Chris Strand Joins IntSights to Launch Innovative Cyber Compliance Offering
February 25th, 2020
Subscribe to our blog and stay up to date
After an eight-and-a-half year run successfully building out the cyber-compliance pillar at Carbon Black (now VMWare Carbon Black), I am very excited and grateful to be joining IntSights as Chief Compliance Officer. I arrived at my decision after long inspection and careful consideration into every aspect of what makes a security solutions company ready to enter the world of cyber-compliance, as well as what market is going to be next to help bridge the gap between security and compliance. I believe IntSights is poised to execute on both.
A-Players Ready for Cyber-Compliance
IntSights is already a team of A-Players with the right amount of out-of-the-box creative thinking mixed with a healthy dose of aggressive determination, along with an impressive commitment to helping businesses make sense of the CTI (cyber threat intelligence) world. All these factors mixed with a leadership team that’s passionate about collaboration, life-long-learning, and off the charts industry security experience and intellect, makes me certain that IntSights is ready to hit this new market hard with a best in class threat intelligence platform that will provide clarity and visibility into the world of security assessment, audit, and regulatory compliance.
Security and Compliance Controls
Anyone who has worked with me in the past will know that I take every opportunity to stress that compliance does not always equal security. This is something that the industry has come to realize after many years of the “check-the-box” practice of security assessments that didn’t always lead to positive outcomes. I’ve spoken with many CISOs, CSOs, and CIOs on this subject over the years as we explored how to change the narrative within organizations on the benefits of being truly “security control compliant”. Having proactive advanced measure and visibility into the risk to security controls that are supposed to be in place to protect our systems will give us greater assurance to know that we are safe from cyber-threats as well as reduce the liability associated with regulatory compliance and data privacy laws. IntSights has assembled an impressive arsenal of solutions that will provide immediate value to the process of security assessment, and more importantly, solutions that will help measure security posture.
Change the Narrative
With most modern security frameworks and security regulations much time and inspection is spent on analyzing the advisory ecosystem, the attack stages, the attacker persona and their techniques. This is worthy analysis, and an area where I’ve spent many years studying and developing upon in order to enrich my own programs. However, in order to win this fight and deliver a solution that will address the divide between security and compliance, we’re going to need to make a shift and change the narrative. I believe that in order to get the real picture on security control risk and compliance liability we need to spend more time on the early stages of the exploit chain, during the reconnaissance and planning stages, collecting a pre-cognitive view of the risk that our organizations are facing. This is the true potential advantage of CTI technologies but with IntSights’ trajectory towards adding automation to risk measure and liability metrics providing clarity to security posture, I believe we can move further towards meeting our mandates around data security while bridging the gap between security and compliance.
Priority One: Defending Forward
The first order of business for me is to look at the immediate opportunities where CTI will help to refine and add value to the security assessment market… and there are many! I’ve seen many of the same formulas run their course over multiple times in my career. Many of these still consistently present a challenge to the cyber-compliance and security market. Issues like system EOL (End of Life), currently causing stress for those in the market with heavy installations of Windows 7 and Windows 2008 Server. All those unpatched systems pose a threat to both the security and compliance posture of organizations who are forced to utilize them. The ongoing pressure of the many data privacy laws such as the GDPR and the recent CCPA, present a complex security and compliance challenge. The IntSights Vulnerability Risk Analyzer, Threat Orchestration, and Threat Intelligence Platform will help to provide initial inspection into both the risks that are evolving and targeting an organization's security posture. Initially these products will also provide visibility and answers on the compliance controls that need to be in place to prove protection of those unpatched EOL systems and provide automated and material proof that the controls in place to protect your organizations critical data and PII are at the least possible risk.
Learn how IntSights generates significant ROI for its users by reading The Total Economic Impact™ of the IntSights External Threat Protection Suite, a Forrester Consulting study commissioned by IntSights.
Christopher Strand is the Chief Compliance Officer at IntSights. As CCO, he is responsible for leading the global security risk and compliance business, helping companies bridge the gap between cybersecurity and regulatory cyber-compliance. Chris has more than 20 years of subject matter expertise in information technology and security audit assessment and he specializes in developing enterprise security platforms and markets within hyper-growth organizations. Prior to joining Intsights, Chris launched and led the cyber-compliance business at Carbon Black (acquired by VMWare), and has held leadership and compliance specialist roles at other flagship security companies such as RSA, Trustwave, and Tripwire.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.