Testimony

As a completely independent information security expert, testimony may include opinions on whether due diligence was performed in typical information security scenarios, including:

  1. information security governance
  2. due dilgence with respect to technology management
  3. asset risk evaluation
  4. management of technical security measures
  5. execution of technical security measures
  6. evidence collection and forensics
  7. appropriate remediation measures

A word concerning independence:
I maintain my independence by not selling my opinion or affiliation. I consider it part of my personal brand not to take money for endorsement or referrals. Neither will I accept sales commissions on products or services sold by others. I consult only to improve the quality or value of a product, service, or organization. If I ever endorse a product, it is because I honestly believe it contributes security-related value to those who choose to purchase it. If I opine on the value of a service, it is because I believe it has value for those who use it.

When my clients are vendors, the engagement has the objective or improving the quality of the vendor product or service, or explaining it to those who may wish to understand how it contributes to a security program (e.g. writing or reviewing white papers and presentations and/or explaining them). I do not earn commission on sales.




Home