Andrew Hernandez

Bedel Security Friday5 graphic on identity as the new perimeter in cybersecurity.

2 min read

Identity Is the New Perimeter

Andrew Hernandez: Mar 27, 2026

For years, cybersecurity strategies were built around a clear boundary: the network perimeter. Firewalls, intrusion detection systems, and network segmentation formed the front line of defense. But that model no longer reflects how modern attacks...

Governance Access & Authentication Zero Trust NIST-CSF Identity and Access Management
Read More
Team of professionals working at computers in a modern office, representing internal cybersecurity risk and governance for community banks

3 min read

Internal vs. External Cyber Threats

Andrew Hernandez: Jan 23, 2026

Internal vs. External Cyber Threats: Why Internal Risk Defines Cybersecurity Outcomes for Community Banks

Threats Governance Access Reviews Zero Trust NIST-CSF Insider Threats
Read More

4 min read

MFA Prompt Bombing: When Multi-Factor Authentication Becomes a Nuisance — and a Risk

Andrew Hernandez: Nov 7, 2025

Multi-factor authentication (MFA) is widely considered one of the best affordable controls for preventing account takeover. But like every security...

Threats Incident Response MFA Multi-factor Authentication User Testing and Training
Read More

2 min read

Cracking Codes and Crushing Rocks: What Geology Can Teach Us About Cryptography

Andrew Hernandez: Sep 12, 2025

At first glance, geology and cryptography may seem worlds apart—one is the study of rocks, layers, and the passage of deep time; the other, the...

Threats Information Security Program Cybersecurity Encryption Cryptography
Read More

2 min read

From Compliance to Confidence

Andrew Hernandez: May 16, 2025

Building a Risk-Based Information Security Program for Community Banks For many community banks, passing a regulatory exam can feel like a victory...

Risk Assessment Cybersecurity Risk Management Regulatory Compliance NIST-CSF
Read More

5 min read

AI Model Risk Management in Financial Institutions

Andrew Hernandez: Mar 20, 2025

Today we’ll discuss our newest and perhaps most ubiquitous buzzword: AI (Artificial Intelligence). Identifying and mitigating risks of AI are...

Information Security Program AI Artificial Intelligence Risk Management DLP Regulatory Compliance
Read More

2 min read

Network Segmentation:  How Much Is Enough?

Andrew Hernandez: Jan 30, 2025

Network segmentation is one of those terms that gets thrown around a lot, like the principle of least privilege and role-based access, as if it was...

Risk Management Network Network Segmentation Monitoring & Oversight
Read More