Capability. Meet Opportunity.

HPC CyberMatch™ Marketplace by High Performance Counsel - Cyber Careers Portal

(THE FUTURE. NOW)

PUT YOUR CYBER QUALIFICATIONS TO WORK IN OUR TALENT MARKETPLACE

Our mobile-friendly platform facilitates open and direct communication between clients and cyber-qualified professionals.

The HPC CyberMatch™️ Marketplace:

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

HPC CyberMatch™ solves the cyber talent conundrum.

With the introduction of our HPC CyberMatch™ Curriculum, HPC has committed to being the one-stop education partner that individuals and organizations need to gain cybersecurity competencies and certifications. On an individual level, cyber qualifications are a great way to add value for your employer or clients - they also make you more valuable. As such, we uniquely provide access to both NIST and NICE curriculum in our store - helping individuals and organizations get the education and training they need.

But why stop there? Introducing the HPC CyberMatch™ Marketplace

Organizations need cyber-qualified individuals - those who have invested in cyber qualifications to meet the needs of a digital economy. In creating HPC CyberMatch™ Marketplace, we're also helping individuals and organizations meet one another around the cyber qualifications that both need. In so doing, we're doing our part to address a growing economic need.

Start here.

GET CYBER-QUALIFIED

Browse available NICE, NIST courses.

START HERE.

CYBER-QUALIFIED? REGISTER HERE

Qualified cyber professionals may register for HPC CyberMatch™ Marketplace

LAUNCH: AUGUST '19

CYBER EMPLOYER? REGISTER & LOG IN HERE

Employers and qualified agencies may register for HPC CyberMatch™ Marketplace

LAUNCH AUGUST '19

QUESTIONS? CONTACT US

Feel free to contact us here.

INTRODUCTION & FEATURES GUIDE 2019

An overview & introduction to our cybersecurity and cyber intelligence education solutions.

HPC/CybInt Cyber Center Overview 2019

Custom Programs, Online Training, Hands-On Labs, Practical Problem-Solving, Scenario Simulations, Cyber Certifications.

B2C Cyber Literacy Brochure - 2019

A unique combination of our two leading programs - the Cyber Security Protection Program and the Cyber Intelligence Discovery Program. These programs build a strong cyber foundation across all areas of study and allow students to enter a technologically savvy workforce with confidence and understanding.

The Cyber Intelligence Certification (CIC) Program provides an introduction to cyber intelligence essentials, online research methodology, deep-web due diligence, trends analysis, digital forensics, and much more.

At its core, the Cybint Intelligence Discovery certificate features more than 80 learning units, with videos, written lessons, exercises and tools, focusing on various aspects of cyber intelligence.. The program is designed to train students on the art of collecting intelligence from around the web, getting access to the most critical information you need, and analyzing it quickly and accurately. Upon completion of training, there is a certification exam to verify learning and identify areas that require more study.

The Cyber Security Protection (CSPC) Program provides an introduction to cyber security essentials, social engineering, malware, cybercrime, online privacy and much more.

At its core, the Cybint Security Protection Certificate program features more than 60 learning units, with videos, written lessons, exercises and tools focusing on various aspects of cyber security. The program also covers individual behaviors that may you at risk. Upon completion of training, there is a certification exam to verify learning and identify areas that require more study.

Register for the Cyber Security Protection Program and the Cyber Intelligence Discovery Program

B2C Cyber Security Brochure - 2019

The Cyber Security Protection (CSPC) Program provides an introduction to cyber security essentials, social engineering, malware, cybercrime, online privacy and much more.

At its core, the Cybint Security Protection Certificate program features more than 60 learning units, with videos, written lessons, exercises and tools focusing on various aspects of cyber security. The program also covers individual behaviors that may you at risk. Upon completion of training, there is a certification exam to verify learning and identify areas that require more study.

Register for Cyber Security Protection (CSPC) Program

B2C Cyber Intelligence Brochure - 2019

The Cyber Intelligence Certification (CIC) Program provides an introduction to cyber intelligence essentials, online research methodology, deep-web due diligence, trends analysis, digital forensics, and much more.

At its core, the Cybint Intelligence Discovery certificate features more than 80 learning units, with videos, written lessons, exercises and tools, focusing on various aspects of cyber intelligence.

The program is designed to train students on the art of collecting intelligence from around the web, getting access to the most critical information you need, and analyzing it quickly and accurately. Upon completion of training, there is a certification exam to verify learning and identify areas that require more study.

Register for The Cyber Intelligence Certification (CIC) Program

B2B Simu-Lab Brochure (Legal) 2019

The Cyber Security Analyst Simu-Lab Suite is the product of extensive military and industry experience, which offers advanced practical training in a virtual machine environment. The CSA Simu-Lab Suite is comprised of 10 labs that bring a much-needed practical work experience component to students.

Each lab is based on an authentic real-life cyber incident that learners will practice solving using cyber tools through a simulated virtual machine. We want students to feel as if they are in a real Security Operations Center (SOC) and to work as Cyber Security Analysts (CSA).

Our goal is to provide learners with a solid foundation that will prepare them for on-the-job training and allow them to grow professionally.  This comprehensive offering allows participants to quickly gain the skills and experience to start working in the cyber industry – even without a computer science degree.

The Cyber Security Analyst Simu-Lab Suite offers students lessons around each lab scenario, reflection assignments, quizzes, and applied learning. Once a student completes the CSA Simu-Lab Suite, they will receive a CSA certification of completion.

Register for The Cyber Security Analyst Simu-Lab Suite

B2C CSA Simu-Lab Brochure - 2019

The Cyber Security Analyst Simu-Lab Suite is the product of extensive military and industry experience, which offers advanced practical training in a virtual machine environment. The CSA Simu-Lab Suite is comprised of 10 labs that bring a much-needed practical work experience component to students.

Each lab is based on an authentic real-life cyber incident that learners will practice solving using cyber tools through a simulated virtual machine. We want students to feel as if they are in a real Security Operations Center (SOC) and to work as Cyber Security Analysts (CSA).

Our goal is to provide learners with a solid foundation that will prepare them for on-the-job training and allow them to grow professionally.  This comprehensive offering allows participants to quickly gain the skills and experience to start working in the cyber industry – even without a computer science degree.

The Cyber Security Analyst Simu-Lab Suite offers students lessons around each lab scenario, reflection assignments, quizzes, and applied learning. Once a student completes the CSA Simu-Lab Suite, they will receive a CSA certification of completion.

Register for The Cyber Security Analyst Simu-Lab Suite

Cyber Security Analyst (CSA) Simu-Lab Guide 2019

Cyber Security Analyst (CSA) Simu-Lab Suite - Lab Scenario Guide

The Cyber Security Analyst Simu-Lab Suite is the product of extensive military and industry experience, which offers advanced practical training in a virtual machine environment. The CSA Simu-Lab Suite is comprised of 10 labs that bring a much-needed practical work experience component to students.

Each lab is based on an authentic real-life cyber incident that learners will practice solving using cyber tools through a simulated virtual machine. We want students to feel as if they are in a real Security Operations Center (SOC) and to work as Cyber Security Analysts (CSA).

Our goal is to provide learners with a solid foundation that will prepare them for on-the-job training and allow them to grow professionally.  This comprehensive offering allows participants to quickly gain the skills and experience to start working in the cyber industry – even without a computer science degree.

The Cyber Security Analyst Simu-Lab Suite offers students lessons around each lab scenario, reflection assignments, quizzes, and applied learning. Once a student completes the CSA Simu-Lab Suite, they will receive a CSA certification of completion.

Register for The Cyber Security Analyst Simu-Lab Suite

National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework

Did you know? The NIST Cybersecurity Framewdork is a set of guidance on what organizations should be doing in terms of controls to manage their cyber risk and security. 

Framework for Improving Critical Infrastructure Cybersecurity

Did you know? The NICE Cybersecurity Workforce Framework outlines the work roles (including knowledge, skills abilities and credentials) required to support a NIST Cybersecurity Framework program.

Cybint Cyber Literacy Curriculum - 2019

Cybint is pleased to introduce our Cyber security and intelligence seminars. It’s a comprehensive approach to cyber training for the non-technical professional whose job interacts with potential cyber threats and discovery opportunities. The training was specifically designed for legal and financial professionals. It’s a concept that can transform your students from reactive to proactive, and influences the way they are trained to handle litigation, negotiation, due-diligence, IP and more. It combines both discovery and protection aspects and ensures the professional is much more valuable to their company. The program is customizable, but we recommend executing it as outlined in this document.

Business Email Compromise: How to Avoid Becoming a Victim

How likely are you to quickly respond to an email that appears to come directly from an executive-level individual at your organization, an email from a trusted third-party vendor, or an email that is flagged as high importance by a “business partner?”  Malicious actors are banking on immediate action being taken, whether it’s the source of the email (i.e. CEO of the company), the urgency described in the message, or both.  Emails impersonating legitimate individuals for nefarious purposes, also known as business email compromise (BEC), is a rapidly growing threat aimed at committing financial fraud through eliciting deceitful wire transfers.

What is BEC?

Malicious actors running BEC campaigns rely on deception techniques to masquerade as legitimate and trusted sources. Using research and social engineering tactics to portray executives, business partners, suppliers, or even legal authority figures, their goal is to induce illegitimate money transfers.  Those who fall victim to a BEC attack are deceived, thinking that they are simply doing what is asked of them by a reputable individual and performing an ordinary transaction, like wiring funds or completing a supply order, when in reality they are being duped by a fraudulent request.

BEC attacks generally work in two ways.  One, email accounts of targets are spoofed by cyber criminals to appear like they have originated from a different source.  For example, the message is designed to look like it is sent from [email protected], when the actual address is [email protected]  Another spoofing attempt is when email addresses are created with just a slight change so that they appear legitimate.  This could be something as simple as using an underscore __ instead of a hyphen -- in the email address.  Without paying careful attention, the receiver has no reason to believe the email is fraudulent.

The second method is through compromised accounts.  This involves cyber criminals obtaining credentials to email accounts of individuals they want to pose as and distributing illegitimate messages.  Credentials can be gathered several ways, such as through database breaches, phishing scams, or brute force attacks.  In this case, the email account is legitimate, but the message is not.

Why You Should Be Concerned

BEC attacks “have seen an explosive 476% growth between Q4 2017 and Q4 2018.” 1 The likely cause behind this drastic increase is because they are low risk for cyber criminals and highly effective in achieving their purpose simply because of human nature.

Further, a BEC campaign uses simple technology, can be put into action rapidly, and carries the potential for a large payout.  If that’s not reason enough to be concerned, BEC attacks are also capable of circumventing traditional security practices like anti-virus scans or spam filters.

Obvious flags for email filters like grammatical errors or misspellings usually do not catch BEC attacks because these messages are targeted and constructed with thought.  A BEC attack also does not rely on malware to achieve its purpose, another reason why they are able to evade scans and filters.  Instead of an individual clicking on a malicious link or downloading an attachment containing malware, a successful BEC campaign only needs to deceive the target with a message that appears to be legitimate.

Extensive research is performed ahead of launching an attack in an effort to make the message as personalized as possible. Using a combination of publicly available information, like a bio on a company website, useful data from social media, and relevant material found on the dark web, emails can be written in a manner that appears legitimate and entices the recipient to take action.

The results of these attacks are significant and costly.  BEC attacks “yield an average of $132,000 per attack” and it is difficult to recoup the money after it has been transferred.  A public service announcement from July 2018 released by the FBI stated that victims of BEC attacks lost more than $12.5 billion from October 2013 to May 2018.

Losses suffered go beyond just monetary, including loss of operations and damaged reputation, which can end up being costlier than the transfer of funds itself.  A BEC attack has the ability to disrupt business continuity, demanding valuable resources be used to ensure operations are brought back up to speed, and whenever an organization is in the news for a cyber attack, they run the risk of losing customer faith.

Don’t Be a Victim: How to Protect Against BEC Attacks

There is no silver bullet that will prevent a BEC attack from being successful.  Instead, the best way to prevent BEC fraud is through security awareness training.  Creating a “culture of security” will help reduce the risk of a successful BEC attack.

Employees at every level of your organization should be trained how to recognize common deception tactics, like domain name spoofing (i.e. an email address that appears legitimate) and learn other best practices.

This includes not posting personal information, or anything that could be leveraged against you, on social media.  The less ammo that cyber criminals have to work with, the less likely their email will appear to be legitimate.  

People are often referred to as the “weakest link” in an organization’s security posture, but they can also be your biggest strength when it comes to mitigating risk, as long as they are properly prepared.

Beyond training, additional accounting controls should be implemented to help combat BEC attacks.  For example, requiring some sort of confirmation from the requesting party before authorizing payment should be standard protocol.  This could be as simple as calling the individual that the message is coming from to ensure that they were behind the request.  If it’s a legitimate request, it may add more time to the transfer process, but it’s better to be overly cautious and confirm the funds are going to the right place versus losing them for good to a malicious actor.

Regular assessments of networks and systems should already be included as part of your overall security strategy, but they can also be helpful in deterring BEC attacks.  Performing investigations can determine if email servers were compromised and that alterations were made allowing for nefarious emails to be sent using your network and appear as legitimate messages. Identifying this intrusion can potentially prevent large sums of money from falling into the wrong hands.

Another best practice to mitigate BEC threats is to implement multi-factor authentication on all email accounts at your organization.  This practice requires multiple steps to login after entering a password, such as receiving a unique code on a mobile device and then inputting the text.  Even if a cyber criminal has credentials to an email account, multi-factor authentication will help prevent them from being able to access it and send fraudulent transfer requests, since they likely won’t have the means to verify it’s the appropriate person logging in.

Lastly, perform due diligence on your vendors, suppliers, customers, or anyone involved with the potential transfer of funds. Determine which individuals specifically you will be interacting withand learn their processes and habits.  This will help trigger caution if their normal business practices suddenly differ, like an urgent request out of the blue, or an email from someone you’ve never worked with previously.

