Blogs

Threat Hunting as a Form of Client Care Part II

By Raenesia Jones posted 17 days ago
Be the first person to like this post.
Please enjoy this blog post co-authored by Raenesia Jones, Cybersecurity Analyst II, Davis Wright Tremaine LLP and Kevin J. Foster, Sr., Director Cybersecurity Operations, White and Williams LLP. Reviewed by Crystal Little, Editor of Content and Publications, ILTA. Threat hunting for misconfigurations is the art of proactively seeking out the unknown unknowns within configuration settings, permissions, and assets that may be exploited by an attacker. This is an area that consistently proves its value and ultimately leads to operational resilience yet doesn't always receive the attention it deserves. Clients want proof that their lawyers are serious about ...
0 comments

Empowering Legal AI Excellence: The Strategic Framework Transforming Firms

By Elizabeth Suehr posted 09-12-2025
Be the first person to like this post.
As ILTA's Security and Compliance Content Team Coordinator, engaging with diverse legal organizations on their AI journey is both a privilege and a source of constant inspiration. The transformations I witness go far beyond technology—they signal a profound reimagining of legal service delivery, client relationships, and the evolving role of legal professionals. 🔷The Opportunity: Beyond Adoption to Evolution The greatest impact I've observed comes when firms view AI not merely as a tool, but as a catalyst for organizational evolution. Success is not defined by solving technology problems alone but by unlocking latent potential: becoming more ...
0 comments

Creating a Mini PMO within Smaller Firms

By Scott Christensen posted 05-30-2025
Be the first person to like this post.
Please enjoy this blog post authored by Scott Christensen, Founding Partner, Kyndig Consulting. Kyndig provides strategic advisory and project management services for small to mid-sized law firms. Scott can be reached at scott.christensen@kyndigconsulting.com. Small law firms often struggle with getting projects over the finish line (they always seem to get to 90% and stall). Similarly, in small law firms it’s very difficult to juggle multiple project priorities amid the pressure of maintaining the “business-as-usual” daily activities. Small firms often have the obligation to support the same platforms that larger firms do but often lack dedicated ...
0 comments

Threat Hunting as a Form of Client Care

By Raenesia Jones posted 05-08-2025
Be the first person to like this post.
Please enjoy this blog post co-authored by Raenesia Jones, Cybersecurity Analyst II, Davis Wright Tremaine LLP and Kevin J. Foster, Sr., Director Cybersecurity Operations, White and Williams LLP. Reviewed by Crystal Little, Editor of Content and Publications, ILTA. Threat hunting is no longer a luxury cybersecurity service reserved for large law firms—it’s a strategic necessity for law firms of any size dedicated to protecting sensitive client data and maintaining client trust. Threat hunting is the art of taking preventative action before an incident occurs, intending to stop it in its tracks or, in other words, strategic proactive measures focused on moving ...
0 comments

The ImPOSSIBLE Relationship: The CISO-CIO Dynamic, and How to Leverage for Success

By Darren Alleyne posted 12-12-2024
Be the first person to like this post.
Please enjoy this blog post co-authored by Darren Alleyne, Director of Information Security, Morrison & Foerster LLP and Brad Sidwell, Chief Technology Strategist, Intapp. In today’s fast-paced, digital-first world, the roles of Chief Information Security Officer (CISO) and Chief Information Officer (CIO) have never been more critical or more intertwined. However, the relationship between these two roles often feels like an impossible balancing act. The CISO is responsible for safeguarding the organization’s information assets, while the CIO is focused on enabling business growth through technology. These distinct yet overlapping mandates can create ...
0 comments

Effectively Navigate a Cyber Audit

By Corey Reitz posted 07-11-2024
2 people like this.
Please enjoy this infographic blog authored by Corey Reitz, Distinguished Cyber Assurance Architect, Sandia National Laboratories and designed by Kendall Lazorchak, Creative Director, ILTA. #Security #SecurityProfessionals #Cybersecurity #AuditResponse #100Level
0 comments

The Purge!

