Home / Resources / Blog / Author / J.R. Cunningham

J.R. Cunningham

VP, Product Management

J.R. Cunningham is an accomplished innovator and premier thinker in cyber security and risk management. As vice president of product management, Cunningham is responsible for maintaining Optiv’s industry leading advisory services offerings and developing innovative and practical solutions that solve real-world security challenges.

Part 2: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

March 8, 2018 · By J.R. Cunningham ·

In part 1 of this series, we provided insights responding to the frequent question regarding control frameworks and their place in the security strategy. During hundreds of strategy, risk and compliance engagements, we have seen that security programs (of different levels of maturity) are most successful when they participate in regular tune-ups to keep up with the business. In this installment, we will discuss the “how”—understanding the business, the role of the threat, current steps and the best way to approach the gaps, which doesn’t necessarily mean filling them.

Part 1: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

February 28, 2018 · By J.R. Cunningham ·

During hundreds of strategy, risk and compliance engagements, Optiv’s consultants often have been asked very thoughtful and deep questions about control frameworks and standards by our clients. Such topics often center on which of these frameworks and standards are most appropriate for a particular organization, which specific controls are most important, and in what order and to what depth an organization should pursue maturity with a particular set of controls. In this two-part blog series, I’d like to share some field observations on this topic gathered by Optiv’s strategy, risk and compliance teams.

The GDPR 90-Day Countdown is On! (No Need to Freak Out)

February 26, 2018 · By J.R. Cunningham ·

May 25, 2018 is a day that many organizations have (or should have) marked on their calendars as a game-changing moment for their business. That’s the “go-live” date for the European Union’s General Data Protection Regulation (GDPR). As I previously wrote, this truly is a groundbreaking piece of legislation that should be taken very seriously. And if you read the countless GDPR-related research reports and surveys, it’s clear that few (if any) US companies impacted by the regulation will be fully compliant in the next 90 days.

Want to be a Great Security Leader? You Need a Great Lawyer

December 7, 2017 · By J.R. Cunningham ·

Information security continues to evolve as a profession, and this is certainly evident in the role that legislation, privacy, third-party risk and incident management play in the daily life of the information security leader. More often, as I meet with clients to discuss security strategy and risk, security leaders are struggling with the myriad of compliance requirements, various state and national privacy laws, and their relationship with the information security program.

GDPR Part 3: GDPR and the Information Security Program

November 7, 2017 · By J.R. Cunningham ·

In this third and final part of the series, we’ll spend some time bringing GDPR and its various requirements back into the information security program in an effort to identify areas where GDPR compliance may become a side-effect of a business-aligned, risk-based, data-centric and threat-aware information security program.

GDPR Part 2: The Six Information Security Pillars

October 31, 2017 · By J.R. Cunningham ·

In this second part of the series, we will discuss Optiv’s Six Information Security Pillars for GDPR compliance. For the information security professional, these six pillars will look familiar as standard components of an effective information security program. For this discussion, however, we will be relating these components of the information security program to the various applicable components of the GDPR.

GDPR Part 1: A Legal, IT, or Information Security Issue?

October 25, 2017 · By J.R. Cunningham ·

The General Data Protection Regulation (GDPR) is a new regulation affecting organizations that reside in the European Union (EU) or merely transmit EU citizen data. The regulation is designed to strengthen data protection of this personal information and non-compliance comes with hefty penalties. Fines for the most serious infringements of GDPR are 20 million EUR or four percent of global revenue, whichever is greater.

Cyber Security Public Policy

January 21, 2015 · By J.R. Cunningham ·

Imagine a scenario where a highly motivated, trained, and well equipped enemy launched an invasion against the United States. Upon arriving at our shores, this enemy began grabbing anything of value—everything not literally fastened to the ground, and loaded these things onto a ship to take it back home. This scenario sounds far-fetched—but it’s happening every hour of every day here in the United States.

Leveraging Policy and Procedure to Get the Most Out of Cyber Defense Technology

July 9, 2014 · By J.R. Cunningham ·

Why Policy and Procedure is Critical to Effective Technology Countermeasure Deployment Technology countermeasures have come a long way since the dawn of information technology security. Just over a decade ago, IT security technology could be loosely categorized into endpoint and network security. With these broad categories one would have covered the vast majority of technology countermeasures

(9 Results)

Stay Connected

Subscribe to our Blog RSS feed to stay up-to-date on latest news.