #criticalinfrastructureprotection #nationalsecurity and the like, but we forget the truly scary #threats are from the #APTs and their tradecraft.
#Steganography is the craft of hiding messages like invisible ink. It is gaining renewed interest, most recently from #AI.
https://lnkd.in/e_Q9vsDv
The National Cryptologic Museum sponsors many wonderful programs. You can email them here to find more. cchevents@nsa.gov
Tags: Cybersecurity, National Security, Risk Management
Featured Article: The Board's Role in Advancing Digital Trust
Information Systems Audit and Control AssociationInformation Systems Audit and Control Association (ISACA)
November 23, 2022
Tags: Business Strategy, Cybersecurity, Risk Management
Digital Trust Takes a Village
Information Systems Audit and Control AssociationInformation Systems Audit and Control Association (ISACA)
August 17, 2022
The World Economic Forum (WEF) estimates about 60% of the Global Economy comes from digital and that is only going to grow. Fostering Digital Trust is necessary as it becomes increasingly demanded by shareholders, customers, business partners, and regulators. Historically, digital has been the domain of I.T. That is no longer the case especially when it comes to building trust. Trust begins with the tone from the top and requires a concerted effort from the entire organization.
Tags: Business Strategy, Digital Transformation, Risk Management
DNA Is Also Data - The bad guys want it. How do we protect it?
Linkedin
July 18, 2022
The cyber industry has a long history of dealing with data and information in both paper and in digital formats. The information in our DNA is different. DNA is who we are. When compromised, it is not something we can change like a lost password or username or even a Social Security Number (SSN). We cannot even conceive of its value. There is no practical way of quantifying the financial impact of its loss.
Tags: Cybersecurity, Digital Transformation, Risk Management
USA: Are employers liable for breaches resulting from employee actions and what should they do about it?
https://www.dataguidance.com/
June 29, 2022
Now that 'cybersecurity' is a board-level conversation, the question of whether employers are liable for breaches resulting from employee actions is frequently discussed. While the answer is straightforward, what to do about it is much more nuanced. Alex Sharpe, Principal at Sharpe Management Consulting LLC, discusses a framework and the key questions to ask to protect, detect, and recover, resulting in five steps that may make a real difference.
Tags: Business Strategy, Cybersecurity, Risk Management
USA: Executive Order on Improving the Nation's Cybersecurity: What's different this time?
DataGuidance
May 18, 2021
"The art of [cyber] war is of vital importance to the State. It is a matter of life and death, a road either to safety or to ruin. Hence it is a subject of inquiry which can on no account be neglected."
- Sun Tzu.
On Wednesday, 12 May 2021, the Biden Administration issued an Executive Order on Improving the Nation's Cybersecurity. The fact sheet lists '...SolarWinds, Microsoft Exchange, and the Colonial Pipeline...' as recent motivations. Alex Sharpe, Principal at Sharpe Consulting LLC, takes a look at the historical context behind the Executive Order and analyzes what's different, and how to implement.
USA: Is CMMC enough to protect my business? Three things to consider today
DataGuidance
January 06, 2021
In the first two articles in the series Alex Sharpe, Principal at Sharpe Management Consulting LLC discussed low-cost things you can do today and what is not readily apparent until you start moving through your assessment. In this article, Alex addresses what the Cybersecurity Maturity Model Certification ('CMMC') does not cover that you will want to consider for your business.
Tags: Cybersecurity, Digital Transformation, Risk Management
USA: CMMC - what lies beneath
Data Protection Leader
November 02, 2020
In the first article in the series, USA: CMMC as competitive advantage and five things you can do today, Alex Sharpe, Principal at Sharpe Management Consulting LLC discussed why one shouldn't wait and the low-cost things you can do today to make your lives easier. In this article, Alex discusses what is not readily apparent until you start moving through your assessment. Think of it as an iceberg without the luxury liner. In the next article of the series, Alex will address what the Cybersecurity Maturity Model Certification ('CMMC') does not cover that may be critical to keeping your business, your customers and your partners secure. As always, your mileage may vary.
Tags: Cybersecurity, Digital Transformation, Risk Management
"Iran and Russia Interfering with our election – What You Can Do to Protect Your Vote.”
Talon Cyber Tec
October 23, 2020
US Intelligence Officials warned, state actors from Iran and Russia are using email to “intimidate voters, incite social unrest, and damage [the election]”. Apparently, they have obtained voter registration data and are sending threatening emails.
What can we as individuals and business units do to not be a victim?
Tags: Cybersecurity, Digital Transformation, Risk Management
"Is Social Media Critical Infrastructure?"
LinkedIN
October 22, 2020
Social Media is getting lots of attention especially with the upcoming election. Given the way it has woven its way into the way we work and live is it time to declare it Critical Infrastructure?
Tags: Business Continuity, Cybersecurity, Digital Transformation
USA: CMMC as competitive advantage and five things you can do today
OneTrust Data Guidance Insights
September 02, 2020
In this insight, Alex Sharpe, Principal at Sharpe Management Consulting LLC, who consults on cybersecurity, privacy, digital transformation, disruption, and other areas, draws on his experiences and provides a look into the Cybersecurity Maturity Model Certification, its advantages for organizations, and the key steps businesses can be taking to prepare. | Read more http://ow.ly/6jMQ50BfzRH
Tags: Cybersecurity, Digital Transformation, Risk Management
Digital Transformation – Adoption Requires a Catalyst - COVID the Ultimate Digital Disruptor
LinkedIN
August 20, 2020
COVID may prove to be the ultimate digital disruptor. In weeks we experienced between 5 and 10 years of digital adoption. It also accelerated Creative Destruction by the same amount and made the Cloud, Video and Collaboration the new mission critical applications.
Tags: Business Strategy, Digital Disruption, Digital Transformation
Disruption - What a Great Time to Pivot
LinkedIN
April 22, 2020
The CORONA Virus is rocking our worlds – no doubt. It is a scary time with lots of uncertainty. History tells us times like this cause a disruption which also means opportunity. Digital Adoption and Creative Destruction are both accelerated. Sir Isaac Newton created many of his foundational works while self-isolating from the plague. Many notable and highly successful companies have been started in the midst of
disruption. Apple, 3M, Microsoft, Burger King, Disney, and CNN just to name a few. Warren Buffet started what would become Berkshire Hathaway just before a market down turn. These scary times present opportunities for those willing to ask the right questions.
Tags: Business Strategy, Digital Disruption, Digital Transformation
When Blue Skies Meet Thin Air
LinkedIN
February 18, 2020
It’s a common scenario: The strategy gurus create a brilliant strategy – bold, forward-looking, expertly presented – but it completely fails when implemented. Why? Was it all thin air? Why do brilliant strategies fail? A successful implementation means that 1) Your organization is completely aligned with the new products, services or the new way of doing business, 2) Suppliers, re-sellers, analysts, distributors, analysts and customers think of you in terms of the new strategy, and 3) The business earns more money. This article talks about what happens when execution is not addressed in the planning phases.
Building the Corporate Intranet
Wiley
November 26, 1996
Building a corporate intranet requires integrating two very different technologies; web development tools and enterprise-wide legacy systems. Few people possess enough experience in both areas to successfully make these technologies work together. The authors, leading consultants at BSG, explain the tools and techniques necessary for building an Intranet system. This book show how to plan, design and build a corporate intranet system, including how to modify the business model, automate the business processes and the content.
The IANS Faculty are at the core of our Decision Support service. This group of over 100 hands-on practitioners understands the key issues you face and delivers actionable recommendations, research, and step-by-step guidance. Our collection of independent experts spans nearly every field. For each security problem you need to address, IANS can connect you with someone "in the trenches."
Annual listing of 10 companies that are at the forefront of providing Cyber Security Service and transforming businesses
CIO Review Magazine
December 06, 2021
CIO Magazine Web Businenss 50/50 Award
CIO Magazine
July 01, 1999
Each year CIO magazine recognizes 50 Internet and 50 intranet/extranet sites that go beyond customary Web commerce practices to deliver outstanding business value. The Hackett Group's intranet-based knowledge management system called Mind~Share was awarded for its sophisticated knowledge engine and expansive knowledge base which seamlessly integrates structured and unstructured information to provide vital support to everyone in the company.
Zero Trust Training (ZTT) Contributor
Cloud Security Alliance (CSA)
December 20, 2022
Earners of the Zero Trust Training (ZTT) Contributor badge have contributed to the content creation of the Cloud Security Alliance's ZTT courseware. They have demonstrated expertise in Zero Trust principles and pillars and collaborated with CSA to provide a comprehensive education course. With their contribution, they prioritized student understanding, accessibility, and vendor neutrality to ensure student success.
CCA's assess an organizations' adequacy and sufficiency of meeting the standard set forth by the Cybersecurity Maturity Model Certification (CMMC).
The CMMC program was established by the Department of Defense (DoD) to raise the cyber hygiene of the Defense Industrial Base (DIB). Theft of intellectual property (IP) and disruptions by Advanced Persistent Threats (APTs) weaken our National Defense, compromises the war fighters, and costs the U.S. economy north of $60B per year.
Tags: Business Continuity, Cybersecurity, Risk Management
3 Industry Council Chairs
Cloud Security Alliance (CSA) Zero Trust Leadership
Cloud Security Alliance (CSA)
November 15, 2022
Working Group Overview
This working group aims to develop Zero Trust standards to achieve consistency for cloud, hybrid and mobile endpoint environments. The topic of group discourse includes Zero Trust benefits, architecture, automation, and maturity models, publication reviews, and relevant industry forums and events.
What do we discuss?
During our meetings, we typically discuss changes in the industry and collaborate on projects the group is currently working on. This group will have the following nine workstreams:
* Zero Trust as a Philosophy & Guiding Principles
* Zero Trust Organizational Strategy & Governance
* Pillar: Identity
* Pillar: Device
* Pillar: Network/Environment
* Pillar: Applications & Workload
* Pillar: Data
* Automation, Orchestration, Visibility & Analytics
* Zero Trust Architecture, Implementation, and Maturity Model
AI Security & Trust Working Group
KPMG
May 05, 2023
The industry working group is designed for business leaders to engage on this critical topic undergoing explosive growth that will have deep impact on businesses and consumers alike. Attend to hear from industry experts covering business uses for AI, the security of AI models, policy and regulation, and its use by attackers and defenders.
