Licenses & Certifications
Other similar profiles
Explore more posts
-
Jason Basye
CMMC Compliance Deadline: Are You Ready for October 1st? The DoD’s latest update to 48 CFR Part 204.75 makes it official: CMMC certification is mandatory for contractors starting October 1, 2025. If your organization handles Federal Contract Information (FCI) or Controlled Unclassified Information (CUI), you must be certified to bid, renew, or extend DoD contracts. 🎯 Don’t risk disqualification. As a CMMC Registered Practitioner Organization (RPO), Concertium helps defense contractors like you: * Assess and close compliance gaps * Build cybersecurity policies and procedures * Train your team and prepare for certification ⏳ Time is running out. Let’s get you ready before Phase 1 begins. 📅 Book your free consultation today: concertium.com/cmmc-rpo
-
Forensic Strategic Solutions
Detecting deception in fraud investigations is rarely about spotting a single “tell.” It requires disciplined observation, pattern recognition, and a structured interview strategy. FSS is presenting Detecting Deception: Advanced Interviewing Techniques for Fraud Professionals for the Alabama Chapter of the ACFE. Kelly Todd, CPA, CFE, and Lindsay Gill, CFE will share field-tested techniques developed through more than 20 years of investigative work together, including baseline development, rapport-driven interviewing, verbal analysis, and the strategic use of evidence and silence. Designed for experienced forensic accountants and fraud examiners, this session focuses on what actually works in real investigations. https://lnkd.in/e8ygwU_U #ACFE #FraudExamination #ForensicAccounting #FraudInvestigations #ThoughtLeadership
2 Comments -
Philip Coniglio
Digital asset scams are the #1 threat again and they’re getting slicker. For the third year running, digital assets ranked as the leading threat to investors, according to an enforcement report from NASAA (the association of state securities regulators). Why RIAs should care? Scammers increasingly name-drop real custodians, advisors, or regulators to look legit. Pitches are now AI-written and paired with polished apps/sites that bypass basic “this looks fake” filters. Even when clients act independently, firms face reputational and complaint risk if your name or logo gets impersonated. 3 Highlights from the NASAA 2025 Enforcement Report) 1. State regulators ran 8,833 investigations and 1,183 enforcement actions in 2024, securing $259M+ in monetary relief and significant criminal penalties. 2. Digital-asset schemes dominated, alongside social-media investment rooms, advisor/firm impersonation, and pig-butchering (200+ new investigations). 3. Seniors remain a prime target, with 3,600+ complaints and hundreds of victims, largely tied to crypto, pig-butchering, and promissory notes. #cybersecurity #RIA #investorfraud #regulatoryupdates #AdvisorDefense https://lnkd.in/ePawYU38
-
Jose A.
🔐 Are you supporting an organization preparing for PCI DSS 4.0 compliance? A large section of PCI DSS is focused on access appropriateness—making sure the right people have the right level of access. Here’s what auditors are now looking for: 1️⃣ A documented process to grant and approve access to the Cardholder Data Environment (CDE) and any connected systems. 2️⃣ A documented process to review existing access into the CDE (now mandatory as of March 2025, PCI DSS 7.2.4) at least every six months. 3️⃣ Policies supporting both granting and reviewing access. 4️⃣ Evidence that these processes are being performed. 👉 It’s not enough to say, “We follow our policy.” Auditors will: - Pull onboarding and offboarding records. - Sample access requests to confirm approvals. - Verify that periodic reviews explicitly show: • Access is appropriate for job function • Management has approved continued access This is where many organizations struggle—not in creating the policy, but in demonstrating evidence that it’s consistently followed. #PCIDSS #Cybersecurity #Compliance #RiskManagement
-
Trumbull Security Services
🚨 Compliance Alone Is NOT Security Banks & Credit Unions are under constant pressure from cyber threats, audits, and regulatory frameworks like FFIEC, NCUA, GLBA, PCI-DSS, and NIST. What’s changing in 2026? Integrated Risk Management (IRM) Why IRM matters: ✔️ Continuous endpoint & vulnerability scanning ✔️ Automated NIST Cybersecurity & Privacy alignment ✔️ Built-in FFIEC CAT & NCUA ACET readiness ✔️ Real-time risk intelligence & configuration monitoring ✔️ Faster audits, lower compliance effort, stronger defensibility Key insight: Being compliant doesn’t mean being secure. Security + Risk + Compliance must work as one system. How prepared is your organization for the next audit—or the next breach? Let’s discuss. #IntegratedRiskManagement #CyberSecurity #BankingSecurity #RiskManagement #Compliance #NIST #FFIEC #CISO #CIO #FinTech