Steps to Take if an Attack is Successful

In the unfortunate event that a BEC attack is successful and funds are fraudulently transferred, all is not lost, but you must act quickly.  This involves contacting your financial institution immediately and requesting either a recall of the funds or asking them to not allow the transaction to go through.

Additionally, pending certain criteria, you can implement the Financial Fraud Kill Chain (FFKC) process that is offered through the FBI.  Its intention is to provide an additional outlet for recovering funds and should be used in conjunction with normal procedures at your financial institution.  Even if your circumstance does not qualify for the FFKC process, you should still contact your local FBI office to report the incident.  You’ll also want to file a complaint with the IC3, as they can assist both your financial institution and any involved law enforcement with their efforts to recover your funds.

Within your own network and systems, work to try and identify the malicious actor so that they can be contained and further damage can be prevented.  Also, be sure to involve all relevant parties within your organization, or partner with a company that can help provide support.  This includes forensic accounting, strategic communications, and litigation support.  A united front can help control the situation and ultimately recover from the fraudulent transfer.

Oldest Trick in the Book

While certain cyber attacks are becoming increasingly technical, the art of deception is a simple tactic that has been around for centuries.  Despite its simplistic nature, preventing a BEC attack cannot be achieved by installing software and rather requires a culture of awareness to be established.  With emails becoming increasingly personalized and targeted, it is more essential than ever to learn what to look for to avoid falling victim to this type of attack.  Cyber criminals are going to continue using attack methods that are low-effort, successful, and offer large payouts, which for now, is the case with BEC attacks.

The views expressed in this article are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates or its other professionals.

ANTHONY FERRANTE

Anthony J. Ferrante is a Senior Managing Director and the Global Head of Cybersecurity at FTI Consulting. Mr. Ferrante is an expert in cybersecurity resilience, prevention, response, remediation and recovery services.

Mr. Ferrante has more than 15 years of top‐level cybersecurity experience, providing incident response and preparedness planning to more than 1,000 private sector and government organizations, including more than 175 Fortune 500 companies and 70 Fortune 100 companies.

Mr. Ferrante maintains first‐hand operational knowledge of more than 60 criminal and nationalsecurity cyber threat sets, and extensive practical expertise researching, designing, developing and hacking complex technical applications and hardware systems.

Prior to joining FTI Consulting, Mr. Ferrante served as Director for Cyber Incident Response at the U.S.

National Security Council at the White House where he coordinated U.S. response to unfolding domestic and international cybersecurity crises and issues. Building on his extensive cybersecurity and incident response experience, he led the development and implementation of Presidential Policy Directive 41 – United States Cyber Incident Coordination, the federal government’s national policy guiding cyber incident response efforts.

Before joining the National Security Council, Mr. Ferrante was Chief of Staff of the FBI’s Cyber Division.

He joined the FBI as a special agent in 2005, assigned to the FBI’s New York Field Office. In 2006, Mr. Ferrante was selected as a member of the FBI’s Cyber Action Team, a fly-team of experts who deploy globally to respond to the most critical cyber incidents on behalf of the U.S. Government.

Mr. Ferrante previously served as an Adjunct Professor of Computer Science at Fordham University’s Graduate School of Arts and Sciences, where he served as the founder and co-director of the Master’s of Science in Cybersecurity program in the Graduate School of Arts and Sciences. During his time at Fordham University, he served as the co-director of the undergraduate and graduate cybersecurity research programs.

Paul Ferrillo

Paul Ferrillo is a Shareholder in Greenberg Traurig’s Cybersecurity and Privacy Group. He focuses his practice on cybersecurity corporate governance issues, complex securities and business litigation, and internal investigations. He assists clients with governance, disclosure, and regulatory matters relating to their cybersecurity postures and the regulatory requirements which govern them. Paul represents public companies and their directors and officers in shareholder class and derivative actions, as well as in internal investigations. In particular, he has coordinated numerous internal investigations on behalf of audit committees and special committees, and handled the defense of securities class actions alleging accounting irregularities and/or financial fraud. He is also the author of Navigating the Cybersecurity Storm: A Guide for Directors and Officers (Advisen 2015) and Co-Author of Take Back Control of Your Cybersecurity Now: Game Changing Concepts on AI and Cyber Governance Solutions for Executives (Advisen 2017).

Several years ago, a series of massive and highly publicized retail data breaches took the issue of cyber security out of IT circles and inserted it into the mainstream news, cocktail party banter, and corporate board agendas. Those breaches also served to introduce the concept of cyber insurance to a much wider audience. Interest in and uptake of cyber insurance began to grow, largely driven by the breach response services (including incident response, forensic investigation, notification and credit monitoring costs) and class action lawsuit defense coverage available under those policies. Although cyber policies still provide tremendously valuable coverage for breach events, they’ve come a long way since then. Recent iterations of cyber policies go far beyond data breach coverage and offer protection against a wide range of the most vexing cyber threats and privacy exposures affecting companies in every business sector.

Additional Coverages

Some of the key cyber exposures for which coverage may be available are:

Cyber Extortion

Coverage is generally available for ransomware payments, as well as for other types of cyber extortion, such as threats to publicly disclose protected information or to interrupt computer systems. Coverage typically includes response services, and insurers can assist with ransom negotiations. Some insurers also will assist with obtaining digital currency to pay ransom demands.

Social Engineering

Some insurers offer coverage under cyber policies that expressly applies to social engineering attacks — i.e., phishing, business email compromise — that result in the transfer of company funds to unintended third parties.

Coverage for Senior Executive Losses

At least one insurer provides coverage for identity theft and theft of funds from personal bank accounts of executive officers resulting from a third-party breach of the company’s network security.

Corporate Identity Theft

Coverage may be available for losses incurred as a result of fraudulent use of the company’s electronic identity, including the establishment of credit in the company’s name, electronic signing of the contract, and the creation of a website designed to impersonate the company.

Contingent Business Interruption

Some insurers offer coverage for loss of business income, forensic expenses, and extra expenses sustained as a result of the interruption of the insured’s business operations caused by an unintentional and unplanned interruption of computer systems operated by a third party business that provides necessary products or services to the insured pursuant to a written contract. This coverage can be especially valuable in today’s digital and interconnected economy.

Bricking

Although cyber policies typically exclude coverage for damage to tangible property, some carriers have introduced endorsements that are triggered when a hacking event causes the “bricking” (loss of use or functionality) of the insured’s computer hardware or electronic equipment by maliciously reprograming the software installed on that hardware or equipment. Bricking coverage applies to the costs to repair or replace the affected hardware or equipment when it would cost more to reinstall software.

Betterment

A particularly valuable new coverage is now offered by some insurers for improvements to the insured’s hardware or software following a security breach that exploited a weakness in the insured’s computer system. Coverage is available if it is determined that such improvements will reduce the risk of a future breach related to that weakness.

Consequential Reputational Harm

Some carriers are offering coverage for lost profits associated with the loss of current or future costumers because of reputational damage resulting from a covered cyber event. The lost profits must have been incurred during a “reputational harm period," a designated window of time following discovery of the cyber event.

Loss Adjustment Costs

Calculating the costs associated with a system damage or business interruption insurance claim can be complicated business, particularly when costs must be allocated to an uninsured waiting period designated in the policy form. Some cyber carriers are providing coverage for the cost to retain professionals, such as forensic accountants, to assist the insured in the calculation of its financial loss.

Invoice Manipulation Loss

Many insurers are now offering coverage specifically designed for phishing attacks and other schemes to trick the insured company into transferring funds to a fraudster instead of to an entity to which the insured owes money. Now, at least one insurer provides coverage to companies that have been unable to collect payment for their goods and services as a result of an “invoice manipulation loss.” Invoice manipulation means the release or distribution of a fraudulent invoice or payment instruction resulting from a security or privacy breach. The policy covers the insured's net cost to provide the goods or services, exclusive of profits.

Corporate Identity Theft

Coverage now is offered by some carriers for financial loss resulting from the fraudulent use of the insured’s electronic identity, including the establishment of credit in the insured’s name, electronic signing of contracts, and creation of a website designed to impersonate the insured.

Telephone Hacking

Companies may be able to obtain coverage for losses resulting from the hacking of their telephone system, including reimbursement of costs for unauthorized calls and use of the company’s bandwidth.

Management Liability

Coverage may be available for senior executive officers if they are sued in connection with a covered cyber event.

A Word of Caution

The coverages described above may not be available from all insurers, and not all insureds will qualify for all types of coverage. In addition, some coverages may be subject to sub-limits and important conditions, such as requiring the insurance company’s consent before incurring any expenses.

Concluding Thoughts

Cyber insurance isn’t just for companies with large amounts of credit card data. Coverage is constantly evolving to address emerging cyber risks from which no company is immune. Companies should carefully consider how a well designed cyber insurance policy can protect them from the expense and disruption of today's pervasive cyber threats.

Click on the link below to download my free book

A Closer Look At Cyber Insurance
A Closer Look At Cyber Insurance

By Paul A. Ferrillo

Regarding the actions of Russia during the dark days of World War II, the great Winston Churchill once said, “[Russia] is a riddle wrapped in a mystery inside an enigma; but perhaps there is a key. That key is Russian national interest.” The quote was meant to give his British subjects some idea of allegiances at the time given the sweep of Nazism through Europe. It was meant to rally the British to understand that if attacked by Germany, Russia would no doubt respond in kind.  And Germany did attack.  And Russia responded as Churchill and others had predicted.

This quote is meaningful to me when it comes to cybersecurity, because today, years and years after the first mega cyberattacks, like Heartland Payment Systems and Target, business people are still trying to figure out the key or keys to cybersecurity.  Figuring out this “key” is critically important, because given its inherent complexities cybersecurity is hard enough to explain on its own (the term “distributed denial of service” comes to mind).  A “key” might act as a “secret decoder ring” for the laypersons what run and guide public companies, like its directors and officers. And especially general counsel who often find themselves right in the middle of the big “mess” of the day where an “uphill” fight is all but assured.

What are the keys?  What makes cybersecurity tick?  There are many vendors that might like to lob an infected USB stick my way for approaching this subject.  But tough noogies. The stakes are too high.  Think Russia, China, Iran and North Korea.  Its going to be a long hot summer.  We think we have figured out the keys to cybersecurity.  They should not be a secret.  If they were, there may not be anything left soon for our adversaries to steal 5 years from now:

 

5 Keys to Cybersecurity:

1

Cybersecurity is not so complex; its better to “deal”: Why overly complicate something that is inherently complicated and filled with mystery. I don’t know. I have never understood this point. Especially when most of cybersecurity finds its foundation on protecting your “Crown Jewels,” i.e. your most important IT, IP, PHI, or customer digital assets? If you are a hospital system, your most important asset is the PHI of your patients. Yes, there are other things that are important, like your medically connected IoT devices. But HIPAA regulates and demands you protect your PHI to within an inch of your life. So….. you had better think about doing so. See? Not so complicated.

2

Its your people, not your technology that matters most: Huh? I don’t get it. I though cybersecurity was mysterious, filled with computers, servers and clouds. No, not so much. Should a hospital, vendor, or service provider for a hospital leave a patient database on an AWS server open to the public, without proper configuration and a strong password? No you should not. Should doctors, nurses and residents share passwords on the floor as they try frantically to save lives, and reach to any terminal available to get mission critical information? Yes, I get it, that is their job. But they should not share passwords. Training and education can save companies loads of trouble if it’s religiously instituted and followed. Spearphishing training is remarkably effective. If its given the chance to be effective. Complicated issues here? Not so much.

3

Mission critical question to ask IT, “how long does it take us to patch critical vulnerabilities?” — you might not like the answer — One recent article notes, “Forget the stealthy hacker deploying a never-before-seen zero day to bring down your network. IT security professionals admit that one in three breaches are the result of vulnerabilities that they should have already patched.” See “Cybersecurity: One in three breaches are caused by unpatched vulnerabilities,” available at https://www.zdnet.com/article/cybersecurity-one-in-three-breaches-are-caused-by-unpatched-vulnerabilities/.  There are a lot more issues around the concept of patching.  Too many patches, not enough people, not enough time, and the every present, “and then there was another patch Tuesday.”  I get it. I understand it.  But I am just telling you the truth.  Some of the major breaches you have heard of like Wannacry were caused by an unpatched vulnerability.  Note that this is not a fault based question, its really a resource based question.  If an organization doesn’t have enough resources to effectively patch all critical vulnerabilities within a week or two, then it needs to find/get/hire those resources.  The stakes here are too high, especially when the bad guys prey on unpatched vulnerabilities.

4

Breaches stink! But a bad breach response (or an untimely one) could get you in even more trouble. What people learn in cybersecurity is that, for the most part, if Company A gets hacked today, it is more than likely that Company B will be hacked Monday, and Company C will be hacked Tuesday. What do we mean by this?  Simply put, if you are straightforward with your customers, patients and investors, they will likely forget your breach pretty quickly and move on to focus on the inherent value of the company instead.  There will always be another breach.  But if, for instance, you are slow to respond, slow to disclose, or inadequately disclose what happened to your constituencies, you will likely be tortured a good long time.. by the media, high activity bloggers, and most importantly, the regulators too.  Why the torture? I truly think it is a “risk allocation” problem. As between a company and its customer, it was the company that stored the customer’s data. So if there’s a breach it is the company that needs to inform the customer what happened, so the customer can protect himself or herself. So what is the moral to this story?  Memories of bad breaches that were handled well and timely disclosed tend to fade.  Bad breaches that get badly handled or where disclosures were delayed for months or years? Big problem - and a potentially big regulator problem as well if you are a public company or regulated entity.