CSA Cloud Key Management Working Group
Cloud Security Alliance (CSA)
May 13, 2022
Working Group Overview
The working group will author guidelines and best practices and promote standards that enhance the lives of technology professionals tasked with adopting and optimizing key management systems for use with cloud services.
What do we discuss during our meetings?
During these meetings, we typically discuss changes in the industry that relate to cloud key management and collaborate on projects the group is working on.
Tags: Cloud, Cybersecurity, Digital Transformation
The Operational Resilience Framework (ORF), Global Resilience Federation, Business Resilience Council
Global Resilience Federation
April 21, 2022
The Operational Resilience Framework (ORF) working group is inviting security and resilience professionals to provide public comment on the project.
Traditional disaster recovery and business continuity efforts, often insufficient in the face of ransomware and other emerging threats, have focused on data recovery with little attention to providing services during an impaired state.
In 2021, the Global Resilience Federation’s Business Resilience Council (BRC) launched a multi-sector working group to develop the Operational Resilience Framework. The framework provides rules and implementation aids that support a company’s recovery of immutable data, while also – and uniquely- allowing it to minimize service disruptions in the face of destructive attacks and events.
Download a copy of the framework https://www.grf.org/orf and send your comments to orf@grf.org.
This multi-sector project was designed to be broadly applicable and is aligned with existing controls like those from NIST and ISO. This draft of the rules will be publicly available through June 30, 2022 and then tested in several corporate environments before being finalized.
Special thanks to ORF working group Chairman Trey Maust, as well as members Bob Blakley, Jon Washburn, Alex Sharpe, Dr. George S., Charles Blauner, and Simon Chard.
Tags: Business Continuity, Business Strategy, Risk Management
Business Resilience Council (BRC), Operational Resilience (OR) Task Force
Global Resilience Federation (GRF) Business Resilience Council
February 15, 2021
The Business Resilience Council (BRC) is a member-driven, analyst-supported, multi-sector community created to foster sharing and cooperation regarding significant incidents, threats and vulnerabilities that impact business operations of critical infrastructure and supporting sectors. The BRC provides members with business continuity, disaster response, and resilience information and best practices on physical security issues such as major weather events, pandemics and other natural disasters, as well as geopolitical threats, civil unrest and terrorism. The BRC also focuses on destructive malware attacks that can result in the major disruption of integrated IT or OT systems.
The BRC is designed for businesses with regional, national and international footprints that must manage significant crises and navigate response scenarios in order to maintain business operations.
The BRC fosters a broad, holistic community. Resilience professionals from critical infrastructure (CI) sectors are invited to join the community, as well as practitioners from organizations that provide significant support to Critical Infrastructure (CI) sectors.
Case Study - Pinkerton. Monitoring Global Growth with Budgeting and Forecasting
Thomson Reuters
June 30, 2016
Pinkerton was able to reduce global financial reporting from days to minutes. They also created operational dashboards so the field could manage day-to-day operations.
For more than a century, Pinkerton has been a leader in helping keep companies and their assets safe and secure. With offices on almost every continent, Pinkerton prides itself in offering innovative services, such as executive protection, corporate risk management, investigation, and employee screening.
Tags: Cryptocurrency, Digital Transformation, Metaverse
DARPA End User Security Manager
Defense Advance Research Projects Administration (DARPA)
April 17, 1995
Some of the original research and Intellectual Property (IP) in the area of:
- Data Loss Prevention (DLP)
- Data Loss Detection (DLT)
- Software Policy Enforcement
Tags: Business Strategy, Cybersecurity, Risk Management
1 Journal Publication
Comments on the SEC’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, File Number S7-09-22
Columbia Business School, Corporate Governance and Cybersecurity Leadership Program
May 09, 2022
The Securities and Exchange Commission (“Commission”) is proposing rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and cybersecurity incident reporting by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. Specifically, we are proposing amendments to require current reporting about material cybersecurity incidents. We are also proposing to require periodic disclosures about a registrant's policies and procedures to identify and manage cybersecurity risks, management's role in implementing cybersecurity policies and procedures, the board of directors' cybersecurity expertise if any, and its oversight of cybersecurity risk. Additionally, the proposed rules would require registrants to provide updates about previously reported cybersecurity incidents in their periodic reports.
Tags: Business Strategy, Cybersecurity, Risk Management
7 Keynotes
Keynote: Guiding Principles for Implementing Zero Trust
Cloud Security Alliance (CSA)
November 15, 2023
Every Zero Trust journey is unique to the organization. Every Zero Trust journey is also alike and shares the same guiding principles. The Cloud Security Alliance (CSA) pulled these guiding principles into a document published in July. In this presentation, we will talk through those Guiding Principles, the common themes, and how they can be used to ensure the success of your Zero Trust efforts. The recent CSA Zero Trust Guiding Principles document can be found *here*.
Hopkins Discourse & Dinner Series: Artificial Intelligence with Alex Sharpe
Johns Hopkins University (JHU)
October 05, 2023
Artificial Intelligence (AI) is simultaneously emerging in all sectors and parts of our lives. This open conversation will traverse the broadness of artificial intelligence. Discuss the benefits, drawbacks, and misunderstandings around AI including from movies and science fiction. Explore how disruption from AI is different than what we usually experience with other technological advances. Discover the impacts of AI on society and our industries. Learn how most people have been using AI for years without even knowing it!
Keynote to Amareness Month: Awareness: The Under Appreciated Defense The Role of People in Cyber Defense
Pension Benefits Guarantee Corporation (PBGC)
October 03, 2023
When the employees are self-aware of these threats you greatly reduce the number of incidents that occur because of human error. The bad actors know technology is our strongest defense so they are turning their attention to social engineering, disinformation, and misinformation. North of 90% of cyber attacks require a human to do something silly. Humans are also our greatest defense. In this keynote to Awareness Month the value of awareness is highlighted.
Tags: Business Strategy, Cybersecurity, Risk Management
Sun Tzu and the Art of Cyber War – the Global Supply Chain
Infragard National Sector Security & Resiliency Program (NSSRP)
March 18, 2021
Cybersecurity in the supply chain is no longer just an IT problem. Maritime, intermodal, rail and port security must work as an integrated whole. Those who want to do us harm range from nation states and terrorists to criminal elements and activists. The unfortunate reality is the gains in productivity from technology have left us more exposed than ever. Those who want to do us harm have integrated cyber, kinetic, physical, and reputational threats into orchestrated attacks. Our defenses must be as deliberate as well.
Tags: Business Strategy, Cybersecurity, Supply Chain
48 Media Interviews
Embracing AI – Alex Sharpe – PSW #810
SC Magazine
December 13, 2023
Embracing AI – Alex Sharpe – PSW #810
In this episode of Paul's Security Weekly, Alex Sharpe, a cybersecurity expert, discusses the use of AI in various fields, including cybersecurity. He emphasizes the need for a public-private partnership in regulating and controlling AI, as well as the importance of implementing guardrails to ensure safety and security. Sharpe suggests that AI can be used in incident detection and improving productivity in the cybersecurity field. He also highlights the potential risks and challenges associated with AI. Overall, Sharpe encourages the adoption of AI in cybersecurity and the exploration of its various applications.
The Ultimate Insider Guide To Navigating The New SEC Cyber Rules
Netswitch
December 07, 2023
This unique event is tailored specifically for Boards, Directors & C-Suite and will be led by expert Alex Sharpe .
With over 20 years in the field, Alex brings massive experience and insights in Cybersecurity, Risk Management, Cloud Technology, Business Strategy, and Operational Resilience.
Topics will include:
️ How the 2024 SEC Cyber Rules might impact your business operations and strategy.
️ Strategies to automate processes, reduce costs, and stay ahead of SEC changes.
️ Navigating the impact of SEC regulations on the business landscape.
️ Expert advice on how to utilize your current tools to respond to these changes.
️ Proven techniques to thrive, not just survive, in the new regulatory environment.
Alex is a thought leader, start-up builder, and proven strategist.
Get ready to leverage his expertise for better understanding, compliance, and success in the face of new SEC rules.
Key takeaways include cost savings, efficiency, stronger compliance, and an alignment of risk management with business objectives.
Join us for this one-off LinkedIn Live and discover how to turn these challenges into triumphs .
Tags: Business Strategy, Cybersecurity, National Security
Politicians don't have to fear AI replacement, thanks to 'legacy,' need for 'discourse': expert
Fox News Digital
July 30, 2023
A British peer in the House of Lords suggested artificial intelligence (AI) could easily replace its members in the near future. But one expert argued the desire for tradition and trust in the human element when making major decisions will likely delay AI adoption.
Budget-Friendly TPRM Options for Small Orgs
IANS Research
June 07, 2023
The Challenge
A security team in the manufacturing industry would like to get recommendations on third-party risk management (TPRM) providers. The organization is small, and they have budget constraints, so the team is hoping Faculty can provide recommendations that are budget friendly. Specifically, the team asks:
Tags: Business Strategy, Cybersecurity, National Security
CREATING BUSINESS VALUE WHILE MITIGATING CYBER RISK
Big News Network
March 30, 2023
The success of any business depends on how it manages risk without impinging value creation. Technology adoption, the introduction of diverse thoughts, and innovation are more important than ever to business leaders in a digital world. The corporate world requires too many advancements to remain competitive. Businesses need to embrace innovations and automate day-to-day operations to remain competitive. The introduction of digital transformation has compelled companies to adopt digitalization to boost productivity, expedite operations, and reduce risk. The market is more competitive than ever, and customers/clients expect value-added services from the companies. Therefore, each company needs to improve its productivity and stay up-to-date with the new technology. Businesses that do not follow the recent trends in the industry may fall behind and continue to lose market share. We are in an era when businesses must embrace technology to remain competitive and retain existing customers while growing market share.
Helping Businesses Mitigate their Cybersecurity Risks
US Reporter
March 28, 2023
The advent of technology has led businesses towards digital transformation. Years ago, it was a value-added strategy for businesses to embrace digital presence. Today, it has become compulsory for all businesses – whether small or large brands. Business owners tend to stay up-to-date with advanced technology while automating the workflow and expediting work processes. The inventions have made things efficient in the business, improving productivity and boosting revenue. However, every new technology comes with some unintended consequences.
