Cristin Flynn Goodwin
Redmond, Washington, United States
2K followers
500+ connections
Services
Contributions
-
How can you find the perfect cybersecurity role?
Ask questions. See someone on Twitter or LinkedIn with an interesting article or making a point you want to learn more about? Ask questions. The author or leader may not always be able to answer, but sometimes, you'll get a response. Then you'll learn something new and build a new connection. Building a portfolio or network is a part of your learning journey and when you treat it as an opportunity to learn, you and the people you interact with will both get more out of it! Good luck!
Activity
-
"i-SOON leaks, the gift that keeps on giving." Thank you Mei Danowski for amplifying and sharing Eugenio Benincasa's Pangu Team analysis.
"i-SOON leaks, the gift that keeps on giving." Thank you Mei Danowski for amplifying and sharing Eugenio Benincasa's Pangu Team analysis.
Liked by Cristin Flynn Goodwin
-
Job Alert for Security Peeps - Jesper Johansson is a technical expert and all-around fun person to work with, and you can hear him on the Advancing…
Job Alert for Security Peeps - Jesper Johansson is a technical expert and all-around fun person to work with, and you can hear him on the Advancing…
Shared by Cristin Flynn Goodwin
-
Cyber Legal Peeps - this is an issue you should track. Landon W. and the Nisos team gave a similar talk CYBERLAWCON recently and it was terrific…
Cyber Legal Peeps - this is an issue you should track. Landon W. and the Nisos team gave a similar talk CYBERLAWCON recently and it was terrific…
Shared by Cristin Flynn Goodwin
Experience
-
Advanced Cyber Law
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Education
-
New York Law School
-
Activities and Societies: Vice Chair, NY Law School Moot Court Association; Order of the Barristers, 1997 Jessup Moot Court competitor, 1996, 1997
-
-
Publications
-
Pardon the "Intrusion": advancing the dialogue on export controls and "intrusion software"
Microsoft EU Policy Blog
See publicationEncouraging EU companies to get engaged on the intrusion software debate and how governments need to increase transparency into how cybersecurity controls are implemented.
-
Rethinking Intrusion Software
Microsoft
See publicationPaper co-written with Anne Marie Griffin, Thomas Peltier and John Walton of Microsoft on ways in which we can think about cybersecurity in export control without restricting tools and capabilities for the security community worldwide.
-
"A framework for cybersecurity information sharing and risk reduction"
Microsoft
Laying out an approach for governments looking at ways to enable information sharing regimes to ensure that information continues to reach the security experts who need it most.
Other authors -
-
"Cybersecurity in the age of cities: Developing a city strategy for Cybersecurity"
Microsoft Secure Blog
Following our model National Strategy for Cybersecurity, this paper aims at cybersecurity strategies in major cities and considers ways to think about cybersecurity at the metro policy level.
Other authors -
-
"Developing a National Strategy for Cybersecurity"
Microsoft on the Issues Blog
On the 10 year anniversary of the US National Strategy for Cybersecurity, we released a model strategy for any nations considering a new strategy or rethinking their approach, with a focus on a risk-based, outcome-focused approach.
