Hand of blame

With Cybersecurity Certification, Director of Client Services Tom Barnes has become better prepared to support clients’ security needs.

A Better Advocate for Client Security

In his role as Director of Client Services, Tom Barnes had been helping clients navigate CMMC and other compliance regulations. To bolster Bryley’s compliance expertise, COO Anna Darlagiannis-Livingstone supported Tom in strengthening his knowledge of the security protocols that underlie CMMC and other standards.

And so, after his studying and testing, Bryley is excited to announce that Tom Barnes has become Certified in Cybersecurity through ISC2 (International Information System Security Certification Consortium). ISC2 is based in Alexandria, Virginia, and established in 1989 to educate IT professionals with the “expertise, standards and ethical practices … to secure our economies, nations and personal lives.” For the Certified in Cybersecurity program, ISC2 allows registered students six months access to the course materials. Learners can complete the course at their own pace and schedule an exam at a secure facility (in Woonsocket, in Tom’s case). Students are tested on ISC2-provided computers; personal devices are not allowed in the testing room. The exam is timed and proctored.

Broad overview

The training covers the foundational principles of security. Tom said, this is really a launching-off point for deeper study in areas that I think will be helpful. Like we didn’t go into CMMC compliance in-depth, but the principles can be generally applied, like redundancy and backups and disaster recovery – which are all tangentially related to CMMC.

I better understood the implications of GDPR, Tom said. I didn’t really foresee how influential these European laws are, affecting any organization who even collects data about European residents. And of course also any business that markets or sells to EU businesses. These privacy and data protection standards have affected New England states’ regulations, too. So the training opened my eyes about standards for handling people’s confidential information.

Tom’s background

Tom’s father directed IT for the Palmer school district, so Tom was brought up witnessing security principles in action. I remember when he had security cameras installed at the school he worked at, Tom said. I remember him getting notified at home at all hours – I remember a metal sign getting blown over once – and then he would either rule it out or at other times dispatch the police, whatever was needed. I saw him being really careful with passwords. And talking about the importance of password best-practices, not writing them down and not letting them be accessible to anyone else. And he was definitely a very ethical person. He respected people’s privacy. He would respect a budget and make the infrastructure as hardened against attacks as he could with the resources he had to work with. I didn’t understand what all that meant back then.

The banner

This training reinforced those ideas about ethics, Tom said. ISC2 emphasizes making moral decisions in regard to cybersecurity. They want the profession to live up to the ideal that we work in the interest of securing society. ISC2 has an IT code of conduct they test you on.

A lot of the times Bryley’s role is to wave the banner, Tom said, that I wish was obvious: security is important. Some clients understand. A lot of business people don’t realize or don’t want to stop and think about how vulnerable their data is, their customers’ data is and the consequences if something bad happens. They sometimes think of security being ‘not in the budget’ and ‘you’re just trying to make money’ and ‘our people are smarter than that [i.e. they won’t fall for criminals’ deceptions].’ So I think as much as we can we need to make people aware of best practices, that there are different aspects of security that maybe they didn’t think of. Of course, yes, this is how we make our living, but that doesn’t negate that security concepts, policies and procedures are really important.