Edwin Covert
Los Angeles Metropolitan Area
6K followers
500+ connections
View mutual connections with Edwin
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
View mutual connections with Edwin
Welcome back
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
or
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
New to LinkedIn? Join now
About
Business-savvy technical security leader with 30+ years experience in cybersecurity…
Experience
View Edwin’s full profile
Other similar profiles
-
Rick Lawhorn CISA, CISSP, CHP, CHSS
Executive Director, Head of Regional Security Delivery | Former Fortune 10 CISO | Published Author & Speaker | Monacan Indian Nation citizen
Greater Richmond RegionConnect -
Marco Morana
Calhoun, GAConnect -
Israel Bryski
New York City Metropolitan AreaConnect -
David Burrus
Director of Regional Safety and Security - West Region
Inglewood, CAConnect -
John D. Johnson
Bettendorf, IAConnect -
Jerry Murtland
Denver Metropolitan AreaConnect -
Linton Harris MCS, CISSP, CCISO, CISM, CISA, CEH
Greater Tampa Bay AreaConnect -
Tom Roepke
Newport Beach, CAConnect -
Timothy Sandage
United StatesConnect -
Vijay Chawla
United StatesConnect -
Jatin Mannepalli
Greater Chicago AreaConnect -
Patrick Angel - MBA, CISSP CISM CRISC CISA
Dallas, TXConnect -
Michael Newborn, CISSP, CCISO
Leesburg, VAConnect -
Tomás Maldonado
United StatesConnect -
James (Jim) Hosley
Greater PhiladelphiaConnect -
Brent Hunter, IT and Security Program Management Leader
Los Angeles Metropolitan AreaConnect -
George Rettas
West Palm Beach, FLConnect -
Josh Jaffe
St Louis, MOConnect -
CJ Barker
San Francisco Bay AreaConnect -
Paul Wood FCIIS, MBE
Rancho Mirage, CAConnect
Explore more posts
-
Pawan Chawla
PHISHING ATTACK The County of Los Angeles’ Department of Public Health (DPH) disclosed a data breach that impacted more than 200,000 individuals. Between February 19, 2024, and February 20, 2024, the Los Angeles County Department of Public Health experienced a phishing attack in which a hacker was able to gain log-in credentials of 53 Public Health employees through a phishing email, compromising the personal information of more than 200,000 individuals A phishing e-mail tries to trick recipients into giving up important information. In this case, the DHS employees clicked on the link located in the body of the e-mail, thinking that they were accessing a legitimate message from a trustworthy sender #cybercrime #hacking #phishingattack #phishing #informationsecurity #databreach #ITinformationsecurity #cybersecurity #databreach #ITsecurity #informationsecurityawareness #securityawareness #humanfirewall #cybertraining #phishingawareness # https://lnkd.in/dBAv_JFn
72 Comments -
Charlene Deaver-Vazquez
In a recent conversation a cyber assessor asked me how they could get leadership buy-in to using risk quantification. Here are 3 ways I'd suggest doing this. Let me know what you think in the comments. 1. Use Industry Profiles for Context : Show how your organization compares to others in your industry in terms of risk exposure by using industry data. This helps highlight where your organization stands and can spark interest in exploring risk quantification further. 2. Highlight a Recent Attack : Use a recent cyber attack that affected your industry as an example. Show the potential financial impact and likelihood of such an attack on your organization. This makes the concept of risk quantification more real and urgent, helping leaders understand its importance. 3. Clarify Risk Levels : When discussing risk, push for clear definitions of what “high,” “moderate,” or “low” risk means by advocating for a quantified approach. This can help uncover inconsistencies in how risk is evaluated and emphasize the need for a standardized risk assessment method. Have you had success getting leadership buy-in to using risk quantification?