5

How do I best protect myself?  Encrypt or tokenize your data to make it useless to the attacker — if everyone is or will be hacked at some point regardless of defenses (especially when a nation-state comes knocking at your server door), then protect your data by encrypting it or by tokenizing it so that if stolen it will be useless.  So what do we mean here?  If the ingredients of the “secret sauce” on your Bronco burger are your most critical asset, do something so that the ingredient “ketchup” looks like “XQ1%5HWP” if the attacker steals it.  This topic doesn’t get talked about much.  It is more confusing than not for some.  But the point is, if you data looks useless to an attacker, maybe the attacker will decide you are not worth the hack, and will go somewhere else.

So these are the “keys” as we describe them.  Yes there are more, but these are pretty big.  Perhaps the biggest key?  Adopt the NIST cybersecurity framework (or one of its regulatory variants) and stick to it.  The Framework will assist you with many of these keys.  And it many even provide answers to some of the major questions a layperson general counsel might have about cybersecurity.  We need to take the mystery out of cybersecurity.  More people need to get to the basics as we describe them about.  If we do, this nation will be far better off down the road.  And the ingredients to the secret sauce for your Bronco burger will likely not end up on the menu of one of your competitors in a foreign country.

HPC PRESENTS:

HPC CyberMatch™ - A Turnkey Solution for Cyber Training & Employment

The HPC CyberMatch™️ Marketplace:

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

Today’s widespread reliance on technology and digital services creates Cybersecurity risks that need to be managed responsibly.

The NIST Cybersecurity Framework was created to provide a uniform standard that government and businesses could adopt to guide their cybersecurity activities and risk management programs.

Subsequently, the NICE Cybersecurity Framework was created to identify the human capital requirements and standards that NIST requires for successful deployment. Critically, it provides a common, consistent lexicon to help employers create a cybersecurity workforce capable of engineering, maintaining and continually improving a cybersecurity program based on the NIST Cybersecurity Framework.

The combined NIST/NICE Frameworks have now been approved as the governing framework for Cybersecurity for the US government, a growing number of critical infrastructure sectors (financial services, healthcare, energy etc.) and an extensive list of international governments.

The NIST/NICE Frameworks reflect 3 levels of professional qualification – and 33 job types, which are necessary to achieve it. For organizations seeking to implement and comply with NIST/NICE, these job types are at the heart of a growing number of job listings. Almost any job in the public marketplace may be traced back to one of these 3 categories and 33 job types.

We want to make it easy to engage with Cybersecurity - to get qualified, more qualified and get hired.

We want to make qualifications more transparent and more closely align dialog between cyber-qualified individuals and prospective hiring organizations.

In short, we want to close the Cyber employment gap.

We have reflected this in our HPC CyberMatch™ Curriculum. This is a simple 3-module training curriculum, plus labs (practical). Additionally, we offer HPC CyberMatch™ Virtual Internships - the opportunity to gain practical experience and enjoy access to experienced CISOs in a wide variety of industries.

The HPC CyberMatch™ Curriculum is designed as self-paced learning – available 24/7 to meet individuals’ and organizations’ particular schedules and requirements. It is priced to be accessible to anyone. Conveniently monthly billing keeps things very affordable while you build your future skillset.

The upside of having these cybersecurity qualifications is very evident in a rising job market.

In addition, we are introducing the HPC CyberMatch™ Marketplace. For those individuals who are cyber-qualified (whether via HPC or otherwise), the HPC CyberMatch™ Marketplace provides real-time exposure to prospective employers who are actively seeking to hire cyber-qualified individuals on a contract or permanent basis. In short, it's the fastest way to get hired in Cybersecurity - and it's the best place by far for employers to find you.

No-one does Cyber like we do. And we do it for YOU.

Get started.

 

NIST FRAMEWORK

The NIST Framework was created to provide a uniform standard that government and businesses could adopt – a common Cybersecurity language.

NICE FRAMEWORK

The NICE Framework was created to identify the human capital requirements and standards that NIST requires for successful deployment.

We support the full lifecycle of Cyber learning, qualification and employment. Problem solved.

HPC CyberMatch™ NIST/NICE Training & Talent Marketplace

HPC provides a full curriculum of always-on, self-paced learning for all levels - plus unique access for cyber-qualified individuals and employer organizations to our HPC CyberMatch™ Marketplace. In addition, we make it easy to stay on top of the industry through our timely interviews, articles and events via world-class HPC media.

Here's how it works:

NIST-CSF FastTrack™ Rapid Adoption & Automation Training Platform

HPC CYBERMATCH
NICE Cybersecurity Workforce Development Training & Staffing Platform

NIST/NICE
Entry Level Positions

NIST/NICE
Intermediate Level Positions

NIST/NICE
Advanced Level Positions

NIST/NICE Certification & Skills Training Platform

NIST/NICE Virtual Internship Training Platform

NIST/NICE Candidate Competency Certification Platform

NIST/NICE Talent Contracting Platform

The NIST/NICE Frameworks stipulate 3 professional levels and 33 job types, which we reflect in HPC's comprehensive training modules:

It's easy to get started.

Entry Level Positions

HPC NIST/NICE

ENTRY LEVEL

Intermediate Level Positions

HPC NIST/NICE

INTERMEDIATE LEVEL

Advanced Level Positions

HPC NIST/NICE

ADVANCED LEVEL

All Levels - Practical / Labs

HPC NIST/NICE LABS

ALL LEVELS

Having worked in India at an LPO for nearly 6 months now, I have seen the use of technology in almost every aspect of legal work. I have been lucky enough to be part of a team which embraces and pushes technology to continually improve efficiency. Recently this technology push has started to expand into areas where I did not have much prior experience. Specifically, we have had the opportunity over the past several months to apply what we have learned to data breach reviews.

I think that everyone can agree that data breaches are becoming a large part of the legal conversation over the past several years. And with large data breaches often comes increasingly stringent requirements for notification to those individuals affected. Because of this, there is a growing sector of the legal review industry that is dedicated to reviewing this information. Before working at an LPO I had no idea this field was as large as it is. I also did not realize the opportunities for technological applications that this type of work would present.

From the data breach reviews we have ran at LO2 I personally feel that the use of technology is just as important, if not more important, than technology applications in traditional document review. Part of the importance of technology in data breach comes from the nature of the information which is being reviewed. For example, most sensitive information follows a similar pattern. Social security numbers are always the same amount of numbers arranged in a similar pattern; bank accounts also follow a specific arrangement. This consistency has allowed us to structure searches in the documents which are able to more quickly identify those documents which have potentially sensitive information easily.

The uniformity of the information being searched for also allows us to build in more complex search strings and patterns which may not always be available when searching for more nuanced text. Even the structure of names allows for more targeted searches as they follow similar patterns. One other tool we have utilized is batching similar document types. Not only is it helpful to batch documents by their format, but also using document names allows for us to easily spot important documents which contain PII or PHI and then review an entire group at once. In my opinion noticing similarities in documents and then having attorneys review them in clusters is one of the best ways to improve efficiency as they learn the documents and can understand where to search others that are similar.

 

While PII allows for elegant search strings and batching, these tried and true technological methods are not as easily applied when looking for PHI. For finding PHI it is important to understand the nature of the documents you are reviewing. For this purpose, we employed several random and targeted searches to pull examples of documents which contained PHI. Once this was complete and we understood the relevant documents then we were able to employ similar techniques in grouping similar documents and building more advanced search strings.

As I discussed above, one of the main tools we used was dividing up the work by document format. An important step of any review is to understand what documents will pose the most difficulty. We found that often the documents with the largest amount of sensitive information would be Excel files. Because of this, they were segregated out from day one with their own search string pattern and batches. This allowed us to create a more efficient workflow and to utilize the strengths of the team to their full potential to meet deadlines. One thing to consider is the platform one is using. For example, with the platforms we usually use there is an option for reformatting large sets of data so they can be uploaded directly to the tool instead of an attorney have to manually enter each individual piece of information. This not only saved time, but also improved overall efficiency and morale as any attorney would suffer a productivity decline from entering hundreds of lines of PII. Not only that but finding technological solutions like this also decreases human error and increases the overall quality of the final work product.

Given the importance and sensitivity of the data for breaches, I have found the use of technology by the team immensely useful. It has provided a more accurate reflection of what data was lost than ever could have been accomplished in a traditional manner. It also meant that the efficiency was improved and produced something the team could be proud of. This type of work has really opened my eyes to how others could learn to implement technology on even non-traditional reviews. I think the main thing to remember is when you are facing a new type of legal work to not be afraid to use tools and tricks you have implemented before and see what works and what doesn’t. There is always some piece of technology or a different workflow that can help.

[Technology + Labor Arbitrage] > Labor Arbitrage

A Leading Provider of Technology-Enabled Legal Innovation, Contract Extraction, Contract Analysis and Document Review Solutions.

ABOUT

Legal Outsourcing 2.0, as the name suggests, is the next generation of Legal Process Outsourcing. We provide technology-enabled solutions and services to law firms and corporations.

There are essentially two differentiators in how we go about doing that. We apply the latest innovative technologies, including natural language processing and machine learning, to solve problems and create efficiencies. We also have experienced US-licensed attorneys, who have been employed by Am Law 100 law firms on staff at our production facility in India at all times.

The technology piece creates efficiencies – the American legal presence ensures quality.

All communications with the production team are with US-licensed attorneys to ensure there are no miscommunications. We are unique in providing our services by using a blended legal team which combines a rich mix of US legal talent on site at our India processing center with an experienced Indian legal team. In fact, we have more US licensed, Am Law experienced attorneys than any other LPO with a production facility in India.

The ratio of our American lawyers to Indian lawyers working on site in India at Legal Outsourcing 2.0 is less than 1 American lawyer to 50 Indian lawyers.  The ratio of American lawyers to Indian lawyers on site in India at other LPOs ranges from 1 American lawyer to 250 Indian lawyers, to most LPOs in India not having any US legal talent on site at all.

APPROACH

Law firms produce more revenue the more hours they bill.

Traditional LPOs charge a lower hourly rate, but their business model is the same hourly business model as a traditional law firm. That business model creates a disincentive to adopt new technology and create efficiency. Our business model is different. It can be summed up by this equation:

[Technology + Labor Arbitrage] > Labor Arbitrage

The result: our solutions are better, faster and less expensive

We obtain superior results by complying with the highest industry standards.

Our quality management practices have been certified as compliant with ISO 9001:2015.

Our information management systems, designed to keep information assets secure, have been certified as compliant with ISO 27001.

WHAT YOU NEED TO KNOW ABOUT CYBERSECURITY TODAY
Join this exclusive webinar on Tuesday July 16th: 11am (est)

High Performance Counsel and Paypro have teamed up to bring best-in-class Cyber Security experts together to provide their top tips on some of the the greatest Cybersecurity challenges faced by all companies today.

Large and small, if you have a digital footprint, you are exposed. Over 95% of cyber-attacks occur because of human error. Do you feel your employees are adequately trained? What is your response process to a cyber-attack?

Understanding cyber terminology, threats and opportunities is now critical for future managers, lawyers and business professionals.

Our experts are qualified and knowledgeable in cyber security essentials, social engineering, malware, cybercrime, cyber insurance, online privacy and much more.

Join us as we walk through the biggest threats in cyber security for your business and what you can do to protect yourself and your company.

HEAR FROM SOME OF OUR WORLD-CLASS PANELISTS AND THE TOP TIPS THEY WILL SHARE ON WHAT'S HOT IN CYBERSECURITY - RIGHT NOW!

David T. Kinnear

Top three in cyber:

  1. Business impact of cyber readiness
  2. Human capital conundrum
  3. Launch of CyberMatch

 

Bryan Dickens

Top three in cyber:

  1. Shrinking of the deficit in the cyber workforce
  2. Increase of the current cyber workforce’s hands on skills and abilities
  3. Address the nation’s digital illiteracy

Rick Lemieux

Top three in cyber:

  1. The NIST Cybersecurity Framework
  2. The NICE Cybersecurity Workforce Framework
  3. The Cybersecurity Talent Shortage and the Latest Burning Glass Report

 

Chuck Brooks

Top three in cyber:

  1. Supply chain vulnerabilities
  2. Insider threats
  3. ML and A.I. in cyber

 

Paul Ferrillo

Top three in cyber:

  1. Cyber regulatory activity heating up both a federal and state level -  New NY law and potentially regs bigger than CCPA
  2. The “third party” cyber security due diligence problem getting worse
  3. Lack of attention to details – ransomware – can we ever "back it up"?

 

ABOUT HIGH PERFORMANCE COUNSEL

HIGH PERFORMANCE COUNSEL (aka #hipcounsel) delivers world-class media coverage, actionable intelligence and essential professional development assets - designed to equip and empower modern legal industry professionals.

i

MEDIA
& EVENTS

Our media coverage highlights the individuals, organizations, strategies & solutions designing and driving the next decade of innovation in law.

PROFESSIONAL DEVELOPMENT

Our professional development assets include critical cybersecurity training & certification for modern day legal industry professionals - and the clients they serve.

GLOBAL COMMUNITY

Our growing community of modern legal industry professionals is second-to-none. This is a community for everyone focused on the future of the legal industry - and making it the best it can be for participants and clients alike.

Why not stop by for a glimpse of the modern legal industry unfolding around us: 

In industry first, HPC turnkey training modules enable any professional to qualify for NIST/NICE employment or achieve Cybersecurity professional advancement

New York, NY - July 9, 2019 -- Leading legal and cyber industry media & training organization, High Performance Counsel (HPC), today announced a turnkey online Cybersecurity training solution that enables professionals from any background to acquire the qualifications to engineer and operationalize the NIST Cybersecurity Framework (NIST-CSF) across an enterprise and its supply chain plus the qualifications to perform the work roles identified in the specialty areas of the NICE Cybersecurity Workforce Framework (NICE-CWF).

