Pistos founder Pete Sfoglia is a seasoned cybersecurity compliance expert with over twenty-six years of experience in IT security, business process re-engineering, and governance, risk, and compliance management. He has held leadership positions including partnerships at Ernst & Young, Accenture, and Wipro, advising Fortune 500 clients across media, energy, manufacturing, and financial services. He has written for National Defense Magazine and Insurance Journal on the evolving cybersecurity compliance landscape — CMMC, NY DFS 23 NYCRR 500, third-party risk, and the emerging convergence of quantum computing and AI with regulatory obligations.
The convergence of quantum computing, AI, and the CMMC regulatory framework creates a perfect storm for the defense industrial base. Contractors who treat each as a separate problem will be unprepared for the moment all three arrive simultaneously.
Read on National Defense →A critical examination of the Department of Defense's revised cybersecurity certification framework — and where its execution falls short of its intent, particularly for the small and mid-sized contractors who make up the majority of the defense industrial base.
Read on National Defense →Defense contractors should not wait for CMMC 2.0 to be signed into law before beginning the work of protecting controlled unclassified information. A practical framework for managing CUI risk now — independent of regulatory timeline.
Read on National Defense →An executive viewpoint on why carriers refuse cyber risk applications — and what the underwriting decisions reveal about the actual security posture of the businesses applying for coverage. Republished by Carrier Management.
Read on Insurance Journal →A direct look at the persistent threats facing organizations of every size — trojans, bots, spyware, phishing, ransomware — and the practical steps insurance professionals can take to protect client data and their own operations.
Read on Insurance Journal →A practical framework for insurance agencies and carriers seeking to comply with New York's 23 NYCRR Part 500 cybersecurity regulation, with a specific focus on the third-party service provider requirements that trip up most covered entities.
Read on Insurance Journal →Featured commentary on the July 2024 CrowdStrike outage and the leadership response of CEO George Kurtz, drawing on direct experience working alongside Kurtz during a previous incident at McAfee. Syndicated by LiveMint.
Read the article →If any of these articles raised a question about your own compliance posture — or if you'd like to discuss how the issues they cover apply to your organization — Pistos is the firm to talk to.
Get in touch