12 Comments -
Andrew von Ramin Mapp
The Cybersecurity and Infrastructure Security Agency (CISA) has recently published guidance on implementing Encrypted DNS to enhance security for federal agencies. This proactive step aims to protect sensitive information and mitigate DNS-based threats. Stay informed by reading the full article here: https://lnkd.in/d3Ncqctk 🛡️💻 #CyberSecurity #CISA #EncryptedDNS #DataProtection
1 -
Ira Winkler
While I am reposting this is that many of my connections have to adhere to 23 NYCRR 500 and it will be useful to them, publishing a template like this is also horrible to get it followed. I was talking with Deborah Nitka at dinner today, and she mentioned how she would examine compliance related documents, and it is clear that they basically just did a universal Cut and Paste on company name. Sharing a template like this can result not in people actually implementing a compliant program, but in creating a document that looks like they are. That is a major difference.
403 Comments -
Kyle Jones
I think a lot about securing critical infrastructure and operational technology (OT) environments. A few months ago, I saw a post from Andy Hollingsworth about cybersec ops training from the Idaho National Lab/CISA. I found a collection of training they have online for the Cyber-CHAMP framework. It is taught from an OT operator perspective and highlights the challenges that come with the IT/OT convergence. Cyber-CHAMP is a structured framework to help organizations assess their cybersecurity posture, align security initiatives with business goals, and develop a roadmap for building a cyber-ready workforce. What makes Cyber-CHAMP so powerful is that it looks at #cybersecurity from both the organizational and individual level. It's not just about implementing the latest technologies - it's about ensuring your people have the right skills, roles, and responsibilities to be an effective line of defense. Cyber security for OT environments used to be accomplished by creating separate networks. But that strategy doesn't hold up as more and more devices demand connectivity - including things like coffee pots which the instructors share in a memorable example during the class. Cyber-CHAMP provides a way to assess gaps and develop a tailored plan for upskilling the workforce. I am encouraging everyone on my team to take these classes. The instructors are practical and experienced. The content is up to date, relevant, and vendor agnostic. And, it is free. What's not to like? #aws AWS for Energy & Utilities #timeseries #businessanalytics
10 -
Tolgay Kizilelma, Ph.D.
Did you know that California Department of Technology has lots of useful IT and Cybersecurity resources. Check out the Statewide Information Management Manual (SIMM) for useful procedures, standards, frameworks, resource guides, policy documents, guidelines. Cybersecurity professionals should check the SIMM 5300 Information Security resources.
20 -
Jason Fruge
Just after the Crowdstrike global outage, the White House is exploring the idea of a federal insurance backstop for catastrophic cyber incidents. This initiative would entail collaboration between the federal government and the insurance industry to create a plan for financially addressing significant cyber attacks. The primary objective is to enhance market certainty and bolster the nation's resilience. Nevertheless, challenges exist, such as more actuarial data to evaluate risks. What do you think about this proposal? #CyberSecurity #Insurance #RiskManagement
3813 Comments -
Andy Maltz
UPDATED with link to event recording here: https://lnkd.in/gEnj2i_7 Today's U.S. National Institute for Standards and Technology’s Standards Forum was a real treat! The main theme was NIST’s commitment to advancing global standardization as a strategic priority for the U.S. - super-relevant for these times, and great to see brilliant minds sharing their experience and ideas to catalyze innovation and economic growth through standards. Key topics covered: -Advancing standardization for Critical and Emerging Technologies, which includes AI and cybersecurity (core for M&E!) -Creating and leveraging public-private partnerships -Pre-standardization strategies (there’s a lot of necessary and useful things to do before actually writing standards!) -Engaging industry stakeholders Follow the links for information on the Standards Forum and the U.S. National Standards Strategy for CET https://lnkd.in/gEnj2i_7 https://lnkd.in/gvMFajgq #NIST #ArtificalIntelligence