The HPC NIST/NICE Curriculum reflects government and industry mandates for organizations to adopt and adapt the NIST-CSF qualification to meet Cybersecurity business goals and regulatory requirements. The NIST Curriculum also supports the education and training needs of individuals seeking employment and career development in the growing Cybersecurity sector.

HPC has committed to being the one-stop education partner that individuals and organizations need to gain cybersecurity competencies and certifications. Individuals may select whichever level of training they wish - or that which covers the job they seek to attain.

Says HPC Founder & CEO, David Kinnear: "There is a generational need for Cybersecurity professionals qualified to support government and private sector needs. We've created a refreshingly simple, modular and accessible training solution to meet the complex training and experience requirements of the NIST Framework. It's a great way for individuals to upskill in their career endeavors. It also makes things much simpler for organizations seeking to train existing team members.

Three simple & affordable subscription options:

HPC NIST/NICE ENTRY LEVEL

This curriculum is aligned with the stipulations of the NIST/NICE Framework to support the requirements of the following roles & job titles:

This 12 month subscription program provides students access to all the necessary materials to achieve Entry Level accreditation PLUS over 200 additional accredited training programs that will help students prepare for the most sought after certifications in Information Technology (IT), Information Security, Technology and Business Skills.*

*Note: examination fees excluded

HPC NIST/NICE INTERMEDIATE

This curriculum is aligned with the stipulations of the NIST/NICE Framework to support the requirements of the following roles & job titles:

This 12 month subscription program provides students access to all the necessary materials to achieve Intermediate Level accreditation PLUS over 200 additional accredited training programs that will help students prepare for the most sought after certifications in Information Technology (IT), Information Security, Technology and Business Skills.*

*Note: examination fees excluded

Got Cyber? Get qualified. Start here..

ABOUT HIGH PERFORMANCE COUNSEL | CYBER

HIGH PERFORMANCE COUNSEL (aka #hipcounsel) delivers world-class media coverage, actionable intelligence and essential professional development assets - designed to equip and empower modern legal and cyber industry professionals.

i

MEDIA
& EVENTS

Our media coverage highlights the individuals, organizations, strategies & solutions designing and driving the next decade of innovation in law and cybersecurity.

PROFESSIONAL DEVELOPMENT

Our professional development assets include critical cybersecurity training & certification for modern day legal and cyber industry professionals - and the clients they serve.

GLOBAL COMMUNITY

Our growing community of modern legal and cyber industry professionals is second-to-none. This is a community for everyone focused on the future of the legal and cyber industries.

Why not stop by for a glimpse of the modern legal and cyber industry landscape unfolding around us:

NIST-aligned certification program reflects government and industry mandates of the NIST Cybersecurity Framework (NIST-CSF) as the governing standard for organizations and their Cybersecurity professionals.

New York, NY - July 3, 2019 -- Media, events and education leader in the legal and cybersecurity industries, High Performance Counsel (HPC) has added a full suite of NIST-aligned training and certification to its growing portfolio of cybersecurity qualifications available for individuals and organizations. The NIST Curriculum reflects government and industry mandates for organizations to adopt and adapt the NIST-CSF qualification to meet Cybersecurity business goals and regulatory requirements. The NIST Curriculum also supports the education and training needs of individuals seeking employment and career development in the growing Cybersecurity sector.

HPC has committed to being the one-stop education partner that individuals and organizations need to gain cybersecurity competencies and certifications. With government and regulated industries now requiring individuals to be NIST-CSF qualified, the opportunity for forward-thinking professionals is becoming clear.

Key features include:

The NIST Curriculum is the only independently accredited certification training curriculum designed to teach organizations how to operationalize the NIST & NICE Cybersecurity Frameworks across an enterprise and its supply chain.

The NIST Curriculum is the first certification training program that teaches the knowledge, skills and abilities (KSA’s) to plan and engineer a NIST cybersecurity program plus the KSA’s to stand up and support a Security Operations Center (SOC) and Continual Improvement Center.

For those starting out or still at school, the NIST Curriculum is a timely add-on or top-up for existing qualifications, which  helps to advance or accelerate a career in cybersecurity. For current cyber professionals, it's a highly convenient way to up-skill and attain career goals.

Says David Kinnear, HPC CEO: "For us, it's about being part of the solution. While some bemoan the increase in automation taking away opportunity, we see a new world of opportunity for the individual who wishes to leverage their existing skillset in a digital era. The compensation potential for NIST-qualified Cybersecurity professionals can far exceed that of many lawyers and ad hoc reviewers. It frames a choice for the individual between the old and the new - where the new often pays better."

ABOUT HIGH PERFORMANCE COUNSEL | CYBER

HIGH PERFORMANCE COUNSEL (aka #hipcounsel) delivers world-class media coverage, actionable intelligence and essential professional development assets - designed to equip and empower modern legal and cyber industry professionals.

i

MEDIA
& EVENTS

Our media coverage highlights the individuals, organizations, strategies & solutions designing and driving the next decade of innovation in law and cybersecurity.

PROFESSIONAL DEVELOPMENT

Our professional development assets include critical cybersecurity training & certification for modern day legal and cyber industry professionals - and the clients they serve.

GLOBAL COMMUNITY

Our growing community of modern legal and cyber industry professionals is second-to-none. This is a community for everyone focused on the future of the legal and cyber industries.

Why not stop by for a glimpse of the modern legal and cyber industry landscape unfolding around us:

HPC #ThinkTank Presents: Where National Security Meets Cybersecurity Meets Economic Security

June 18, 2019 at 12:30 (est)

Register here for this complimentary webinar presented by High Performance Counsel

There is not a day that goes by in which the news media reports a major breach or potential breach regarding our government, our military, our communications systems or our supply chain. Some breaches seek merely critical IP. Some breaches, like that of the F35 fighter program or the Sea Dragon anti-ship missile program, go right to the heart of our national defense. So the question quickly becomes: “How does this affect me?” Why? Because unless you are selling chewing gum, you likely have data of value, and/or you are part of the supply chain.

Our two experts, Kate Fazzini, Cybersecurity Reporter at CNBC, and Paul Ferrillo, a partner in Greenberg Traurig LLP, describe today’s perilous cyber eco-system, and what you can do to insulate your company from a serious cyber attack.

Tell us a bit about yourself and how you came to be in (or a customer of) the legal business?

I am not an attorney by training but have been involved in the legal public policy realm for most of my career. This included working seven years on The Hill for the late Senator Arlen Specter, in legislative affairs at the Department of Homeland Security and teaching graduate courses both at Georgetown University and Johns Hopkins.  Early on in my academic career I did study at the Hague Academy of International Law and have stayed close vicariously to trends in the legal world via my wife, an attorney who has worked both at law firms and in government.

What do you do for a living right now?

I am the Principal Market Growth Strategist for General Dynamics Mission Systems for Cybersecurity and Emerging Technologies. In this role I explore and identify trends and emerging products that can impact on security preparedness.  I am also Adjunct Faculty at Georgetown University’s Applied Intelligence Program where I teach graduate courses on risk management, homeland security, and cybersecurity. I have a deep background in marketing, government relations in both the public and private sector in cybersecurity, homeland security, and emerging technologies space. LinkedIn named me as one of “The Top 5 Tech People to Follow on LinkedIn” out of their 550 million members. I was named by Thompson Reuters as a “Top 50 Global Influencer in Risk, Compliance,” and by IFSEC as the “#2 Global Cybersecurity Influencer” in 2018. In both 2017 and 2016, I was named “Cybersecurity Marketer of the Year by the Cybersecurity Excellence Awards. I am also a member of The AFCEA Cybersecurity Committee, a member of the Electrical and Electronics Engineers IEEE Standards Association (IEEE-SA) Virtual Reality and Augmented Reality Working Group, a Subject Matter Expert to The Homeland Defense and Security Information Analysis Center (HDIAC), and an Advisory Board Member for The Center for Advancing Innovation. I also sit on several company boards of advisors. Also, I am a founding member of the CyberAvengers that includes two prominent legal minds, Paul Ferrillo and Shawn Tuma what promotes hygiene and corporate governance in cybersecurity. (I recommend following the blogs of my fellow CyberAvengers  https://thecyberavengers.com/   Paul Ferrillo, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma, Christophe Veltsos. They are a group of SMEs who address a combination of technical, legal, and policy issues related to information security).

Do you think the legal industry is headed in the right direction, the wrong direction - or which direction?

From the outside looking in I see the legal world following the path of many other industries. This includes consolidation of practices, assimilating new and disruptive technologies, and being more competitive.  Also, law is becoming much more global as a result of the increasing connectivity of data and business. GDPR is a good example of how domestic law has had to confront the international legal implications of global compliance. As to direction, I think it is neither wrong or right but being forced to address new realities or an industrial era that lacks privacy, has data and IP at perpetual risk, and is influenced by the digital transformation of key industries such as health, financial, and transportation.

What advice would you give to the younger generation contemplating law as a career?

Since I teach and serve as a mentor, I am often called on to provide career advice.  This advice always includes getting real world experience either during your academic years or shortly thereafter. Interning and working on The Hill is a great learning experience for everyone to see how laws are made and to understand political discourse. Many government agencies and companies offer internships and fellowships that provide unique experiential insights are stepping stones to future opportunities. With law students, clerking is certainly a good option. From a perspective f the competitiveness of the market, my advice to students would be study very hard, get exceptional grades and go to the best ranked law school that might admit them.

How ready for change do you think the legal industry is?

I believe that many of the larger firms are adapting to new technologies and the rapidly changing global regulatory environments. It does take brining on resources, expertise and having the agility to make and act on directional decisions that include M&A and new policy. It also takes investment of funds and that is why some of the larger firms are better positioned than smaller or midsize ones. Also, because of the growing and encompassing social media landscape that has changed the paradigm on how we communicate, traditional branding and marketing of firm capabilities are no longer sufficient. I can envision the legal industry incorporating social media influencers and chief marketing officers like other industries are doing in the near future.

Is more - or different - leadership required? In what ways?

A different more tech-savvy, and digital marketing leadership will be required to reach new clients, promote capabilities, and especially to brand firms so they stand out for increasingly competitive services.

How deep do you think will be the inroads of technology in the industry?

The inroads are already quite deep in areas of E-Discovery and legal research. More and more administrative functions are being automated at law firms. Eventually artificial intelligence will take the predictive and forensic analytics capabilities of addressing case history, precedents, and statistical likelihood of successful litigation to new levels. Already advanced computer data bases and access via smartphone communications and virtual meetings have changed the pace of practicing law. Technology is having a major impact now on the legal industry and will exponentially grow in the coming digital transformation. The combined value of digital transformation -- for society and the industry -- could be greater than $100 trillion over the next 10 years, according to a new research by the World Economic Forum (WEF) The research, which is part of the Forum's Digital Transformation of Industries (DTI) project, focuses on the "combinatorial" effect of digital technologies -- mobile, cloud, artificial intelligence, sensors and analytics, among others. Technological advancements certainly have been profound and impacting. Consider a short list of technologies that have been introduced into the marketplace in the last two decades: the MP3 audio format, flash storage, the mega search engine, Wi-Fi, multicore processors, big data, social media, smartphones, Bluetooth, virtual reality, connected vehicles, 5G, satellite imaging, machine learning and artificial intelligence. Renowned Futurist Dr. Michio Kaku characterizes the technological shift we are experiencing as moving from the “age of discovery” to the “age of mastery.” He characterizes it as  period in our history where we will be able to harness our technologies and control our destinies.

What do you consider is the greatest challenge facing the industry?

Cybersecurity! A primary requirement of the legal profession is to obtain data and explore evidence, access the implications of that evidence, and prepare accordingly to protect and serve the client.  Cybersecurity is integral for the profession to operate. Unfortunately, most law firms (and companies for that matter), lack the critical awareness, policies, and technologies to best secure the crown jewels. This jewels include private firm interchange, records, and especially privileged attorney client communications. The risks to law firms are already very high. A 40-year law firm Mossack Fonseca, closed as a result of a data breach that revealed the Panama Papers. About two-thirds of law firms have experienced some sort of data breach, according to a 2017 cybersecurity scorecard from Logicforce, a LexisNexus company. Law firms are also facing a daunting list of security and operational challenges that have been affiliated with emerging technologies: cybersecurity, privacy, encryption, connectivity, spectrum, block-chain, biometrics and quantum computing. With the growing emerging technology challenges increasing risk to revenues and reputation, law firms should consider hiring cybersecurity professionals to augment their IT shops.  If possible, they should also explore brining in outside expertise from SMEs who understand the latest developments in technologies and compliance directives in the cyber ecosystem.  The growing amount of sophisticated phishing, ransomware, and DDoS attacks are challenging and outside help is becoming more of an imperative.

Wildcard questions:

If you weren't doing this, what would you be doing?

My passion has always been astronomy and space exploration. I still have the response from Carl Sagan to a letter I wrote to him in high school about exploring educational and work in the field of exobiology (the study of life on other planets) . If I were young again I would have loved to pursue a career with NASA.

What would you like to be known for?

I have devoted my professional career to security, both homeland and cybersecurity. I would like to be known for being a forward-looking leader in the security world for evangelizing emerging technologies and being a significant contributor to the policy and ethical discussions of how we manage risk. What I have concluded from publishing over 200 articles, numerous speeches, and as working as a Subject Matter Expert is all areas of homeland security and cybersecurity, is that security outcomes really depend on a three tiered formula. 1) You need the innovation and expertise from the technical and engineering people in government and industry. 2) You need the business and policy perspectives to integrate management approaches and to commercialize technologies, and 3) you need evangelists to explore, communicate, and help provide vision for all connected to the internet to understand and meet the challenges of world of algorithms; x’s and o’s. I try to dabble in all three tiers, but focus primarily on evangelism.

What's your favorite hobby or activity outside of law?

I am a former Virginia powerlifting champion and won several meets when I competed almost two decades ago. I still enjoy working out and weightlifting although I do not go as nearly as heavy anymore on the weights!

