Tag: cybersecurity

Categories
Great Women in Compliance

Data Security Update with Rachel Pashkevich Koontz

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

In this week’s episode we take a deep dive into the latest in data security so that our listeners who are not experts in this area can learn from one. Rachel Pashkevich Koontz is Senior Corporate Counsel, Cybersecurity Compliance at T-Mobile and helpfully gives us the latest updates in data security.

 We asked Rachael to walk us through the Colonial Pipeline case from last year and the lessons learned, her tips for what we should focus on with regards to cyber security controls in 2022 and Rachel tells us about a risk that she took earlier in her career that paid off.

 The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Daily Compliance News

January 12, 2022 the Farewell to Michael Lang Edition


In today’s edition of Daily Compliance News:
·      Cyber issues for PE.  (WSJ)
·      Woodstock organizer dies.  (NYT)
·      RCMP looking a Canadian company corruption overseas. (NationalPost)
·      Journalist who exposed FIFA corruption dies. (SI.com)

Categories
From the Editor's Desk

November in Compliance Week

Welcome to From the Editor’s Desk, a podcast where co-hosts Tom Fox and Dave Lefort, Editor in Chief at Compliance Week unpack some of the top stories which have appeared in Compliance Week over the past month, look at top compliance stories, talk some sports and generally try to solve the world’s problems.

 In this month’s episode, we look back at top stories in CW from November including the final results from the CW survey ‘Inside the Mind of the CCO’. It includes a discussion of the gender gap in pay for compliance professionals, the role of compliance in ESG and the role of compliance in fighting cyber breaches. We discuss the Compliance Week 2022 Conference scheduled for May in DC and upcoming CW event on best practices to prevent a ransomware attack. We conclude with a look at some of the top sports stories including the MLB lock out by management, Michigan beating Ohio State and the storyline of a potential Brady v. Belichick Super Bowl.

Check out the CW articles on Inside the Mind of the CCO, herehere and here.

Early register for CW 2022 Conference here.

Categories
Coffee and Regs

What’s Next for Cybersecurity in 2022?

Digital Assets: Trading & Compliance for Cryptocurrency

In this episode, Director of Registered Investment Company Services, Allison Fraser and Director of Broker-Dealer Services & Private Funds, John Gentile discuss the latest on digital assets and cryptocurrency. Are they considered securities, what does the SEC’s risk alert mean for digital assets, and how should investment managers be thinking about cryptocurrency trading and compliance?

 

 

About Our Guest Speakers:


 
E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
 
 

 
Mike Farrell is a Certified Information Systems Auditor (CISA®) and Certified Information Security Manager (CISM®), and Cybersecurity Consultant at CSS. He analyzes data and conducts cybersecurity risk assessments, policy gap analyses, vulnerability scanning and social engineering testing. His Information technology experience includes network installations and management, hardware and software configuration, and troubleshooting.
Categories
Daily Compliance News

November 22, 2021 the Why Corruption edition


In today’s edition of Daily Compliance News:

  • Will Activism CEO resign?(WSJ)
  • Office reopening gets trickier. (WSJ)
  • Banks must promptly report cyber breaches. (Reuters)
  • Why do some become corrupt? (Foreign Policy)
Categories
Compliance Into the Weeds

Retreat on DoD Cybersecurity for Contractors

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Today, Matt and Tom take a look at the Department of Defense retreat on its cybersecurity initiative for contractors, CMMC to the new standard of CMMC 2.0.

Some of the issues we consider are:

·      What is CMMC and what morphed into CMMC 2.0?
·      Who led the charge to make these changes?
·      Do these changes help or hurt federal government overall cybersecurity?
·      Will self-assessments work?
·      New FCA claims coming?
·      What about compliance?
Resources
Matt in Radical Compliance, Pentagon Sounds Retreat on CMMC Compliance

Categories
Coffee and Regs

Cybersecurity Training, Talent and Diversity

Cybersecurity Training, Talent and Diversity

In this episode, Founder and CEO at CyberVista, Simone Petrella and CSS’s Director of Cyber IT Services, E.J. Yerzak discuss the importance of cybersecurity training, education, how to recruit talent and diversity in cyber and why compliance and cybersecurity are synonymous.
 