By Rebecca Sattin posted 12-21-2023
Be the first person to like this post.
Please enjoy this blog authored by Rebecca Sattin, Senior Director, Partner Success, NetDocuments. Setting Up for Success in 2024: Strategies for Managing Data for Departing Users In this blog post, the author will discuss ideas on how firms may consider implementing strategies that purge departed user data and secure management approval to do so. _________________________________________________________________________________________________________________________________________________________ Having a sound information governance policy is a necessity for any business, and particularly law firms as they are responsible for keeping ...
0 comments

Becoming a Modern CISO

By Andrea Scholfield posted 10-04-2023
1 person like s this.
Please enjoy this blog posted on behalf of: Carlos Rodriguez, CEO & vCISO, CA2Security. The Modern CISO must become a trusted business leader. The modern Chief Information Security Officer (CISO) at leading law firms must evolve from being a purely technical cybersecurity role to a strategic leader that can enable attorneys to practice law securely and safely by forging connections across practice groups, supporting departments and clients, influence decision-making; be a servant and trusted advisors; and have an in-depth understanding of The Firm's goals and culture. This shift in responsibilities demands a new skill set beyond technical prowess. ...
0 comments

Addressing the Ransomware Threat

By Kevin Foster posted 06-29-2023
Be the first person to like this post.
Please enjoy this blog posted by the author, Kevin J. Foster, Sr., Cybersecurity Operations Coordinator, White and Williams LLP. Introduction: For an era where technology plays a pivotal role in every industry, law firms are increasingly becoming targets of sophisticated cyber-attacks. Among these, ransomware attacks have emerged as a significant concern, posing grave risks to sensitive client data and business continuity. To safeguard their operations, law firms must implement robust tool changes and establish comprehensive policies that can effectively combat modern ransomware attacks. In this article, we will explore the evolving nature of ransomware ...
0 comments

How to Win the Talent War for Cyber Security Professionals

By David Whale posted 01-09-2023
Be the first person to like this post.
Hiring cyber security professionals to fill current vacancies is one of the toughest and most important challenges we face when trying to build out a successful cybersecurity team. A strong team with a good bond is important and that can be hard to accomplish when supply is low and demand is high. The cybersecurity market quickly evolved into a global market over the pandemic and with work from home options available the competition for limited resources is fierce. This blog will look take a look at what you can do to stand out when trying to fill that vacancy and ways to think outside of the box to land that next hire. The competition for professionals is ...
0 comments

Data Governance in the Cloud for Law Firms

By Reggie Pool posted 12-17-2021
Be the first person to like this post.
Please enjoy this blog post co-authored by Dan Phelps, 3Cloud and Reggie Pool, HBR Consulting With cloud adoption accelerating in the legal industry over the past two years, earlier in this year, 3Cloud and HBR set out to speak with IT leaders in the legal industry to understand their priorities for using cloud over the next 12 months. Through these conversations, we learned that CIOs are exploring how cloud platforms like Microsoft Azure can help them secure sensitive data, meet data privacy requirements, and enable better decision-making with 360-degree views of data and improved analytics tools. While making the move to the cloud can be instrumental ...
0 comments

Cybersecurity Maturity Models – A 40,000 Foot Overview

By David Whale posted 12-17-2021
2 people like this.
Please enjoy this blog post authored by David Whale, Director Information Security, Fasken Martineau Dumoulin LLP The world of cybersecurity maturity models is on par with going to your favorite buffet (pre-Covid of course) for your birthday dinner. So many options. Government based frameworks, regulatory based frameworks, development based framework, cloud based frameworks, Internet of Things based frameworks… Where to start? How to start? This blog post will take a high level look at 10 of the more popular frameworks in hopes of making your questions clearer then mud. NIST Cybersecurity Framework (CSF): When President Obama calls for ...
0 comments

Valuable Tips and Tricks for Creating Your First Dev/Sec/Ops Pipeline

By Brian Balistreri posted 11-12-2021
Be the first person to like this post.
**Please note that this blog is posted on behalf of the author, Fernando Gonçalves, Head of DevSecOps, Congruity360. EVERYTHING-AS-CODE AUTOMATE EVERYTHING TEST EVERYTHING SECURITY BY DEFAULT CHANGING MENTALITIES / YOUR C-LEVEL PARTICIPATION In the last few years, the DevSecOps area has been growing significantly. Its related tools/technologies and the surrounding culture have become more mature and specific than ever. This journey also brought new challenges as well as their corresponding solutions. No environment is equal to another and usually, a one-size-fits-all approach is not always implementable, but we can suggest high-level ...
0 comments

Analysis of Vulnerability Scan Output

By Jarad Schraeder posted 10-21-2021
1 person like s this.
Please enjoy this blog post authored by Jarad Schraeder, Cybersecurity Manager, Davis Wright Tremaine LLP. Regardless of the size and scope of your environment, vulnerability management is a daunting task. Depending on the maturity of our vulnerability management program, the vulnerability scan results can create a challenge of prioritization, which for some law firms can be hard to tackle based on the resources you have available. There are automated solutions on the market like Insight VM or Vulcan Cyber to address priorization, but not everyone has the budget or time to deploy a tool like that. Whatever your current vulnerability scanner is, it should ...
0 comments

Which Certifications are Truly Critical for Success in Cybersecurity?

