Jenna Waters is a Cybersecurity Consultant at True Digital Security where she specializes in information security program development, industry compliance assessments, threat intelligence, and cloud security controls. She helps clients through the challenges of cybersecurity program development and holistic security consulting, and also consults companies across varying industries. Tom Fox welcomes her to this week’s show as they discuss technological safety within industries, and what her company is doing to curb cyber attacks.
The Micro/Macro Focus
Jenna is a USN veteran, and during her time in the Navy, she worked on highly sophisticated computer information systems and with a lot of other sophisticated technologies as well. Tom asks her to elaborate on the Navy’s approach to cybersecurity as opposed to the public and private sector. Jenna iterates that the Navy, as well as any other military, federal, or law enforcement agency, is focused on a very global, or what she calls a “macro threat” environment. They are focused on protecting the country as a whole from cyber and information warfare attacks. On the other hand, the private and public sectors have a microfocus: in industries or specific business types and the risks and threats those industries or business types may face.
“To End Security Breaches”
Tom remarks that True Digital Security strives to bring an end-to-end solution, and makes mention of the company’s statement “To end security breaches.” Jenna explains that it’s the company’s goal and that True Digital strives to be at the forefront of cybersecurity. Doing this means preventing breaches from occurring in the first place. However, in the event that breaches do happen, ensuring that attackers don’t acquire vital information is important. “Even if you suffer a minor breach, they’re just stuck because we want our clients to have a very layered defense, an in-depth approach that prevents them [attackers] from getting something valuable,” Jenna says.
Software Inventory Management
“It’s the process of keeping an updated inventory of all your software and your applications from even the smallest minutia of an application used within your IT environment,” Jenna says in response to Tom’s question about software inventory management. She adds that it’s one core aspect of overall IT asset management. It enables the recording of vital information such as software update cycles, as well as ensuring that all the critical security patches are applied. Software Inventory Management keeps records of the quantity of applications software that exist within an organization. It helps detect if there’s been a breach as the bit size of applications changes when a breach occurs.
The Impact of COVID-19
The pandemic has not changed True Digital’s approach very much, Jenna remarks. What the company has been doing is helping clients pivot without the notice of attackers. Remote working comes with its own challenges and insecurities, and so assisting clients and pivoting in a way that helps them continue to achieve their cybersecurity compliance program and development goals is important. The rise in attacks emphasizes the need for structural and legal practices and precedents. Jenna stresses that governments of the world, as well as public and private sectors, need to come together to denounce cyber attacks and enforce actual consequences for these actions.
Resources
Jenna Waters | LinkedIn
TrueDigitalSecurity.com
Author: admin
Welcome to the latest addition to the Compliance Podcast Network, Leading the Way, a StoneTurn podcast. StoneTurn’s Leading the Way podcast series highlights the top compliance, legal and anti-fraud practitioners who are breaking down siloes and setting new standards for excellence worldwide.
In this episode, StoneTurn Partner Valerie Charles is joined by well-known compliance professional Mara Senn. Mara has been a partner in the white collar practice of a big law firm, she has worked at the Department of Justice on its anti-kleptocracy initiative, has worked at the World Bank handling allegations of corruption but in the investigation and litigation phase and is now Director & Senior Counsel, Global Compliance Investigations at Zimmer Biomet. It is a fascinating discussion of Mara’s journey through the investigation and regulatory side of compliance, some of the changes she has seen, key lessons learned and where compliance is headed down the road.
In the Episode, the hosts of the Microsoft podcast, Uncovering Hidden Risks join me. Raman Kalyan is a Director of Product Marketing on the Microsoft 365 Security and Compliance team focused primarily on the Insider Risk Management set of solutions. Talhah Mir is a Principal Product Manager on the MIP & Compliance US OPEX team.
In this podcast, they explore a broader set of issues focused on identifying the various risks organizations face as they navigate the internal and external requirements organizations must comply with. They will take you through a journey on insider risks to uncover some of the hidden security threats that Microsoft and organizations across the world are facing. They bring to the surface some of the best-in-class technology and processes to help you protect your organization and employees from risks from trusted insiders. Highlights of this podcast include:
- Why did you start “Uncovering Hidden Risks”? What are insider risks?
- How should a corporate compliance function or risk management function think about risks inside of an organization?
- What are some of the tools you and your team have developed at Microsoft to help manage these risks?