Tags: Business Strategy, Cybersecurity, Risk Management
Alex Sharpe - Helping Business Grow by Leveraging a Vast Experience in Cybersecurity and Digital Transformation
US Times Now
March 21, 2023
Business growth in the digital age is not as easy as it was a couple of decades ago, but the current age has provided many opportunities. Businesses that can understand the need to grasp newer technology and adapt unique innovations can achieve the success they seek. The term digital transformation gets used a lot to open doors, but the idea is as profound as any other important aspect of a business. In fact, digital transformation is an idea as old as the introduction of digital technology in its early days.
The businesses that grasped the profundity of the idea early on were able to gain massive success and are currently the market leaders. Businesses that appeared on the scene much later and adapted
to digital transformation were also able to gain an edge compared to businesses that stuck to the old
ways of operating. The idea is an important aspect of operating a business in the current digital era that businesses can't imagine gaining a semblance of success without being digitally transformed. In fact, there is no other way to be successful if a business decides to compete with other businesses today. If a business is not equipped with digital technology today, it can never be able to attain success in the current situation. The recent years' experiences have made it quite clear that only the businesses that were already equipped with digital technology were able to survive the era of uncertainty and the tumultuousness of recent times.
Tags: Business Strategy, Cybersecurity, Digital Transformation
ALEX SHARPE – ENABLING DIGITAL GROWTH FOR BUSINESSES BY UTILIZING A VAST EXPERIENCE IN CYBERSECURITY
BBN Community
March 21, 2023
The digital age has proven to be a boon to businesses in terms of success and growth. The increased frequency of introducing novel and unique ideas and technology in this era has changed and improved how enterprises conduct business. The digital era has made the process of conducting business more streamlined and enabled companies to think in newer ways and introduce innovation. Driven by data, the new way to do business has also introduced new challenges.
Tags: Business Strategy, Cybersecurity, Innovation
ALEX SHARPE - CONSULTING BUSINESSES FOR TECHNOLOGICAL INNOVATION AND VALUE CREATION
The Open News
March 21, 2023
Technology and digitalization have changed the way people live today. The advent of technology has updated almost everything in the world. From healthcare to education, everything depends on innovations and digital transformation. Businesses are also transforming with technology while producing more effective products in less time.
Technological factors have made every industry so competitive that no entrepreneurs can grow with the same traditional ideas and old technologies. Companies need to embrace new technology to give tough competition to competitors. Customers prefer companies that provide more advanced services and quality products. Businesses that do not embrace new technologies cannot climb the ladder of success. As a result, the competitors will attract all the customers with a more advanced strategy. Businesses need to accept innovations to gain potential growth. Or else customers will not trust the brand with the same old business tactics. Most companies feel reluctant to jump into the new digitalized world due to a lack of well-trained staff and essential knowledge. In such a situation, business consultants are the life saviors of such companies. These professional individuals help businesses grow to the next level of success while implementing advanced strategies with innovations. One such professional in the consultancy firm is Alex Sharpe - a Cybersecurity and risk management consultant.
Tags: Digital Transformation, Innovation, Risk Management
ENABLING BUSINESSES TO THINK OUT OF THE BOX
One World Herold
March 21, 2023
Businesses are dynamic entities that are not meant to be in a stagnant state. A state of inertia may be positive in some situations but never in terms of a business. This means growth is the beat that all businesses dance to. Attaining growth, be it steady and gradual or sudden and meteoric, is always the bottom line that businesses are built for. Although the more organic the growth is, the more long-lasting it is. A business must constantly keep working at streamlining and right-sizing all its functions to attain organic growth.
This streamlining should be an umbrella process encompassing the entire organization. The synchronicity of changes ensures that no stone is left unturned and no department is left behind. Only in such a manner can the positive implications of the changes be enjoyed by a business. And once a business steps into the next level of evolution in growth, the sophistication of the steps required to continue that growth also needs to ramp up. The first thing that businesses need to do is assess the competition.
PROVIDING AN EDGE TO BUSINESSES IN THE MODERN WORLD
Seekers Time
March 21, 2023
Businesses can be compared to living entities that need to survive in a harsh environment. To analyze this comparison, one needs to break down the elements involved within it. We have the living entity that is the businesses, then we have the aspect of survival, which can be understood as the existence of the business, and finally, we have the harsh environment, and that can be an analogy of the competition with other businesses. So, the growth of a business is what keeps it going and thriving.
From that comparison, we understand that although basic survival is used as an analogy for a business’s existence, the actual strategy of all businesses is to keep growing. Some say, “Grow or die.” From the starting point, all businesses need to keep growing. Otherwise, the very existence of a business comes into question. In other words, the need for a business to keep growing is intrinsically tied to its existence. So, if a business is not growing, it is already in a critical condition, never mind if the business is covering its expenses. The bottom line is that the business is depleting its reserves, essentially consuming itself.
Tags: Business Strategy, Cybersecurity, Digital Transformation
REAPING THE REWARD OF CONTEMPORARY TECHNOLOGY
London Daily Post
March 21, 2023
Nothing is permanent, including the ways of doing business. Situations change, and needs evolve over time as technology advances. The way people live today is not how they lived in the past. The advent of technology has changed our lifestyle. Everyone is surrounded by innovations, which have influenced almost every aspect of life. Technology has improved everything, including how people travel, how they communicate, how they learn, and how they do business. Gone are the days when businesses were dependent on traditional marketing, which was costly and came with uneven results. Digitalization has embraced digital marketing, reduced costs, and improved results. Businesses know technology can accelerate their operations while reducing costs and boosting productivity. Nowadays, businesses rely on innovative strategies that help them spread the business message to the masses and enable them to boost revenue. However, disadvantages also exist where there are advantages, threatening to disrupt our business activities. In the Information Age, businesses and individuals are at high risk of becoming victims of cyberattacks, even more as the digital world moves into the Metaverse.
Tags: Business Strategy, Cybersecurity, Digital Transformation
MITIGATING CYBER RISK FOR VALUE CREATION AND DIGITAL GROWTH
DigiHerald
March 20, 2023
The continuous technological advancements are creating competition across all industries. Businesses that embrace innovations are more productive and more competitive than the companies that don’t! The future belongs to digitalization. Blockchain technology, web 3.0, and digital marketing are just hints of what the future holds. Technologies like Metaverse will boost adoption of virtual reality, artificial intelligence (AI), and automated business processes (RPA). Customers will require 100% quality in customer care, products, and overall services. That’s all possible if a company embraces technology. Companies that still work on previous technology may soon experience a downfall. Competitors with innovative solutions may occupy the entire market in the future. Businesses need to think out of the box and create unique strategies to reach top-level success. All business operations and processes will someday include virtual reality and artificial intelligence. In case of any compromise, a business may succumb to huge loss and overall financial instability. Companies that have developmental plans to grow parallelly with the technology will boost revenue, whereas businesses without plans for the future may collapse. There are numerous technological factors that business owners need to consider. Things include embracing technology for value creation and digital growth. This cybersecurity is an essential element that no business leader can avoid even today! It is a must-do strategy for individuals, entrepreneurs, financial leaders, and all-level businesses.
Tags: Cybersecurity, Digital Disruption, Innovation
CREATING DIGITAL GROWTH OPPORTUNITIES FOR BUSINESSES
InstaBulletin
March 20, 2023
The opportunities for businesses in the digital age are expanding at an astronomical rate. The digital era has enabled elegant innovations and the introduction of new technologies that were never thought possible before. But this rapid growth has also presented a new set of unique issues to the digital era. Many of these issues are the product of the growing dependence on digital means of data transmission, and as data of a sensitive nature becomes vulnerable, businesses can face serious threats that can cripple them or even cause a complete collapse.
Tags: Cybersecurity, Digital Transformation, Innovation
A PROFESSIONAL CYBERSECURITY CONSULTANT WHO HAS RUN A BUSINESS
eNews20
March 20, 2023
With innovation skyrocketing to a whole new level every day, the modern business landscape has evolved to something completely different than before. With innovation becoming radically intrinsic to growing a business, the issues that businesses deal with inevitably have also evolved. One of these issues is cybersecurity.
Cybersecurity is much more crucial to businesses than ever before. The issue of data security has taken on a much more profound and menacing visage. As information drives business today, and data is the lifeblood, the theft of precious data is a perilous concept for businesses. And with malicious entities and shady characters wielding much more sophisticated tools and techniques than ever before, cybersecurity has become a board conversation.
Hackers and crackers are more sophisticated than ever before. The bad guys can analyze a business’ security posture to exploit a chink in the armor to exfiltrate sensitive data. More sophisticated tools are freely available today that are easily accessible equally by individual hackers and large nation-states. A shady individual with enough interest and patience can bring down a business through data theft or planting malicious code inside the business’ servers and demand payment for the return of operational data.
ENABLING BUSINESSES TO THINK OUT OF THE BOX
Tribune
March 20, 2023
Businesses are dynamic entities that are not meant to stand still. A state of inertia may be positive in some situations but never in terms of a business. Growth is the beat that all businesses dance to. Attaining growth, steady and gradual or sudden and meteoric, is always the bottom line that businesses are built for. Although the more organic the growth is, the more long-lasting it is. A business must constantly streamline and right-size all its functions to attain organic growth.
This streamlining should be an umbrella process encompassing the entire organization. The synchronicity of changes ensures that no stone is left unturned and no department is left behind. Only in such a manner can the positive implications of the changes can be enjoyed by a business. And once a business steps into the next level of evolution in growth, the sophistication of the steps that can promote growth also needs to ramp up. The first thing businesses must consider is what market forces are creating headwinds.
Cover Story/ Feature - Top Five significant Business Leaders, Ruling the Modern Industry 2022
CIO Times
August 01, 2022
A leader, whether in society or business plays a crucial role in giving direction to the society or organization. It is the leader who is responsible to make every person aware of where they stand and where they want to go as a team.
The modern industry is fraught with challenges. A dynamic environment, inflation at the peak, civic unrest in parts of the world, a pandemic, and evolving technology are some key issues that often evoke fear and restlessness in teams. Such situations need leaders of high caliber and proven expertise to motivate the team and keep them working towards the common company goal. Only then can they succeed as a team and as a business.
To steer the team through, leaders must communicate effectively and clearly. Nothing works like words of assurance followed by action that reinforces a positive outlook and attitude. Clear communication about what is expected of them helps employees to work better and focus on meeting or even exceeding the expectation.
Leaders must also be ready to make some tough decisions. Right action must be taken at the right time and not delayed on the pretext of being under analysis. Decisions, however tough they may be, are important to give direction to the team and instill confidence that they are on the path to progress.
