Brian Petzold

Recent Posts

Ruminations on the New Dodd-Frank Section 1033 Rule

by Brian Petzold | Dec 20, 2024

When the Dodd-Frank Act was passed in 2010, it included Section 1033. This section required the Consumer Financial Protection Bureau (CFPB) to create rules and standards requiring institutions to...

How I Became a vCISO

by Brian Petzold | Oct 25, 2024

I have a lot of passion for my role as a Virtual Chief Information Security Officer (vCISO) for financial institutions, and I am always happy to tell people why. It is because I grew up in banking...

The Waning Days of the CAT Arrive

by Brian Petzold | Sep 13, 2024

In late August, the FFIEC announced that they would sunset the Cybersecurity Assessment Tool (the “CAT”) on August 31, 2025. It had been apparent for some time that this would someday have to...

Control Assessments Vs. Risk Assessments

by Brian Petzold | Jul 19, 2024

When we first start working with new institutions, it is not unusual for us to see them struggling because they have focused their efforts on remediating controls that were found to be missing...

Is Ransomware Dying?

by Brian Petzold | May 17, 2024

In December 2023 the US Justice Department announced that they had disrupted operations of ALPHV/Blackcat, a ransomware group that was responsible for many of the most prolific attacks in 2023....

Consent Orders Put Focus on Third-Party Risk Management

by Brian Petzold | Apr 12, 2024

There have been multiple consent orders issued recently which have made it clear that regulators are starting to enforce new third-party risk management guidance issued in the middle of 2023,...

Best Practices to Ace Your Penetration Test

by Brian Petzold | Mar 1, 2024

Every institution should have an internal penetration test performed annually. The goal of the penetration test is for the tester to try to gain administrative access to the network. In our...

Adding Perspective to Tabletop Exercises

by Brian Petzold | Dec 1, 2023

Your institution likely performs periodic incident response tabletop exercises to help ensure you are ready when an incident occurs. At the beginning, the participants of the exercises were...

What is a Good Password Length?

by Brian Petzold | Oct 13, 2023

We are often asked what length passwords should be. The answer that we give in general is that we would like user passwords to be at least 14 characters and complex, and that administrator passwords...

Is Your M365 Conditional Access Unconditional?

by Brian Petzold | Sep 1, 2023

As attackers are finding new ways to get around multifactor authentication in Microsoft 365, conditional access is becoming more important. Conditional access refers to a set of policies in M365...

Want these articles delivered weekly to your inbox? Subscribe to our Newsletter!

Recent Posts

Stay in the Loop!