226 Comments -
Scott Birmingham
U.S. Contemplating Banning Ransomware Insurance Whitehouse official says insurance “incentivizes” and “fuels” cyber crime. According to Anne Neuberger, Deputy National Security Adviser for Cyber and Emerging Technology, “Some insurance company policies – for example covering reimbursement of ransomware payments – incentivize payment of ransoms that fuel cybercrime ecosystems. This is a troubling practice that must end.” https://lnkd.in/g_yCqMCR This recommendation flies in the face of an experience relayed to us by one of our U.S. partners: In responding to a ransomware event for a client, the criminals specifically stated that if they thought they were dealing with anyone other than a business executive during negotiations (e.g. an insurance negotiator), there would be “repercussions”; suggesting that criminals are not incentivized by the prospect of an insurance payout. And as the article infers, this type of ban would likely impact SMBs more than enterprises because enterprises have better ability to absorb a ransom payment compared to SMBs. However, my thoughts are that if such a ban were implemented, it would spur SMBs to invest beyond the bare minimum security needed to qualify for insurance. Regardless of your thoughts on this topic, recommendations like this highlight the fact that ransomware remains a significant threat even though according to the FBI, other cyber threats can be far more costly than ransomware: https://lnkd.in/gGSBaqnk Recommendations such as this highlight the need to focus on protecting your business rather than relying on insurance. As a parallel, when in comes to auto insurance, does it makes sense to drive recklessly just because you have insurance or does it make sense to drive defensively to avoid an accident? The first step when determining how to best protect your business is a gap analysis, which starts with a risk assessment. You can conduct a self-assessment here: https://lnkd.in/gNiqYiCP or contact us to assist.
52 Comments -
Wade Baker, Ph.D.
Jay Jacobs and I have been working a lot this week on the inaugural study of EPSS performance. Thought I'd share a pretty chart that Jay churned out yesterday. It addresses the question "What’s the typical pattern of exploitation activity?" As you may suspect, the answer depends on the vulnerability in question. Some vulns are continuously exploited for long periods of time. Some are just a flash in the pan. Exploits of others come in fits and starts. Some real-world examples of these patterns are demonstrated in the chart below, which depicts observed exploitation activity for five CVEs over the course of 2023. #vulnerabilitymanagement #vulnerabilities #vulnerabilityexploitation #cyberattacks
14830 Comments -
Kayne McGladrey
The Office of Management and Budget (OMB) has issued a memorandum that overhauls the Federal Risk and Authorization Management Program (FedRAMP). This new directive replaces the original 2011 memo and sets a modern vision, scope, and governance structure for FedRAMP. The changes reflect recent discussions and updates shared in FedRAMP forums. OMB’s revised strategy aims to increase the number of cloud service offerings available to federal agencies through FedRAMP. There are about 17,000 software as a service (SaaS) providers in the U.S., yet only 338 services have FedRAMP authorization. OMB intends to significantly expand this number, enabling agencies to adopt a wider range of cloud-based services. This expansion will help agencies advance operations and reduce dependence on traditional IT infrastructure. OMB stresses the importance of federal agencies adopting new cloud security methods. The updated FedRAMP framework is designed to provide agencies with secure, advanced cloud services that address emerging threats. The number of cloud service providers (CSPs) with FedRAMP authorizations has been limited due to high costs and complexities. OMB’s new memo introduces a standardized, reusable approach to security assessments, aiming to simplify the authorization process for cloud products and services. Strategic Goals: * The new FedRAMP framework is centered on risk management, tailored to modern cloud services. OMB will work with industry and federal security experts to focus on relevant threats and quickly address security