Elif Sumner, a GRC Apprentice with Aquia, shares her personal journey at The Cyber Guild’s annual Uniting Women in Cyber event. She shares about the infectious energy, valuable presentations, and networking opportunities. Elif notes that she left the event feeling empowered that there’s a community of women supporting her as she pursues her career in cybersecurity. We can’t wait to see what you do in cyber Elif!

In October, we recognize World Mental Health Day. It is an opportunity for us all to be mindful that we must do our part to create inclusive spaces where everyone can flourish and be their authentic selves, despite our differences. We must do our part to be accepting of those around us, educate ourselves, and strive to work collectively to eradicate the stigma and prejudice that keeps many people from reaching their full potential. Together we can change the narrative.  Together we can uplift diverse minds. Join the movement today. 

Cyber compliance is a hot topic in light of the new SEC rules going into effect at the end of this year. Many companies have waited to implement a program, but now is the time to focus and engage! Don’t wait to invest in a cybersecurity and data governance program that includes specific, documented oversight mechanisms. The high costs of insecure cyber practices and/or immature reporting processes that may not pass a rigorous compliance review could signal the end when an unexpected breach happens. Focus on program integrity and resiliency now to be prepared and to prosper.

When you meet one neurodivergent person, you’ve only met one. Our characteristics and preferences can vary broadly. Respond with curiosity, dignity, and respect by meeting people where they are and supporting each individual the way the person wants to be supported whether it be terminology, privacy, accommodation, belief, identity, agency, or space. As the founder of This Is My Brave Jennifer Marshall said, “One day it won’t need to be brave to talk about mental health.  It will simply be called talking.”  Let’s talk about health (and identity) to remove the stigma around mental health and neurodiversity. 

Neurodiversity relates to the natural variations in the way that people think and act. Brain differences are also viewed as normal, rather than deficits. Since we are all different from each other, we are therefore all neurodiverse. The terms “neurodivergent” or “neurodistinct” relate to individuals whose differences vary from societal norms, and who fall on the “edges of the bell curve” of human thinking.

For many businesses, it’s difficult to strike a balance between actually running the business and managing employee issues. Most employers prefer to focus on profit-generating activity than deal with tedious and time-consuming employee-management responsibilities. Here, we outline seven scenarios in which a professional employer organization (PEO) can help ease this burden and conveniently handle employee issues.

Running a business inevitably exposes leaders to legal liability. While it may not be possible to achieve 100% protection against every potential legal risk, you can avoid many common pitfalls and greatly benefit your organization by creating a culture of HR compliance. It all comes down to your company’s core values, culture and people – as well as your commitment to training, modeling and reinforcing desired behaviors. Learn more about how to cultivate a culture of compliance and mitigate the negative consequences of non-compliance with laws and regulations.

Are you a leader looking to I.G.N.I.T.E. the fire within your team to ensure your employees are thriving in our ever changing and evolving work environment? It starts with defining your culture in words and then putting those words into practice to drive the behaviors you want to see for a winning team culture.

EEOC complaints happen more often than company leaders might think. In fact, the top five most common complaints at U.S. businesses each number in the tens of thousands annually. Should your business become one of these statistics, there are specific mistakes you should avoid to increase the odds of winning an EEOC judgment in your favor while mitigating other risks and negative impacts to your company. 

Many technology and cybersecurity professionals consider employee monitoring a top-down nuisance that fails to deliver the results they need. This is a result of the traditional surveillance-style systems that companies used to track employee activity. But the future of cyber monitoring is a far cry from this model and has the potential to transform workplace cybersecurity. Modern consent-based, individualized monitoring technologies offer an alternative that is mutually beneficial for both executives and employees and keeps individuals and companies safe. 

The 2023 National Cybersecurity Strategy goes beyond truisms to articulate a clear cybersecurity policy vision to put the US on a different path. The Strategy’s strength comes from four characteristics. It has a transparent philosophical core, confronts hard problems, has a long-term outlook, and explicitly involves the legislative branch. Even if someone disagrees with the recommended policies, the Strategy’s clarity and definitive choices will make the resulting policy debates far more useful in making the changes we need to have a more secure digital ecosystem.  

