Cloud Solutions: Four Key Areas of Focus

When it comes to cloud solutions, there are many questions regarding the migration process. To help with the transition, end users need to have a full understanding of what cloud is and what they would be getting. The security industry is conservative and can be slow to make changes, however it’s not a question of ‘if’ you might transfer to cloud, but ‘when.’ Moving to cloud starts with an understanding of operation and functionality. Education and research come next, honing in on what you are looking for and what a cloud solution can offer to meet your physical security requirements.

To help with the transition, what are a few key elements to focus on, when starting to have a conversation about cloud? In an effort to provide guidance, these four cloud facts should help in deciding if a cloud solution is best for you.

1. Cloud Provides Cost-Saving Solutions

Eliminating local system components makes the cloud less complicated, but it also makes system maintenance more cost-effective overall. Transitioning to the cloud will save you money in both the long and short term. A subscription-based model will save on setup and management fees, as well as human resources. With a cloud solution, because you are eliminating the need for NVRs, video management systems, access control servers and panels, you will be eliminating four major expenses.

Additionally, cloud provides a more scalable solution, which means you will be able to add a few cameras or doors to an existing system without having to purchase additional hardware. This allows for a more flexible approach to your security needs – meaning you only pay for what you use. You will no longer have to pay for an NVR that supports 60 cameras, while only having 30 installed.

2. Cybersecurity Risks Are Alleviated

You might think because you’re connecting a device to the cloud, to something outside of your network, that it poses more security risks than on-premise storage. However, cloud providers have been working for many years to develop technology to encrypt the data from the moment it’s captured through the transportation to the cloud. This gives you end-to-end security, which is safer than an onsite system. In addition, onsite systems can be prone to damage through theft, server issues and hacking – which are not issues with a cloud system.

When choosing a cloud provider, look for organizations with experience and resources that invest significantly in cybersecurity annually. Consider asking how much a provider will spend on cybersecurity and data privacy every year, as well as if they have a designated cyber team and how big that team is. Your cloud provider will likely be able to invest significantly more into cybersecurity development than you might be able to on your own.

3. Cloud Requires Minimal Bandwidth

The cloud platform you select should run on a single, open architecture to deliver faster, more secure and more reliable services. What you might not know about cloud-based systems is that they can operate without cloud-based video storage. A robust and open platform will allow video to be stored on the camera, or gateway device – enabling the system to run using little to no bandwidth. If you choose to store video on a camera or gateway device, you can transport it over the network on-demand.

You should also look for a solution offering a hybrid mode – a combination of on-device and cloud storage. Hybrid mode is customizable to your needs and allows for video to be stored on the cloud, or locally on a bandwidth schedule. At the end of the day, cloud storage offers a number of options, all requiring little bandwidth.

4. Cloud Requires Less Components

Simply put, cloud solutions are easier and less complicated than onsite systems…[…] Read more »….

Meet Wendy Holmquist: Cloud Expert of the Month – December 2019

Cloud Girls is honored to have amazingly accomplished, professional women in tech as our members. We take every opportunity to showcase their expertise and accomplishments – promotions, speaking engagements, publications and more. Now, we are excited to shine a spotlight on one of our members each month.

December Cloud Expert of the Month is Wendy Holmquist
Wendy Holmquist has 20+ years of professional experience working in emerging technologies and go-to market sales strategies. Her experience includes time at Adobe, Oracle, Centurylink, and Verizon working with a wide range of customers and strategic alliance partners in both public sector and enterprise. She is able to provide clients with invaluable market knowledge, comprehensive strategies, and effective solutions to transform business initiatives, markets and organizations. She has a broad base of technology expertise in IaaS, PaaS, SaaS, DRaaS, software, AI, data center, security, network, and digital media.

Wendy has just returned from a 10-month sabbatical and is currently working at Splunk managing global systems integrator alliances for State, Local, and Higher Education (SLED) nationally. She is passionate about driving initiatives, personally and professionally, that have meaningful impact on communities and improving the lives of others. Wendy holds an MBA from the University of San Francisco and Bachelor’s of Science degree from California Polytechnic University in San Luis Obispo, California.