weaknesses. * OMB introduces new ways to obtain FedRAMP authorization, reducing the time, cost, and complexity involved. While the memo outlines two familiar paths—agency authorization and program authorization—it also mentions that additional paths will be developed. * FedRAMP will use automation to streamline processes, employing the Open Security Controls Assessment Language (OSCAL) or a similar protocol. Automation aims to reduce the effort required to prepare and review FedRAMP deliverables, speeding up both initial authorization and ongoing monitoring. *OMB encourages CSPs to improve the security of their entire cloud offerings, not just those used by the federal government. The goal is to integrate FedRAMP security requirements into core services, avoiding the need for separate offerings tailored specifically for federal use. FedRAMP has requested public comments on its proposed performance metrics, which will measure the authorization process's security and customer experience. Feedback is due by August 29. #cybersecurity #FedRAMP
31 Comment -
Charlene Deaver-Vazquez
If your business budget is important, consider using risk quantification to prioritize resource expenditures. Risk quantification is applicable across your entire business, especially in highlighting top risks for tailoring your cyber insurance. #cybersecurity, #CISO, #Cyberrisk #OperationalRiskManagement #RiskQuatification #CRQ #Cybersecurity#CyberSecurity, #training, #workshops
5 -
Derek Kernus
This year I will be moderating a panel at the National 8(a) Association Alaska Regional Conference at 1 PM on 6/10/24. The session, 𝑴𝒂𝒏𝒂𝒈𝒊𝒏𝒈 𝑪𝑴𝑴𝑪 𝒍𝒆𝒗𝒆𝒍 2 𝑪𝒐𝒎𝒑𝒍𝒊𝒂𝒏𝒄𝒆 𝑼𝒔𝒊𝒏𝒈 𝒕𝒉𝒆 𝑺𝒉𝒂𝒓𝒆𝒅 𝑺𝒆𝒓𝒗𝒊𝒄𝒆𝒔 𝑴𝒐𝒅𝒆𝒍: 𝑨 𝑮𝒖𝒊𝒅𝒆 𝒇𝒐𝒓 𝑨𝑵𝑪 𝒂𝒏𝒅 𝑻𝑹𝑰𝑩𝑨𝑳 𝑶𝒓𝒈𝒂𝒏𝒊𝒛𝒂𝒕𝒊𝒐𝒏𝒔, will cover the complex NIST and CMMC Compliance framework requirements for a Level 2 certification, with the focus on implementing a ‘Shared Services Model’ commonly applied to ANC, Tribal and NHOs. Due to the intricacies of both the framework, and the shared service model, which is designed to enhance operational efficiency, collaboration, and support growth and sustainability for ANCs through streamlining administration processes, addressing CMMC implementation across shared services must be intentionally designed, strategically implemented, and managed with specialized expertise. Through a shared responsibility of integrating compliant technology platforms designed for a CMMC Level 2 environment, ANCs can achieve a compliant domino effect for subsidiaries, JVs, A&Ms, start-up incubations and strategic alliances. If you're attending #N8aAK2024, work with or intend to work with the #DoD, and use the shared services model, this is a panel you won't want to miss! https://lnkd.in/eZ_rb3MN Andy Sauer Elizabeth C. Ben Wheat Donny Sauer Sentinel Blue
542 Comments -
Andrew von Ramin Mapp
The recent data breach at Prudential has seen a staggering increase in the number of individuals affected, soaring to 2.5 million from the original count of approximately 36,000. This sharp escalation highlights the critical importance of comprehensive threat detection and incident response mechanisms in place to mitigate such incidents. The breach serves as a poignant reminder of the evolving cyber threat landscape and the necessity for organizations to continuously assess and enhance their cybersecurity posture. Effective incident response strategies, robust encryption protocols, and regular security audits are imperative to safeguard sensitive data and prevent large-scale breaches. #DataBreach #Hacking #Incidentresponse
4 -
Baljit Saini
A recent report from the Environmental Protection Agency (EPA)’s Office of Inspector General (OIG) has revealed significant cybersecurity vulnerabilities in over 300 U.S. drinking water systems. These weaknesses threaten service disruptions, data breaches, and potential damage to critical infrastructure, affecting the safety and accessibility of water for millions of Americans. #DataBreaches #CyberAttacks #WeProtect cybersecurity.art - Art of Cyber Security https://lnkd.in/gXWedhpV
2 -
Sean Fontaine
Quick home lab updated: This tool is pretty neat, I started running it against my home cluster more for troubleshooting but also to gain a better understanding of the attack surface. I've been grinding alot at work lately, hope to have some new content out closer to the end of the year. #kubernetes #cloudnative #k3s #security
2 -
Wade Baker, Ph.D.
