No Password Required: LIVE From Sunshine Cyber Con
Corruption, Crime and Compliance : Cybersecurity and Compliance: The Growing Partnership of CISOs and CCOs
Episode 282 -- CISO and CCOs -- The Evolving Partnership
Compliance Into The Weeds - HanesBrands Cyber Security Breach Disclosure
Cyberside Chats: Protect Your Crown Jewels – Nobody breaks into a bank to steal the posters
Cyberside Chats: Don’t silo your risk from legal (with Ingrid Rodriguez)
Cyberside Chats: Everyone wants to be Batman. Hacking Back & Cybersecurity Law
No Password Required: The Philosopher CISO of Tallahassee Who Lives to Help Other People
CyberSide Chats: Recap of the White House Cyber Summit (with Amanda Fennell)
Marti Arvin and Anthony Buenger on the CMMC Framework
As we welcome 2025, here are 10 must-read Constangy bulletins and blog posts from 2024, highlighting insights that guided our readers through important legal developments, workplace issues, and the challenges in cybersecurity...more
Joseph Sullivan, Uber’s beleaguered former Chief Information Security Officer, was back in the news last month when he appealed his 2023 conviction for his role in concealing a 2016 breach of Uber’s network and customer data....more
What do the SolarWinds ruling and other recent developments mean for the future of the SEC’s cyber regulatory program? Will the SEC’s “lack of moderation” result in “violent ends” for its cyber agenda? Or will the current...more
This Holland & Knight blog post is the second installment in a two-part series that examines the challenges to the U.S. Securities and Exchange Commission's (SEC) charges in its landmark case against SolarWinds Corp....more
On July 18, 2024, District Court Judge Engelmayer of the Southern District of New York issued his 107-page opinion and order dismissing most – but not all – of the landmark allegations of the SEC against SolarWinds Corp. and...more
On July 18, a New York federal judge threw out most of the SEC’s claims brought against both SolarWinds Corp. and the company’s chief information security officer (CISO), Timothy Brown....more
The SEC continues to expand its cybersecurity enforcement authority to include allegations that a company's failure to monitor its managed security service providers (MSSP) amounts to violations of federal securities laws....more
Managing these risks at a single company should be straightforward. Executives and CISOs may be personally held accountable for cyber failings, negligence, breaches, and inadequate disclosure around cyber vulnerabilities and...more
At this point, it is self-evident that companies are grappling with an ever-evolving (think: tougher) cyber risk terrain. However, two recent cases against companies and their Chief Information Security Officers (CISOs),...more
On October 30, 2023, the Securities and Exchange Commission filed a securities fraud claim in federal court in the Southern District of New York against SolarWinds Corporation as well as its Chief Information Security...more
According to a New York Times story this weekend, the Security Exchange Commission’s lawsuit against SolarWinds is driving discussions in boardrooms and corporate security departments of large organizations about the handling...more
On October 30, the US Securities and Exchange Commission (SEC) announced fraud charges against SolarWinds and its former chief information security officer (CISO), alleging that “SolarWinds’ public statements about its...more
The Securities and Exchange Commission (SEC) is ratcheting up the pressure on chief information security officers (CISOs)—and it’s entirely deliberate. In this post, I’ll discuss the litigation landscape against SolarWinds,...more
The cyber breach of SolarWinds’ software in 2020 (the “SolarWinds breach” or “cyber breach”) has been described as the “largest and most sophisticated attack the world has ever seen.” As a result of the cyber breach,...more
On July 26, 2023, the Securities and Exchange Commission (SEC) implemented new cybersecurity rules to require disclosure of material cybersecurity incidents within four business days, with limited exceptions. Additionally,...more
When Louis A. Aguilar was a commissioner at the Securities and Exchange Commission, he helped organize the SEC’s March 2014 roundtable to discuss the cyber risks facing public companies. The numerous data breaches that have...more
Second Round of Cybersecurity Examinations to Begin - On September 15, 2015, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) issued a Risk Alert announcing a...more