When did you join Cloud Girls and why?
I am one of the original Cloud Girls. I was invited to join what was an informal group of women coming together monthly via conference call to discuss cloud technologies in 2012, back when no one really knew what cloud meant. I joined the first Board of Directors and planned our first Cloud Girls off-site retreat in 2014. The first retreat was a game changer for all of us because it allowed us to physically come together as group and map out our mission and vision for the organization.

What do you value about being a Cloud Girl?
I value the friendships that I have made over the years and the unbiased approach to uplifting our unique community of women. I love and live by our mission to not only support each other, but other young women in their technology aspirations.

What is the biggest risk that you’ve taken?
When I started considering taking some time off from my career to recharge and focus on my family and uninterrupted personal development, it felt like it was too big of a risk to consider, professionally and financially. Ultimately, I allowed myself to take the risk. It’s remarkable how much you learn about yourself, your values, and how to be grateful when you take time to breathe and slow down the chaos of our daily lives. In my time off I learned to ensure that everything I do going forward, at home and as a woman in technology, will reflect authenticity and my core values. As I move step into a new role after a 10 month break, I realize that what felt like a big career risk at the time, is actually extremely beneficial to my career, as I can now move forward with more purpose in my job every day.

How do you define success?
Success to me is not only meeting expectations but exceeding them in areas that may not be tangible. When I am working with clients, I try to figure out what the impact of an initiative means to them personally, such as freedom, stress reduction, and/or happiness. A successful project or event is one that impacts people and their lives, and my view of success is always to build towards that ultimate goal.

What are the most exciting opportunities for women in tech?
This is such an extraordinary time for women in technology. As I started to talk to people about my next career move, I found that companies and hiring managers were purposefully looking to add women to their staff to not only add diversity to their teams but to promote women as a new generation of leaders inside technology companies…[…] Read more »…..


Meet Michelle Hyde: Cloud Expert of the Month – October 2019

Cloud Girls is honored to have amazingly accomplished, professional women in tech as our members. We take every opportunity to showcase their expertise and accomplishments – promotions, speaking engagements, publications and more. Now, we are excited to shine a spotlight on one of our members each month.

October Cloud Expert of the Month is Michelle Hyde
Michelle Hyde, president and founder of Hyde Group, has been serving Pacific Northwest enterprises with excellence for more than 20 years. Her history of applying the right technology at the right time to critical business issues that clients face has propelled the Hyde Group’s success and advanced its reputation as a true client advocate. Hyde Group has a passion for finding solutions to client challenges during their digital transformation through teamwork and enablement of scalable solutions in cloud, SaaS and emerging technologies. Hyde currently serves on the Advisory Council for Cloud Girls and is a past member of its Board of Directors.

When did you join Cloud Girls and why?
I joined Cloud Girls right at the formation of the association in Jan of 2012 and helped with the formation of our monthly endeavor.  I then joined the board in Jan 2013 as the Operations Chair role until Jan 2018, and then took the Finance Chair and moved into the role of Advisory Council member after that in Jan 2019 where I still serve.  It was an exciting endeavor to be part of the founding members of what would become a true premier organization; creating vision, structure, process and growth over the years.

What do you value about being a Cloud Girl?
The Cloud Girls organization is a true point of pride for me, not just being a part of its foundation, but being aligned with such amazing women that have become sincere friends, endearing colleagues and so many that have guided and influenced me over the years.  I can honestly say that I would not be as far in my career or with such success without the aid of the women in this organization.

What is the biggest risk that you’ve taken?
The biggest career risk I have taken is certainly starting my own consulting firm 3 months after having a second child and right after my 39th birthday.  I chock it up to the fact my hormones were not all there postpartum, and having the mindset of “what could possibly go wrong here?”  Starting a business, a tangent from what I was doing at the time, thinking I knew more than I did, and simply wanting success and autonomy in my world seemed to be the right mix.  I did all that I could to establish myself and created an amazingly supportive network around me that wanted me to also have success.  There are certainly days and weeks over the last 10 years I have had to throw elbows around to get my voice heard or my point across, but I would not change a thing.  Now that nearly 10 years have passed, I am getting pretty comfortable in my skin and am ready to take it to the next level and start looking at greater risks to take!