In this edition of Top Five significant Business Leaders, Ruling the Modern Industry 2022, we bring you some business leaders who understand the risks but are not avert to taking them and grow with each challenge. The edition features Alex Sharpe on the cover. Also featured here are Asokan Ashok, Paul Guenther, Normanie McKenzie Ricks, and Arthi S Rabikrisson. These significant leaders inspire their workforce with their thoughts and actions t achieve the common goal of growth and success.
Live Panel of CSA ZT Experts - Ask Them Anything
Cloud Security Alliance (CSA)
November 15, 2023
The CSA has assembled a live panel of Zero Trust Experts to answer your questions and discuss any topic you want in real time. Learn from our panel of industry leading experts who will share their insights on tools and methodologies that help shed light on emerging trends and strategies for ensuring a secure Zero Trust environment.
AI: Living in a George Jetson World
Johns Hopkins University (JHU)
October 26, 2023
Sponsored by the Office of Alumni Relations Lifelong Learning and Alumni in Technology
Join us for an engaging panel discussion on Artificial Intelligence: Living in a George Jetson World moderated by Efrem Epstein, A&S '90 with digital transformation and artificial intelligence experts Alex Sharpe, Engr '95, Bill Kirst, A&S '00, Kate Sperber, A&S '95 and Dr. Charles Johnson-Bey, Engr '89.
Explore the connections to the world that George Jetson lived in. Discuss the pace of change with this new technology. Discover the disruptions we are likely to see with artificial intelligence in the future. Learn about the impacts of AI on knowledge workers, laws, creativity, music, and the entertainment industry from experts.
NetraBank: Exploring a future of secure, resilientand compliant digital banking.
NetraScale Summer Tech Events
June 08, 2023
How can we design a secure,resilient, and compliant digital bank for the future?
The interactive webinar will focus on a range of topics, including:
* Cyber security
* Data privacy
* Sustainability
* Operational Resilience
* Compliance
* Artificial Intelligence (AI)
* Intelligent Process Automation (IPA)
* Quantum Information Systems
CTG Physical Cyber Convergence Conference DMV May 2023
CTG Intelligence
May 11, 2023
Is security 'modernization' about getting left of bang? Was resilience ever out of the remit of security? Can MSSPs bundle partnerships with physical security colleagues? Does that make them more resilient? Big questions at the Physical Cyber Convergence Forum in Alexandria VA! #MSSDMV
Thank you to our sponsors Samaritan Protective Services The North Group, Inc Ontic Riley Risk Inc. Red Five for making the event possible and our media partners Circuit Magazine Access Control Executive Brief MSSNetwork!
Tags: Business Strategy, Cybersecurity, Risk Management
Looking Back at the Secure Data Network System (SDNS)
Nationall Cryptologic Foundation
May 12, 2022
SDNS is a little-known effort driven by the National Security Agency (NSA) in the 80s that made the Internet safe and laid the foundation for secure online commerce. It envisioned the world we live in today with the Cloud, Zero Trust, End Point Security, and the like. SDNS took a revolutionary approach of forming public/ private partnerships and working with standards bodies like NIST and ISO to foster adoption.
CMMC - What it is, what it is not and dates to watch.
FBI Infragard Houston Chapter
November 17, 2020
The Department of Defense (DoD) in an effort to increase the cybersecurity posture of the US and its Allies have created the Cybersecurity Maturity Model Certification (CMMC). Anyone doing business with the DoD must be certified at a level based on the risk they present to our Critical Infrastructure (CI). This panel is part of a series sponsored by the Federal Bureau of Investigation (FBI) outreach (Infragard) to help defense contractors navigate and prepare.
Tags: Cybersecurity, Digital Transformation, Risk Management
2020 CMMC PREPAREDNESS: AN ESSENTIAL GUIDE FOR CLEARED DEFENSE CONTRACTORS
Infragard
September 29, 2020
This panel discussion will focus on CMMC for small and medium sized businesses. We will provide an overview of CMMC and what it means for you. We will discuss how to prepare for the audit and certification process, avoiding the appeals process by getting it right the first time, etc. There will be a specific focus on the top five things you can do now to prepare and the top three business drivers that will reward those who start preparing now instead of waiting for the CMMC to be finalized. We will talk through the ins and outs of the CMMC criteria developed from years of street knowledge by working with the base standards. Speakers will include Alex Sharpe, a 30 year veteran Cybersecurity and Digital Transformation expert, Bob Ashcraft, CEO of CMMC-Solutions and currently working on CMMC readiness with a Prime CDC, John Callahan, Co-Director of the San Diego State University Cyber Tech Academy and Chief Technology Officer for Partnership Solutions International (PSI), Rusty Sailors, CEO of Protecting Tomorrow, etc.
Tags: Cybersecurity, Digital Disruption, Future of Work
2 Podcasts
TechStory Election Security - Is Social Media Critical Infrastructure?
TechStory
November 17, 2020
What do Steve Jobs, Richard Branson, Paul Harvey, & JK Rowling all have in common? They are outstanding storytellers. With this podcast, we shine the light on other great storytellers, pulling their secrets out of them and having a good time. Listening to great stories is the first step to becoming a better storyteller, yourself, so subscribe today.
What Digital Transformation Means for Content, Automation, Privacy and Trust
Marketing Results Club
April 15, 2020
Street knowledge gained from helping CMO's realize their visions. As the world becomes more digital and more interconnected, the CMO is poised more than ever to drive value and improve the quality of life globally. Advances in technology continue to provide new opportunities. With that comes some rather thorny issues of privacy, trust, reputational risk and digital emissions.
Tags: Business Strategy, Cybersecurity, Risk Management
5 Quotes
Your Digital Transformation Checklist for Success
Softura
September 16, 2022
"The cultural aspect of a business is one of the most fundamental yet hardest parts that need the flexibility to transform. It's not about technology; technology provides an opportunity. The key is to unlock the value by penetrating new markets, creating new offerings, and increasing productivity." - Alex Sharpe, Sharpe Management Consulting
Your Digital Transformation Checklist For Success
Spry Publishing
August 16, 2022
“The cultural aspect of a business is one of the most fundamental and yet hardest part that needs the flexibility to transform. It’s not about technology; technology provides an opportunity. The key is to unlock the value by penetrating new markets, creating new offerings, and increasing productivity.” - Alex Sharpe, Sharpe Management Consulting
"Advancing Trust in a Digital World"
ISACA
April 29, 2022
“Digital trust is the natural next step in the evolution. With cyber now a board discussion and being integrated with traditional GRC programs, there is an ever-increasing need to build trust throughout the ecosystem. As a profession, we need to not only do the right things but we also
need to instill confidence, so people know we are doing the right things.”
Is CMMC enough to protect my business? Three things to consider today.
Onetrust Data Guidance Magazine
January 15, 2021
"Let's not forget - CMMC is not a bureaucratic exercise. It is a concerted effort to improve your business' security posture, the nation, and the allies. Making it a maturity model makes it easy for a third party to have a readily identifiable sense of your security posture, enabling them to make informed business decisions. Leaving us with a simple question: "Is CMMC sufficient to protect my business, my customers, and my business partners?"
USA: Is CMMC enough to protect my business? Three things to consider today.
DataGuidance Magazine
January 06, 2021
"Let's not forget - the CMMC is not a bureaucratic exercise. It is a concerted effort to improve your business' security posture, the nation, and our allies. Making it a maturity model makes it easy for a third party to have a readily identifiable sense of your security posture, enabling them to make informed business decisions. Leaving us with a simple question: Is CMMC sufficient to protect my business, my customers, and my business partners?"
Zero Trust as the foundation of Cybersecurity and Privacy
HexCode
September 21, 2023
Every day it feels like we get hit with a new standard, a new revision, a new law, or a new regulation. It often feels like we are not yet finished with one, only needing to replan for another. In reality, they are more alike than different, and at their core, they have consistent themes running horizontally across them all. In this session, we will walk through how the principles of Zero Trust can form a foundation freeing you up to focus on the deltas.
CS 7-4: The Role of Zero Trust in Reducing Your cost of Compliance
Institute of Internal Auditors and ISACA
August 22, 2023
The world has become increasingly complex, with many laws and regulations in cybersecurity, privacy and data breach reporting. This has only created confusion and complicated environments - greatly increasing the cost of compliance. What do we do? Fortunately, all of these laws and regulations are more alike than different. This session will walk through the Zero Trust principles to provide a road map to implement them in a way that forms a foundation to lower your costs.
After completing this session, participants will be able to:
* Articulate the core principles of Zero Trust and how they cooperate to form a foundation to reduce your cost of compliance.
* Articulate what Zero Trust is and more importantly what it is not.
Sun Tzu and the Art of Cyber Governance – Integrating Cyber into Corporate Governance/ Driving Digital Trust
ISACA
June 21, 2023
Cyber is now a board conversation. So is Digital Trust. Using the teachings of the noted military strategist and philosopher Sun Tzu as a guide, we will explore how integrating cyber governance into corporate governance will drive digital trust and help combat the cyber concerns of most enterprise. The presentation will begin with a review of the historical relationships between technology, human productivity, and business models, exploring trends like Creative Destruction as well as the ebb and flow between attack and defense. We will discuss the global, multidimensional environment of cyber, kinetic, economic, and diplomatic threats, including nation states, organized crime, cyber kiddies, and more, defining their motives, assets and capabilities so you can organize your defense and response. Using real world case studies (like SolarWinds, Colonial Pipeline and some you may not have heard of ), we will discuss the modern environment, including the broader scope of data, like intellectual property and DNA. Unlike many programs, we will be looking past technical controls, defining how to develop a multi-layer defense integrating cyber into your governance, risk management, and compliance programs, including often-forgotten high-value/high-risk items like the human threat, training, and awareness, and we will touch on contemporary topics like the role of government, ISACs/ ISAOs, third-party risk management, and operational resilience. Attendees will also learn about frameworks and standards on both a national and international level.