Other authors -
More activity by Cristin
-
The issue of employment fraud related to the Democratic People's Republic of Korea (DPRK) is not a corporate or cyber security problem to solve…
The issue of employment fraud related to the Democratic People's Republic of Korea (DPRK) is not a corporate or cyber security problem to solve…
Liked by Cristin Flynn Goodwin
-
Last week, California State Senator Scott Wiener released SB 53, his follow up to 2024's vetoed Safe & Secure Innovation for Frontier AI Models Act…
Last week, California State Senator Scott Wiener released SB 53, his follow up to 2024's vetoed Safe & Secure Innovation for Frontier AI Models Act…
Liked by Cristin Flynn Goodwin
-
CISA has told workers in an email today to stop sending weekly responses to Musk's "What did you do last week?" email. The agency says it's still…
CISA has told workers in an email today to stop sending weekly responses to Musk's "What did you do last week?" email. The agency says it's still…
Liked by Cristin Flynn Goodwin
Other similar profiles
Explore more posts
-
Srinivas Mukkamala
A bipartisan data privacy bill has been introduced by House and Senate leaders. This bill aims to establish boundaries for large data brokers, ensuring better personal data protection. I'm encouraged to see our elected officials working together to protect such a sensitive and valuable commodity. Learn more about this important step towards safeguarding privacy: https://bit.ly/3w3p2av
1 Comment -
Bob Chaput
ATTENTION: HEALTHCARE BOARD MEMBERS AND C-SUITE EXECUTIVES. ODDS ARE YOUR ORGANIZATION HAS NOT CONDUCTED AN OCR-QUALITY® RISK ANALYSIS! Shocking? NO! Since ... 90% of the organizations subjected to an OCR investigation involving electronic Protected Health Information (ePHI) are found to have failed to conduct the very first requirement (risk analysis implementation specification) in the very first standard (Security Management Process) in the very first area (Administrative Safeguards) of the ol' HIPAA Security Rule. OCR Audits produced equally dismal compliance findings. How can you address your cyber risks if you don't know what they are? EASY FIX! Attend the upcoming COMPLIMENTARY Clearwater OCR-Quality® Risk Analysis Working Lab. #HIPAA #riskanalysis #riskmanagement #cyberriskmanagement #boardcyberoversight #boardofdirectors
-
Patrick Austin
DoD took another step on the path toward implementing the Cybersecurity Maturity Model Certification (CMMC) Program when it issued a proposed rule amending the Defense Federal Acquisition Regulation Supplement (DFARS). The proposed DFARS Rule includes solicitation and contract clauses that will apply CMMC to individual procurements and obligate defense contractors and subcontractors to store, process and transmit Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) only on information systems that have achieved the CMMC level required by the contract. There is also a significant new provision establishing a 72-hour notice period for “any lapses in information security.” The proposed rule neglects to define what would be considered a "lapse" sufficient to trigger the notice period. This ambiguity (not to mention another reporting obligation) is likely to present compliance challenges for the DIB.
-
Simon Ulmer
Classical MFA (multi factor such as OTP and authenticator apps) was easily bypassed by these "Attacker in the middle" Phishing kits. Upgrade to Phishing resistant MFA is no longer an option but must be a top priority for any CISO serious about their security. Remember 90% of cyber attacks start with phishing!
-
Shakeel Ali
Innovator Spotlight: Apono: In a rapidly evolving cybersecurity landscape, identity-based threats are at an all-time high. The 2024 Trends in Identity Security Report reveals that 84% of identity stakeholders experienced business impacts due... The post Innovator Spotlight: Apono appeared first on Cyber Defense Magazine. https://lnkd.in/g5WuTyAK
-
Scott Griswold
Consumer Data Privacy is poised for a transformation with the introduction of the American Privacy Rights Act (#APRA). This bipartisan bill aims to create a uniform privacy framework, reduce data collection, improve consumer consent, provide for better opt-out options and boost privacy protection enforcement. More on the APRA's impact on #DataPrivacy: https://okt.to/T8YOLA Makenzie Holland #DataProtection #Cybersecurity
-
Patrick Austin
If you're a defense contractor or subcontractor, this article is for you. With DoD issuing the final rule for the Cybersecurity Maturity Model Certification 2.0 program, it means new cybersecurity standards are right around the corner for the DIB community (likely in early 2025). The time to get CMMC compliant is now.
