Join the retired investigator guild and shared purpose partners @ Old Homestead Steakhouse, NYC 1/241/16/2025 There are countless unsolved murders, lives devastated by human trafficking, and cybercriminals operating in the shadows. We’re calling on our network of professionals—whether you’re a seasoned law enforcement officer, cyber operator, or simply someone passionate about justice—to join us in making a difference.
Together, we can tackle these challenges head-on with advanced cyber operations, collaborative problem-solving, and a shared commitment to stopping the bad guys. Your support, whether as an individual, corporation, or philanthropic partner, can help us bring closure to families, protect the vulnerable, and dismantle criminal networks. Let’s make an impact together—because justice shouldn’t wait Introduction
Meet Tom Brennan, Managing Partner at Proactive Risk, where expertise and experience converge to safeguard critical national infrastructure (CNI) organizations. As a co-author of multiple cybersecurity titles, Brennan possesses unmatched knowledge, enabling him to effectively secure CNI organizations against emerging threats. We recently sat down with Brennan to explore Proactive Risk's bespoke approach, leveraging a small, seasoned team to deliver tailored solutions. Learn about the challenges they're addressing in the CNI space and how their consultative expertise is driving meaningful impact. 1. What does Proactive Risk do? What is your role?As Managing Partner at Proactive Risk, I lead a team of experts dedicated to helping governments and critical national infrastructure organizations navigate complex risk landscapes. Our boutique consultancy specializes in risk management, security assessments, and compliance solutions, delivering tailored technical advisory services to support our clients' most pressing needs. 2. What solutions/services does Proactive Risk offer? We offer a range of solutions and services, but my expertise lies in advisory, assessment, and operations. Our advisory and assessment services involve evaluating organizations against established frameworks and providing guidance on best practices, regulatory compliance, and government controls. What sets us apart is our hands-on experience. We don't just provide checklists. We offer expert consulting rooted in real-world experience. With 20 years of experience in the field, including hands-on keyboard time, I bring a depth of knowledge to high-level consulting. My focus is on strategic guidance, spanning multiple areas, rather than just checking boxes or offering generic advice. 3. Do you specialize in any specific areas (industries, services, frameworks, etc.)? We specialize in serving the CNI industry, with expertise aligned to the CISA's Cross-Sector Cybersecurity Performance Goals and Center for Internet Security (CIS) controls. While we guide organizations through compliance journeys, we emphasize that compliance is merely the foundation — true security demands a more nuanced and comprehensive approach. 4. What differentiates Proactive Risk from others in the space? How do you stand out? For the full interview click here Scenario 1: Ransomware Attack on Critical Legal Systems
Background: The law firm is targeted by a sophisticated ransomware attack that locks down critical legal systems, including case management software, document repositories, and billing systems. The attackers demand a ransom in cryptocurrency, threatening to release sensitive client information unless the payment is made. The firm is also experiencing significant downtime, which is affecting its ability to deliver legal services to both business and individual clients. Objectives:
Scenario 2: Data Breach and Client Confidentiality Violation Background: A third-party vendor that the law firm uses for document storage and management is breached in a cyber attack, exposing confidential client information, including legal briefs, personal identification data, and financial records. The vendor’s data center has been compromised, and a hacker has accessed sensitive files and emails. The breach affects both business clients and individuals, with some clients being high-profile individuals, corporations, and governmental entities. Objectives:
Both scenarios involve cross-functional collaboration between legal, financial, IT, and communications teams, with an emphasis on managing client relationships, maintaining regulatory compliance, and minimizing reputational damage These exercises will test the firm’s ability to respond to complex, high-stakes incidents involving sensitive client data. |
CategoriesTom BrennanThis is my blog, there are many like it but this one is mine. Enjoy. BLOG Archives
January 2025
|