What is the best professional/business book you’ve read and why?
With my drive to get to the next level in my business, I am reading a book called ‘Scale – 7 Proven Principles to Grow Your Business and Get Your Life Back’, and although I have listened to it on Audible, I have to get the book because the worksheets are essential here.  I am examining merging with 2 other companies and this book will directly pertain to us.  It identifies where we are at in the 3 stages, and the 7 principles of getting through the next stage(s) for a successful small business growth trajectory.  There are other books I am reading right now too, Getting Things Done by David Allen and Power Trips, by a friend of mine, Norman Rawlings and How to Train A Wild Elephant and Other Adventures in Mindfulness, by Jan Chozen Bays MD.  There is no shortage of things I want to read – my nightstand is stacked a foot high with desired reads […] Read more »…..


Luanne Tierney: Cloud Expert of the Month – August 2019

Cloud Girls is honored to have amazingly accomplished, professional women in tech as our members. We take every opportunity to showcase their expertise and accomplishments – promotions, speaking engagements, publications and more. Now, we are excited to shine a spotlight on one of our members each month.

August Cloud Expert of the Month is Luanne Tierney
Luanne Tierney, currently CMO of Open Systems, which is a secure SD-WAN managed services company, has extensive experience in leading complex marketing organizations for Fortune 500 and mid-market SaaS companies. She has had marketing leadership roles at Cisco, Juniper, Fortinet and Proofpoint. As a young working executive, she was the first in the industry with the sponsorship of Chuck Robbins- now CEO of Cisco, to develop a Women-in-Tech leadership programs in Silicon Valley. Luanne has won numerous awards in the industry, from PBWC Industry Leader Award, Silicon Valley Women of Influence Award, multiple CRN Channel awards, YWCA TWIN Executive Award but the recognition she most appreciates is from the sales teams that she has supported throughout her career

When did you join Cloud Girls and why?
Jo Peterson one of the co-founders reached out to me in 2017 and invited me to join. Right away I was impressed about the organization because it was an intimate organization, focused on sharing ideas by women working in all levels in tech. The group would meet monthly to discuss cloud technologies as it related to their professional roles.

What do you value about being a Cloud Girl?
I value the opportunity to learn, interact, share best practices, support and personally connect with the other women who are at different stages in their careers.

What is the best career advice you’ve ever received?
When I was a young working mom, I had dinner with the late outspoken Ann Richards ( former governor of Texas). I had developed and initiated the first “Women in Channels Leadership Program” at Cisco and was in Dallas, Texas hosting one of first of these programs.  I remember having the honor of sitting next to her at dinner and asking her “How do I have a successful career and simultaneously raise great kids?” Her feisty delivery response was this, “Give up the guilt, bring them with you to your work, show them what you are doing and that you are passionate about your job, so that when you are not with them they understand what your work life is like and are positively exposed.”

How do I avoid being complacent in my role?
Well that’s a funny question. I find this to be true – there is always someone younger, smarter, with seemingly cooler professional experiences – especially in the digital area. First of all, I prioritize staying current through learning by in person conversations. Each week, I make sure I have scheduled external meetings with individuals who I can learn from. These are not necessarily people who are solely focused on marketing, but rather Executives in Sales, CEOs, CIO’s, Human Resources, and recent college graduates. I also make sure I invest in myself by learning from my peers through Industry Associations. In addition to Cloud Girls, I am member of SVEN, (Silicon Valley Executive Network)  and the CMO Club. I am also an avid podcast listener- some of my favorites are: What’s Next, How I Built This, and Super Women. I am also on public and a private boards in the consumer space, Crimson Wine Group  and KNOCK Inc., which gives me exposure to market dynamics and challenges in the consumer industry.

How can you be a role model for young women and young men about what it means to be a leader in tech?
It doesn’t matter what industry you are in; leadership is all about people! Take the time to listen to your people. Surround yourself with a diverse team of people who are have different expertise. It can’t be about you, the more you help the organization the better you will feel. Your team accomplishments and what they deliver will identify you as a great leader […] Read more »


Louise Bowman: Cloud Expert of the Month July, 2019

Cloud Girls is honored to have amazingly accomplished, professional women in tech as our members. We take every opportunity to showcase their expertise and accomplishments – promotions, speaking engagements, publications and more. Now, we are excited to shine a spotlight on one of our members each month.