 

About Our Guest Speakers:


 
E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
 
 

Simone Petrella is CEO and Co-Founder of CyberVista. Previously, Simone was a Senior Associate at Booz Allen Hamilton where she helped build the firm’s cybersecurity practice in the commercial sector focusing on the creation of cyber fusion centers and the integration of cyber threat intelligence, security operations, and cyber defense operations into effective cyber security operations. For a decade she led the firm’s all source cyber threat intelligence business in the national security and Defense sectors, where she built out a threat capability and team with in depth subject matter expertise in all aspects of cyber threat intelligence, including intelligence support to both defensive and offensive operations. Her areas of specialty included predictive cyber intelligence based on an understanding of the threat adversary and developing service offerings to integrate intelligence into exercises to provide realistic cyber scenarios. Simone received her J.D. with honors from Catholic University’s Columbus School of Law and graduated from Georgetown University with a B.A. in Government and a M.A. in International Law and Policy. She is a member of Women in International Security and is admitted to the New York Bar. A native of New Jersey, she has resided in Washington D.C. since 2000.
 
Categories
Coffee and Regs

Digital Assets: Trading & Compliance for Cryptocurrency

Digital Assets: Trading & Compliance for Cryptocurrency

In this episode, Director of Registered Investment Company Services, Allison Fraser and Director of Broker-Dealer Services & Private Funds, John Gentile discuss the latest on digital assets and cryptocurrency. Are they considered securities, what does the SEC’s risk alert mean for digital assets, and how should investment managers be thinking about cryptocurrency trading and compliance?

About Our Guest Speakers:


Allison Fraser provides compliance consulting services to investment advisers, registered investment companies and private investment funds, including conducting annual compliance program reviews and testing, developing risk assessments and preparing for SEC examinations. She also assists clients with drafting policies and procedures and preparing regulatory filings. On behalf of, the Compliance Services division of CSS, Allison served as the Chief Compliance Officer for a family of alternative funds registered under the Investment Company Act of 1940. Prior to joining CSS, Allison served as a Senior Vice President of Compliance at Northern Trust Investments, Inc. (“NTI”), the asset management subsidiary of The Northern Trust Company. In this capacity, she managed and administered the compliance due diligence program for NTI’s Multi-Manager Solutions and Outsourced Chief Investment Officer businesses. Allison also was the Chief Compliance Officer of two registered funds of hedge funds advised by NTI as well as a member of the funds’ Pricing and Disclosure Committees. Before joining NTI, Allison served as the Compliance Director for General Motors Asset Management, where she assisted with the administration of the compliance program for this registered investment adviser.
 

John Gentile is responsible for overseeing various types of broker-dealer and investment adviser consulting engagements, including conducting SEC/FINRA internal control reviews, anti-money laundering testing, written supervisory policy and procedures testing, and other consultation services. John is a frequent speaker at industry conferences on various compliance topics, including “Effective Supervision,” “Large Firm Testing,” FINRA Supervisory Control Rules” and “Anti Money Laundering Requirements for Broker Dealers under the PATRIOT Act.” In 1987 John joined the SEC as a Securities Compliance Examiner, becoming a Branch Chief in 1991. He became Assistant Regional Director in 1993, supervising a team of 20 broker-dealer managers and examiners. He also planned and conducted financial, operational, and sales practice examinations of the largest broker dealers and was among those responsible for a review of hedge funds’ impact on broker dealer internal controls. Before joining the SEC, John was a Financial Damage Analyst with PaineWebber Inc. Most recently from 2000-2007 John was an Executive Consultant, Broker-Dealer Services, at National Regulatory Services. John has an MBA from Fordham University and a BS in Finance from Central Connecticut State University. From 1995 to 2002, John was also a member of the Securities Industry Continuing Education East Coast Content Committee.
Categories
Coffee and Regs