- How do manage these insider risks in the context of data privacy?
- What are some of the communication strategies you advocate?
- What are some examples of market solutions you have developed?
Resources
Raman Kalyan LinkedIn Profile
Talhah Mir LinkedIn Profile
Uncovering Hidden Risks
In today’s edition of Sunday Book Review:
- Now Let Us Praise Famous Men-James Agee and Walker Evans
- Walker Evans-Svetlana Alpers
- A Death in the Family-James Agree
Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the Compliance Podcast Network. In this episode, Ronnie goes on an extended rant about why compliance professionals are measuring the wrongs concepts around training. Some of the questions we explore are:
- Why the typical measurement of compliance programs is BS?
- What should compliance professionals be measuring?
- How does Entertainment help?
Resources:
Ronnie Feldman (LinkedIn)
Learnings & Entertainments (LinkedIn)
Ronnie Feldman (Twitter)
Learnings & Entertainments (Website)
60-Second Communication & Awareness Shorts – A variety of short, customizable, quick-hitter “commercials” including songs & jingles, video shorts, newsletter graphics & Gifs, and more. Promote integrity, compliance, the Code, the helpline and the E&C team as helpful advisors and coaches.
Workplace Tonight Show! Micro-learning – a library of 1-10-minute trainings and communications wrapped in the style of a late-night variety show, that explains corporate risk topics and why employees should care.
Custom Live & Digital Programing – We’ll develop programming that fits your culture and balances the seriousness of the subject matter with a more engaging delivery.
Tales from the Hotline – check out some samples.
As March Madness descends upon us in the bubble this year, Sister Jean leads Loyola of Chicago into the Sweet 16. Tom and Jay are back to look at this week’s stories top compliance and ethics stories which caught their interest on This Week in FCPA.
Stories
1. Universities behaving badly. Tom looks at the KU hiring and firing of Les Miles in a four-part blog post series on the FCPA Compliance and Ethics Blog.
2. Bette Davis and Jim Deloach both say fasten your seatbelts. Jim Deloach in CCI.
3. Do you have a Money Laundering Reporting Officer? Alia Noor in XpertsLeague.
4. How to avoid an OIG investigation. Sara Kropf in Grand Jury Blog.
5. Why do SPACs give compliance fits? Aaron Nicodemus in Compliance Week. (sub req’d)
6. Risk Management and IT Security in WFH. Sam Abadir in Risk and Compliance Matters.
7. Building bridges between compliance and BD. Mike Volkov in Crime Corruption and Compliance.
8. Three significant CCO hires. What does it mean? Nicholas Trutanich to Fox Corp (WSJ); David Searle to Tesla (Bloomberg) and Antonio Fernández to FirstEnergy (WSJ).
9. Why ignoring red flags around Iran is bad. Doug Cornelius in Compliance Building.
10. Paucity of FCPA enforcement in Q1, good or bad? Harry Cassin explore in the FCPA Blog.
Podcasts and Events
11. On The Compliance Life, Rob Chesnut joins me for the month of March. In the first episode, In Episode 1, Rob talks about his academic career at UVA and how its Honor Code influenced his thinking about ethics in his professional career and his his career as an AUSA. In Episode 2, Rob moves cross country to join eBay. In Episode 3, Rob talks about moving into the Chief Ethics Officer role at Airbnb. In Episode 4, Rob looks down the road for compliance.
12. Microsoft has joined the Compliance Podcast Network, with two podcasts, Voice of Data Protection and Uncovering Hidden Risks. In Episode 5 of Voices of Data Protection, Bhavanesh Rengarajan discusses your information governance and records management journey. In Episode 5 of Uncovering Hidden Risks, Raman Kalyan Talhah Mir how far insider risk programs have come.
13. Coffee & Regs joins the Compliance Podcast Network. In this week’s episode, hosts Natalie Silverman visits with Alison Taylor and Victoria Olsen to discuss the compliance playbook for regulagtory change.
14. AMI’s Mikhail Reider-Gordon and Eric Feldman continue their discussion on trends in independent monitoring in this episode of Integrity Through Compliance.
15. Tom announces his latest book, The Compliance Handbook, 2nd edition is available for presale purchase. Use the code FOX25 and go here. The Compliance Handbook 2nd edition will be available in both print and eBook editions. This week on The Compliance Handbook podcast, the ladies from #GWIC join Tom for a deep dive into written standards.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.