July’s Cloud Expert of the Month is Louise Bowman

Louise Bowman is a customer-focused enterprise sales executive that has been in the IT industry for almost 20 years. Her career began at Rackspace, a Global Managed Hosting & Cloud provider, where she built the insides sales team – both in San Antonio and London. In 2007, she returned to her hometown of Denver, and began working for ViaWest, now Flexential, a National Colocation, Managed Hosting and Cloud provider. There she was a Major Account Executive managing top ten named accounts, and later was asked to build ViaWest’s inside sales team. Her next adventure, NIMBL, a national system integrator based in Denver, gave her the opportunity to move up the IT stack where she began working within the SAP ecosystem selling software, consulting, staffing and managed application services to clients primarily in the Pacific Northwest.

Bowman is intrinsically motivated by responsibility, positivity, winning others over, learning, complex deals, and dynamic and thriving organizations. She is currently a member of Cloud Girls and is the SAP ASUG Pacific Northwest Chair Lead.Outside of work, she enjoys great food and wine (cooking or eating out), traveling, skiing, hiking, working out, murder mystery movies andbooks, and spending time with her husband & fur baby, Edie! Louise has a Bachelor of Science degree in psychology from the University of Colorado, Boulder, where she was member of Phi Beta Phi and Captain of the Women’s Lacrosse team.

When did you join Cloud Girls and why?

Manon Buettner, Cloud Girls’ co-founder, and I had met earlier in 2014, and through many discussions she invited me to I join Cloud Girls in 2015. I was able to attend my first retreat in Park City – that weekend really gave my insight into what an amazing organization Cloud Girls is, especially all the women involved.

What do you value about being a Cloud Girl?

First, the annual retreat because this is the time I have been able to learn about each “girl” in the group, dig into key issues and how others see/handle situations, let our hair down, laugh, play and leave with a feeling of belonging. This event always reminds me what a dynamic, eclectic, accomplished and vocal group I am a part of – I am proud to be a Cloud Girl. Second, the ongoing education, strong network and our community involvement.

What is the best career advice you’ve ever received?

“Feel, Think, Do”

What is the best professional/business book you’ve read and why? 

Gallup Poll’s “StrengthFinder” by Tom Rath. This book is the only personality test that has ever really resonated and gave me great insight into myself and others.  I highly recommend to this to everyone, no matter your profession […] Read more »


Small and Medium-sized Financial Institutions: The Security Challenges They Face Each Day

It’s no secret that financial institutions are in criminals’ crosshairs. This has been the story ever since people and organizations started putting their cash in the care of others. But unlike the good ol’ days of dramatic ski-masks-over-face, gun-in-hand heists, the majority of today’s banking crimes are digital, and thus, involve far less bravado and derring-do.

While cybercrime and fraud affect all financial institutions, each sector has its own specific concerns. The concerns of large institutions generally take center stage due to their high profiles and the large stakes involved, but often, concerns specific to small and medium-sized institutions go overlooked. In this article, we will examine the issues that cause the most distress to IT and security teams at small and medium-sized financial institutions.

Why Cyber Criminals Love Small and Medium-sized Financial Institutions

Small and medium-sized financial institutions are often seen by cyber criminals as low-hanging fruit — sure, they could go after JPMorgan Chase or Goldman Sachs for a huge payoff — but a heist of that nature requires boatloads of planning and effort. For an attack of that scale, an assailant must have incredibly powerful tools as well as a flawless plan, which could take months and even years to orchestrate.

Add to that the immense challenge of evading the law once the attack has been executed. High profile attacks on banks make great news fodder and criminals can expect to be hotly pursued and tried for their misdeeds.

Unfortunately, this is not typically the case with smaller targets. It doesn’t take quite as much planning or effort to hit smaller players and since these crimes are not as high profile, it may be easier for the attacker to get away with them. All in all, small and medium-sized financial institutions are a wise choice for attackers looking for a relatively easy swindle.

The Security Challenges that Keep Small and Medium-sized Financial Institutions CISOs Up at Night

There are many cyber security issues that plague small and medium-sized financial firms, ranging from structural issues to out-and-out threats. While each organization is unique, security leaders at most, if not all, small and medium-sized financial services firms must overcome these structural challenges.

Lack of Buy-in/Understanding from C-Suite/Leadership

Each financial services firm has its own business drivers, those issues that are integral to the success and advancement of the business model. While issues like customer satisfaction and regulatory compliance generally top execs’ lists, the issue of cybersecurity doesn’t always show up on their radar.