What's your favorite sports team?

The Cubs in baseball. The Bears in Football, and the Bulls in basketball.

What’s your favorite city?

Chicago, my original hometown. I am still an avid Chicago sports fan.

What's your favorite food?

Italian food is my favorite. I am a foodie and run a LinkedIn group called “DC Foodies” that has over 3000 members.

HPC Media Group and Cybint Roll Out Cyber Certification Curriculum for Legal & Consulting Industry Segments

The HPC/NY Cyber Offering is available for legal advisers and consultancies to offer clients.

NEW YORK, NY – May 8, 2019 – Legal industry media, events and education leader, High Performance Counsel and global cyber education leader Cybint Solutions are taking steps to help legal advisers and consultancies support the growing need for cybersecurity certification.

The HPC/NY Cyber Offering is a turnkey curriculum available to legal advisers and consultancies seeking to support clients in their cyber education and staff training requirements. The HPC/NY Cyber Offering provides a comprehensive suite of multi-level cyber education and professional development offerings. Classes range from cyber literacy for non-technical professionals to advanced, hands-on Simu-Labs and cyber range environment for those pursuing a cybersecurity career.

David Kinnear, Founder & CEO of High Performance Counsel commented: “Cybersecurity is both one of the greatest risks – and greatest opportunities – facing the legal sector and the clients it serves. Cybersecurity literacy is a must-have technical competency for legal professionals in today’s legal world. Clients live and breathe data - so they expect their advisers to understand the issues and, increasingly, offer proactive solutions for managing risk. With the Cyber Offering, we've taken a big step toward making this easier and more accessible for legal advisers, consultancies and clients alike.”

“With High Performance Counsel, we have found a partner who shares our commitment to closing the cyber security skills gap,” said Bryan Dickens, Former FBI Profiler and Cybint’s SVP. “Within the legal landscape, especially, there’s a growing need for cyber expertise and with HPC, I believe we can set law professionals up for success.”

Further information on the Cyber Offering and curriculum guides may be accessed here.

 

About High Performance Counsel

HIGH PERFORMANCE COUNSEL (aka #hipcounsel) delivers world-class media coverage, actionable intelligence and essential professional development assets - designed to equip and empower modern legal industry professionals.

Our media coverage highlights the individuals, organizations, strategies & solutions designing and driving the next decade of innovation in law. Our professional development assets include critical training & education for modern day legal industry professionals - and the clients they serve. Our growing community of modern legal industry professionals is second-to-none.

Further information: https://www.highperformancecounsel.com

Contact High Performance Counsel here

About Cybint Solutions

Cybint Solutions is a Cyber Education company committed to solving the skills-gap and market shortage in cybersecurity through innovative education and training solutions for all levels of expertise. Cybint integrates emerging cyber technologies, hands-on environments and evergreen content into a cutting-edge learning platform for businesses, higher-education institutions, government agencies and regional cyber centers worldwide. With an eye toward preparing the next generation of cyber experts, Cybint creates a deep and powerful global network of cyber knowledge that goes far beyond typical technical expertise. To further address the critical workforce shortage in the industry, Cybint launched the Cyber Talent Network platform which helps match qualified cyber professionals with employers in their region based on the candidates’ skills and capabilities. Cybint was founded as a collaboration of military-trained cybersecurity and intelligence experts, industry professionals and well-seasoned educators..

 

As law students and lawyers consider potential career opportunities in the legal profession, they are often interested in understanding which legal practice areas will be in high demand in the future.  As I look into my crystal ball and try to predict some of the high demand areas in the legal profession over the next several years, my “Top 3” are below. A common theme for these Top 3 areas is the growing impact of technology in our lives.

Privacy & Cybersecurity

As technology continues to rapidly advance, we have seen – and will continue to see - an explosion in the amount of data that is being generated in our society. This incredible rise in data reminds me of the iconic opening lines of the classic book “A Tale of Two Cities” by Charles Dickens: “It was the best of times, it was the worst of times,...” Some have said that “data is the new oil,” and there are great opportunities for all organizations to use data to accelerate their digital transformations, better serve their customers and improve the lives of others.

However, data is also a highly desired asset of cybercriminals and certain nation-states – who are becoming more sophisticated and more brazen. Unfortunately, we continue to read about organizations across all industries being subject to very high-profile data loss incidents and their associated negative consequences.

What this means is that clients will increasingly need guidance from lawyers to help them properly protect data and use data in a lawful and responsible fashion. At the same time, the areas of privacy and cybersecurity are increasingly becoming regulated and more complex as new laws are being enacted both inside and outside the United States. Data privacy and cybersecurity issues are also starting to permeate into many traditional legal practice groups and in my opinion it will be necessary for all lawyers to gain skills in these areas to be successful as they become more fundamental to the provision of legal services.

Artificial Intelligence Law

While there is no singular definition for Artificial Intelligence (AI), some Microsoft engineers have broadly defined AI as “a machine that can act using human-styled reasoning or perception.” All industries are making significant investments in the AI space as certain tasks which have been traditionally performed by humans may be automated via AI - especially those that are repetitive and routine in nature. Gartner – the leading research and advisory company – has forecasted that by 2022 the total AI-derived business value associated with the customer experience, new revenue and cost reduction will be nearly $4 Trillion.

In late February I had the opportunity to serve as a Co-Chair and speaker at a Practising Law Institute program in New York City entitled "Artificial Intelligence Law 2019."  The title and agenda of this program made me realize that AI is quickly transforming into its own legal practice area that currently involves key disciplines such as data privacy, ethics, regulatory law intellectual property and employment law – and will probably include other disciplines in the future.

While AI is still very much in its infancy, its influence in our lives are starting to be seen every day as we routinely use and interact with digital assistants like Cortana, Alexa and Siri. As our clients continue to invest in AI solutions and the legal profession embraces AI as a tool for the delivery of legal services, lawyers will increasingly need to shape and navigate a growing AI law landscape that is also in its infancy and quickly evolving.

Legal Operations & Technology

Suffice to say that traditionally the legal profession has not been the proverbial “poster child” for embracing change and leveraging technology. But to quote one of singer and songwriter Bob Dylan’s most famous songs, “The Times They Are a-Changin’.”

We are increasingly seeing in-house legal departments and law firms being more open to digital transformation and using leading technology tools and data to achieve more and better serve their clients. The #LegalTech marketplace continues to grow exponentially to provide a wider range of technology solutions to the legal profession. Leading organizations like the Corporate Legal Operations Consortium (CLOC)  are gaining in popularity and influence in the legal industry. In addition, law schools are beginning to understand that they need to reimagine traditional legal education and provide courses to better equip “21st Century” lawyers for the growing intersection of legal operations, business and technology.

As legal organizations accelerate their digital transformations to deliver more high-impact legal services to their clients, those lawyers well-versed in technology tools, data analytics, project management, process management, design thinking and AI will be in great demand.

As we have just entered a new era known as the The Fourth Industrial Revolution, it is a very exciting time to be a lawyer. Be sure to “skill-up” to take advantage of the opportunities that are out in front of us.

High Performance Counsel Media Group and Cybint Solutions join forces to establish New York Cyber Center of Excellence.

The HPC/NY Cyber Center will serve as a national hub for legal industry professionals seeking Cybersecurity education.

 

NEW YORK, NY – April 1, 2019 – Legal industry media, events and education leader, High Performance Counsel and global cyber education leader Cybint Solutions are taking steps to close the critical global cybersecurity workforce skills gap. The two organizations are partnering to establish an innovative and progressive New York Cyber Center.

The HPC/NY Cyber Center will serve as a region-wide hub for top-tier cyber education, resources and thought leadership, meeting the needs of learners at all levels. Particular focus has been given to the unique cyber awareness and education needs of modern legal, medical and financial services practitioners, and the clients they serve. The HPC/NY Cyber Center will serve as a national hub for legal industry professionals.

Through the partnership, Cybint Solutions will deliver its comprehensive suite of multi-level cyber education and professional development offerings. Classes range from cyber literacy for non-technical professionals to advanced, hands-on Simu-Labs and cyber range environment for those pursuing a cybersecurity career.

We’re excited at the opportunities we see in the legal landscape and our partnership with High Performance Counsel,” said Roy Zur, Cybint Solutions CEO. "There's a growing need within this space for hands-on skills and cyber expertise, and with High Performance Counsel, I believe we can make a difference, positioning the practitioners they serve for success and continuing to further our mission of closing the cyber skills gap.”

David Kinnear, Founder & CEO of High Performance Counsel commented: “From inception, the focus of High Performance Counsel has been on the needs of the next ten years in the rapidly-changing legal industry. Cybersecurity is both one of the greatest risks – and greatest opportunities – facing the legal sector and the clients it serves. Cybersecurity literacy is a must-have technical competency in today’s legal world – and a new competitive edge for many.”

About High Performance Counsel

HIGH PERFORMANCE COUNSEL (aka #hipcounsel) delivers world-class media coverage, actionable intelligence and essential professional development assets - designed to equip and empower modern legal industry professionals.

Our media coverage highlights the individuals, organizations, strategies & solutions designing and driving the next decade of innovation in law. Our professional development assets include critical training & education for modern day legal industry professionals - and the clients they serve. Our growing community of modern legal industry professionals is second-to-none.

Further information: https://www.highperformancecounsel.com

Contact High Performance Counsel here

About Cybint Solutions

Cybint Solutions is a Cyber Education company committed to solving the skills-gap and market shortage in cybersecurity through innovative education and training solutions for all levels of expertise. Cybint integrates emerging cyber technologies, hands-on environments and evergreen content into a cutting-edge learning platform for businesses, higher-education institutions, government agencies and regional cyber centers worldwide. With an eye toward preparing the next generation of cyber experts, Cybint creates a deep and powerful global network of cyber knowledge that goes far beyond typical technical expertise. To further address the critical workforce shortage in the industry, Cybint launched the Cyber Talent Network platform which helps match qualified cyber professionals with employers in their region based on the candidates’ skills and capabilities. Cybint was founded as a collaboration of military-trained cybersecurity and intelligence experts, industry professionals and well-seasoned educators..

 

By Chuck Brooks


There is a congruency with the legal community’s mission of preparedness and the practice of cybersecurity. A primary requirement of the legal profession is to obtain data and explore evidence, access the implications of that evidence, and prepare accordingly to protect and serve the client.  Cybersecurity also follows that framework. There is, however, an urgent need for the legal community to add an element to their operations to make them more in line with cybersecurity; actions to enable providing better protection of their data against breaches. Unfortunately, most law firms (and companies for that matter), lack the critical awareness, policies, and technologies to best secure the crown jewels. These jewels include private firm interchange, records, and especially privileged attorney client communications. The risks to law firms are already very high. A 40-year law firm Mossack Fonseca, closed as a result of a data breach that revealed the Panama Papers. About two-thirds of law firms have experienced some sort of data breach, according to a 2017 cybersecurity scorecard from Logicforce, a LexisNexus company. With increasing risk to revenues and reputation, law firms should consider hiring cybersecurity professionals to augment their IT shops.  If possible, they should also explore bringing in outside expertise from SMEs who understand the latest developments in technologies and compliance directives in the cyber ecosystem.  The growing amount of sophisticated phishing, ransomware, and DDoS attacks are challenging and outside help is becoming more of an imperative. I have assembled a list of basic questions that can set the foundation of how firms can access vulnerabilities in data protection and take steps to protect themselves. My list includes: While these general questions can serve as a first step, a technical vulnerability assessment is a good idea for any law firm, small or large, in this increasingly risky work of connectivity. Data breaches are a compelling threat and one that should not be taken lightly.
Chuck Brooks is the Principal Market Growth Strategist -- Cybersecurity and Emerging Technologies for General Dynamics Mission Systems. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn” out of their 500 million members. He has published more than 150 articles and blogs on cybersecurity and technology issues. In both 2017 and 2016, he was named “Cybersecurity Marketer of the Year by the Cybersecurity Excellence Awards. Chuck’s professional industry affiliations include being the Chairman of CompTIA’s New and Emerging Technology Committee, and as a  member of The AFCEA Cybersecurity Committee. In government, Chuck has served at The Department of Homeland Security (DHS) as the first Legislative Director of  The Science & Technology Directorate at the Department of Homeland Security. He served as a top Advisor to the late Senator Arlen Specter on Capitol Hill covering  security and technology issues on Capitol Hill.  In academia, Chuck is an Adjunct Faculty member at Georgetown University in their Applied Intelligence Program was an Adjunct Faculty Member at Johns Hopkins University where he taught a graduate course on homeland security for two years.  He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.   Traditionally, the legal industry has been the most conservative when it comes to adopting new technology. That’s more true for electronic signature and digital transaction management (DTM) solutions, and for good reason. This is primarily so because of post-execution forgery detection, or lack thereof. The fundamental question is, how do you know that a PDF or a printed version of an electronically signed document is legitimate, has not been tampered with, expired, cancelled or rejected. Can that document be trusted when called to question or used as evidence? For that one reason, still today, most high value document transactions are signed with a wet ink and are physically mailed around. The promise of electronic signature and DTM is tremendous; such as cost and time savings, document tracking, document delivery, error elimination, sustainability, environment friendliness, and much more. However, if a digital and paper versions of an electronically signed document does not offer the same peace of mind that a wet signature on paper does, all the fancy tools are useless because they leave your client and you exposed.

How are documents with wet signatures protected in real life?