Cybersecurity Awareness Month – Reducing Cyber Incidents Through Vendor Due Diligence

Cybersecurity Awareness Month – Reducing Cyber Incidents Through Vendor Due Diligence

 
In this episode, CSS’s team of cybersecurity experts E.J. Yerzak and Mike Farrell kick off Cybersecurity Awareness Month discussing the importance of vendor due diligence and the role that service providers can play in cyber incidents.
 

About Our Guest Speakers:


E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
 

 

 

 
Mike Farrell is a Certified Information Systems Auditor (CISA®) and Certified Information Security Manager (CISM®), and Cybersecurity Consultant at CSS. He analyzes data and conducts cybersecurity risk assessments, policy gap analyses, vulnerability scanning and social engineering testing. His Information technology experience includes network installations and management, hardware and software configuration, and troubleshooting.
Categories
Coffee and Regs

The Mood of Compliance

The Mood of Compliance

 

In this episode, CSS’s Executive Director, Jackie Hallihan and Senior Consultant, Adam DiPaolo discuss observations on the mood of compliance, with predictions of heavy regulatory activity, and key areas of focus including enforcement, ESG, cryptocurrency, whistleblowers and cybersecurity.

 

About Our Guest Speakers:

Jackie Hallihan is the Co-Executive Director of CSS’s Compliance Services team and has over 25 years’ regulatory and risk management experience. She was the founder of National Regulatory Services (NRS) which started the compliance resource business and served as its President for over 20 years. She also founded the National Society of Compliance Professionals (NSCP), a non-profit organization for compliance officers, staff and lawyers serving the compliance industry. It now boasts over 2000 memberships. Jackie has been a leading speaker to compliance professionals, including in-house training programs and various other industry association conferences, and has received numerous industry awards. Jackie also serves as Director, Clerk of the New England Broker Dealer Investment Adviser Association (NEBDIAA), a non-profit organization, incorporated in 1997. The purpose of NEBDIAA is to provide a forum for the professional exchange of information among investment advisers, broker dealers, and persons who provide services to investment advisers and broker dealers, and to direct communication among its members which will improve their ability to serve the needs of their respective clients. The forum will help NEBDIAA’s members meet the increased regulatory demands placed on investment advisers, broker dealers, and persons who provide services to investment advisers and broker-dealers.

 

Adam DiPaolo CISA, CRISC is a Section 13 Reporting Manager, Senior Consultant and Associate General Counsel at CSS. Adam designs practical solutions to manage regulatory challenges faced by hedge funds, private equity funds, funds of funds, and other investment advisers. In addition to providing compliance services such as annual compliance program reviews, risk assessments and acquisition due diligence, Adam established Section 13 reporting capabilities and EDGAR filing agent services for CSS’s Compliance Services division. He drafts and maintains corporate filings ranging from Forms ADV and PF to Forms 13F and 13H. Adam also provides cybersecurity risk management services to CSS clients – ranging from network vulnerability scanning to onsite cybersecurity risk assessments to assistance in implementing the NIST cybersecurity framework. He is a Certified Information Systems Auditor (CISA®), and Certified in Risk and Information Systems Control (CRISC™). Adam practiced corporate law prior to joining CSS and has an extensive background in both the public and private sectors. Adam served as Assistant General Counsel at Capgemini – one of the world’s largest providers of Consulting, Technology and Outsourcing services. As in-house counsel to a global consulting business, he implemented pragmatic strategies to resolve complex legal and regulatory issues. Adam earned his B.A. from Pitzer College, his J.D. degree from UC Berkeley – Boalt Hall School of Law, and his LL.M. in Taxation from New York University School of Law. He is a member of the New York State Bar.