Summit Security Group is a multi-disciplinary firm specializing in Information Security, Risk Management and Regulatory Compliance. Our team brings years of experience across many different industries challenged with compliance regulations including healthcare, finance, and higher education. We are passionate about helping our clients navigate the complex technological and process-heavy compliance landscape. The team at Summit realizes that in the world of Information Security, one size does not fit all. Our engagements are tailored to each client’s unique environment and needs and we are committed to their success.
Summit Security Group的外部链接
8152 SW Hall Blvd.
#209
US,Oregon,Beaverton,97008
Make sure to say hello to Jennifer Cecil if you are headed to the #PNWCyberSummit
Excited to be heading to the PNW Cyber Summit tomorrow! Looking forward to learning from industry leaders and connecting with fellow cybersecurity professionals. Say hello if you see me! #PNWCyberSummit #cybersecurity #networking
A friend of mine working as a system administrator told me he was having issues convincing his leadership to get a technical security review, as his leadership didn't understand computers and didn't want to. I told him that the next time he brings this up to them, he should pose the following question: "How would our business function without an IT department?". I mean money has to be handled somehow, people have orders to place, truck delivery times need to be recorded, so the obvious connotation is that the business couldn't function without IT. This is the case for many businesses. Only seldom can I find one that does not rely on information technology to function efficiently. (Let me know of some in the comments.) Not all security incidents bring down a company, but many often disturb operations and end up costing more in damages than what it would've costed had they prioritized security beforehand. The recent ransomware attack on UMC Health System is a great example of what happens when IT goes down. In their case, they had to literaly refuse level 1 trauma patients who needed surgery: https://lnkd.in/g3ndHh7u Nobody can perfectly defend themselves from these sort of catastrophic attacks, but you can certainly reduce your chances of being affected by them by understanding the importance of IT and the security it needs. Save your money, and let the good guys point out your weaknesses before the bad guys do. #ransomware #security #cybersecurity #IT #informationtechnology
Experienced Cybersecurity Professional with over 20 years of experience and a proven track record of leading high-performing teams and driving business growth
I'm so excited to be attending the IT Leadership Summit in Portland on October 9th at the Hyatt Regency! Both Daniel Briley and I from Summit will be there. This event is a fantastic opportunity to connect with industry leaders, learn about the latest trends, and network with like-minded professionals. I'm particularly looking forward to Steve Brown's keynote. If you're an IT leader in the Portland area, I highly recommend checking it out. https://lnkd.in/gFEzAGvY #ITLeadership #Portland #Networking #Event
Experienced Cybersecurity Professional with over 20 years of experience and a proven track record of leading high-performing teams and driving business growth
I can't wait to head down to Eugene for the Oregon Cyber Resilience Summit at the University of Oregon! I wasn't able to attend last year, and I'm excited to be going this year. If you're also going to be there LMK if you want to meet up. https://ocrs.uoregon.edu/ #cybersecurity #universityoforegon #goducks #cyberresilience
Experienced Cybersecurity Professional with over 20 years of experience and a proven track record of leading high-performing teams and driving business growth
I’m looking forward to attending this year. #ocrs #goducks #cybersecurity #uoinfosec
The time for the Oregon Cyber Resilience Summit - OCRS (https://ocrs.uoregon.edu) is approaching fast. If you have not registered for this year's event, visit https://lnkd.in/g6B_X8X7 and take a look at the exciting agenda that we have put together for this year. To register visit https://lnkd.in/gDvkTQdc. I am looking forward to seeing many of you on October 8, 2024 at the University of Oregon campus in Eugene, Oregon. #ocrs #oregoncyberresiliencesummit #oregoncyberresilience #goducks #universityoforegon #mightyoregon #cybersecurity #uoinfosec #uocybersecurity #security
Experienced Cybersecurity Professional with over 20 years of experience and a proven track record of leading high-performing teams and driving business growth
I'm listening in on the monthly Cyber AB Town Hall, and they're saying CMMC could start as soon as mid-December. #cmmc #cybersecurity #dod
Experienced Cybersecurity Professional with over 20 years of experience and a proven track record of leading high-performing teams and driving business growth
Well this wasn't a boring weekend, that's for sure. https://lnkd.in/gHTZvs3k The CMMC Final Rule isn't inching towards being published in the Federal Registry, it's rocketing towards it. This plus the NIST 171 r3 update earlier this year means there's a lot to do for Defense Contractors that want to keep their contracts. What does that all mean? If your company is a DOD prime or sub contractor, and you aren't sure beyond a shadow of a doubt that you can get a perfect score on a NIST 171a r3 assessment then you've got a lot of work on your hands. #cybersecurity #dod #cmmc
Experienced Cybersecurity Professional with over 20 years of experience and a proven track record of leading high-performing teams and driving business growth
Don't get caught unprepared! Backups are crucial for recovering from cyberattacks, hardware failures, human error, and other disruptions and outages. The 3-2-1 Backup Rule offers a simple framework: 3 copies: Maintain three total copies of your data - the original and two backups. 2 media types: Store backups on at least two different storage mediums for added security. 1 offsite copy: Keep one backup copy offsite for disaster recovery. Learn more about the 3-2-1 Backup Rule and securing your data: https://lnkd.in/gPW-BFKE #cybersecurity #datasecurity #backup #321rule #disasterrecovery
It crossed my mind that many companies do not implement any policies or procedures to validate the authenticity and integrity of the software (packages, binaries, libraries, operating systems) they use in their products. Do you or your company have a method of vetting third-party vendors and their code? Do you maintain a list of public keys for projects you trust? Do all of your developers meticulously validate that the software they are using is authentic and complete? The answer is probably 'no', and by avoiding these steps, you might inadvertently expand your attack surface, introduce backdoors, and increase technical debt. Even if you did want to validate the software you use, many companies wouldn't know where to start. Morever, taking the time to learn how to do this is tricky, unintuitive, and time-consuming, which is why I wrote the below article to help. https://lnkd.in/g8X5-U_M You will learn the dangers of untrusted code from real-world events, how to identify unauthentic and corrupted software, and how you can set yourself up to check for these things on a routine basis. Validating the authenticity and integrity of software is not a catch-all and will not protect you from every risk associated with third-party software, but it is a foundational step you can take to save yourself from many forms of supply-chain attacks. Stay safe out there!
Experienced Cybersecurity Professional with over 20 years of experience and a proven track record of leading high-performing teams and driving business growth
We've just published a new article from our Security Engineer, John O.. I often use the phrase, "Trust but Verify" with regard to security audits and assessments. Here John takes a different path and applies it to the Dangers of Unverified Software. https://lnkd.in/g4cvyCfH #cybersecurity #infosec #trustbutverify #summitsecuritygroup #shadowit