Sun Tzu and the Art of Cyberwar/ Cyber Governance
Global Security Exchange (GSX)
September 13, 2022
Cyberwar and Cyber Governance are two sides of the same coin — attack and defense. Using the teachings of the noted military strategist, Sun Tzu, we will talk through the new global multidimensional threat environment of cyber, kinetic, economic, and diplomatic. Everything from nation-states to cyber kiddies. Using real-world case studies like SolarWinds, Colonial Pipeline, and some you haven’t heard of, we will walk through the modern environment including the broader scope of data like intellectual property (IP) and DNA. We will look past historic safeguards to integrate cyber into your corporate governance programs. Often forgotten items like the human threat, training, and awareness will be discussed. Contemporary topics like public/private partnerships, ISACs/ ISAOs, Third-Party Risk Management (TPRM), and Operational Resilience (OR) will also be addressed.
➢ Participants will be able to articulate the different classes of adversaries, their methods, and their goals
➢ Participants will gain a working knowledge of the role cyber plays in a coordinated multi-dimensional strategy of attack and defense.
➢ Participants will be able to map out cyber’s role in an integrated enterprise governance, risk management and compliance (GRC) program.
Tags: Business Strategy, Cybersecurity, Risk Management
Ransomware: Are You Prepared for a Breach?
Risk World 2022 - The Risk Management Society (RIMS) Annual Conference
April 04, 2022
How will you convince executives that ransomware and cyber security readiness lies within your purview as well as with IT? Prepare to equip all levels of organizational leadership with the necessary risk management education and training to counter the widespread disruption and financial uncertainty caused by ransomware attacks. Play an online game via your mobile device to test your knowledge of cyber security best practices and privacy laws. Take part in a war-game simulation to envision the hours and days after a company becomes aware of an attack. Focus on policies and compliance with international and state breach notification laws. And choose your own adventure through group polls that decide what direction the company should take next.
Learning Objectives.
Identify best practices for cyber risk management.
Detail the elements of a complete data assessment for the executive level.
Demonstrate why your organization needs to have a plan for cyber incident response and mitigation to protect its reputation and bottom line.
Cybersecurity Maturity Model Certification (CMMC) Global Impact
CTG Intelligence
August 27, 2021
The Cybersecurity Maturity Model Certification (CMMC) framework combines National and International Standards with industry-accepted Governance, Risk Management, and Compliance best practices to take cyber hygiene and Critical Infrastructure Protection to the next level. With recent international events, it is being looked at as an eyeball to be leveraged globally.
Managed Security Series (MSS) combines the CISO, Architect, MSS, MSP, and Corporate Security Community to address third party security, the managed security service of the future, and ways to simultaneously secure the channel whilst enabling them to bundle innovative solutions which will make a real difference to end-users.
Managed Security Services Forum Tri-State
CTG Intelligence
July 08, 2021
MANAGED SECURITY SERIES (MSS) brings together the CISO, Architect, MSS, MSP, and Corporate Security Communities to address Third Party Risk Management (TPRM), Cloud security, the managed security service of the future, and ways to simultaneously secure the channel whilst enabling them to bundle innovative solutions which will make a real difference to end-users.
Cybersecurity Maturity Model Certification (CMMC) – the DFAR Mandate
Infragard National Sector Security & Resiliency Program (NSSRP)
March 18, 2021
Cybersecurity in the supply chain is no longer just an IT problem. Maritime, intermodal, rail, and port security must work as an integrated whole. Those who want to do us harm range from nation states and terrorists to criminal elements and activists. The unfortunate reality is the gains in productivity from technology have left us more exposed than ever. Those who want to do us harm have integrated cyber, kinetic, physical, and reputational threats into orchestrated attacks. Our defenses must be as deliberate as well.
Tags: Business Strategy, Cybersecurity, Risk Management
Adapting to Technological Change while Mitigating Cyber Threats
Infragard National Sector Security & Resiliency Program (NSSRP)
March 17, 2021
Cybersecurity in the supply chain is no longer just an IT problem. Maritime, intermodal, rail, and port security must work as an integrated whole. Those who want to do us harm range from nation states and terrorists to criminal elements and activists. The unfortunate reality is the gains in productivity from technology have left us more exposed than ever. Those who want to do us harm have integrated cyber, kinetic, physical, and reputational threats into orchestrated attacks. Our defenses must be as deliberate as well.
Tags: Business Strategy, Cybersecurity, Supply Chain
World Economic Forum, Critical Infrastructure Security and Safety
World Economic Forum, Good City Foundation
October 14, 2020
Good City Foundation is a multilateral development organization dedicated to optimizing cities as a living place for humanity. Safety and security are of paramount important to critical infrastructure, privacy and digital safety.
This forum has been rescheduled and is going virtual due to COVID-19
Securing the Remote Worker in a Post COVID World
Global Security Exchange Plus (GSX) - Infragard and ASIS
September 24, 2020
The COVID19 pandemic and the rise of the remote worker has forced businesses to transform operations and rethink their cyber security practices globally. Historically, business leaders, IT professionals and security professionals have relied on a strong physical barrier. Sometimes referred to as "securing the castle." Post COVID the castle walls are more porous than even. This sessions will explore those changes and what you can do about them. We will delve into the full life cycle from risk management, protection, monitoring and incident response along with the roles played by different parts of the organization from operations to IT to HR.
Tags: Cybersecurity, Digital Transformation, Risk Management
Cyber Warfare in the Age of COVID-19
Global Security Exchange Plus (GSX) - Infragard and ASIS
September 24, 2020
The number of cyber attacks on a nation-state level, on US business, and on individuals has dramatically increased since the onset of the COVID19 pandemic. The cost of this could well be in the trillions of dollars, and more importantly lead to destabilization and potentially physical war in areas of the world. Explore what the dramatic and dangerous increase in cyber attacks means for US Critical Infrastructure, and how CI stakeholders can ready themselves for cyberwar in a period of restructured business models and reduced budgets.
Tags: Cybersecurity, Digital Disruption, Digital Transformation
8 Trainings
The CISOs Role in Driving Trust and the Safety & Security of AI
myCPE
October 10, 2023
Cyber Security is now a board conversation. So is Digital Trust and the Safety & Security of Artificial Intelligence (AI). All are technology driven challenges without a solution, technologists can handle on their own. It requires a collaboration up and down the organizational chart and across the organization, globally. CISOs are charged with the safety and security of information in all forms. To be successful, CISO’s require the active engagement of other parts of the business and quite often the engagement by external third parties. Who does the CISO engage? How? What do we ask of them? We will begin with a discussion of why these are suddenly important business topics. We will also talk through the historical trends of technology adoption still present today. That historical perspective will help us frame what works and what does not work. We will talk about what Digital Transformation means, what it is, why it is important, what the studies show, and what resources are available. When it comes to AI, we will talk through the fundamental drivers underlying AI and how it is different than anything we have seen before. We will talk through the major concerns of AI, what to do about it, and relevant global efforts. We will talk through the major threats of AI. Unlike many programs, we will be looking past technical controls. We will talk about the organizational structures that work the best, who in the organization needs to be engaged, and how to handle third parties.
Zero Trust Training
Cloud Security Alliance (CSA)
July 15, 2023
Zero trust is more than just a buzzword, it’s the new reality for organizations. Experts now recommend that organizations “never trust, always verify” before allowing any access to resources, but what does that actually mean? How can you start implementing zero trust within your organization?
CSA is developing a training program to give you the knowledge needed to understand the core concepts of zero trust and the skills required to implement the principles to reduce systemic risk and move your organization towards zero trust. The Zero Trust Training (ZTT) curriculum will cover eight areas of Zero Trust knowledge, including strategy and governance, architecture, planning and implementation, identity, device security and more. Each area is composed of multiple training modules that will include a study guide and be delivered as a self-paced, online course. A certificate of course completion and Continuing Educational Credits are available. These courses are only offered in English.
This course was developed by crowd-sourcing the collective experience of the industry. CSA ensured that the perspective of all stakeholders were taken into consideration including: zero trust consultants, existing and potential users, product vendors and more.
Recommended Prerequisites: While this course doesn’t require prerequisites, we recommend that students have at least a basic understanding of networks and network security. It is also recommended to have taken the Certificate of Cloud Security Knowledge (CCSK) first.
Artificial Intelligence (AI) – unlocking the value while mitigating Cyber Risk
GSX 2022
September 13, 2022
The National Security Commission on Artificial Intelligence published its final report in March 2021. It declared “America is not prepared to defend or compete in the AI era.” The report went on to discuss the power and dangers presented by AI. The report talked about the uses of AI in cyberr attacks and in cyber defense. The Economic Report of the President in 2019 came to similar conclusions. Enterprises and security professionals alike are struggling to create guardrails that unlock the value of AI while mitigating cyber risk. Much of the struggle lies in a lack of understanding of the different types of AI, how they work, the limitations and the use by attackers.
➢ Participants will be able to article what AI is, what it is not, and its history.
➢ Participants will be able to articulate the different types of AI and the importance of data
➢ Participants will be able to put controls in place to protect you, your enterprise and your staff from AI-based attacks like Deep Fakes, BOTS and Steganography.
Tags: Business Continuity, Cybersecurity, Risk Management
2 Visiting Lecturers
Executive Primer: The Cloud and Cloud Security.
MIT Sloan
November 03, 2023
The Cloud permeates how we work and live, often in ways we do not realize. This session provides an executive primer on what the Cloud is, why it is different, the root causes of cybersecurity incidents involving the Cloud based on data, and postmortems of real-world incidents.
Adapting to Technological Change while Mitigating Cyber Risk - CryptoCurrencies, Digital Assets, the Cloud and AI"
Vietnam National University (VNU) of Economics and Business
August 16, 2021
Tags: Business Strategy, Digital Transformation, Risk Management
1 Webinar
Securing the Cloud and the Remote Workforce
Security Management Magazine ASIS International
October 25, 2022
The Cloud has changed the way we work and live. It has created new business models, provided new opportunities, and has set the stage for innovations yet to be imagined. With all those benefits come new risks and a fundamental rethinking of how we operate. More mission-critical assets and data exist outside of our secure perimeter than ever before - much of which is now in people's homes. Security professionals are left with a series of questions to be answered. How do I choose a Cloud provider? How do I update my current practices like Pen Testing, Audit, and Incident Response (IR)? What about eDiscovery and eForensics?
Learning Objectives
Upon completion, participants will be able to:
* Understand how the Cloud is different than traditional outsourced models.
* Be able to articulate the unique advantages, risks, and threats in the Cloud and with a Remote Workforce
* Understand the unique security challenges, what tools exist, and mitigation strategies for both the Cloud and a Remote Workforce.
