Trusted Internet Blog

Thoughts, Guidance, Musings

Jeff Stutzman, Founder

Mr. Stutzman is the Founder and senior information security expert operating as, and supervising virtual CISOs and Managed Security Services to companies as small as three and as large as 7500. Mr. Stutzman is a former Information Warfare focused Navy Intelligence Officer, Project Manager at Cisco working Mergers and Acquisitions, Investigations, and Global Cyber Risk Management. He was the CISO for Northrop Grumman Electronics Sector, a $16 billion global Electronics business; Principal Engineer at Carnegie Mellon’s Software Engineering Institute, and a GS-15 with the US Government serving as Director of the DoD/DIB Collaborative Information Sharing Environment at the DoD Cyber Crime Center. He has performed risk management, cyber investigations and M&A in more than two dozen high-risk cyber threat areas including China, Brazil, the Middle East, and South America. He has been cited in the Wall Street Journal, Wired Magazine, NH Public Radio, and numerous trade publications. He holds a BS from Excelsior College, an MBA from Worcester Polytechnic Institute, and is a Harvard Kennedy School Senior Executive Fellow.

Recent Posts

CMMC Certification Required by 01 Oct 2020

on Dec 6, 2019 12:43:40 PM By | Jeff Stutzman, Founder | 0 Comments | DIB DoD Defense Industrial Base 800-171 cybersecurity cmmc
According to DCSA (formerly known as DSS), October 1st, 2020, is the deadline for having completed your NIST 800-171 and CMMC certification. Here are a few new things that you need to know:
Read More

You've written your Security Plan. Now what?

Companies who try to protect everything protect nothing.
Read More

How to Create a System Security Plan

You know what CUI is, and the hard requirement to figure out how to protect it. What's next? Simple, make a system security plan.  There are several options to choose from, but I'd recommend you start with the basics
Read More

What Every Government Contractor Needs to Know Now (from the Lawyers perspective)

I authored this first blog about a week ago, but at the time, had a deck given at the National Defense Transportation Association Fall Conference. This deck was given by Attorney Mary Beth Bosco, a partner with Holland & Knight LLP -a Washington DC law firm specializing in these kinds of matters. It is chock full of good information regarding CUI, CMMC, and NIST 800-171. This is a killer deck with a ton of legal detail.  I am posting with her permission. Enjoy. Need more information?
Read More

Are we at war?

Tuesday I sat with a couple of dozen really smart folks. One, a retired Major General declared "We're at war!" (meaning, Information War). 
Read More

What is Controlled Unclassified Information?

Controlled Unclassified Information (CUI) is a category of unclassified categories issued in a directive on May 9, 2008, by President George W. Bush. CUI replaces categories such as For Official Use Only, Sensitive But Unclassified and Law Enforcement Sensitive categories. The CUI Program was originally developed for all Executive Branch Agencies but there are dozens (hundreds?) of older markings used to identify what’s now considered CIU, and the category of information is (intentionally?) defined in VERY broad terms.
Read More

What Every Government Contractor Needs to Know Now

If you don't have cybersecurity, beginning in 2020, you may not be able to bid on new government contracts.
Read More

IBM Study Shows Data Breach Costs on the Rise; Financial Impact Felt for Years

on Jul 23, 2019 1:47:19 PM By | Jeff Stutzman, Founder | 0 Comments | data breach equifax identity theft ibm
What does a Data Breach cost?
Read More

Equifax - The Cost of a Data Breach

on Jul 22, 2019 7:50:23 AM By | Jeff Stutzman, Founder | 0 Comments | data breach equifax Federal Trade Commission
(Federal Trade Commission) In September of 2017, Equifax announced a data breach that exposed the personal information of 147 million people. Under a settlement filed today, Equifax agreed to spend up to $425 million to help people affected by the data breach. If you were affected by the Equifax breach, you can't file a claim just yet. That's coming. But you can sign up for FTC email alerts about the settlement at ftc.gov/Equifax .
Read More

What is a Data Breach?

What is a data breach? According to CBR online, 4.5 billion records were compromised in data breaches within the first 6 months of 2018. In comparison, there are merely about 7.5 billion people living on the planet. What is a data breach and why should you care about it? A data breach refers to the act of obtaining someone’s sensitive information from the internet. This information could be your passwords, sensitive media, PIN, credit card numbers, license numbers, software access to your company; virtually any piece of information that you’ve stored on the internet. This information is then used for blackmailing purposes or sold on the dark web. Data breaches occur on almost a daily basis. Last year hackmegeddon (one of my favorite stats sites) reported 1337 compromises.  This represents a very small number compared to the global dataset, but represents a strong enough sample for discussion purposes. 
Read More