17 Posts

Brian Evans

Senior Managing Consultant, IBM

    Brian Evans, CISSP, CISM, CISA, CGEIT is a Senior Managing Consultant for IBM Security Services and assists clients in building regulatory compliant information security programs. With over 20 years of combined experience in IT management, consulting and information security, Brian has served in the role of Chief Information Security Officer for a variety of organizations and worked in various industries. He has led the Incident Response and Computer Forensic Investigations teams for Nationwide Insurance and was Vice President, IT Risk Management at KeyBank and JPMorgan Chase. Brian held director level positions with CynergisTek and Computer Task Group consultancy firms and started his career in the U.S. Air Force. He has earned a Master’s in Public Administration from the University of Cincinnati and a B.S. in Business Management from the University of Maryland.

    Written By Brian Evans

    Security Considerations for Whatever Cloud Service Model You Adopt

    Regardless of what cloud service model you adopt, it's important to consider security implications related to application development, data and contract management, and IT asset governance.

    How to Build a System Hardening Program From the Ground Up

    System hardening is more than just creating configuration standards; it involves identifying and tracking assets, drafting a configuration management methodology, and maintaining system parameters.

    The System Development Life Cycle: A Phased Approach to Application Security

    By completing the phases of the system development life cycle (SDLC), security teams can integrate processes and technologies into the development process and improve application security.

    What’s Holding Back GDPR Compliance Efforts?

    Organizations can fast-track their GDPR compliance efforts by focusing on three crucial areas: awareness and understanding; accountability and responsibility; and resources and support.

    The Expanding Role of the CISO: Seven Attributes of a Successful Security Leader

    The role of the security leader is expanding, and CISOs must posses strong communication skills, extensive technical knowledge, analytical minds and the respect of their peers to be successful.

    CTRL-ALT-DELETE Before You Leave Your Seat! Security Awareness and Training Through Positive Reinforcement

    Security leaders should infuse positive reinforcement into their security awareness and training programs to encourage users to adopt best practices.

    The Time for IT Asset Management Is Now

    Due to the rapidly shifting technology landscape, a robust, dynamic and well-funded IT asset management program is a prerequisite to success in business.

    Shrink Your Enterprise Cloud Computing Security Concerns With a Cloud Vendor Risk Management Program

    Security professionals need a layered, end-to-end life cycle approach to managing the security risks associated with enterprise cloud computing.

    Assessing Risks and Remediating Threats With a Layered Approach to Vulnerability Management

    For many companies, vulnerability management still amounts to an ongoing game of whack-a-mole to identify and remediate threats.

    Make Attorney-Client Privilege Part of Your Incident Response Strategy

    Attorney-client privilege can be a key asset to an organization's incident response strategy in the event of a security breach.