CISA's Zero Trust Maturity Model V2: Expert Analysis and Implications
BrightTALK
May 31, 2023
CISA recently released version 2 of their Zero Trust Maturity Model. There is a lot of interest across the public and private sectors to understand the differences and motivations behind V2.
The CSA has assembled a small panel of CISA and industry experts to provide an assessment of the new version of the document, including a summary and analysis of the changes and a discussion about potential implications thereof for both public and private sector implementers of Zero Trust.
Cyber Security Regulatory Landscape & How it influences Private Company Boards May 2023
Private Directors Association (PDA)
May 23, 2023
KPMG US and the Private Directors Association are holding four events focused on contemporary issues facing Boards. The first will focus on the wave of Cybersecurity regulations.
Tags: Business Strategy, Cybersecurity, Risk Management
Operational Resilience – The Ability to Operate Amidst Adversity (not just Cyber)
ASIS
April 25, 2023
Operational resilience is the ability to provide continuous service through all hazards. Whether it be from cyber, natural disaster, or supply chain disruption. In this session we will walk through how people, processes, technology, and organization cooperate to realize a more agile organization. The key is to be business driven and based on scenarios. This session will walk through existing frameworks and provide a proven methodology along with tools and resources. Surveys show the greatest concerns are in the areas of cyber, third parties (supply chains), and geopolitical risk. That is where we will focus.
Learning Objectives
Upon completion, participants will be able to:
* Articulate the difference between and the value of disaster recovery (DR), business continuity (BC), and Operational Resilience (OR)
* Talk to the role of Government, the Board of Directors (BOD), Senior Management, I.T. and the functional units within the organization.
* List the top five most common mistakes and the top five things you can do to stay above the fray.
* Talk to the impacts of new Government efforts like the first ever US Cyber Policy, SEC Rule Changes, and the EU’s Network and Information Security Directive (NIS2).
Tags: Business Continuity, Cybersecurity, National Security
The (digital) Well-Being of Families
https://www.familyoffice.com/
December 06, 2022
Family Offices and High Net worth Individuals are in a unique position as they can be large targets and unfortunately, often do not have the internal expertise to manage these kinds of cyber risk. In addition, they also have physical concerns not seen in other sectors. In this 30-minute session, "The Well-Being of Families", Alex Sharpe, will leverage decades of street knowledge to guide you on how to select the most appropriate platforms, products, and providers for your unique situation. Alex will also walk through the broad strokes of the unique risks associated with Social Media.
Tags: Business Strategy, Cybersecurity, Risk Management
CYBER SECURITY & DATA PRIVACY 2022; Introduction to EU General Data Protection Regulation: Planning, Implementation, and Compliance
Financial Poise
September 07, 2022
Communicating the Business Value of Zero Trust
Cloud Security Alliance (CSA)
August 15, 2023
Zero Trust is a set of established principles applied in new ways to better align the security architecture with how we work and live. Unfortunately, Zero Trust has also become a buzz word causing confusion and forcing organizations to lose sight of the end goal of increasing an organization’s cyber resilience.
“Communicating the Business Value of Zero Trust” helps dispel the myths while enabling security practitioners to clearly, succinctly, and directly communicate the business value a Zero Trust strategy can bring.
The Cloud Security Alliance published Zero Trust Guiding Principles
Cloud Security Alliance (CSA)
July 19, 2023
The Guiding Principles are unique; they cut across all Zero Trust initiatives and are appropriate whether you are a practitioner or a board member.
Principles Covered:
· Begin with the end in mind.
· Do not over complicate.
· Products are not the priority.
· Access is a deliberate act.
· Inside out, not outside in
· Breaches happen.
· Understand your risk appetite.
· Ensure the tone from the top.
· Instill a Zero Trust culture.
· Start small and focus on quick wins.
· Continuously monitor.
Country Profile: USA Navigating the concophony of privacy laws in and out of the US
OneTrust Data Guidance
January 31, 2023
The myriad of Privacy Laws in the US, combined with the various specialty laws, regulations, and international laws, can be confusing and sometimes in conflict. This article will map out the landscape, look into the future, and share street knowledge on how to navigate the landscape.
Tags: Business Strategy, Cybersecurity, Digital Transformation
Anti-Money Laundering Guidance
Global Digital Currency and Asset Association (Global DCA)
July 28, 2022
The following overview of U.S. anti-money laundering regulation intends to provide an overview of the key AML requirements for a Global DCA member for educational purposes and is not intended as legal advice. While it is based on, and reflects, U.S. law, this overview can serve as a good basis to assess and review your AML policies and procedures since the U.S. has one of the strictest AML regimes in the world. The terminology used in this document is the U.S. Treasury’s Financial Crimes Enforcement Network (“FinCEN”) terminology, which is the bureau that administers the Bank Secrecy Act and other anti-money laundering (“AML”) laws in the U.S. Please CLICK below to read the full overview! CLICK HERE for the Full Overview
Tags: Cryptocurrency, Digital Transformation, Risk Management
USA: CMMC 2.0
Onetrust Data Guidance Magazine
January 28, 2022
The DoD used a risk-based approach to allocate the finite resources of the defense industrial base ('DIB'), where they will do the most good. At the same time, the streamlined approach shortens the time to value while also reducing the barriers to rolling out the program to other parts of the U.S. Government and its allies. The DoD used a risk-based approach to allocate the finite resources of the defense industrial base ('DIB'), where they will do the most good. At the same time, the streamlined approach shortens the time to value while also reducing the barriers to rolling out the program to other parts of the U.S. Government and its allies.
Tags: Business Strategy, Cybersecurity, Risk Management
USA: Is CMMC enough to protect my business? Three things to consider today
Data Protection Leader
February 15, 2021
In the first two articles in the series12 Alex Sharpe, Principal at Sharpe Management
Consulting LLC, discussed low-cost things you can do today and what is
not readily apparent until you start moving through your assessment. In this
article, Alex addresses what the Cybersecurity Maturity Model Certification
('CMMC') does not cover that you will want to consider for your business.
Tags: Cybersecurity, Digital Transformation, Risk Management
Closing the CMO / Agency Gap: How Agencies Can Win Business and Build Stronger Client Relationships
Gerson Lehrman Group
April 12, 2010
The report, Closing the CMO / Agency Gap: How Agencies Can Win Business and Build Stronger Client
Relationships, is based on a survey of more than 80 senior marketing executives from a range of
industries who are members of Gerson Lehrman Group’s (GLG) expert network. The survey examines the
knowledge that marketing professionals expect from their agencies during both the pitch process and
after agencies are hired.
Tags: Digital Disruption, Digital Transformation, Marketing
Defense Message System (DMS) Messaging, Directory Services, and Security Services
Defense Information Systems Agency (DISA)
August 15, 1995
The Defense Messaging System (DMS) was an effort for the US and its Allies to modernize (Digitall Transformation) communications. It incorporated new processes, procedures, security architecture and the like. I was one of the systems architects and the primary contact for cybersecurity including Identity Access and Management (IDAM). This paper was subsequently presented at industry conferences.
Tags: Business Strategy, Cybersecurity, Digital Transformation
6 Workshops
Fraud in gaming: enhancing risk mitigation with technology
https://www.ortusclub.com/
April 14, 2022
The expert moderator, Alex Sharpe, will guide the knowledge-sharing event, stimulating discussion between participants in a closed, confidential environment. Attendance is by invitation only and complimentary. Registration is limited to a select number of guests per event.
Fraud in gaming: enhancing risk mitigation with technology
Consumer digital behavior in gaming has drastically changed over the past few years, with online vide o game marketplaces, subscription services, and in-game microtransactions now the norm. Not to be outdone, businesses are becoming more digitally savvy themselves. As a result, opportunities for growth and their subsequent risks are greater than ever before.
While companies are busy fighting fraud, revenue lost to cybercrime is still at an all-time high, and constant disruptions threaten to add up to debilitating losses. Now, tools like analytics, artificial intelligence, and mobile device fingerprinting are at the forefront of data protection measures. Only with the help of innovative technology can leaders hope to stop fraudulent accounts, suspicious attempts, and friendly fraud scams in their tracks.
* How have online fraud and cyber threats evolved in recent years?
* How do companies enable loss prevention and decreased fraud costs?
* What technologies can help futureproof systems and digital platforms?
Tags: Business Strategy, Metaverse, Risk Management
Sun Tzu and the Art of Information Security (INFOSEC)
Infosec World and the CyberRisk Alliance
October 28, 2021
The threat from Nation States and cybercriminals will only increase. Advances in new technology like the Cloud, AI, iOT, and Blockchain are creating new business opportunities. These same advances inject new risks. Cybersecurity personnel and risk managers often struggle to reap these rewards. This four-part program takes a pragmatic approach, full of street knowledge, to navigate the nuances. You will walk away ready to start implementing these learnings the very next day.
Four Parts.
1. Managing technological change while Mitigating Cyber Risks
2. Cybersecurity and Critical Infrastructure Protection - hardening the enterprise
3. CMMC: A Framework for Any Industry, Any Organization
4. Operational Resiliency and Incident Response.
Tags: Cybersecurity, Digital Transformation, Risk Management
Operational Resiliency (OR) and Business Continuity (BC) – The ability to operate amidst adversity (cyber attack)
InfraGard
June 02, 2021
DESCRIPTION: If Ransomware attacks, SolarWinds, and the Colonial Pipeline disruption have taught us anything, the bad guys are not backing down any time soon, and we need to operate even while under attack. The key is proper planning, practice, and post-mortems. Cyber-attacks remain focused on stealing our data and our intellectual property (IP). But, more and more, we are experiencing disruption to the underlying infrastructure - oil, gas, electricity, water - that cannot be offline while we deal with a hacker. Real-world practitioners will cover; the threat using real-world case studies to provide five practical things you can do today that could save your organization tomorrow and review initiatives like the Cybersecurity and Critical Infrastructure Executive Order issued on May 12th. As always, you will leave with street knowledge along with a list of real-world resources.
LEARNING OBJECTIVES:
1. Be able to articulate the difference between and the value of business continuity (BC), Operational Resilience (OR), and disaster recovery (DR).
2. Be able to list the top five most common mistakes that cause the most headaches along with the top five things you can do to stay above the fray.
3. Gain working knowledge of government and industry efforts in fostering Operational Resilience (OR) along with a list of resources.
