What will the state of cyber security look like under the Donald Trump administration?

The election is over, the votes have been counted, and thankfully, other than a few isolated reports of malfunctioning voting machines, Election Night was unremarkable from a cyber security perspective. Now, it’s time to turn our attention to President Elect Donald Trump and what a Trump Administration will mean for cyber security in the U.S.

Donald Trump’s Official Stance on Cyber Security

Cyber security is the only tech-related topic Trump addresses directly on his official website. At this point, his plan has four main points:

• Appoint a “Cyber Review Team” composed of “individuals from the military, law enforcement, and the private sector” to perform “an immediate review of all U.S. cyber defenses and vulnerabilities, including critical infrastructure” and “provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats.” The Cyber Review Team will also be tasked with establishing protocols and setting up “mandatory cyber awareness training” for government employees.
• “Instruct the U.S. Department of Justice to create Joint Task Forces throughout the U.S. to coordinate Federal, State, and local law enforcement responses to cyber threats.”
• “Order the Secretary of Defense and Chairman of the Joint Chiefs of Staff to provide recommendations for enhancing U.S. Cyber Command, with a focus on both offense and defense in the cyber domain.”
• “Develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately.”

Much like HIPAA, Trump’s plan focuses on procedural generalities as opposed to technical specifics. However, this is to be expected of a presidential candidate who comes from a business background, not a tech background. The positive thing about the plan is its focus on taking proactive measures to prevent attacks, not just responding to them after they occur.

What to watch out for: Who Trump appoints to his Cyber Review Team. President Elect Trump should seek out experienced cyber security professionals with deep knowledge of the industry and the issues to hammer out the technical details of his plan.

The End of the H-1B Visa?

As a candidate, Trump famously took a hardline stance on immigration, including an initial pledge to eliminate the H-1B visa program that is heavily used by the tech industry. This has alarmed many tech employers, who claim that the H-1B is necessary because there is a shortage of qualified IT workers in the U.S., and that without being able to import talent from overseas, critical positions would go unfilled. This is an important issue in the cyber security field, which faces a severe skills shortage; there are approximately 200,000 unfilled cyber security jobs in the U.S., and demand is expected to increase by 53% by 2018.

However, it is important to note that Trump softened his stance on the H-1B at a Republican debate in March, claiming, “I’m changing. I’m changing. We need highly skilled people in this country.” Additionally, since his election, he has backed off from his initial zero-tolerance immigration stance overall.

What to watch out for: Whether Trump will abolish the H-1B is debatable. As a businessman, he used it to hire foreign workers, and his wife, soon-to-be-First-Lady Melania Trump, came to America on an H-1B. However, it is likely that Trump will make some changes to the H-1B program, and it is up to cyber security companies to ensure that our voices are heard as he makes decisions on this issue.

Cyber Security as Part of National Security

Throughout his campaign, Donald Trump referred to cyber security in the context of national security. At a debate against Hillary Clinton in September, he spoke of the gravity of the threat of foreign cyber terrorism against the U.S.:

…when you look at what ISIS is doing with the Internet, they’re beating us at our own game. ISIS.

So we have to get very, very tough on cyber and cyber warfare. It is — it is a huge problem. I have a son. He’s 10 years old. He has computers. He is so good with these computers, it’s unbelievable. The security aspect of cyber is very, very tough. And maybe it’s hardly doable.

But I will say, we are not doing the job we should be doing. But that’s true throughout our whole governmental society. We have so many things that we have to do better, Lester, and certainly cyber is one of them.

What to watch out for: It is possible that a Trump Administration will increase spending on cyber security at the federal level and impose more stringent requirements on state and local governments. Since the number and severity of data breaches and ransomware attacks are intensifying, these would be welcome changes.

The cyber security experts at Lazarus Alliance have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting organizations of all sizes from security breaches. We offer full-service risk assessment services and Continuum GRC software to protect companies from data breaches, ransomware attacks, and other cyber threats.

Lazarus Alliance is proactive cyber security®. Call 1-888-896-7580 to discuss your organization’s cyber security needs and find out how we can help your organization secure your systems.

We get it. We completely understand why you still use Excel as an assessment and audit tool. We suffered through it just the same but we believe that working smarter and not harder which is why we invented ITAM.

The IT Audit Machine (ITAM) is the patent pending, industry changing assessment questionnaire creation tool designed specifically for the governance, risk and compliance (GRC) market space but where infinite possibilities exist even outside of the GRC and cybersecurity realms due to the intelligence and simplicity of the patent pending ITAM application framework.

Typical usage includes Audit and Compliance Assessments associated with FedRAMP, PCI DSS, HIPAA, Sarbanes Oxley, ISO 27001 and all others; Risk Management Assessments associated with ISO 27005, NIST Special Publications and all others; and Governance and Policy Development to describe a few but not all possible use cases.

