Tim Maloney

IT Governance, Risk Management & Assurance Professional

I write about Information Technology Management, IT Audit, Productivity, and other topics that I find interesting.

More About Me

I write about Information Technology Management, IT Audit, Productivity, and other topics that I find interesting.



Previous Next

I listen to Tom Merritt’s Daily Tech News Show podcast every day (and I’m a proud supporter on Patreon).  A few months ago, Tom and the DTNS crew created this video that provides a lot of insight into how the internet works behind the scenes.  Even as a technology professional, I learned a lot about net neutrality and how interconnection agreements work.  This video should be required viewing (or at least listening) to anyone in the technology field.

Did you know Protiviti is one of Vault.com’s Top 50 Consulting Companies to Work For?

Did you know that Protiviti was recently named one of Vault.com’s Top 50 Consulting Companies to work for?  I’m proud to have been a part of the company since 2002 and it’s been exciting to see where we have come since then.

Interested in becoming part of our company?  Send me a message or visit http://www.protiviti.com/careers for more information.

Thought Leadership Roundup - September 15, 2014

Today’s thought leadership roundup is all about information security, a topic that should always be on IT professional’s minds especially given the recently announced breach at Home Depot.

Cloud Data Security – The Risks Are Real But Don’t Fear

Protiviti’s Cal Slemp discusses how many company’s may be misinterpreting the risks they face when deploying cloud data storage.  I think Cal provides great insight into how companies should consider the data security risks for any data storage solution whether based in the cloud or not.  Hit the link above to get more perspective from this short article.

Complimentary Webinar - Results from Protiviti’s Latest IT Security and Privacy Survey

Hit the link above to register for Protiviti’s complementary Webinar discussing the results of the 2014 IT Security and Privacy Survey.  Additional details are shown below:

Many organizations lack confidence in their ability to prevent a cyber attack or data breach, and most companies are still unprepared for a crisis. These conclusions have remained constant over the course of the three years that Protiviti has surveyed IT security executives. However, some organizations are starting to pull away from the pack.

The findings of Protiviti’s 2014 IT Security and Privacy Survey results will be analyzed during a live webinar on Tuesday, September 30, at 10:00 a.m. Pacific. Guest speaker Heidi Shey, Security and Risk Analyst from Forrester Research, Inc., and Protiviti IT Security experts, Cal Slemp and Scott Laliberte, will reveal the characteristics of the companies that excel while others stay stagnant — or worse, fall farther behind in their performance of IT security and privacy management.

Taking some time out of the day today to remember the events of 9/11/2001.  I wasn’t personally affected by the events of that day, but I’ve had the opportunity work at clients with offices very close to the World Trade Center site and it has always been an emotional experience seeing and walking around the site.
Zoom Info

Taking some time out of the day today to remember the events of 9/11/2001.  I wasn’t personally affected by the events of that day, but I’ve had the opportunity work at clients with offices very close to the World Trade Center site and it has always been an emotional experience seeing and walking around the site.

Happy Apple Announcement Day

I make it no secret that I like Apple products, so today is almost like Christmas for me.

Apple Event Live Stream (via Apple)

No one else does a launch event quite like Apple and they will be live streaming today’s event on their website.  Personally, I like to read the summaries of the announcement on the various tech blogs to get the most relevant details but I usually end up watching the recorded event later to see all of the new features.  If you want to watch live, the event starts at 1 PM ET (10 AM PT).

Apple Promises Security Improvements (via InfoRisk Today)

Of course, Apple has been in the news recently related to the recent celebrity security breach.  Shortly after, Apple announced that it would be rolling out new security functionality “soon.”  This article from InfoRisk Today provides a great overview of the issues and planned functionality.  Personally, I feel like Apple should implement additional security functionality but this breach appears to be driven more by flaws in an individual’s own security posture than a gap in how Apple has implemented security.

How about you?  What are you interested in seeing in today’s announcement?  Are you concerned with Apple’s security approach?

Thought Leadership Roundup - September 8, 2014

Just a few thought leadership items to share today…

IT Transformation: Five Strategies to Manage Change - The Protiviti View

Someone once said that change is the only constant in the universe.  That is even more true within the IT department.  In this article in The Protiviti View, Jim DeLoach explores several strategies IT organizations can deploy to manage change across the organization.  Below is a quick summary of the article and be sure to hit the link above to read the article.

Boardrooms are abuzz over big data; mobile applications are the order of the day; the first wave of enterprise resource planning systems is due for an upgrade. Without a doubt, information technology (IT) is in the crosshairs of change. Seems like it’s always been that way!

The pressure is on for IT departments to design, source and implement new systems incorporating all the latest bells and whistles. I offer the results of Protiviti’s 2014 IT Priorities Survey, which I have mentioned here previously, as proof of the scope of the drivers for change.

Sarbanes-Oxley Compliance: Time to Pull Your SOX Up - The Protiviti View

It’s that time of year again, I’m starting to kick-off Sarbanes-Oxley testing efforts at many of my clients.  As part of this year’s efforts, I’ve been fielding a lot of questions about COSO 2013 and how it effects SOX compliance.  Here is a quick article about how the two interrelate.

In our 2014 Sarbanes-Oxley Compliance Survey, we asked companies how far along they were in transitioning to the updated framework. A surprising number said they hadn’t made much progress. I’m hoping it was a timing issue. The framework was released in May 2013; we conducted the survey in early 2014, which may have been too early in the transition process to provide an accurate gauge as to where companies really are.

Briefing #2 - Effective IT Metrics

I’ve been having a lot of conversations recently about how IT organizations can more effectively measure the services that IT brings to the broader organization.  Effective IT Metrics are the foundation for establishing the business’ expectation of IT.  Here are three excellent articles from CIO.com that I think provide great insight into the topic.

  • IT: Don’t Let the CEO Wonder What You Do All Day (LINK)
  • 3 Strategies for How to Demonstrate IT’s Value (LINK)
  • CIOs Should Learn the Two Metrics That Matter (LINK)

In my experience, the most important thing IT should do with metrics is to understand what is meaningful to the business.  Few business executives care about IT’s percentage up-time.  They want to know how much unplanned downtime effected their resources productivity or the organization’s ability to serve its customers.  Involving business stakeholders in the IT metrics definition process allows IT organizations to articulate the meaningful metrics that can effectively inform business decisions.  This often results in improved alignment with business objectives and an increased awareness of what value the IT function delivers to the organization.

What metrics does your IT organization leverage?  Are these metrics aligned with your business’ objectives?

Thought Leadership Roundup - September 2, 2014

Welcome back from the long Labor Day weekend.  Here is a collection of recent publications that will be of interest to you:

10 Lessons in Integrating Risk Management with Strategy - The Bulletin

The importance of integrating risk into strategy-setting has become increasingly well acknowledged. When overlooked, risk becomes an afterthought to strategy and an appendage to performance management.

This article shares 10 lessons for executives and directors to keep in mind when integrating risk into the process of formulating and executing strategy.

Personally, I believe that lesson 5 (a contrarian voice is needed at a crucial moment) is one of the most important items on this list.  It is important that someone challenge the popular assessment of risk just to ensure all perspectives have been considered.

Cybercrime: The stakes have never been higher - TMCnet.com

Protiviti UK MD Ryan Rubin comments on why cybercrime is the prefect fraud for criminals in a digital economy.

A nice short article discussing how preventing and addressing cybercrime is at the top of most company’s priority lists.  Cybercrimes are much easier to commit (repeat and automate) than traditional “brick-and-mortar” crimes and companies are constantly playing catch-up.

Into the Breach: Is Your Retail Data Vulnerable? - The Protiviti View

One more cybersecurity topic today, focused on the retail industry.

Every director of a retail organization should ask themselves four basic questions:

  • Have we already been breached?
  • Would the information technology department know?
  • If we have not been breached, do we know that our systems can stand up to a targeted cyberattack?
  • Are we ready to respond?

Even if you aren’t a part of a retail organization, these questions (and our responses) will help you define an appropriate response to managing you cybersecurity exposure.

Briefing #1 - Understanding Passwords


This week, I thought it would be interesting to share some content around one of the most relatable topics in information security: the password.

Password Hashing

First, a great video from Tom Scott explaining password hashing any why it works (well enough) to protect your security (LINK):

Are Complex Passwords More Secure?

Next, Wired had a great article discussing how it ‘Turns Out Your Complex Passwords Aren’t That Much Safer.’ (LINK)  The author brings up a number of excellent points about how companies are focused on how so much of the focus has been on end users creating strong passwords while system designers and administrators then store those same passwords in a way that ultimately makes them easy to compromise.  This is an article every system administrator should read.

Managing Passwords

Finally, Tony Bradley at PC World had a article (LINK) advocating that we should all use a tool to help us remember and use passwords securely.  I personally rely on a password manager (using two factor authentication) to keep track of the unique, complex passwords I’ve created for every site.  For added security, I also use two factor authentication on the site if it is available as well.

So what do you think about passwords?  Are their days numbered or will we still be dealing with them for years to come?

Back to Top


Previous Next
Back to Top

Ask me anything

Previous Next
Back to Top

Vanity by Pixel Union