INSTRUCTOR: Alex Sharpe - Mr. Sharpe is a long time (+30 years) Cybersecurity, Privacy, and Digital Transformation expert with real-world operational experience. Unlike many people in this space, Mr. Sharpe has real-world operational experience and has influenced national policy. He has spent much of his career helping large corporations and government agencies reap the rewards afforded by advances in technology (Digital Transformation) while mitigating cyber threats.
Tags: Business Continuity, Cybersecurity, Digital Transformation
Solar Winds. Attacking the Digital Supply Chain
Infragard
February 24, 2021
Penetration of the Digital Supply Chain turned Solar Winds into a backdoor into major corporations and Government Agencies. The nature of the attack allowed the attackers to ignore many of the common defenses and highlighted weaknesses that exist in many enterprises today. Unfortunately, Digital Supply Chain attacks are nothing new. They have been written about and practiced for many years. This is just the latest escalation in the Cyber Arms Race. But why now? Come learn the history of attacks on the digital supply chain, its impact, and probably most importantly, what you can do to prevent future attacks. Come learn how complying why the plethora of laws, regulations, guidelines, and frameworks is not sufficient, and overreliance can actually cause the very problem you are trying to prevent.
Tags: Business Strategy, Cybersecurity, Risk Management
Thinkers360 Credentials
28 Badges
Radar
8 Predictions
2024 Predictions for Cloud Computing
Date : November 20, 2023
The Cloud has become critical to the way we work and live. Corporations and government institutions of all sizes rely on the Cloud. Individuals use it every day. The Cloud has impacted the way we work and live. There has been a growing recognition of the disruptions from the Cloud. In 2024, we will move from a focus on disruption to acceptance, further accelerating adoption and innovation. The most pronounced innovation will be with Artificial Intelligence (AI). AI will be optimized in the Cloud with new advances, products, and services. We will see a recognition of the unique needs of Small and Medium Sized (SMB) Businesses because of the Cloud with a combination of government and private sector efforts, especially regarding the shared risk model in the Cloud. We will also see the adoption of Zero Trust because of the Cloud. Businesses will accelerate the use of real-time data for immediate insights from data in the Cloud.
Cyber is recognized as a business risk. Risk Managers and business leaders are struggling to find ways to fold cyber into traditional risk management practices. There will be a recognition that cyber is one of the few risks that can impact all other business risks and is not easily quantifiable. Cyber requires both quantifiable and qualifiable measures. There will also be a recognition of the aggregation of risk in the Cloud and that Third Party Risk is an existential threat. Risk Managers will also struggle to factor geopolitical risk into their plans. The shift in how we view risk will impact the structures of Boards and the way corporations operate.
My predictions for 2023 did well. The National Cybersecurity Strategy was published, there is greater recognition of APTs as the real threat, and all sectors recognize cybersecurity as more than just about technical defenses, as evidenced in the regulations and legislation. There are too many predictions for 2024. The most important include:
· An increased emphasis on translating cyber risk into business risk.
· A noticeable shift in responsibility to product vendors and service providers.
· Increased recognition of the importance of Third Party Risk Management (TPRM).
· Notable adoption of Security by Design and Default.
· Using AI to increase productivity reduces the lack of qualified cyber resources.
We will also see an uptick in misinformation and disinformation as we get closer to the U.S Presidential election. The most recognizable prediction has to do with legislation and regulation. We are living through the most significant wave of regulatory changes since the 1930s. This will manifest itself at the federal level, from states, across sectors, and globally.
Digital is the norm, making Digital Transformation predictions challenging. Most global revenues are from digital. Corporate valuations are driven by intangible assets (software, data, people). Digital has become the go-to for new business models, products, services, and markets. In 2024, we will see this deepen as technologies, especially AI and IoT, are embraced to drive additional business value, foster sustainability, and promote Diversity, Equity, and Inclusion (DEI). The world has recognized cyber as essential to mitigate risk and foster adoption as we drive digital value. In 2024, we will see more and more organizations embrace concepts like Security-by-Design-and-Default along with the safety and security of AI essential to fostering Digital Trust. Privacy will increasingly be regarded as critical to commerce.
In retrospect, my 2022 predictions went pretty well. For 2023, I predict three things. First, the U.S. Cyber Czar will publish the U.S. Cyber Policy. This Cyber Policy will facilitate greater cooperation between the public and private sectors while weaving cyber throughout the U.S. Government and its Allies. The Cyber Policy will address not only protection but detection and response as well, thereby facilitating a multipronged response to incidents (e.g., diplomatic, economic, cyber, and kinetic). Second, the world will recognize the real threat is from Advanced Persistent Threats (APT), especially Nation States. The ecosystem will place greater emphasis on detection and response. Combining this with the U.S. Cyber Policy will lead to greater cooperation between private companies, Federal Law Enforcement, and national assets like Cyber Command and the Department of State. Third, the recognition that cyber is more than just technology will continue to grow. There is a general recognition that people and processes are essential. I predict that will morph into a greater emphasis on fostering a cyber-aware culture and organizational structures. My stretch prediction has to do with the decreased focus on technology. Technologists will resist or at least struggle as the cyber domain gets folded into other areas especially less technical areas.
The Metaverse will continue to evolve, grow, and become more mainstream. In 2023, we will see a more distinct separation between business and personal applications, much like we saw with its predecessors – the Internet and the Web. Both are looking at the Metaverse, like the Holodeck on Star Trek, forming a near-realistic global simulation where participants can freely interact. The adoption rate will largely depend on 3D technology, especially the headsets. Businesses are approaching the Metaverse like what we saw with Digital Transformation. They are looking at new markets, revenue streams, and operational efficiencies. I suspect the early applications will focus on communicating, not commuting. I also suspect businesses will continue to look at Augmented Reality (AR) for training and troubleshooting. Personal applications will evolve from gaming to more social networking and experiential commerce. We will also see the Metaverse incorporate other technologies like Artificial Intelligence (AI) to provide customizations like placing the faces of real people on avatars. Blockchain will most like help the Metaverse be decentralized and grow globally.
COVID accelerated Digital Adoption. Digital is now inherent to every business and the way we live. It will continue to weave its way into every nook and cranny in the same way electricity has. The World Economic Forum believes more than 60% of the Global Domestic Product (GDP) is from Digital and more than 50% of Corporate Valuations are from intangible assets. Digital Transformation is a board conversation. Organizations will continue to take Digital Transformation out of I.T., taking it across the enterprise, creating a greater focus on the role of culture and enhanced business models, resulting in Digital Trust as the core focus. As we move through 2023, more organizations will talk about their Metaverse strategies.
Cyber is no longer an I.T. issue. It is finally being treated as a business risk, transforming into a board issue. Cyber is unique in that it is the only risk that can affect the others. In 2022, we will see the weaving of cyber into GRC programs accelerate. With the accelerated growth of the Cloud, staffing challenges, and the like, we will see a growing interest in Third Party Risk Management (TPRM), Operational Resilience (OR), and Critical Infrastructure Protection. I also predict we will not see a national Privacy Law in the U.S. – too many hurdles. My stretch prediction is that we will see the Cybersecurity Maturity Model Certification (CMMC) grow outside of the Defense Department to other parts of the U.S. Government and its Allies.
Join Thinkers360 for free! Are you a Reader/Writer, Thought Leader/Influencer (looking to increase your earnings), or an Enterprise User (looking to work with experts)?
Corporate Governance: Maximize Your Effectiveness In The Boardroom
Digital Strategies for Business: Leading the Next Generation Enterprise
Digital Strategy for Business
Executive Access: Branding on a Shoe String
Intellectual Property (IP) for Entrepeneurs
Quantitative Intuition: Making Smarter Decisions with Imperfect Information
Mergers and Acquisitions (M&A)
Blockchain Technologies: Business Innovation and Application
Globalization Strategies for Your Enterprise Globalization (Online): Strategies for Your Enterprise
Business Analytics
“Sun Tzu and the Art of Cyberwar/ Cyber Governance”
“Cloud Security, Audit, and Governance”
“Artificial Intelligence (AI) – unlocking the value while mitigating Cyber Risk”
BWG Strategy LLC
Advisor to Board of Directors
2020 IT Budgets: Iteration 6 - July 2020
Chair, Advisory Board
Columbia Technology Ventures
Tools & Templates, December 13, 2023 10 Questions Most Often Missed in IR Tabletops
Red Team Scenarios
Incident Response Plan Template
D&O Liability Insurance: CISOs Need Coverage, Too
Proposed Second Amendment to 23 NYCRR Part 500 - Comment
"Money and Payments: The U.S. Dollar in the Age of Digital Transformation”
Review of Bank Secrecy Act Regulations and Guidance
USA: CMMC 2.0
Cloud Market Outlook (Update)
Letter of Support for GeneInfoSec
The Role of Zero Trust in Reducing Your Cost of Security
Practitioners’ Guide to Managing AI Security
The SEC’s Cyber Disclosures
Federal Reserve. Central Bank Digital Currency (CBDC) “Money and Payments: The U.S. Dollar in the Age of Digital Transformation”
BWG Insights: Artifical Intelligence (AI) Industry Outlook
End User Computing Securiy, Data Loss Detection (DLD), and Data Loss Prevention (DLP)
BWG Insights Report IT Budget Pulse: Sept 2021
BWG Insights Report IT Budget Pulse: Aug 2021
BWG Insights Report IT Budget Pulse: July 2021
BWG IT Budget Insights Report June 2021
BWG IT Spend Insights Report April 2021
BWG Insights Report Palantir
BWG Cloud and Data Center Insights Report
BWG Strategy IT Budget Pulse
BWG Insights Report Enterprise Security Q1
Insight Report China E-Commerce
BWG IT Budget Insights Report #11
Data Platforms and Tools Released Q1 2021
BWG Insights Report IT Budget Pulse: 10th Edition
Slack Outage Repercussions
SolarWinds Breach Insight Report and Executive Briefing
Solar Winds Breach - Insight Report and Executive Briefing
BWG IT Budget Pulse Dec 2020
BWG Insight Report IT Budget Nov 2020
Malicious Cyber Activity Against Operational Technology (OT), especially Water: What You Can Do Today
Protecting Our Water Supply from Cyber Attacks
The Zero Trust Device Pillar from NSA's Collaboration Center
"The human element is the most common threat vector; it was the root cause of 82% of data breaches." Data Breach Investigations Report, 2022
SEC Cyber Security Rules - More Than Regulations and Transparency
A Must Read: Posture Statement of General Paul M. Nakasone, Commander US Cyber Command
Steganography: the ability to hide secret messages
Featured Article: The Board's Role in Advancing Digital Trust
Digital Trust Takes a Village
DNA Is Also Data - The bad guys want it. How do we protect it?
USA: Are employers liable for breaches resulting from employee actions and what should they do about it?
USA: Executive Order on Improving the Nation's Cybersecurity: What's different this time?
USA: Is CMMC enough to protect my business? Three things to consider today
USA: CMMC - what lies beneath
"Iran and Russia Interfering with our election – What You Can Do to Protect Your Vote.”
"Is Social Media Critical Infrastructure?"
USA: CMMC as competitive advantage and five things you can do today
Digital Transformation – Adoption Requires a Catalyst - COVID the Ultimate Digital Disruptor
Disruption - What a Great Time to Pivot
When Blue Skies Meet Thin Air
Member, Public Policy & Regulation Committee
Building the Corporate Intranet
Zero Trust Architecture (ZTA) and Software Designed Perimiter (SDP)
Courseware Reviewer for Certified Data Privacy Solutions Engineer (CDPSE) review manuel
IANS Faculty
Most Trusted Risk Management Solution Company
Annual listing of 10 companies that are at the forefront of providing Cyber Security Service and transforming businesses
Top Risk Management Consulting Company
CIO Magazine Web Businenss 50/50 Award
Zero Trust Training (ZTT) Contributor
CMMC Certified Assessor (CCA)
CMMC Certified Professional (CCP)
Certification in Risk and Information Systems Controls
Certified Data Privacy Solutions Engineer (CDPSE)
Cybersecurity Maturity Model Certification (CMMC) Registered Professional (RP)
Building a Cloud Adoption Business Case
NSA Certified Cryptologic Engineer
Information Security (INFOSEC) Analyst
Cloud Security Alliance (CSA) Zero Trust Leadership
Zero Trust Working Group, CoChair, Zero Trust as a Philosophy & Guiding Principles
Zero Trust Organizational Strategy & Governance
AI Security & Trust Working Group
Zero Trust architecture, Implementation & Maturity Model
Zero Trust Pillar: Devices
CSA Cloud Key Management Working Group
The Operational Resilience Framework (ORF), Global Resilience Federation, Business Resilience Council
Cloud Security Alliance (CSA) Zero Trust Architecture (ZTA) Expert Group
FDIC Selects Operational Resiliency (OR) Framework to Measure Effectiveness and Impact
Business Resilience Council (BRC), Operational Resilience (OR) Task Force
Zero Trust Architecture, Implementation, and Maturity Model
Top 33 Cybersecurity Experts to Follow in 2021
Case Study - Pinkerton. Monitoring Global Growth with Budgeting and Forecasting
Anti-Money Laundering Guidance
DARPA End User Security Manager
Comments on the SEC’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, File Number S7-09-22
Keynote: Guiding Principles for Implementing Zero Trust
Hopkins Discourse & Dinner Series: Artificial Intelligence with Alex Sharpe
Keynote to Amareness Month: Awareness: The Under Appreciated Defense The Role of People in Cyber Defense
Fireside Chat: Mathew Travis, CEO CMMCAB
By Invitation Only - MSS Cybersecurity Maturity Model Certification (CMMC)
"Protecting the fuel driving innovation in Life Sciences - data, IP, DNA"
Sun Tzu and the Art of Cyber War – the Global Supply Chain
Embracing AI – Alex Sharpe – PSW #810
The Ultimate Insider Guide To Navigating The New SEC Cyber Rules
SEC Cyber Rules - More Than Regulations and Transparency
Newsletter: SEC Cyber Rules - More Than Regulations and Transparency
Politicians don't have to fear AI replacement, thanks to 'legacy,' need for 'discourse': expert
Budget-Friendly TPRM Options for Small Orgs
Cybersecurity Maturity Model Certification (CMMC) - A Public/ Private Partnership to Ensure Our National Security
CREATING BUSINESS VALUE WHILE MITIGATING CYBER RISK
Helping Businesses Mitigate their Cybersecurity Risks
Alex Sharpe - Helping Business Grow by Leveraging a Vast Experience in Cybersecurity and Digital Transformation
ALEX SHARPE – ENABLING DIGITAL GROWTH FOR BUSINESSES BY UTILIZING A VAST EXPERIENCE IN CYBERSECURITY
ALEX SHARPE - CONSULTING BUSINESSES FOR TECHNOLOGICAL INNOVATION AND VALUE CREATION
ENABLING BUSINESSES TO THINK OUT OF THE BOX
PROVIDING AN EDGE TO BUSINESSES IN THE MODERN WORLD
REAPING THE REWARD OF CONTEMPORARY TECHNOLOGY
MITIGATING CYBER RISK FOR VALUE CREATION AND DIGITAL GROWTH
CREATING DIGITAL GROWTH OPPORTUNITIES FOR BUSINESSES
A PROFESSIONAL CYBERSECURITY CONSULTANT WHO HAS RUN A BUSINESS
ENABLING BUSINESSES TO THINK OUT OF THE BOX
Cover Story/ Feature - Top Five significant Business Leaders, Ruling the Modern Industry 2022
Value Creation While Mitigating Cyber Risk
Value Creation while Managing Cyber Risk
Thrive Radio Podcast
News, Views And Stories From The Cyber Front Line
Workshop Synopsis: SMBs seeking CMMC Certification and the MSS/ MSPs who support them
Live Panel of CSA ZT Experts - Ask Them Anything
AI: Living in a George Jetson World
VDI, GCCI, and CMMC: Strengthening the Cybersecurity Posture for U.S. Government Contractors
NetraBank: Exploring a future of secure, resilientand compliant digital banking.
CTG Physical Cyber Convergence Conference DMV May 2023
Is Threat Intelligence the Cornerstone of Corporate Security Modernization and Convergence?
Ask the Experts: Life, The Universe and Everything about Zero Trust
Enterprise Risk Management (ERM)
Looking Back at the Secure Data Network System (SDNS)
America, apps, and attacks; protecting US apps from mobile fraud threats
CMMC and Its Implications For MSPs and MSS Players
Developing the Skills for Tomorrow’s Cyber Security Professional
CMMC - What it is, what it is not and dates to watch.
Managed Security Services Forum Miami
2020 CMMC PREPAREDNESS: AN ESSENTIAL GUIDE FOR CLEARED DEFENSE CONTRACTORS
TechStory Election Security - Is Social Media Critical Infrastructure?
What Digital Transformation Means for Content, Automation, Privacy and Trust
OneTrust Data Guidance Author Spotlight
Your Digital Transformation Checklist for Success
Your Digital Transformation Checklist For Success
"Advancing Trust in a Digital World"
Is CMMC enough to protect my business? Three things to consider today.
USA: Is CMMC enough to protect my business? Three things to consider today.
Zero Trust as the foundation of Cybersecurity and Privacy
CS 7-4: The Role of Zero Trust in Reducing Your cost of Compliance
Sun Tzu and the Art of Cyber Governance – Integrating Cyber into Corporate Governance/ Driving Digital Trust
Aligning Zero Trust with Organizational Governance and Compliance Practices
Second Annual Corporate Security Modernization Forum Great Lakes - Fireside Chat
Sun Tzu and the Art of Cyberwar/ Cyber Governance
Cyber Governance - CMMC as a Model
Ransomware: Are You Prepared for a Breach?
Value Creation While Mitigating Cyber Risk
Fireside Chat: CMMC and Its Implications Across Borders
Threats to Intellectual Property (IP) and Government resources designed to help protect your rights
Panel Discussion: Special Needs of the SMBs and the MSPs that support them
Cybersecurity Maturity Model Certification (CMMC) Global Impact
Managed Security Services Forum Tri-State
Cybersecurity Maturity Model Certification (CMMC) – the DFAR Mandate
Adapting to Technological Change while Mitigating Cyber Threats
World Economic Forum, Critical Infrastructure Security and Safety
Securing the Remote Worker in a Post COVID World
Cyber Warfare in the Age of COVID-19
The CISOs Role in Driving Trust and the Safety & Security of AI
Zero Trust Training
Artificial Intelligence (AI) – unlocking the value while mitigating Cyber Risk
How to manage technological change while mitigating cyber risks
How to harden your cybersecurity and critical infrastructure protection
Understand CMMC, a powerful framework for organizations across industries
Define and implement effective operational resiliency and incident response programs
Sun Tzu and the Art of Critical Infrastructure Protection
Executive Primer: The Cloud and Cloud Security.
Adapting to Technological Change while Mitigating Cyber Risk - CryptoCurrencies, Digital Assets, the Cloud and AI"
Securing the Cloud and the Remote Workforce
CISA's Zero Trust Maturity Model V2: Expert Analysis and Implications
Cyber Security Regulatory Landscape & How it influences Private Company Boards May 2023
Operational Resilience – The Ability to Operate Amidst Adversity (not just Cyber)
The (digital) Well-Being of Families
Data Breach Response: Before and After the Breach
How to Build and Implement your Company's Information Security Program
CYBER SECURITY & DATA PRIVACY 2022; Introduction to EU General Data Protection Regulation: Planning, Implementation, and Compliance
What Is The Cloud? How Does It Work? Welcome To 123 CMMC
Communicating the Business Value of Zero Trust
The Cloud Security Alliance published Zero Trust Guiding Principles
Country Profile: USA Navigating the concophony of privacy laws in and out of the US
Are employers liable for breaches resulting from employees actions?
Anti-Money Laundering Guidance
USA: CMMC 2.0
"Municipalities, Why Such a Target and What Can I do Today?"
Municipalities, Why Such a Cyber Target and What Can I do Today?
USA: Is CMMC enough to protect my business? Three things to consider today
Closing the CMO / Agency Gap: How Agencies Can Win Business and Build Stronger Client Relationships
Defense Message System (DMS) Messaging, Directory Services, and Security Services
Fraud in gaming: enhancing risk mitigation with technology
Sun Tzu and the Art of Information Security (INFOSEC)
Operational Resiliency (OR) and Business Continuity (BC) – The ability to operate amidst adversity (cyber attack)
Solar Winds. Attacking the Digital Supply Chain
Electronic Commerrce and Information Security (INFOSEC)
Internet and eCommerce Business Models