There are a few reasons that cyber security may not be the first thing on many leaders’ minds. To start with, it can be very difficult to prove the return on investment for security-centered projects. In the words of security expert Bruce Schneier, “Security is about loss prevention, not about earnings.” Proving how much a company saves by preventing a breach does not produce the same tangible benchmarks as do other, more concrete investments.

Moreover, leaders may not have sufficient IT and/or security knowledge to grasp the full severity of weak or inadequate defenses. While some decision makers certainly are well versed in technology, it’s often not a part of their job requirements and they simply may not grasp the importance of investing in new solutions as they become available. Likewise, they may not understand the full legal and operational ramifications of falling prey to a breach.

Lastly, according to, leaders at smaller firms are often convinced that their firm is not worth the attacker’s time or effort. This leads to a dangerous stance of security complacency, an attitude that nothing further is required to protect the firm, based on their own erroneous assessment of limited risk.

Limited Budgets

As mentioned above, small and medium-sized financial institutions typically have much more limited cyber security budgets than larger institutions. A recent survey by Untangle found – shockingly! — that of 350 small and medium-sized businesses polled, 50 percent had annual security budgets of less than $5,000 US and of those, 50 percent had budgets of less than $1,000 US.

In light of these numbers, it comes as no surprise that at many smaller FinServs, there is no one specific person or team tasked with cybersecurity – it’s just another aspect of IT’s responsibilities. Moreover, their tools are nowhere near as comprehensive as those found at larger institutions. This increases the chances of breaches and extends time to detection (TTD) and time to respond (TTR) in the face of incidents.

At the same time, small and medium-sized financial firms still have conveniences like customer-facing apps and websites, which are necessary to compete with the big guys. But as with the rest of their technology stack, these applications may be less robust and secure than those developed by banks with more money to allocate to security. This makes these less secure applications prime pickings for attackers.

Dependence on Third Party Vendors

Small and medium-sized financial institutions are heavily reliant on integrations with third party suppliers. As with businesses of any size, these firms need to share information with partners and contractors to remain relevant and agile in an increasingly connected world.

But granting access to third parties can come with great risks — by making your network accessible to third parties, you allow their vulnerabilities to become your vulnerabilities, their liability to become your liability. This was clearly demonstrated in the infamous Target hack of 2013, when the behemoth saw their point of sale system breached due to an integration with an HVAC vendor whose credentials were stolen.

In the typical integration, external partners can access the company’s networks without adequate monitoring and limitations. This allows them access to far more resources than needed to do their jobs, making the organization a sitting duck. And as third-party vendors are often also small and medium-sized businesses, there is a very real chance that they may have less-than-adequate security, which compounds the risk. Further, the decision of which vendor to use is often made with little regard to vendor security practices and how those may affect the institution and its networks.

The Threats that Nightmares are Made Of

While budget limitations, support from top brass and third-party vendors are ongoing headaches for security officers, threats that commonly target financial service businesses are the night terrors that bolt them awake in a cold sweat.

The Many Flavors of Insider Threats

Insider threats take many forms and affect all businesses, from the largest enterprises to shoestring operations. And while all businesses suffer when an employee goes rogue or an ex-staffer decides to spill the company beans, small businesses experience damage from insiders more often than their larger counterparts. This is especially true in finance, where the stakes are inherently much higher than for most other businesses. In fact, according to the 2019 Verizon Data Breach Investigations Report, the threat actors in 36 percent of breaches of financial institutions were insiders.

One reason small and medium-sized financial firms fall prey to insiders is that they often lack proper protocols for revoking access after an employee has been terminated. Smaller financial firms tend to have less robust IT standard operating procedures and thus when an employee is asked to leave, it may take days or weeks before his or her access to critical resources is revoked. This leaves the ex-staffer with plenty of time to collect whatever data he or she wants, which can then be given to competing banks — or worse, such as nation state adversaries and cyber-criminal syndicates.

Similarly, smaller firms also tend to engender feelings of trust and familiarity among employees. While this is great for the general work ethic, there is risk in trusting your employees too much. Large institutions often have tiered Identity Access Management (IAM) solutions in place to prevent employees from seeing information which is beyond the scope of their requirements. Once again, due to less sophisticated IT infrastructure and because of that cozy, feel-good atmosphere, smaller institutions may not have the same precautionary measures in place, allowing employees access to data far beyond their actual data needs.

Then there is the insider who, although not necessarily malicious in intent, is simply impervious to training. This is the employee who routinely clicks suspicious links or fails to notice clues indicating that he or she is being phished or scammed. Scary but true: According to Verizon’s 2019 DBIR, three percent of people will click on any given phishing campaign. And these well-meaning employees can cause just as much damage as those with ill intentions: In a small and medium-sized bank, the means or understanding to track just which employee is “that guy” may simply not exist — thus, the risk goes unmitigated.

Business Email Compromise (BEC) Scams

According to a report by security firm IronScales, 95 percent of successful cyber-attacks include an element of social engineering. Humans are easily manipulated and attackers are adept at creating all kinds of compelling scams to help victims and their money or data part ways. According to the Verizon 2019 DBIR, financially motivated social engineering attacks target financial services institutions disproportionately vis a vis other industries.

In recent years, BEC, or Business Email Compromise, has become one of the most potent phishing methods, generating losses of $676 million US in 2017. According to HSBC, small and medium-sized businesses are harder hit than larger enterprises.

In the typical BEC scam, the scammer impersonates someone in a position of power within the organization, perhaps the CEO or a senior member of the IT team. The scammer sends an urgent email to a lower ranking employee, demanding funds to be transferred. This perfectly crafted email is almost indiscernible from an authentic one and implies that the recipient must see to it that the funds are transferred immediately – or face repercussions. If things go according to the attacker’s plan, the employee sends the request off to the organization’s bank, where an unwitting bank employee complies with the email’s instructions and transfers the funds.

BEC scams cause damage to all kinds of businesses, as well as banks.  But no matter the industry, they affect banks because they are the ones through which financial transfers take place. In smaller institutions, standard operating procedure for transfers may not be clearly outlined and thus there is a greater danger that someone within the bank may authorize such fraudulent transfers.

Browser-Based Threats

Like all businesses, small and medium-sized financial institutions need to use the Internet for tasks such as researching loan applicants and corresponding with customers. So, every employee needs web access. But the risk that comes with open connectivity, namely, the fact that browser-borne malware can easily spread laterally throughout networks, cannot be tolerated in such a sensitive arena.

Browser-based malware is always morphing to ensure that it evades traditional security methods, but some attack elements remain the same; Cross-site scripting (XSS) and SQL injection (SQLi) attacks are some of the most common web-based attack methods and can potentially come from any website that has been infected — even those that have been deemed secure. These complex attacks can easily exfiltrate data off employee’s browsers. Moreover, browser-based threats are difficult to detect, which puts critical assets directly in harm’s way.

Many IT admins turn to whitelisting pre-approved web applications and websites to help keep out browser-based threats. But whitelisting has significant drawbacks — it leads to reduced productivity and agility as employees cannot always access the resources they need when they need them. It’s also not completely effective, as once-good sites can become infected with malware and in turn, pass that infection on to your network.

Small and Medium-sized Banks Have to Level Up to Survive

Beyond the threats themselves, small and medium-sized FinServs have to consider the costly fallout that comes along with successful cyber security attacks. Understandably, in the wake of an attack, customers may lose confidence and jump ship. And while larger financial institutions can absorb the costs of many, if not most, attacks, smaller ones cannot, which may lead to closures […] Read more »..

Artificial Intelligence Changes Everything in the Security Industry

During my years at Dell, we would share what we serendipitously found in the way of a good read. I thought I’d continue that practice, sending your way, if you haven’t already discovered it, Kai-Fu Lee’s book AI Superpowers: China, Silicon Valley, and the New World Order. It’s a fascinating read – particularly his insight that, “AI will be to the 21st Century what electricity was to the last…and Data – the oil that drives the generator.” Just as nineteenth-century entrepreneurs applied the electricity break-through to cooking food, lighting rooms and powering industrial equipment, today’s AI entrepreneurs are doing the same with the deep learning of artificial narrow intelligence (ANI). Lee’s insights were incisive and inspiring – a clarion call of caution mixed with an articulate voice of hope and encouragement. Having straddled both China and U.S. cultures, his insights into the mind and practices of these largest global markets were eye-opening and even-handed. He explains the fundamentals of Neural Networks and Deep Learning in a way that were easy to grasp and presupposed little in the way of any prior mathematical understanding.