-
James Clardy
Among other directives: "The Federal Communications Commission will, to the extent permitted by law and in coordination with DHS and other Federal departments and agencies: (1) identify and prioritize communications infrastructure by collecting information regarding communications networks; (2) assess communications sector risks and work to mitigate those risks by requiring, as appropriate, regulated entities to take specific actions to protect communications networks and infrastructure; and (3) collaborate with communications sector industry members, foreign governments, international organizations, and other stakeholders to identify best practices and impose corresponding regulations." https://lnkd.in/gZUEc7v2
-
Scott Foote
Rescheduled event from last week (16 July) to this Thursday. Very much looking forward to this discussion with Patrick B., Steven Teppler, and David Navetta on how CISOs and GCs can partner to better protect their organizations, C-suites and boards in this rapidly evolving regulatory and threat landscape. This high-level, relatively short discussion in “plain English” is designed to deliver encouraging news to public company CISOs and GCs, as well as indirectly their Boards / C – suite executives when complying with the new SEC Cyber Rule and / or NY DFS Second Amendment. Discover how CISOs can enhance their organizational stature by working closely with GCs to access Boards and C-suite executives to enable a successful risk-focused approach to compliance in today’s changed cyber regulatory landscape to significantly minimize liability risk exposure. Led by former CISOs, BISOs, and recognized thought leader cyber law firm Partners, this event will showcase the covering practical, commercially - oriented issues to support the future company business growth without "in the weeds" jargon. Key topics will include the need to: • Build a team to meet daily interdisciplinary regulatory & sustained business growth challenges to protect Boards / C-suite executives, as well as CISOs, where everyone seeks to avoid having a regulatory “target painted on their back”. • "Speak senior management" to help facilitate meeting the new regulatory compliance obligations related to oversight of overall cyber incl. (TPRM at scale) by Boards executed by C-suite delegees. • Ensure the right technology underpinnings are in place at all times for Form 10-K filings to comply with the new SEC Cyber Rule required - disclosures on cyber risk management, strategy & governance per the publicly - traded company’s appetite / tolerance set by senior management as to this part of total enterprise risk. Here's the registration link... very much hope you can make it: https://lnkd.in/gHcZpuQD #CyberSecurity #CISO #ITLeaders #CyberCompliance #RegulatoryCompliance #BoardofDirectors #CyberRiskManagement #CIO #CTO #ITLeadership #VirtualWebinar #CyberAwareness #BusinessGrowth #CyberLaw #TechLeaders #CyberStrategy #RiskManagement #ThirdPartyRisk #CyberOversight #CyberGovernance #NewSECCyberRule #NYDFSSecondAmendment #NewCyberCorporateGovernance #NewCyberGovernance #CyberOversight #SECNewCyberOversight #NewBoardCyberOversight #CyberStrategy
1 Comment -
Chris Wolski, MBA, CISSP, GICSP, Lead CCA
48CFR will be open for a 60-day public review and comment period tomorrow. Here are some of my takeaways regarding changes to the regulation. https://lnkd.in/g_nKNj7C #Cybersecurity #CMMC #DFARS #DefenseContracting #Compliance #SupplyChainSecurity #DoDContracts #CMMC2 #CyberRiskManagement #InformationSecurity #GovernmentContracting #CyberResilience #ContractCompliance
-
Kayne McGladrey
The Supreme Court's recent rulings in Loper Bright Enterprises v. Raimondo and Relentless v. Department of Commerce have overturned the "Chevron doctrine." This change will lead to greater judicial scrutiny over regulatory decisions, including those affecting cybersecurity rules and enforcement actions by agencies like the Federal Trade Commission (FTC) and critical infrastructure regulators. Effects on Business Compliance: * Legal challenges in various courts may lead to inconsistent decisions. Companies should prepare for frequent changes in security regulations as lawsuits progress. * Businesses must adjust their compliance strategies to handle inconsistencies in cybersecurity law application across different jurisdictions. * Staying updated on litigation and potential regulatory changes is essential. Businesses should also be adaptable in their risk management strategies. Effects on Legislation and Regulation: * Lawmakers will need to work to reduce ambiguity in laws to avoid judicial intervention. Federal agencies will need to create more narrowly defined cybersecurity regulations with clear legal backing. * Companies should collaborate with legal counsel to ensure laws and regulations align with statutory authority and congressional intent. Legal Challenges to Cybersecurity Regulations: * Current cybersecurity regulations are more open to legal challenges, especially when agencies adapt vague or outdated laws to new security practices and threats. Lawsuits against agency cybersecurity rules and enforcement actions are expected to increase. * New rules, such as those under CIRCIA, face a higher risk of litigation if they lack clear legal support. This could result in fewer, narrower, or less effective regulations. * Congress must clearly express its intent when delegating agency actions. Although critical infrastructure cybersecurity and