By Ken Fishkin posted 10-15-2021
1 person like s this.
Please enjoy this blog post authored by Ken Fishkin, CISSP, CCSP, CIPT, CIPM, CIPP/US, CISM, CEH, and many others. https://www.linkedin.com/in/kfishkin/ Since 1996, I have been pursuing industry certifications. I have always found them to be an essential part of my career growth, because I use them as entry points to learn new skills that seem challenging. While I know that practical experience is much more important than obtaining these certificates, I have found that the process of obtaining certificates first, gives me the confidence boost I need to immerse myself in whatever area I am studying. For example, in 2007, I passed the gold standard ...
0 comments

IG Considerations for M365 and Teams: Chat Retention and Archiving

By Brian Donato posted 04-30-2021
1 person like s this.
As many organizations move to MS Teams in a constantly evolving M365 ecosystem, there are many IG concerns that need to be considered. You need to make sure the guardrails are in place before, and after, opening the doors. This entry in our blog series, specifically explores MS Teams chat retention and archiving. Some people may think of chat retention and destruction as “Mission: Impossible”. Read on to find out if those people are right or just a bit off base. What is Chat in Microsoft Teams Many of you reading this article already know that Teams support a private chat and channels. In Microsoft Teams, teams are groups of people brought together ...
1 comment

Pillars of a Solid Insider Threat Program

By Corey Reitz posted 04-28-2021
1 person like s this.
According to a report released in 2020 by the Poneman Institute, “the number of insider-caused cybersecurity incidents increased by a whopping 47% since 2018” . Insiders are trusted individuals that work for an entity and as a result are privy to systems and information that is not available to the public. Proprietary information within a company or government agency often has great economic value, and if this key information is altered, destroyed, stolen, or exposed to unauthorized individuals it can be very damaging. Insider threats come in at least two varieties: the negligent insider who ignorantly or negligently places company information at risk due to ...
0 comments

Vendor Governance to Integrate Teams and Document Management Systems

By Reggie Pool posted 03-11-2021
Be the first person to like this post.
Please enjoy this blog post authored by Reggie Pool, Senior Director, HBR Consulting LLC. This is the third article in the series on Teams governance, addressing the challenges and benefits of Teams and Document Management Systems (DMS), including managing safeguards, classification, policies governance, and effective change management. Many firms look at Teams as yet another location where content will be stored and information will need to be managed, often viewing it as another area of risk leading to non-compliance with the existing DMS policy. But the impending adoption of Teams doesn’t have to be viewed as a negative. With an effective governance ...
1 comment

Kick-Off Introduction to Security and Compliance's "Taming Unstructured Data" Series

By Karen Allen posted 02-25-2021
1 person like s this.
Unstructured data is but one consequence of many firms' relatively late adoption of Information Governance policies and concepts. Many of us struggle to absolve ourselves of the ‘sins of the past’ and establish control of the content of legacy shared network drives or file sharing services that were put in place without policy to govern how and how long data is stored. In this short story series, the authors will examine ideas about how to start to establish structure, gain buy in, and provide real life examples of what firms' have implemented in terms of tools, policies, and processes. Our series starts off with a project the author’s firm aptly named the ...
1 comment

Making Lemonade Out of Lemons – How to Leverage a Global Crisis to Evolve your IG Skillset

By Leigh Zidwick posted 02-18-2021
Be the first person to like this post.
Please enjoy this co-authored blog post by Leigh Isaacs, CIGO, CIP, Director of Information Governance and Records Management, Proskauer Rose LLP and Andrew Corridore, CIP, Information Governance Compliance Specialist, Proskauer Rose LLP It’s no secret that the world of information and data management has been evolving in an ever accelerating pace – companies are realizing that information is an asset that should be managed, secured and leveraged as such. At the same time, client demands and our legal, regulatory and ethical obligations continue to expand and grow in complexity. As greater emphasis is placed on this proper management, the old, traditional ...
0 comments