The new National Cybersecurity Strategy from the White House has recently been published. There are undoubtedly controversial recommendations, such as calls for the imposition of liability for insecure software products and services and the increase of military support of private cybersecurity, and I look forward to those debates. I praise the strategy for carving the way forward against the growing threat.

Employee training is one of the most significant investments your organization may make. It’s also one of the most critical initiatives impacting the long-term success of any business.

Anyone who has pursued a job in security, whether in the public or private sector, is aware of the thorough and lengthy process it takes to attain a government security clearance even after being hired for a position. A trusted workforce is key for security organizations and companies.

If you’re not focused enough on your company’s most valuable asset — your people — you might be falling behind in your efforts to procure and retain employees. Furthermore, your organization may not be achieving the performance and results that you expect.

The regulatory cybersecurity landscape for critical infrastructure and utility operators is changing rapidly to meet the increased threats that cybersecurity attacks present to national security, health, and safety. Stakeholders in critical infrastructure and public utilities must be prepared to respond to new regulations and should consider taking advantage of public incentives to modernize operations and improve cyber defenses. 

Cybersecurity professionals everywhere find themselves in a precarious situation, grappling with two major forces that will continue into 2023: pressure on corporate budgets from a tightening economy, and the rise in cybersecurity attacks from nation-state actors. In this article, learn six key cybersecurity risk levers that will help you respond to the evolving needs of your business, achieve financial stability, and secure your organization from bad actors.

As organization stakeholders look ahead to 2023, cybersecurity might not be at the top of their budget priorities, despite research showing evidence that cybercriminals can penetrate 93% of company networks. In this article, we’ll discuss some considerations to keep in mind when planning your cybersecurity budget for the next year in Q4, so that your security team can keep the organization running smoothly, while also protecting your employees and customers.

The threat of cyber attacks will only increase. How companies ready themselves to prevent attacks and how they respond if an attack occurs will determine how we keep the U.S. as safe as possible. Thus, it’s up to every company to determine its risk mindset and plan the right focus, time, and money to address cybersecurity. 

An amendment to the National Defense Authorization Act passed by the House in July would create a “systemically important entity” designation, applying new regulations and offering priority aid to certain critical infrastructure companies. But the American Bankers Association and Bank Policy Institute say the amendment as applied to financial institutions would duplicate existing regulations under the Dodd-Frank Act, while also requiring the turnover of a substantial amount of cybersecurity-related data that could prove dangerous in the wrong hands. 

The services that make up the energy sector are vital to America’s function and progress. Virtually every aspect of daily life is reliant on the uninterrupted availability and flow of energy, whether it’s electricity, water, or natural gas. At the same time, this reliance makes the energy sector a prime target for malicious actors and cybercriminals looking to exploit the necessity of its supply chain.

As we seek to protect our community from identity threats, we need to normalize questioning the norm. Can you recall the last time you handed over your sensitive information because it was “easier” for the requestor, or it seemed “nicer” for you to follow their process rather than to question their process? Did you feel pressured to be compliant with the norm, rather than empowered to question the norm? In this article, learn more about why you shouldn’t feel obligated to jeopardize your identity for basic tasks. 

Managing older, more experienced employees is becoming an essential – and, frankly, unavoidable – skill for young leaders to master. As increasingly more people work well into their 70s, millennials are also fast becoming the largest demographic in the American workforce and are climbing the ladder into the echelons of management. Generation Z isn’t far behind.

On February 28, the U.S. Department of Justice (DOJ) agreed to a $930,000 settlement with Comprehensive Health Services (CHS) to resolve False Claims Act allegations. The resolution represents the department’s first settlement under the False Claims Act since instituting its Civil Cyber Fraud Initiative in October 2021. This is a watershed moment in the department’s approach to cybersecurity that highlights its renewed focus and commitment to holding vendors that do business with the federal government accountable for meeting federal cybersecurity requirements.

You need both risk management and compliance to meet regulatory obligations, manage risk, safeguard assets, and maintain financial stability. And all of this is easier to do with risk and compliance automation. Automation eliminates the need for time-consuming manual processes to maintain compliance and manage risk. In this pocket guide, we explore this and other benefits of automation. 

As a career start-up marketer, I’ve been through the gauntlet of start-ups – fast and furious, stubborn and old school – pivot-friendly and fail-fast environments – and I’ve learned quite a few things from them. In this article, we’ll share the top things startups must get right about their culture.