If you’re at the Zywave Cyber Risk Insights conference today, look for me! I’ll be joining a panel at 1:45 to discuss whether we’ve reached a critical mass yet with data to adequately model and manage #cyberrisk. https://lnkd.in/dK2d3HHe
131 Comment -
David Cialone
Most Organizations Not Prepared For Upcoming CISA Software Compliance Deadline A recent survey has revealed a concerning trend: a staggering 80% of organizations are not ready to meet the CISA's Secure Software Development Attestation Form deadline on June 11, 2024. This form, a critical component of Executive Order 14028, mandates software producers working with the U.S. government to confirm the deployment of key security practices. The implications of non-compliance are severe, ranging from legal and financial penalties to increased susceptibility to cyberattacks and reputational damage. Despite the urgency, 84% of companies have not implemented Software Bills of Materials (SBOMs) into their development process, a requirement made mandatory over three years ago. The survey, conducted at RSA Conference 2024, also highlights a lack of awareness, with 65% of security professionals admitting they have never heard of EO 14028. With software supply chain attacks impacting over 2,700 organizations in the U.S. last year alone, the need for immediate action has never been more critical. #Cybersecurity #CISA #Compliance #SoftwareDevelopment #RiskManagement
7 -
Wade Baker, Ph.D.
Managing #thirdparty #cyberrisk is hard. But it gets even harder when trying to manage 4th...5th...Nth tier #supplychain relationships because visibility, familiarity, and control tend to decline with each degree of removal. This chart, from a joint Cyentia Institute and RiskRecon, A Mastercard Company report, captures this challenge. Your organization (the square in the center) may be able to track breaches of your direct third parties. But what about all those others? Are you even aware that you're indirectly connected to - and thereby potentially exposed to - breaches of those Nth parties? We explore this topic in "Risk to the Nth-Party Degree." Link to download in comments.
23935 Comments -
Michael Duffy
Nine years ago this week, the U.S. Department of Homeland Security issued the first binding operational directive (BOD) to federal civilian executive branch agencies. Defined by FISMA 2014, a BOD is compulsory direction issued by the Secretary (or CISA Director) for the purpose of safeguarding federal information and information systems from 'a known or reasonably suspected information security threat, vulnerability, or risk'. The first BOD (BOD 15-01) set timelines for agencies to fix critical vulnerabilities identified by CISA's Cyber Hygiene scans. This introduced a first-of-its-kind baseline for time-sensitive vulnerability remediation across government. This drove significant improvement to the federal community's cybersecurity posture, helped shape the future of enterprise vulnerability management, and demonstrated the value of this- at the time- new DHS cyber authority to align cross-gov't resources, focus and standardize key cyber efforts, and advance Federal Enterprise cybersecurity in a unified manner. Since 2015, DHS and the Cybersecurity and Infrastructure Security Agency have issued cyber directives on a variety of topics. BODs have: ☑ established the federal government as a leader across sectors in email authentication (BOD 18-01) and vulnerability disclosure policy adoption (BOD 20-01); ☑ introduced the Known Exploited Vulnerabilities (KEV) Catalog and prioritized the remediation of millions of KEVs (BOD 22-01); ☑ enabled rapid incident response by facilitating asset visibility across agency enterprises (BOD 23-01); ☑ hardened networked management interfaces due to threat activity (BOD 23-02); and ☑ established a governance mechanism to identify, assess, and secure the highest value digital assets and critical systems across government (BOD 18-02). Though BODs are only requirements for federal civilian agencies, CISA publishes these cyber directives and associated implementation guidance on CISA.gov and encourages non-federal partners to consider taking similar steps, when applicable. Thanks to the CISA BOD team for nine years of operational cyber policy excellence and to all the federal cyber leaders who have effectively implemented these directives while sharing insights along the way. #CISA #BOD #federalcyber #cyber #ciso #cyberdefense #cyberpolicy
1854 Comments
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Edwin Covert
1 other named Edwin Covert is on LinkedIn
See others named Edwin Covert