-
Henry Wong, CISM, CISSP, CDPSE, CEH
#CISA is directing Federal Civilian Executive Branch (FCEB) agencies to inventory F5 BIG-IP products, evaluate if the networked management interfaces are accessible from the public internet, and apply updates from #F5. #EmergencyDirective #Vulnerabilities https://lnkd.in/eDkGnySb
2 Comments -
Monica Reagor
Another #MYGRCPOV interview at Nat'l Association of Black Compliance & Risk Management Professionals, Inc. (NABCRMP) 5th Annual Summit. I had the honor of interviewing Lawanda "Elle Michell" Hall, one of the most respected voices in compliance and cybersecurity insurance. A few key themes from our conversation: • Community matters. Elle described NABCRMP as a safe space where compliance professionals can share both expertise and lived experiences, especially as minorities in this field. • Global and national challenges are real. She noted the complexity of navigating an ever-changing global compliance landscape while addressing the unique pressures of today’s U.S. regulatory climate. • Compliance is about people. Elle emphasized that compliance is bigger than rules—it is about safety, integrity, and ensuring long-term trust in business decisions. • The future requires intentional action. She called for responsible use of AI and stronger pipelines for young, diverse professionals. As she reminded us, Southern University remains the only HBCU with a dedicated risk management and insurance program—a clear signal that we must do more to expand access and awareness of this career path. Talking with Elle reminded me why we show up: to advocate for equity, push our industries forward, and make compliance a space of both accountability and opportunity. Thank you, Elle, for your wisdom, and thank you, NABCRMP, for continuing to create a platform where these conversations thrive. #NABCRMPANNUALSUMMIT2025 #NABCRMP #ComplianceLeadership #RiskManagement #EthicsAndAccountability #Cybersecurity #DiversityInCompliance #InclusionMatters #AIandCompliance #GRC Jennifer D. Newton, Esq.
-
Curated Cyber
One of the biggest blind spots I see in community banks is their vendors. NIST CSF 2.0 calls that out in the Identity function, and for good reason. If you don’t have a handle on vendor risk, you don’t have a handle on your own. The good news is the new framework flips the script. NIST CSF 2.0 lets us start holding vendors accountable instead of the other way around.
-
Andrew Alaniz
I found this an odd release from CISA today. Guidance for SIEM / SOAR implementation. I’ve read through most of it, and will make another round, but it reads like an executive presentation. Even the practitioners guide. I’m not really sure what they were hoping to accomplish. The important logs section is a good index/reference page, but the rest is both short sighted and dangerous to call guidance in my opinion. There’s not enough info to estimate log sizes at this level. Even the fact of saying you need to centrally collect logs is short sighted as there are many ways now to decentralize the logs and have the same or better value. They scratch the surface on noting this, but don’t explain the nuance enough. I’ve worked with one of the best engineering and orchestration teams, and this barely scratches the surface of what we did. That being said, it’s a good guide book for someone new to the space, for considerations of design, and for what to expect in the framework that is built. I think one of the biggest things I didn’t see, is doing this right requires the right strategy, and especially the right skill sets. You need people that understand data, big data, and development. There’s is a lot of development here; like you essentially need a development team and solid relationship between threat intel, detection engineering, soc and development teams to do it right. This also scales differently depending on the size of the org, but even in a small org, there’s a level of entry and cost of doing business, but you’re going to have to err on the side that requires less care and feeding which is not a monolithic centralized system. I’m curious what others think. I’m sure Jonathan Rau has some opinions. :). I’m also curious what Sean Maher thinks.
22 Comments
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content