Why Accounting, Disaster Recovery and Incident Response Are Critical In Any Organization With Ted Carlson

In this episode of CHATTINN CYBER, Marc Schein interviews Ted Carlson, Co-Founder and President of Marcum Technology, a renowned Information Technology Consulting Firm in the US. During the conversation, Ted and Marc explore the former’s journey into consulting and technology, Marcum’s service and client diversity, and some thoughts on ransomware attacks.

Marcum Technology is essentially an accounting firm, with technology being its core driver. In addition, the firm offers robotic process automation, business continuity, disaster recovery, and incident response through digital forensics. Ted explains how the company helps organizations prevent ransomware incidents by using parallel networks, adequate backups, and strong infrastructure. He adds that depending on the severity of the attack, the recovery process could vary. Firms should practice testing and rehearsal to ensure business continuity during an attack.

Gathering lessons from his entrepreneurial journey, Ted suggests why you shouldn’t be hesitant to chase your passion. Though taking advice from people could help sometimes, it’s essential to do what you enjoy because that’s what would produce better results sometime down the road. He also states why you might not want to wait for years shifting and switching jobs only to choose another path later – it would be challenging to restart your career 20-30 years after. Don’t let people hold you back from living your dreams.

Tune in to the episode to learn what it takes to build a successful career in the rapidly evolving consulting industry.

Highlights:

“Whenever there’s a merger or acquisition, we’re basically stripping off the technology components of those firms. And we’re kind of blending them into the marking technology division.”

“You can take a certain advice from people, but you really, at the end of the day, have to do what you enjoy, and (do) whatever you feel confident, and that will produce better results down the road.”

“Whatever interests you have, and whatever excites you, I would say, don’t wait, because a lot of people end up waiting and switching during career changes 20-30 years later. And, it’s not that easy to do.”

Time-Stamps:

[00:41] – Ted’s entrepreneurial journey

[01:22] – Advice for college students to chase their passion

[04:18] – More about Marcum

[05:19] – How to prevent ransomware incidents in companies

Connect with Ted:

LinkedIn: https://www.linkedin.com/in/ted-carlson-14977a18/

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Understanding the 3 Tiers Of Cybersecurity Regulation With John T. Wolak

In this episode of CHATTINN CYBER, Marc Schein interviews John T. Wolak, chairman of the Privacy & Data Security Team at Gibbons P.C. He has extensive experience handling privacy and security issues, cyber insurance coverage, policies, endorsements, risk mitigation and exposure, and due diligence for regulatory compliance. He has been named an “Insurance Lawyer of the Year” (Newark, NJ) by Best Lawyers® and selected for the New Jersey Super Lawyers list for Insurance Law. During the conversation, John recollects his journey into cybersecurity, his experience working with the Y2K problem, biometric technology, and the regulatory tiers that apply to biometric data handling.

After graduating law school, John clerked for a federal district court judge in New Jersey. He then joined Gibbons, and as a young associate, he was staffed on one of the most massive environmental insurance coverage matters of the late 80s and early 90s, an experience that proved not only challenging but very interesting. It set his trajectory in legal practice. He later got involved in the Y2K bubble, which ironically wrapped up in early January 2000. Over the years, John has counselled, covered and handled various cyber issues, most recently, diving into biometrics.

Drawing parallels between the Y2K problem (or the Year 2000 problem) that “caused” data formatting and storage issues after the year 2000, and the issues surrounding cybersecurity today, John explains how uncertainty is the common ground. We’re now faced with the uncertainty of compliance obligations, risk mitigation, and cyberattacks, especially since biometric data usage has increased.

Biometrics are the physical or behavioral characteristics that are used to measure or identify an individual, including facial recognition and fingerprints. With biometric verifications and data usage on the rise, privacy advocates are increasingly concerned about its risks and possible violations.

Biometric data has three tiers of regulation. The first is the biometrics-specific regulation that addresses only biometric information and its collection, use, processing and storage. The second tier is biometrics within the definition of personal information, and the state-specific regulatory regimes, like the CCPA, the Colorado statute, and the Virginia statute that say any individual’s personal information must be appropriately used, stored and protected to ensure privacy and security. Most states have included biometric information within their Breach Notification statute and require notification of a breach involving an actual fingerprint or algorithmic formulae of a fingerprint – that’s the third tier.

Towards the close of the episode, John shares why individuals need to be aware of the private right of action, and how it can be a pain or a joy for different people. The private right of action is a statutory provision that provides private citizens the ability to enforce compliance with a statute by commencing a lawsuit against an entity violating the statute. It can generate a lot of litigation, and often proves a joy to plaintiff’s lawyers as any failure may allow the plaintiff or plaintiffs in a class action to recover statutory damages. The pain caused is to the business that does not comply with the statute and is the target of the lawsuit and damages.

Listen in to learn more about the cybersecurity regulations in effect today.

Highlights:

“The y2k risk was kind of the fear of the unknown. What was going to happen if my computer system completely goes down? That’s a simple statement, or simplistic statement about the issue, but it was the fear of the unknown.”

“If you’re a cyber person, that’s where you look. But you may have competitive situations where your due diligence opportunities are going to be somewhat limited and targeted, and you’re to get through to next rounds, you may have some more confirmatory due diligence at the end.”

“So you have to do a risk assessment, and you have to allocate resources based on your assessment of the risks.  And obviously, the more sophisticated the risk assessor is, the better off that process can be. So, it is something that needs to be done at the outset. Because unless you do it at the outset, you’re not going to be able to engage in a really fully informed risk assessment process to allocate those resources.”

 

2947828.4 099999-00169

Time-Stamps:

[01:00] – John’s cybersecurity journey

[02:15] – Cybersecurity and M&A transactions

[09:44] – Front end, Back end, and Due diligence evaluation

[11:58] – Is there an increase in deals engaging reps and warranties coverage?