harmonizing security rules across sectors are priorities, Congress has yet to act decisively. * The legal landscape may shift towards less regulation in cybersecurity, even as cyber threats continue to grow. Implications for FTC and CFPB: * The rulings also affect the FTC and the Consumer Financial Protection Bureau (CFPB), both of which have broad interpretations of their regulatory authority, including in privacy matters. * The FTC has been active in rulemaking since 2020, including the Health Breach Notification Rule and proposed changes to the Children's Online Privacy Protection rule. Legal challenges, such as Ryan, LLC v. Federal Trade Commission, claim the FTC lacks the legal authority to enforce the Non-Compete Rule and that the rulemaking process was arbitrary. The FTC will face more difficulties defending its rules without judicial deference. This is highlighted by a court order preliminarily blocking the Non-Compete Rule on July 3. * The CFPB similarly has made broad policy statements and issued "circulars" which may be affected post Loper. #cybersecurity #law #SCOTUS
1 Comment -
Andrew Hopkins
I highly recommend First Breakfast - insightful analysis of topics critically important to our future. Shyam Sankar Nadia Schadlow I would add one topic to this analysis and that's DATA. So much of what we must build and deploy relies on data and we live with a data management model that hasn't changed in over 20 years - centralized mass storage of dumb data. This model is critically inefficient and we suffer from a chronic lack of data security and dat integrity. Furthermore, we struggle with interoperability of data and an inability to acquire the "right data, at the right time and in the right format", a problem exacerbated by technical debt that costs us $trillions / year (Accenture). A radically new data management approach is needed, one that stores, manages and secures intelligent data where it is needed across the millions, if not billions, of devices. Intelligent data knows everything about itself including its provenance, lineage and chain of custody, is directly findable and is stored in a manner that makes it accessible by all authorized and trusted systems. Security, control, interoperability and rights enforcement are pushed into the data management system itself, eliminating the need for much of the infrastructure (ETL, MDM etc.). In summary, we must address the critical data issues and inefficiencies to take full advantage of the re-industrialization that I agree is sorely needed. Brian "Maddog" Maddocks
-
Mônica Louvison
https://lnkd.in/eqvvBh3Q Legal Implications for Affected Companies. All companies impacted by the RADAR and DISPOSSESSOR team’s attacks must understand that any breach involving confidential information—such as client, student, patient, partner, or employee or any other confidential data can lead to serious legal repercussions. This includes potential lawsuits for data leaks, which could have significant financial and reputational consequences. Companies must prioritize data security to avoid such risks and maintain trust with their stakeholders.
-
Security Industry Association (SIA)
🔒New blog from SIA's Jake Parker! Latest Federal #DataPrivacy Proposal Stalls in Committee: What It Means for the #SecurityIndustry 📜Prior to the planned markup, SIA and 21 other national trade associations expressed concerns about this latest #APRA proposal and the problematic changes to its #biometric provisions. 🔗Learn more at the link in the comments!
1 Comment -
Tom Kemp
It is great to see the "let's make privacy self-management easy and scalable for consumers" vision of State Senator Josh Becker, his team at the time (Tom Steel, Charles Lawlor, Bryan King et al), civil society groups such as Privacy Rights Clearinghouse (Emory Roane, Meghan Land ), myself, and what others did to get SB 362 / California Delete Act passed -- coupled with the great implementation work by the California Privacy Protection Agency -- get recognition by The Washington Post as one of the top "good things" in tech in 2024. For a reminder of what the California Delete Act is and does, check out my analysis at https://lnkd.in/gVEr2ehR.
-
Brian F.
Keeping children safe is one of those fundamental building blocks of a healthy society: you put kids in a position to flourish and grow so they can build on the generation that came prior. This is obviously easier said than done, especially given connectivity offered by the internet for predators to target and exploit kids. That's why the National Center for Missing and Exploited Children is so important - and why the efforts by Trust & Safety teams across the internet matter so much. Keeping kids safe online is critical to us at Cinder. And that's why we're so proud of the work Tina has done to streamline the process of reporting to NCMEC. This really matters. It means our customers report more efficiently and effectively, thereby providing good data with reduced noise for the folks at NCMEC. When you're building a product like Cinder, you are a step removed from the front-line decisions (both tactical and strategic) that impact people's lives. For me at least, that can be hard sometimes. But you also get to drive product that facilitates efficiency and effectiveness more broadly - and this is a great example of where that really matters. Check out Tina's blog post, which describes this work in lots more detail.
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More