In the Deep Learning of AI, we’ve found that proactive capability we wanted to advance many years ago.  We knew if we could determine the pure genomic state of the benign files that make up the Internet, we could detect malicious anomalies and preempt them before they could hurt us. We just needed technology to catch up with the idea. However, just as predicted 50 years ago by Thomas Kuhn in his book the Structure of Scientific Revolutions, we’re seeing the dawn of a new day where AI’s machine learning and advance mathematical algorithms now offer validated deflection rates, pre-execution, in the realm of 99 percent[…] Read more »..

Insights from Founder and President of StarCIO with Isaac Sacolick

Apex sat down with Isaac Sacolick, Founder and President of StarCIO. As a successful CIO who has led digital transformation, product development, innovation, agile management, and data science programs in multiple organizations, he sheds some light on challenges and focus areas for today’s CIO.

Q: What is the biggest challenge for a CIO today?

A: CIOs have the challenge of evolving IT from back office support functions to ones that can deliver applications and analytics while investing in agile, cloud, devops, and security. Many of the CIO I talk to are still adjusting to the speed, innovation, and organizational intelligence required to remain competitive and to avoid disruption.

That’s all table stakes today.

CIOs have to see what’s coming next for their businesses and drive discussions on where they can lead their industries. They have to identify partnerships, experiment with new technologies, and accelerate the development of their leadership teams so that they can deliver and iterate on differentiating capabilities. That’s a lot to do, when many organizations have cultures resistant to change, legacy technology footprints, increasing security threats, and greater operational impacts when technologies underperform.   

Q: What is the single most important thing CIOs should be focusing on today?

A: I think that CIO can’t just have a single most important thing as it can lead to saying ‘no’ to business opportunities, underserving parts of the business, or overinvesting in a strategic driver whether it be innovation, operational excellence, compliance, etc.

Some time ago, I wrote how digital CIOs manage their time and it resonated with many CIO that struggle with their shifting roles and juggling many priorities. The biggest thing the CIO should focus on today is how to manage their time, find partnerships, and grow bench strength to meet these challenges.

Q: What is IT doing to support innovation in the enterprise?

A: IT should start by defining an ideation process and pipeline that captures new ideas from across the organization and puts them through rapid discovery processes. I describe these pipelines and planning processes in my book, Driving Digital: The Leader’s Guide to Business Transformation Through Technology along with agile transformation, product management, and becoming data driven – all practices that drive innovation.

Second, I recommend to CIO and their leadership teams to spend significant time out of their IT offices and seek to develop business relationships, visit customers, and attend various industry events. IT can’t drive innovation without having an outside-in perspective on what customers need, how business leaders are managing competitive threats, and how other industries are solutioning comparable challenges.

Lastly, IT should be doing a lot of experimenting, executing proof of concepts, and investing in learning activities. To be innovative, IT needs to know how to integrate different technologies into nimble, supportable solutions. There’s no silver bullet to innovation, and IT has to invest in learning the building blocks.

Q: How do you stay abreast of the trends and what your peers are doing?

A: I have a voracious appetite for reading, writing, speaking, meeting people, attending events, and participating in social media. I’m a bit of an outlier as a big part of what I do now at StarCIO is advise leaders on transformation, collaborative practices, platforms, and emerging technologies.

I also get hands on with new technologies from time to time.

IT leaders should try to do the same. Read two or more articles a day, a book a month, and attend at least three conferences yearly. Find a comfort zone participating in social media such as commenting on selective posts, participating in a Twitter chat, or writing a guest blog post. Most SaaS solutions offer trials and demo accounts, so invest some time to roll up the sleeves and see what works.   

Q: What advice would you give an early stage CIO joining an enterprise organization?

A: CIOs have to run in several parallel directions when joining an enterprise. First, significant time should be spent with business leaders to start developing relationships and ideally with customers to better understand how the organization’s products or services impact them. Second, they should conduct an end to end assessment of their department’s capabilities, strengths, and weaknesses along with a review of underlying practices and technologies. Finally, they should select a handful of departments that have strategic priorities and may be underserved technically.

CIOs in their first hundred days should be looking to answer several questions. Where are the strategic priorities where technology can make an impact? What are some quick wins and other initiatives that need to be on the roadmap? What major risks have not been communicated or don’t have mitigation plans? What are the gaps in IT that the CIO needs to address and may need financial help, collaboration, or forgiveness in their early goings? What areas of the organization are early adopters to new practices and technologies versus others that are slower to change or others that may be detractors?

CIO roles have to pull this information together quickly to formulate and communicate a go-forward strategy and plan.


Isaac Sacolick (@NYIke) is the Founder and President of StarCIO, a services company that helps clients succeed with data and technology while executing “smarter, faster, and more innovative” transformation programs. Isaac is a successful CIO who has led digital transformation, product development, innovation, agile management, and data science programs in multiple organizations. He is the author of the Amazon bestseller, Driving Digital: The Leader’s Guide to Business Transformation Through Technology, and has written over four hundred articles as a contributing editor at InfoWorld, and Social, Agile and Transformation. He is an industry speaker on digital transformation, becoming a data driven organization, artificial intelligence, agile management, and other leadership topics. Isaac has  been recognized as a top digital influence by IDG, Enterprise Management 360, and Thinkers360, a top 100 CIO in STEM, a top social CIO by HuffPost, Forbes, and HP Enterprise.

Philadelphia University’s Cybersecurity Program Receives “Top Curriculum” in the US, an industry-leading educational research organization, has named La Salle University’s Master of Science in Cybersecurity a top 25 internet security program for 2019, and also awarded the program “best curriculum.” analyzed every online master’s program in internet security in the nation with a team of 43 industry experts, hiring managers, current students and alumni.

According to, the study leveraged “an exclusive data set comprised of interviews and surveys from current students and alumni in addition to insights gained from human resources professionals.” Their methodology weighted academic quality (academic metrics, online programming, and faculty training and credentials) at 40 percent, student success (graduate reputation, student engagement, and student services and technology) at 40 percent, and affordability (average net cost, percent of students with loans, and default rate) at 20 percent. The study incorporated current data from the Integrated Postsecondary Education Data System (IPEDS) and statistical data from the National Center for Education Statistics. Only programs from accredited nonprofit institutions were eligible.

“We are honored to be recognized as a top 25 internet security master’s program, with a special nod to our curriculum,” says Peggy McCoey, assistant professor and graduate director for La Salle’s M.S. in Cybersecurity. “We have developed a flexible, rigorous, and highly relevant program to ensure today’s students develop competencies in cybersecurity management as well as breach detection, mitigation and prevention. The Program balances both theoretical and practical aspects and draws key learnings from industry practitioners to ensure attention to ethical principles and changes related to cybersecurity.”

La Salle’s M.S. in Cybersecurity is a 100 percent online asynchronous program with three start dates and eight-week courses so students can complete two courses per semester. noted its “engaging courses in cyberwarfare, cybercrime and digital forensics” in support of its “best curriculum” designation[…] Read more ».



The Shift in Security Operations in a Multi-Cloud World

As cybersecurity continues to become more complex and harder to manage, the role of security operations for organizations is also shifting across the board. Long gone are the days where firewalls or intrusion detection systems (IDS) could keep adversaries outside the perimeter. Instead, we are seeing increases in both size and frequency of attacks leading to more pronounced impacts to the business.

There are two primary factors that driving this change. To be successful today, modern security operations needs to understand these drivers and evolve their processes, procedures and tools to meet these new challenges.

The first driver has little to do with security as we think about it today. The modern IT organization is being required to deliver more business value at higher velocity with reduced costs. The most recent Rightscale State of the Cloud Report states that 85 percent of enterprises now rely on multiple clouds. This trend makes perfect sense as IT organizations reach for the best tools possible to meet their goals. However, the diversity of platforms and tools has driven more complexity in to the security operations than they were designed or resourced to accept. In my experience, most organziations have difficulty understanding where their data resides in the suite of platforms in use, let alone how that data is being protected.

The second driver is directly related to the security landscape. Over the past five years, we’ve seen the results from the investments adversaries have made in expertise. Modern attacks performed by advanced persistent threat (APT) groups rarely use sophisticated methods like zero-day attacks. Instead, these groups are characterized by the “persistent” component of their moniker. A consistent set of attacks, powered by cybersecurity expertise, is capable of breaching most organizations using traditional prevention or deterrence techniques […] Read more »