Writing
Posts on leadership, cybersecurity, and AI governance from the CISO seat at the National Football League.
Data Minimization by Design
Ensure your systems and processes are designed to collect only the data necessary for the specific purpose at hand.
Privacy by Default
Make privacy the default setting for all data-related operations. This means that data should be processed with the highest level of privacy protection unless the individual…
Regular Privacy Audits
Conduct privacy audits regularly, not just for compliance, but to identify emerging risks or outdated practices.
Data Sovereignty Awareness
Be mindful of data sovereignty when storing or processing personal data across borders. Different countries have varying data protection laws, and data transferred internationally…
Privacy Risk Transparency
Promote transparency by proactively sharing your privacy risk management practices with stakeholders, including customers and regulators.
Automating Privacy Controls
Consider automating privacy controls such as data access restrictions, anonymization, and audit logging.
Privacy-First Vendor Selection
When selecting vendors, assess their privacy practices just as thoroughly as their service capabilities.
Season Opener Security
Kick off your cybersecurity season like I’m kicking off my 6th season at the NFL with a solid defense.
Quarterback Vision
Adopt a quarterback’s strategic vision for cybersecurity. Ensure that you have a clear understanding of the field—potential threats, vulnerabilities, and overall security…
Defense Alignment
Align your cybersecurity defenses like a football team aligns its defensive line. Ensure that each layer of protection—firewalls, EDR, and network intrusion detection…