When a paper document is signed with a pen, there is no un-doing that. This way of signing the document alters the DNA of the paper. In the past we also had carbon copies. If a signed document is altered or even if a signature is forged, the forensics experts can easily detect the alterations and forgery. We all remember forensics experts on television talking about how they detect signature frauds by examining various characteristics of the signature and handwriting. So the paper-and-pen solution is pretty solid. However, the problem starts when pen-and-paper documents are Xeroxed or scanned and stored and shared digitally.  Electronic versions of documents can easily be altered using free software such as Adobe Acrobat Reader. Anyone with the right means can just pick the image of a signature and use it to sign documents. And unfortunately, there is no way to stop that. As a result, the number of cases where courts can’t rely on eSigned documents is ever increasing. We could use document verification service but that’s just adding more inefficiencies, time, and cost to an already cumbersome and costly process.

How to detect if your document is legitimate?

An all-digital paper-free world is inevitable. People are already signing real estate deals, opening bank accounts, and securing sales agreements using electronic signatures. Whether it is an image of a signature super-imposed on documents or swish of your finger on a signature pad or tablet computer. Whether you can add digital certificates or have fancy software security wrappers around those eSignatures. What happens when you have to present those documents as PDFs or in print? If electronically signed documents are part of evidence or proof, chances are you won’t be sharing your user ID and password to some online Cloud service (where your legally eSigned documents are stored) with the judge and a bunch of other random folks involved in the case. You are most likely to share PDF copies or printed copies. If the legitimacy of documents involved is called to question or document fraud is claimed including forgery of electronic signature, how would you prove against that claim? ZorroSign gives that peace of mind by offering the same functionality that a wet signature on paper does and a quick and secure way to detect forgery. With its unique patent-pending proprietary Document 4n6 (Forensics) technology, ZorroSign offers post-execution fraud and forgery detection for digital and paper versions of an electronically signed document. Of course nothing stops an untrustworthy individual from altering a PDF document and even copying and pasting eSignature from one document onto another. However, if the document was signed using ZorroSign, a judge or a lawyer can, within seconds, verify and authenticate the document including full audit trail, attachments, and biometrics. Furthermore, just like pen-and-paper signed documents, ZorroSign-ed documents never expire. They do not require 3rd party digital certificates which have to be renewed every year which means huge added costs. These signatures are legally binding without needing added security measures, third party digital certificates, or document verification certificates or services. As a matter of fact, ZorroSign 4n6 (Forensics) technology offers added benefits that even the traditional pen-and-paper signed documents don’t. For instance, you can have a complete audit trail of the data and the transaction with date and time stamps, biometrics, and attachments. It can also detect if a document is altered after it was signed using ZorroSign. Furthermore, ZorroSign automation engine supports broadcast and KYC templates and workflows which are extremely popular use cases among the legal community. With ZorroSign’s electronic signature technology and digital transaction management platform, the legal community can have the peace of mind that they and their clients are protected against post-execution forgery and tampering of their legal documents.

DOWNLOAD PDF

 
ZorroSign Industry Use Cases
Legal industry - Electronic Signature and Digital Transaction Management

Use Electronic Signature, Digital Transaction Management, Biometrics, and ZorroSign (Document) 4n6 (Forensics) to Avoid Post-Execution Forgery of Legal Documents

Challenges
  1. Electronically signed documents are easily forged after execution.
  2. Current electronic signatures not fit to replace wet signatures.
  3. eSigned documents require purchase of digital certificates yearly to keep documents from expiring.
  4. Partial digitization of paper-based transactions.
  5. No detailed audit trail of legal documents signed electronically.
  6. eSigned documents are not upheld in the court of law.
About ZorroSign
ZorroSign is an eSignature, and a Digital Transaction Management company that offers a unique proprietary technology to protect legal documents against post-execution forgery.
Zorrosign Gavel
Challenges of the Legal Industry
Law firms of all sizes need world-class tamper-proof security and legal enforceability of legal documents with non-repudiation, audit trails with full progress tracking and bank-level encryption. They particularly require a way to protect legal documents against post-execution forgery. They want all that while becoming more efficient and cost-effective in running their practice. With ZorroSign eSignature, 4n6 (Forensics) Token, as a complete DTM solution, your law firm can have all that and execute legal contracts online and within minutes.
Use Cases
  • Retainer, fee and non-disclosure agreements
  • All facets of the incorporation documents for all types of business entities
  • Purchase agreements (assets, products, and services)
  • Sale/Purchase, Merger and Acquisition contracts
  • Comply with Sarbanes-Oxley Act (board minutes, transparency, audit trail)
  • General Policy management and compliance by Human Resource Department
  • Employment contracts and new hire packages
  • Comply with your Document Retention Policy
  • Power of Attorney and Proxy Agreements
  • Wills and Trust documents
  • Request and collect consent and acknowledgement from large number of employees at once.
Key Features
  • ZorroSign eSignatures are compliant with international laws & regulations, such as E-Sign Act, UETA, HIPAA, etc.
  • Highly trusted eSignature that can be verified and authenticated digitally and on paper. The entire document set is secured utilizing industry standard encryptions.
  • Documents signed with ZorroSign can have access authorization using password, biometrics (fingerprint & iris) or any other third-party authentication services if required.
  • 4n6 Token can contain any file types, audio file, video file and GPS and contains encrypted detailed transaction information.
  • Give secure access (view, validate) to only authorized users via 4n6 (forensics) token reader mobile app.
  • 4n6 Token does not expire and it cannot be altered, pasted or forged onto another document.
  • Define document specific and generic (user-specific) workflows.
  • Build a template library of frequently used documents.
Scales of Justice

1-855-ZORROSN (967-7676)

I am pleased to be able to speak with Jon Loew, CEO of AppGuard. Jon can you tell us about what your company does in the cyber realm and also a bit on your own background?        Thank you for the opportunity to participate in this interview, Chuck. AppGuard provides autonomous endpoint security for organizations around the world.   Our technology has been proven effective in both the public and private sector, and features many revolutionary attributes. As a non-practicing attorney, I have a unique perspective into the concerns, and vulnerabilities related to cyber-risk for law firms. Can you elaborate on some of those attributes? Happy to.  Firstly, our technology is described as autonomous because our software requires minimal updates and can function without any connection to the internet. It knows all it needs to know the moment it’s installed, so your laptop could be disconnected from the internet for 2 years. Plug that thing back in now and it will block zero day malware today (Obviously if a client has added new applications, we need to update policy settings to accommodate these as well). Next, the size of our software is less than 1MB at the endpoint, which is a fraction of competitors software.  Lastly, because our software needs minimal updates, there is no CPU degradation (and certainly no file scanning). Clearly, the legal industry is being targeted by cyber-attackers because they possess valuable financial records, IP, and medical data. This past year, LOGICFORCE surveyed and assessed over 200 law firms located throughout the United States. They found that every law firm assessed was targeted for confidential client data in 2016-2017 and approximately 40% did not even know they were breached.  From your unique perspective as both a cybersecurity executive and an attorney, what are the special challenges the legal industry in protecting data? Law firms and associated attorneys play a special role in our ecosystem. We expect them (and they are expected) to hold our information in the highest confidence. We expect our communications to remain private, and we engage in conversations with them we would often not have with anyone else. While most enterprises are worried about protecting their OWN confidential info, law firms have to worry about dozens or even hundreds of companies’ confidential information. Further, Law firms will do almost anything to protect their reputations as trusted advisors.   Lastly, Law firms have certain obligations that many other industries don’t currently have. Ethics rules that apply to the practice of law require a firm in some cases to notify ALL of their clients if data has been extracted from their enterprise regardless of how much data was extracted, and regardless of whether that particular client’s data was extracted. This can be devastating to a law firm. Hackers know all of this, and Law firms are starting to realize they are in the cross-hairs. Cybersecurity, at its core, is risk management of people, processes and technology.  In the legal community a practice is often multi- office, multi-device, and usually under a minimal IT and HR budget. Can you share how your AppGuard products and services are designed for the distinct law firm eco-system. If you combine this with the fact that most law firms don’t have robust IT departments, they are unfortunately ideal targets for hackers.  Many are relatively unprepared for attacks, and the reward for the adversaries are a high stakes bounty, the firm’s IP and confidential client data! Our software’s autonomous nature makes it extremely easy for even the most limited IT staffs to manage. Additionally, many firms (and their people) are also often spread out geographically, with confidential information sitting on endpoints (i.e. desktop, laptop, home office, etc). Once AppGuard is installed on these endpoints, the users are free to travel between offices, to and from work, do work on the road, and feel confident that they will not fall victim to a hack.    IT managers can also feel comfortable knowing that their attorneys don’t need training for our software – with AppGuard on their endpoints they would not be able to detonate malware on their devices, even if they wanted to, let alone by accident. 2017 was a scary year with an upswing in global ransomware, phishing, and DDoS attacks in industry and government.  From your review of the emerging cybersecurity threat matrix for 2018. What do you predict will be the top trends coming our way too watch?  We believe that the threat to small and large businesses will continue to grow, while many of our competitors play catch up. Attackers will increasingly use more advanced capabilities, develop new threat vectors, and devise malware that is even more “stealthy” in nature. This is particularly worrisome to many CISOs because the only thing more concerning than being breached is not knowing how long the breach has been on-going. Ransomware will continue to grow as a preferred method of attack because of the quick reward associated with it, and the anonymity of crypto-currency. All the training in the world will still not prevent a user on your enterprise from being tricked by professional tricksters.   Companies will need to re-think the type of protection they are using, and will begin to utilize lesser known technologies as more well known vendors continue to allow breaches.  We wish everyone a safe, hack free new year for 2018. But if you want to ensure a positive outcome, you should probably install AppGuard on all of your endpoints. Smiley Thank you, Jon.   It should be noted that Jon asked me to add a “smiley emoji” after his final answer because he knows it was a shameless plug for AppGuard.   I’d say it was an effective one.       DOWNLOAD PDF

By Chuck Brooks


Last week it was disclosed that almost 4,700 bitcoins crypto currency valued at $64m were stolen by hackers who broke into Slovenian-based bitcoin mining marketplace called NiceHash. The NiceHash marketplace matches people looking to sell processing time on their computers for so called miners to verify bitcoin users’ transactions in exchange for the bitcoin. From the forensic incident analysis it appears to be a breach exploited by sophisticated hackers. This is not the first time that bitcoin has been targeted.  Recently, around $30 million worth Ethereum cryptocurrency was stolen by hackers through a cyber-attack. And In 2014, hackers stole about $350 million in bitcoins from Tokyo’s’ Mt. Gox Exchange. Bitcoin is the first, and the largest of cryptocurrencies, 21 million of them were released in 2009.   The common definition of bitcoin is that is a type of digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank. Functionally, it is a decentralized tradable digital asset that recorded publically by a Block Chain ledger. The reason why bitcoin and other cryptocurrencies have become opportune for hackers is that they are stored in digital wallets rather than banks. These wallets are basically an ecosystem of easy targets because they do not have the levels of or layers of cybersecurity protections necessary to protect the owners of the currencies. The value of the cryptocurrencies have skyrocketed (one bitcoin was recently valued of $15,000) making it financial rewarding to steal for professional cyber threat actors In addition, to the theft value, cryptocurrencies are also being used by hackers as payments of choice for ransomware extortion. Hackers and criminals (especially money launders) like to use it because it is difficult to trace a payment transaction. Paying ransomware in crypto currencies seems to be a growing trend. The recent WannaCry and the Petya ransomware attackers demanded payment in bitcoin. In June, a ransomware attack on a South Korean web hosting firm called Nayana required a bitcoin payment of $1 million to attackers to gain back control of their servers. It is not just theft or ransomware that puts those connected to the internet at risk.  A scary scenario is that even if you do not own or trade bitcoin or other crypto currencies, you still can be a victim. Hackers need computing power to find and “mine” for coins and can hijack your computer processor while you are online. Hackers place algorithm scripts on popular websites that people innocently visit.  You might not even know you are being hijacked. How do you protect yourself? One clue for detection is to monitor if your computer is running slower.  Also implement regular computer scans, keep your security software and patches up to date, and clear your browser cache often. In practicing cybersecurity, it is prudent to be vigilant because everyone is vulnerable. Cryptocurrencies are in an early stage of development but it is estimated by The World Economic Forum that they will comprise 10 percent of global GDP by 2027. This is certainly significant (and challenging) for the global financial system as they are outside of the Central banks and regulation.  Whether or not you are personally involved in trading cryptocurrencies, most of us are connected to the digital world where they dwell.  It is essential that strong processes and technologies be a consideration for anyone wanting to be cyber secure from the evolving world of cryptocurrencies. Chuck Brooks is a featured columnist for High Performance Counsel. He is President of Brooks Consulting International.  In both 2017 and 2016, he was named “Cybersecurity Marketer of the Year by the Cybersecurity Excellence Awards. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn” out of their 500 million members.  He is also an advisor to LinkedIn on cybersecurity and emerging technology issues. He has published more than 100 articles and blogs on cybersecurity and technology  issues. Chuck’s professional industry affiliations include being the Chairman of CompTIA’s New and Emerging Technology Committee, and as a  member of The AFCEA Cybersecurity Committee. In government, Chuck has served at The Department of Homeland Security (DHS) as the first Legislative Director of  The Science & Technology Directorate at the Department of Homeland Security. He served as a top Advisor to the late Senator Arlen Specter on Capitol Hill covering  security and technology issues on Capitol Hill.  In academia, Chuck was an Adjunct Faculty Member at Johns Hopkins University where he taught a graduate course on homeland security for two years.  He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law. Chuck can be reached on LinkedIn:   https://www.linkedin.com/in/chuckbrooks/ Or on Twitter:  @ChuckDBrooks     DOWNLOAD PDF
Paul Ferrillo

About Paul Ferrillo:

Paul Ferrillo is counsel in Weil’s Litigation Department, where he focuses on complex securities and business litigation, and internal investigations. He also is part of Weil’s Cybersecurity, Data Privacy & Information Management practice, where he focuses primarily on cybersecurity corporate governance issues, and assists clients with governance, disclosure, and regulatory matters relating to their cybersecurity postures and the regulatory requirements which govern them. Mr. Ferrillo regularly counsels clients on cyber-governance best practices (using as a base the NIST cybersecurity framework), third-party vendor due diligence issues, cybersecurity regulatory compliance issues for private equity, hedge funds, and financial institutions that have been promulgated by the SEC, FINRA, the FTC, and the FDIC/OCC, the preparation and practicing of cybersecurity incident response plans, as well as evaluating and procuring cyber-liability insurance to protect against losses suffered by companies as a result of the theft of consumer or personally identifiable information, or as a result of the destruction of servers and corporate infrastructure.
Shawn Tuma

About Shawn Tuma:

Shawn Tuma is passionate about serving his clients. He honors the trust they place in him by working hard to achieve their objectives as effectively and efficiently as possible. His integrity, intensity, and drive for excellence have helped him become an internationally recognized attorney and thought-leader in cybersecurity, computer fraud, and data privacy law, areas in which he has practiced for nearly two decades. He is a Partner at Scheef & Stone, LLP and General Counsel and Director for the Cyber Future Foundation. Shawn frequently assists clients with cybersecurity and data breach related incidents, both as cyber insurance panel counsel and direct engagements. For proactive companies, an ideal role for him is to serve as a member of their team as outside cybersecurity counsel to help them prepare for and minimize the risks of doing business in today’s cyber risk-laden business world. Then, if a problem does arise, he is there to guide them through resolving those issues as well. He has worked his entire career as both a cyber lawyer and a complex business trial lawyer, a combination of experience that equips him with unique skills for helping businesses assess, avoid, and resolve problems in a very expeditious manner.
Chuck Brooks

About Chuck Brooks:

Chuck Brooks is President of Brooks Consulting International.  LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn” out of their 500 million members. He has published more than 150 articles and blogs on cybersecurity and technology issues. In both 2017 and 2016, he was named “Cybersecurity Marketer of the Year by the Cybersecurity Excellence Awards. Chuck’s professional industry affiliations include being the Chairman of CompTIA’s New and Emerging Technology Committee, and as a  member of The AFCEA Cybersecurity Committee. In government, Chuck has served at The Department of Homeland Security (DHS) as the first Legislative Director of  The Science & Technology Directorate at the Department of Homeland Security. He served as a top Advisor to the late Senator Arlen Specter on Capitol Hill covering  security and technology issues on Capitol Hill.  In academia, Chuck was an Adjunct Faculty Member at Johns Hopkins University where he taught a graduate course on homeland security for two years.  He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

An Interview with Cybersecurity Legal Experts Paul Ferrillo, Esq. and Shawn Tuma, Esq.

By Chuck Brooks

CyberAvengers
Chuck: I am pleased to interview two the best legal minds in the cybersecurity world, Paul Ferrillo, Esq. and Shawn Tuma, Esq. about the threats, challenges and trends in the connected world. Both Paul and Shawn are widely published on cyber risk management, regulatory, and governance topics of special interest to the legal community.  They also have been featured speakers at numerous events and conference, including “Artificial  Intelligence In The Legal Realm,” highlighted in the photo above. Cyber breaches have exponentially victimized among corporations, organizations, firms, agencies, and individuals in the last few years. Clearly, the threat is growing more sophisticated and prevalent. As leading members of the legal community, what do you see as the biggest challenges in addressing the threat for your clients? Paul and Shawn: 1.  Cyber is not a stationary target, but is constantly evolving in many ways.  Threats move and change constantly as bad actors find new means for attacking, new targets to attack, and new ways to monetize their successes. In 2014, the trend was stealing and selling payment card data. In 2015 and much of 2016, it was healthcare data. In 2016, we began to see more ransomware used for extortion, which has increased substantially in 2017. Now we are seeing more attackers using not only encryption of networks through ransomware as a basis for extortion, but also the exfiltration of sensitive data and then threatening to expose that data publicly unless an extortion demand is paid. They are becoming more aggressive and are now layering these different attacks, such as with gain access into an environment and covertly exfiltrating information for sale or extortion and then, as a parting gift, leaving ransomware to encrypt the network, promising to decrypt in exchange for the payment of another ransom. Finally, we are seeing them build on successful attack tools and techniques and modifying them as they go to make them even more effective, such as we saw when Petya moved away from Wannacry ransomware and towards a destructive wiperware attack. Clients simply do not understand and refuse to accept that cyber risk is not going away and there is no one time fix – it is now a way of life and just as the bad guys are continuous with their attacks and are evolving in how they do so, clients must be continuous in their defenses and must continuously reassess and evolve how they are protecting themselves. 2. The "we are not a target" response from clients – clients must begin to understand that if they have data, they are a target, and everybody has data. And with the rise in ransomware there is a new twist, even for clients who do not deal in or otherwise have sensitive data: attackers use ransomware to encrypt their network and deny them access to their entire computer network and all of their data, effectively sending their business back into the Stone Age. Recent attacks showed how attackers show no shame switching industry verticals constantly.  Whatever works is repeated. What doesn't work is abandoned for something more profitable.  Also the CISO refrain of "oh, we are fine, we have been doing things this way for 5 years."  If you hear this refrain you absolutely know things are not fine. 3.  Vendor BS - the most concerning.  Many vendors fixed on proven revenue streams rather than what is best for the client.  For instance, 100% of all successful attacks bypass firewalls.  Shouldn't that be a red flag?  Shouldn't the conversation move to machine learning solutions?  Well of course it should, but sometimes it doesn't or sometimes it doesn't until the client has already been breached. Chuck: Should anyone formally involved in the world of regulation and compliance be required to have cyber expertise in conjunction with their advisory roles to clients and to the C-Suite? Paul and Shawn: We find and see that nearly all companies are regulated by at least one regulatory agency or state regulator.  Many, like financial institutions, investment banks and commercial banks could be regulated by "several" regulators at one time.  Since cybersecurity touches every facet of these business, if you don't have cyber experience you can't be an effective or trusted advocate. Chuck: GDPR is being enacted in May by the European Union. The GDPR expands the territorial scope of European data protection legislation to make it applicable to non-EU organizations offering goods or services to data subjects in the EU. What are your thoughts on the implications of American and global companies doing business with the EU after May? Paul and Shawn: For many institutions who might not be familiar with the global consequences of a cyberattack, the GDPR can truly be seen to be a game changer.  Especially for American institutions that might have been cybersecurity "centric" but not "privacy centric". There are also many differences in "practice" between American firms (who are generally well schooled in incident response and disclosure issues) and EU firms almost never had to deal with these issues.  The time and expense involved with a true GDPR shift will be sizable and some don't have the money or time to fully enact. And if there is a material breach, god help the company that does not disclose the issue to regulators within 72 hours. Chuck I am very happy to share that I work closely with the both of you and also Kenneth Holley, George Platsis, Christophe Veltos, and George Thomas, Jr. as part of a unique cyber-education group called #Cyberavengers. In fact, High Performance Counsel has recently published the #Cyberavengers playbook for its readers to download. Can you both describe the vision and mission and why the legal community in particular should be aware of the #Cyberavengers gratis thought leadership offerings? Paul and Shawn: The #Cyberavengers were created jointly between our love of the old Marvel comic book series, the Avengers, and our desire to help this country deal with what we thought were major disconnects between hype and fact, and between illusion and reality.  Americans also suffer greatly from vendor overload (as we have noted above) along with "tech speak" and techno-babble which muffles and garbles messages.  The Cyberavengers have pledged to change the present cyber paradigm of major breaches, and to avenge those actors and countries who attempt to (and often succeed) in hurting this country and stealing its valuable intellectual property.  We do our jobs out of love for our country, or states and our communities.  We feel we are uniquely suited to help this country through what are proving to be difficult cyber times.   [et_bloom_locked optin_id="optin_3"]
DOWNLOAD THE PDF
[/et_bloom_locked]

By: Doug Kaminski


The development of the Internet of Things has allowed businesses across the globe to expand in new and exciting ways. We can share our thoughts, ideas, and even secrets, freely across channels, servers and file shares. This type of total-freedom also disinhibits nefarious third-parties, intent on stealing what you have, what you know, and what you care about the most. According to a 2017 PwC survey of 10,000 executives, 45% of respondents at companies that had a cyber incident reported that stolen intellectual property had a direct impact on their business – a significant increase over previous years.  Whether that’s trade secrets, industrial designs, credit card info or proprietary data, the threat of having your Intellectual Property stolen is very real and should be a cause of concern for any business leader. It does damage to both your bottom line and your reputation. In the e-discovery field, handling sensitive and sometimes classified client data is an inherent part of the business. Security threats regarding this data are more nuanced and more sophisticated than ever before. Internally, you need to be aware of things like malicious insiders or if an ex-employee goes rogue and takes your IP to a competitor. Externally, you need to be aware of the ever-present threats of phishing, malware, and foreign state actors that can bring down your servers, jeopardizing the IP of your business and your client’s business. It takes a village, and an entire e-discovery toolkit, to employ secure information governance policies that protects your IP. Here are three key steps to mitigate risk when it comes to guarding your Intellectual Property:

1. Maintain and Monitor Internal Access

One of the hardest things to control is the sharing and leaking of data and IP from internal employees. It’s hard to manage and even harder to identify. One way to mitigate this internal risk is to classify data by its sensitivity and value, and segment access to important data based on the employee type and if they need this data to perform their jobs. Another way to manage the amount of data shared between employees is to have your IT team actively monitor and regulate the file sharing platforms used internally. This type of proactive approach helps stop problems before they start.

2. Classify and Delete Your Data

The easiest way to limit the damage of data leaks is to control and limit the amount of sensitive data that is readily available to employees and external parties. You can use things like analytics and technology assisted review to redact and delete unnecessary files and archive data that you may need later. To gain a topline view of what might be at risk and to what employees, you can also use cluster visualization and email threading capabilities to identify IP terms that might be at risk via a simple keyword search. These types of proactive actions help limit what can be exposed by malicious third-parties or insiders, saving you time and stress.

3. Finetune Your Response Plan

It’s very hard to recover when you’ve lost your intellectual property, but if you do, it’s important that you have a coherent and concrete crisis plan in place to limit damage. The origin of your crisis plan should take place well before an actual crisis happens. This means gaining alignment with your key internal stakeholders, building an insider threat response program, and holding regular crisis trainings to ensure that everyone is internally aligned with your plan of action if, and when, your IP is leaked externally. This crisis plan should continuously evolve as the world of cybercrime changes; a third-party assessment on the potential weaknesses in your data security also helps. It’s a wild world out there. Hopefully these few pointers help in the never-ending battle of information security.
Doug Kaminski serves as director of major accounts for Relativity. In his 20+ years in the legal industry, Doug has consulted with some of the world’s most highly regulated companies, including many Fortune 100 companies, to help them gain control of their data and tackle their unique challenges surrounding e-discovery and information governance. Prior to joining Relativity, Doug served as senior director of information governance at Huron Consulting Group (now Consilio) and held positions at Symantec, Clearwell Systems, Wolters Kluwer, and LexisNexis Document Solutions.     DOWNLOAD PDFAt HIGH PERFORMANCE COUNSEL, we speak to the issues framing the next decade in law. We identify the emergence of an industry unlike that which has gone before by reason of its digital focus and dependencies. We touch on some of the toughest issues - not simply the easy ones. So it is that from the outset we have covered Cybersecurity. Cybersecurity has come at many industry participants from far left field - at times, with devastating consequences. We view it as an issue of immense proportion for the legal industry and the clients that it serves. We consider it a subject that merits special and ongoing attention. Chuck Brooks and his renowned CyberAvenger Cybersecurity expert colleagues, Paul Ferrillo, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma and Christophe Veltsos are a beacon of reason, experience, practical help - and hope - for so many who now face the challenges of Cybersecurity. Their first volume of this book is an easy yet invaluable read for countless professionals seeking to familiarize with the subject area of Cybersecurity - and what can be done about the challenges we face. In the same way that we at HIGH PERFORMANCE COUNSEL bring together helpful thought-leadership to shed light on the path of the modern legal industry, Chuck and his colleagues have done this for the present state of Cybersecurity. For this, they are to be highly commended. It is with great pleasure that we help share this publication with you. David T. Kinnear Chief Executive Officer HIGH PERFORMANCE COUNSEL MEDIA GROUP New York October 17, 2017   [et_bloom_locked optin_id="optin_3"]
DOWNLOAD THE CYBERAVENGER PLAYBOOK 2017
[/et_bloom_locked]

By Chuck Brooks


Cybersecurity Spending Soaring:

According to market research firm Gartner, global spending on information security is expected to reach nearly $87 billion in 2017 -- an increase of around 7 per cent over 2016 – and is expected to top $113 billion by 2020.  Also according to Gartner, by 2020, 40 percent of all managed security service (MSS) contracts will be bundled with other security services and broader IT outsourcing (ITO) projects, up from 20 percent today.

2016 a Record Year for Data Breaches:

According to the Identity Theft Resource Center, U.S. companies and government agencies suffered a record 1,093 data breaches last year, a 40 percent increase from 2015. The bad news is that record will likely be surpassed in 2017.

Government Under Continuous Cyber-attack:

According to 2017 Thales Data Threat Report, Federal Edition 34 percent of United States federal government agencies suffered a data breach in 2016. A report from the Office of Management and Budget says federal agencies reported 30,899 cybersecurity incidents to the Department of Homeland Security‘s U.S. Computer Emergency Readiness Team during fiscal year 2016

US Cyber Command to a Formal Military Command:

President Trump announced this month that he is formally elevating the US Cyber Command into a combatant command within the US military, and that it will be exclusively focused on fighting cyber wars. “The United States Army Cyber Command directs and conducts integrated electronic warfare, information and cyberspace operations as authorized, or directed, to ensure freedom of action in and through cyberspace and the information environment, and to deny the same to our adversaries”.

Trump Budget Requests $967M for FY 2018 DHS Cybersecurity Operations:

DHS’s cyber budget will get a significant boost in spending in 2018. The federal government’s FY 2018 begins Oct. 1. Also ,DHS related, House Homeland Security Committee Chairman Michael McCaul (R-Texas) will be introducing a cyber reorganization bill next week would replace DHS’s National Protection and Programs Directorate (NPPD) with a new operational agency to handle cyber.

NIST Reveals Draft of Cybersecurity Framework:

New proposed provisions include  assessing the cybersecurity risk posed by third-party vendors and a new focus on measuring the cost effectiveness of cybersecurity programs. Check it out: http://csrc.nist.gov/publications/drafts/nistir-8170/nistir8170-draft.pdf

Cyber Hygiene Legislation Introduced:

Cybersecurity legislation ( HR3010) called “Promoting Good Cyber Hygiene Act of 2017”  was recently introduced that will mandate the National Institute of Standards and Technology (NIST), the Federal Trade Commission (FTC), and the department of Homeland Security (DHS) to establish baseline best practices for industry. This legislation will help establish best practices for good cyber hygiene, authentication, and cooperation.

Majority of Companies Get Failing Grades on Cybersecurity Performance

According to a new study from Thycotic, in its first annual 2017 State of Cybersecurity Metrics Report, 58 percent of respondents scored an “F” or “D” grade when evaluating their efforts to measure their cybersecurity investments and performance against best practices.

Small Business Especially Vulnerable to Cyber-attacks:

Rep. Steve Chabot (R-Ohio), the House Small Business Committee chairman, told Bloomberg BNA March 9 that small businesses feel post-data breach fallout more strongly than large companies. He said  “nearly 60 percent of small businesses have to close shop after a data breach, which costs, on average, about $32,000 per attack.”

The EU's General Data Protection Regulation takes effect on 25 May 2018:

According to DataIQ (http://www.dataiq.co.uk/blog/summary-eu-general-data-protection-regulation) The reforms consist of two instruments: The General Data Protection Regulation  (GDPR) which is designed to enable individuals to better control their personal data. It is hoped that these modernized and unified rules will allow businesses to make the most of the opportunities of the Digital Single Market by reducing regulation and benefiting from reinforced consumer trust. The Data Protection Directive: The police and criminal justice sectors will ensure that the data of victims, witnesses, and suspects of crimes, are duly protected in the context of a criminal investigation or a law enforcement action. At the same time more harmonized laws will also facilitate cross-border cooperation of police or prosecutors to combat crime and terrorism more effectively across Europe.

Heath Sector in Urgent Need of Cybersecurity:

A new report put together by Michigan State University says almost 1,800 cyber-attacks occurred in hospitals across the US over a seven-year period, but only 68 percent of these breaches were reported to the government. The report examined Department of Health and Human Services (HHS) data for the period between October 2009 and December 2016. The recent “WannaCry”  ransomware attack demonstrated the vulnerability of hospitals and the health sector.

Be Careful Downloading Videos:

The security firm Check Point discovered a security flaw that allows hackers can hide computer viruses in online video subtitles and use them to take control of computers. The attacks are embedded within the subtitle files that accompany many illegally downloaded films, and easily bypass security software and antivirus programs designed to keep computers safe.
Chuck Brooks is Vice President of Government Relations & Marketing for Sutherland Government Solutions.  In both 2017 and 2016, he was named “Cybersecurity Marketer of the Year by the Cybersecurity Excellence Awards. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn” out of their 500 million members.  Chuck’s professional industry affiliations include being the Chairman of CompTIA’s New and Emerging Technology Committee, and as a  member of The AFCEA Cybersecurity Committee. In government, Chuck has served at The Department of Homeland Security (DHS) as the first Legislative Director of  The Science & Technology Directorate at the Department of Homeland Security. He served as a top Advisor to the late Senator Arlen Specter on Capitol Hill covering  security and technology issues on Capitol Hill.  In academia, Chuck was an Adjunct Faculty Member at Johns Hopkins University where he taught a graduate course on homeland security for two years.  He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.      We are pleased to announce that Chuck Brooks, who is HIGH PERFORMANCE COUNSEL's featured Contributor on cybersecurity issues,  has been working directly with the LinkedIn Team as a security (Cyber, Homeland) and emerging technologies (IoT, Big Data, Artificial Intelligence, Cloud, BlockChain) Subject Matter Expert/Advisor for content.  LinkedIn is the premier networking site for business professionals and has over 500 million members. As a senior executive in government relations, marketing, and management, Chuck brings a unique experience from service in the public sector, academia, and industry. He serves on a variety of boards, many of them philanthropic. He brings to LinkedIn a substantive knowledge on a broad range of cyber issues and a special subject matter expertise of cybersecurity and homeland security in government that have benefited both the not-for-profit, public, and commercial sectors. Security Excellence AwardsChuck's thought leadership writings on cybersecurity and emerging tech have helped shape the public policy debate as he is respected in industry, in the Federal Government, academia, and on Capitol Hill. He has been a force in discussing, advocating, promoting cybersecurity issues across digital media, at events, in professional forums, and with a variety of public policy organizations. He has been a leading evangelist for cybersecurity, homeland security, and emerging technologies in both the public and private sectors. He was selected by LinkedIn as “One of the Top 5 Tech People to Follow On LinkedIn” by LinkedIn. In a recent article LinkedIn said this about Chuck: “Chuck’s varied security experience is evident in what he publishes. From aviation to public sector, government to science, his posts take on the multifaceted aspects of cyber security as it relates to industries/verticals, homeland issues and next-gen technology. Since he’s keen on variety, with formats ranging from expert Q&As to content roundups, to non-tech posts associated with topics/verticals he’s covered, his perspective truly stands out.” Chuck is Vice President at Sutherland Government Solutions for Government Relations & Marketing,  he is the Chairman of The New Emerging Technologies Committee for CompTIA,  and President of Brooks Consulting International, a firm specializing in evangelizing, branding and marketing cyber and technology products and services industry. He is also part of the #CyberAvengers a group experienced professionals who have decided to work together to help keep this nation and its data safe and secure. Chuck was also named winner of Cybersecurity Marketer of The Year at the2016 and 2017 Cybersecurity Excellence Awards that recognizes the very best in leadership, excellence and innovation in today's cybersecurity Chuck has authored over 120 articles focusing on cybersecurity, homeland security and technology innovation for many publications including High Performance Counsel, Forbes, Huffington Post, The Hill, Federal Times, Alien Vault,  IT Security Planet, Bizcatalyst 360, NextGov, Gov Tech, MIT Sloan Blog, Government Security News, , CIO Watercooler, Brink, and others. Chuck has also  been a featured speaker at numerous events and conferences. He recently presented at a workshop sponsored by The National Academies of Sciences, Engineering, and Medicine and the Federal Bureau of Investigation on Securing Life Sciences Data. He recently spoke at The DC Cyber Security Summit on IoT, at a George Washington University event about the Cyber Threat Spectrum, and at the USTRANSCOM Senior Leader Cyber Security Roundtable. Chuck is one of the original “plank holders” at the Department of Homeland Security (DHS). Admiral Jay Cohen, former Under Secretary for Science & Technology at DHS stated “Chuck Brooks. as Director of Legislative Affairs at DHS, was INVALUABLE to me, the DHS S&T Directorate, DHS, the Nation AND Congress in making the "reformation" of DHS S&T a complete success. His Hill/DC acumen, insight, reliability, ability to develop highly effective congressional interaction/communications is WITHOUT PEER in my nearly 16 years dealing with senior executive branch officials, industry, academia and the Congress.” Dexter Ingram, Senior Advisor to Interpol, said the following about Chuck “he is a consummate professional who has a deep understanding of the issues, process, and people involved in the world of homeland security and Law enforcement. His breadth of experience derived from working on The Hill, in government, in academia, in industry, and with the media make him truly unique.” Security Excellence AwardsChuck worked for many years on Capitol Hill for the late Senator Arlen Specter and covered national security, foreign affairs, and technology issues. He also was a member of the Adjunct Faculty at John Hopkins University where taught homeland security for two years. He has advised many organizations including the Bill & Melinda Gates Foundation, The Cyber Resilience Institute, and the Center for Advancing Innovation. He also serves as Chairman of CompTIA’s New and Emerging Technologies Committee, and is a member of the AFCEA Cybersecurity Committee. He is on the Board of Advisors for CyberTech, and on the Board of Directors at Bravatek. He is an advisor to R & D cybersecurity company Inzero Systems. He is a subject Matter Expert to The Homeland Defense and Security Information Analysis Center (HDIAC), a Department of Defense. Chuck is also a member of the IEEE Virtual Reality and Augmented Reality Working Group. Technologist June Klein has said this about Chuck: Chuck and I served as “invite-only, vetted and trusted advisors” to the Bill and Melinda Gates Foundation - Technology Partner Network. Throughout the 2 year strategic program, Chuck was a pleasure to collaborate with toward accelerating solutions on a range of global challenges facing the foundation and its grantees. He was generous in sharing his articles in prestigious publications, contacts to DC decision-makers and access to his featured speaker and award events. Currently, I am honored that Chuck chose me to be a manager of his “Emerging & Futuristic Technologies LinkedIn Group”. Chuck has huge followings on social networks and diligently responds to his thousands of friends on focused subject matters. He is a holistic thinker grounded in government, industry and academia leadership. I value any opportunity to work with Chuck to team with strategic partners that can benefit from scaling my IOT, cybersecurity, resiliency and video initiatives.” Chuck has a BA from DePauw University and an MA from the University of Chicago and a certificate in International Law from the Hague Academy of International Law. He also served as an Adjunct Faculty at Johns Hopkins University (SAIS) teaching Homeland Security.
Please connect with Chuck on LinkedIn: https://www.linkedin.com/in/chuckbrooks Twitter: @ChuckDBrooks Email: [email protected]

Chuck Brooks: VP of Government Relations and Marketing, Sutherland Global Solutions


The Internet was invented in a government laboratory and later commercialized in the private sector. The hardware, software, and networks were originally designed for open communication. Cybersecurity initially was not a major consideration. That mindset has surely changed due to the explosion of connectivity and commerce on the Internet. And also from the threats. A recent McAffee study disclosed that there was one new cyber-threat every three seconds in the fourth quarter of 2016. Corporate board director roles have been traditionally reserved for those with expertise and leadership experience in management and best practices. Cybersecurity expertise historically has not been a primary concern for Directors. but it has become an evolving requirement for accountability in the era of digital connectivity. The bottom line is that almost every type of business, large and small, touches aspects of cybersecurity whether it involves finance, transportation, retail, communications, entertainment, healthcare, or energy. Cyber-threats are ubiquitous. The frequency and maliciousness (including Ransomware and Distributed Denial of Service attacks to networks) of cyber-attacks has become alarming. There are growing cyber-threats to corporate operations, reputation, and theft of IP that not only can affect stock prices, but the viability of a company. The growing threat of data breaches from hackers has made cybersecurity a global urgency. According to IBM, the cost of an average data breach has now risen to about $4 million. According to Gartner, spending on cybersecurity to try to ameliorate data breaches is expected to reach $90 billion in 2017. Dr. Chris Brauer, Director of Innovation in the Institute of Management Studies, sums up the state of cybersecurity for board members succinctly: “overcoming the threat boils down to two things: accepting that you will be breached (awareness) and the ability to do something (readiness).” Targets of the increasing incidence of phishing and other types of social engineering breaches include many corporate giants, such as Target, Anthem, and Yahoo.   Even the federal government has been targeted, most notably the breach at the Office of Personnel Management where 22 million personnel records were taken. In spite of this, there is still a lack of awareness and specialized knowledge on most corporate boards. For example, according to a National Association of Corporate Directors (NACD) survey, only 14% of the board members queried expressed a deep knowledge of cybersecurity topics. The cybersecurity landscape is complex, and it is extremely difficult to encapsulate all the various aspects that may confront a corporate board. Suzanne Vautrinot, President of Kilovolt Consulting and Major General and Commander, United States Air Force (retired), does provide a very good framework for addressing the landscape: “The board’s role is to apply the principles of risk oversight, to advise on strategy and help push to overcome challenges—in this case, cybersecurity gaps and challenges.” Following that strong lead from General Vautrinot, I developed a condensed “cheat sheet” with themes to hopefully provide boards with insights and impetus to address the cybersecurity threat at the C-Suite level. The four themes include: risk management, responsibility, communication, and expertise.

cybersecurity graphicThe Cheat Sheet:

Of course my cheat sheet is just a starting point. There is certainly room for more items and description. I highly recommend a new book written by Paul A. Ferrillo of the Weil Gotshal law firm and Christophe Veltsos of Minnesota State University, Mankato, entitled “Take Back Control of Your Cybersecurity Now: Game Changing Concepts on AI and Cyber Governance Solutions for Executives” for an in depth analysis of cybersecurity and corporate board issues. With the backdrop of the startling NACD survey that found 80% of boards’ members lack deep cybersecurity expertise, hopefully the issue of the lack of board cybersecurity competency will get more of the attention that is needed.
Chuck Brooks is Vice President of Government Relations & Marketing for Sutherland Government Solutions.  In both 2017 and 2016, he was named “Cybersecurity Marketer of the Year by the Cybersecurity Excellence Awards. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn” out of their 450 million members.  Chuck’s professional industry affiliations include being the Chairman of CompTIA’s New and Emerging Technology Committee, and as a member of The AFCEA Cybersecurity Committee. In government, Chuck has served at The Department of Homeland Security (DHS) as the first Legislative Director of The Science & Technology Directorate at the Department of Homeland Security. He served as a top Advisor to the late Senator Arlen Specter on Capitol Hill covering  security and technology issues on Capitol Hill.  In academia, Chuck was an Adjunct Faculty Member at Johns Hopkins University where he taught a graduate course on homeland security for two years.  He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.