Excel has big limits in space, accessibility, presentation, sustainability and formatting making it a poor choice for assessment and audit work. ITAM has flipped that paradigm upside-down with Big Data management, collaborative SaaS access, theme driven aesthetics, long term analytics and trending functionality, intelligent logic and notifications and so much more.

Our GRC solutions break industry paradigms that have plagued both client organizations and service providers alike. We’d like to show you how we have taken our real-world expertise and created GRC solutions that are being touted as game-changing technology. Call Continuum GRC software solutions today at 1-888-896-7580 and schedule a demonstration.

Simply put, Excel is so old-school and ITAM is so cool-school!

Visit ContinuumGRC.com to get more information about the IT Audit Machine.

We are excited that you are interested in this Lazarus Alliance Employment Opportunity. Please review these position highlights and complete the form below to initiate your consideration for employment.

Job Location:

Candidates must be United States citizens and reside within the continental United States to be considered.

Job Responsibilities:

In this position, you will be responsible for conducting IT audits, integrated IT/operations audits, Compliance testing and special projects as assigned. You will lead audits and deliver recommendations that add value to, and improve the efficiency of company operations.

All Lazarus Alliance employees are responsible for assisting in business development.

Responsibilities Include (but are not limited to):

• Plan and perform internal audits to assess control design and effectiveness for information systems and SOX controls testing as outlined in the Annual Internal Audit Plan.
• Supervise Information Systems Internal Audit engagements, as assigned.
• Prepare audit programs, work papers detailing audit procedures, and ensure adequate audit evidence in accordance with departmental and professional standards.
• Communicate audit findings and opportunities for improvement to management.
• Assist the external auditors, as applicable.
• Perform special projects of varying complexity and business focus as directed by Internal Audit Management. Provide IT audit assistance on financial, operational, and integrated audits.
• Act as a department liaison to various PetSmart business functions and committees as determined by Internal Audit Department Management.
• Develop and maintain relationships with various control owners and other constituents throughout the organization.
• Understand and assess the Information Systems (IS) business area objectives, risks and controls to ensure significant risks are identified and appropriate controls are established to reduce risk to an acceptable level.
• Develop and maintain knowledge of emerging professional standards, regulatory initiatives, and IT and retail industry trends and threats.

Education Required:

• Bachelor’s degree in Information Systems, Business Administration, or other relevant analytical field.
• Minimum of 3 years experience in IS/IT audit, information security, and/or compliance.

Certification Required: One or more of the following certifications is required:

• Certified Information Systems Security Professional (CISSP)
• Qualified Security Assessor (QSA) (Lazarus Alliance will sponsor QSA certification holders.)
• Certified Information Systems Auditor (CISA)
• Certified Information Privacy Professional (CIPP)
• Certified Internal Auditor (CIA)
• Certified Information Security Manager (CISM)
• Certified Public Accountant (CPA)

General Experience Required:

• Working knowledge of IS/IT Auditing and Internal Auditing concepts.
• Familiarity with some but preferably all of our core assessment frameworks including: PCI DSS, FedRAMP, HIPAA, Sarbanes Oxley 404, SSAE 16, ISO 27000, Safe Harbor and CIP NERC standards and compliance requirements.
• Experience with internal control frameworks, professional audit standards, leading practices, security and trust models, and guidelines (e.g. HORSE, COSO, COBIT, NIST, ISO).
• Working knowledge of business management concepts (i.e. objectives, risks, and controls).
• Proven experience documenting and performing a full audit program to completion.
• Good understanding of technologies and controls including those related to OS, database, network, and application security.
• Ability to work effectively with all levels of management (technical and non-technical) and other colleagues, demonstrating strong initiative, mature judgment, professionalism, adaptability, and a customer service orientation.
• Must possess a “can-do” attitude with excellent verbal and written communication skills.
• Proactive in researching business best practice concepts in order to apply as appropriate.
• Solid listening skills and ability to identify gaps in logic – inquisitive.
• Strong planning, organization and time management skills.
• Ability to work independently, productively and follow through on all responsibilities to bring projects to a successful conclusion.

Additional Training Provided by Lazarus Alliance:

Candidates will receive training in Lazarus Alliance proprietary technologies and methodologies unique to the industry including:

• The IT Audit Machine®
• The Policy Machine®
• Continuum®
• Your Personal CXO®
• The Security Trifecta®
• HORSE Project wiki®

About Lazarus Alliance:

Lazarus Alliance is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, disability, genetics, and protected veteran status, as well as any other characteristic protected by federal, state or local law.

Lazarus Alliance is Proactive Cyber Security®

Please complete the following: