Effective Solutions Through Partnership

Category Archives: Conferences

Understanding IT Security and Cybersecurity Laws

Conferences, Cyber Security, Data Privacy, Government, Information Security, Information Technology, IT Security, National Cyber Security Awareness Month, Public Sector, Ransomware, Sacramento, Technology

By Jamal Hartenstein, JD, CISSP, CGEIT, PMP

(ISC)², a leading cybersecurity and IT security professional organization, is holding their annual Security Congress event in Orlando in a few months. At the conference, I will be presenting a panel called “Behind the Text: Laws on Data Privacy, Consumer Rights and Cybersecurity, Deconstructed.” Today I am sharing a little bit of insight into what I will delve further into at the (ISC)² event.

Data privacy and cybersecurity laws shape many aspects of an organization, from influencing the operational decisions an organization makes to the way IT security professionals do their jobs.

The purpose of data privacy laws is to provide regulatory compliance measures to protect personal data—depending on the industry, this could be the data of consumers, customers, private citizens, or others. Typically, the laws align with IT security frameworks (often created by academics or other experts) and companies write their data privacy policies to comply with laws and adhere to frameworks.

But, what’s missing? When you deconstruct the text of the laws that govern an organization’s industry—think private sector financial, health insurance, banking, etc.—you may find loopholes or obligations you didn’t know existed. Organizations can save themselves a lot of time and money by understanding the scope of their legal obligations.

Legislation is increasingly shaping the IT security professional’s field. Some laws that currently govern IT security have been on the books for 100+ years, but only recently have been interpreted to cover data privacy and cybersecurity violations. These changing legal interpretations, along with the new laws being put on the books, means that there’s a level of legal understanding that can be daunting for organizations and the security professionals they employ. Collectively, we need to dissect the wording used in the popular data privacy and cybersecurity laws and break it down so IT professionals can truly understand what we’re working with.

As an IT Security professional, I understand the threats, technology, and strategies to mitigate threats. Having a legal background makes it easier for me to understand laws that determine exposure to compliance obligations and laws that influence how I develop strategies. For example, when organizations comply with a deletion request, or “the right to be forgotten” (aka: of your own personal data records held with an organization), this can be an expensive process, especially if the data is on offsite backups and housed with third party data processors. But the law is particularly tricky with explanations on why, how, and when an organization must process a deletion request, or even if the request must be performed at all. Consequently, a lot of time and money can be saved if IT Security professionals understand the text of the laws.

Interested in learning more? During my discussion at the (ISC)² Security Congress, we’ll cover the following:

  • Identifying loopholes in laws. For example, whether you must comply with a consumer’s request to be “forgotten”/deleted.
  • Identifying widely unknown obligations. For example, the requirement to appoint an EU Representative under GDPR, distinguished from the DPO.
  • Understanding the rights of the consumers regarding data privacy provisions and IT security obligations.
  • Understanding factors used to determine whether you must comply with data privacy and cybersecurity laws…and to what extent.

Want to find out how to deconstruct and understand security law? Attend my panel at the (ISC)² Security Congress in October—I hope you see you there!

About the Author: IT Security Program Manager at KAI Partners, Jamal Hartenstein is a cybersecurity legal expert who has helped some of the country’s largest financial institutions, healthcare companies, and federal agencies develop their IT Security Roadmap programs. In his current role, Jamal provides guidance to executive staff and security professionals on laws, frameworks, and policies that help shape their strategic plan, and helps organizations innovate safely and securely. Prior to working for KAI Partners, Jamal served as an Electronic Warfare Sergeant in the U.S. Army Military Intelligence Corps, where he was a steward for Defense Information Systems Agency (DISA) framework. He earned his undergraduate degree from Georgia Military College and his Juris Doctorate from University of the Pacific, McGeorge School of Law in California.

Building a Business Community in Sacramento

Community Service, Conferences, Entrepreneurship, Event Recap, Innovation, Public Sector, Sacramento, Sacramento Metro Chamber, Small Business, Startup Company, Technology

Photo Credit: Sacramento Business Journal

By Lucie-Anne Radimsky, CSPO

KAI Partners is a community of diverse and talented individuals who believe in the value of service. We actively engage with our clients to find solutions that meet their goals and objectives. As a local small business, we are also involved in the Sacramento business community.

We recently attended business events hosted by the Sacramento Metro Chamber and the Sacramento Business Journal. We gathered alongside other local businesses at two unique and important events helping to raise the profile of doing business in the Sacramento region and celebrating local businesses’ successes.

It is truly mind-blowing what transpires in a room filled with people from disparate groups who enter quietly…and who are then asked to engage and lean into conversations that ultimately unite them. Not only does the volume seem to exponentially rise, but the feeling of hope and potential seems to take hold, permeating the room and the bloodstreams of those in attendance.

Competitors become partners, strangers become friends, and dreams become reality.

KAI Partners attended a members’ meeting at the Metro Chamber, which gathers local business representatives to reconnect with the Chamber and allows them to engage with other local business members and those looking to join. We participated in a group activity which sought to better understand the why regarding membership in the Chamber. The results are below, and I don’t think you’ll be surprised by the answers:

Most everyone in the room seemed to be searching for a more personal connection to others in the community—they wanted to be part of something bigger than themselves and realized that in order to benefit from this important resource, they needed to actively engage.

The Fastest Growing Companies event, sponsored by the Sacramento Business Journal, was slightly more glamorous and involved a sit-down lunch, but it too was built on community and focused on raising awareness around the success that many businesses—50 to be exact—are experiencing in the region.

It is interesting to note that the combined revenue generation of the top 50 companies exceeds $500 million—an accomplishment that we can all get behind considering these are mainly small- to medium-sized businesses.

This event was a reminder that we can all be successful. In the words of Bret Fair of 360 Risk Partners, one of the companies highlighted at the event, “Focus on what you do best and do it so well that people start to talk about you.”

On that note, let’s all get back to work and do what we do best—and let’s act on that. Did you attend either the Metro Chamber or Sacramento Business Journal events? What were your key takeaways?

About the Author: Lucie-Anne has over 15 years’ experience in communications and business development in the U.S. and Europe, on behalf of start-ups and non-profits. She has represented clients within the technology, energy, and telecommunications sectors to government agencies, press, and industry analysts throughout the world. Lucie-Anne has both American and E.U. citizenship. She is fluent in English and French. Lucie-Anne is an active community volunteer and has served on numerous non-profit boards and led alumni groups in Paris, Washington D.C., and San Francisco. She holds a B.A. in Economics from the University of California, Irvine. She currently resides in Sacramento with her Brazilian husband and two boys.

Sacramento’s Impact Global Venture Summit recap

Conferences, Event Recap, Information Technology, Innovation, Innovation in the Public Sector, Internet of Things, IT Modernization, KAI Partners, Learning, Non-profit, Public Sector, Sacramento, Startup Company, Technology, The WorkShop


Photo credit: Impact Venture Capital

By Terry Daffin (PMP), Shyanne Long (CSM), and Lucie-Anne Radimsky (CSPO)

KAI Partners was in full force at Impact Venture Capital’s recent Impact Global Venture Summit!

Our organization thrives on innovation and partnership, so the summit was a great opportunity to meet with local entrepreneurs, businesses, and funders of next generation technology in Sacramento.

While the idea of “global” attached event in Sacramento might raise some eyebrows, we can assure you that the event lived up to its geographic expectations—we met with people from over 20 different countries who are currently living and innovating in the Sacramento area.

The innovative organizations in attendance at the summit represented industries such as agriculture, construction, IoT, VR products for the military, Blockchain, education, and entertainment.

What Sacramento may lack in density, we make up for in diversity, which is critical to long-term growth and success of any organization and/or region. The Impact Global Venture Summit was a good reminder that although Sacramento has always been top of mind due to its proximity to political power as the State’s capital, its popularity is starting to grow.

Rising costs in the Bay Area; our region’s thriving healthcare, construction, and agriculture sectors; the proximity to research institutions; and a skilled workforce and space spurring a resurgence of manufacturing all play an important role in attracting entrepreneurs and businesses from around the world.

Take for example autonomous vehicles, which is a priority for the Sacramento Urban Technology Lab, led by Louis Stewart of the City of Sacramento. Mr. Stewart presented this concept at the summit and discussed the initiative’s far-reaching implications in terms of raising our profile globally to Asia and Europe, including work-study visits to Germany and discussing with China the possibility of a training university co-locating in our region. Louis was joined by the CEO of SMUD, who have announced they will contribute $15 million toward the creation of a California Mobility Center, which will play a pivotal role in redefining SMUD’s future beyond selling electrons.

This topic was reiterated by Jan Geldmacher of Sprint, who discussed the rising importance of networks supporting the technologies of the future through 5G. He detailed Sprint’s latest project, self-driving robotic charging stations, which will service parked cars in heavily dense urban areas where static charging stations are uncommon.

It was empowering to have strong businesswomen in attendance and speaking on panels. During the “Women in Tech” panel, it was noted that in the future, there will not need to be a separate segment and panel just for women. Hopefully, it will be a given that women will not only be included, but also ingrained in technology, innovation, and all things business related. One panelist who stood out was Brissa Quiroz, the Director of the Valley Industry Partnership (VIP) Program at Fresno State University. With a PhD in Environmental Science and Engineering, Ms. Quiroz expressed her passion for fostering students interests in STEM programs, especially those who come from low income and minority groups. Ms. Quiroz made it clear that she hopes to get more girls into STEM programs and keep their interest thriving.

The event also included Epic Office Hours for current and future startup founders to ask questions and receive advice from some of the area’s most successful founders and investors on what it takes to succeed in this new ecosystem of innovation and disruption.

KAI Partners was pleased to be one of over 1,000 attendees enjoying this premiere event supporting entrepreneurship and innovation in the Sacramento region. Did you attend the Impact Global Venture Summit? What were you most excited to learn?

About the Authors: Terry Daffin is the Community Manager of KAI Partners’ coworking and collaboration space, The WorkShop Sacramento. Lucie-Anne Radimsky KAI Partners’ Business Development Lead, covering all divisions of KAI Partners, including training and managed IT services. Shyanne Long is an Associate Business Analyst supporting business intelligence and research.

Sacramento ARMA Records Knowledge Conference Event Recap

Conferences, Cyber Security, Data Management, Government, Information Security, Information Technology, Innovation in the Public Sector, IT Modernization, IT Security, KAI Partners, Public Sector, Ransomware, Risk Assessment, Sacramento, Technology

By Jamal Hartenstein, JD, CISSP, CGEIT, PMP

The Greater Sacramento Capitol Chapter of ARMA recently held its annual Records Knowledge Conference, which brought together records managers from city, county, and state clerk offices.

According to our local ARMA chapter, ARMA is dedicated to providing education and resources to those in the Records Management and Information Governance fields. They are committed to enhancing Records Management and Information Governance professionals through training, networking, leadership, and outreach.

The conference attendees brought a sense of eagerness to learn and share—ARMA chapter leadership gave event attendees a special opportunity to hear from world-class speakers—including and a lead researcher on the IBM Watson project, Dr. Ashish Kundu—on some of the most important and cutting-edge topics.

Along with a formidable group CEOs, I was honored to be asked to speak about Cybersecurity Threats to Information Governance. Highlights of the event and major takeaways included:

  • Understanding what data you have, who accesses it, and where it goes is paramount.
  • Conflicts among document retention policies, industry best practices, and laws suggest that we seek out and use the highest common denominator.
  • Trending topics and buzzwords the government sector include players like Smart Communities, Artificial Intelligence (AI), Digital ID, Blockchain, NIST, and the KAI Partners approach to security assessments.
  • Data Migrations are underway. Records Managers who respond to Freedom of Information Act (FOIA) requests for public records or subpoena must deliver records formats adhering to general business practices, which may be legacy.
  • Regarding Third Party Risk Management (TPRM), cloud services, and Business Associate Agreements, liability points back to the data controller regardless of contracts with data processors or third parties.
  • Mobile device management and data/device ownership remain a point of contention and confusion during public record requests.
  • Innovation is forcing a cultural shift in workforce demands and understandings of emerging technologies.
  • Artificial Intelligence (AI) solutions can be used to categorize and classify data, performing some of the tasks of current Data Custodians and Data Owners.
  • While AI may not replace Records Managers, Records Managers who understand and embrace AI will inevitably replace those who do not.

Public sector IT innovation and modernization means systems and processes change rapidly. One example of this is California Assembly Bill 2658, recently signed into law by the governor. This new law updates the definition of an Electronic Record to include blockchain and smart contracts as legally recognized records. It sends a clear signal that digital records management, particularly blockchain technology and smart contracts, are priorities for a more innovative and dynamic public sector.

This new law impacts public records requests because entries logged in public agency-owned private blockchains are electronic records. These records are susceptible to the Freedom of Information Act (FOIA). Records Managers may benefit from technology that makes the identification and delivery of public records to requestors easier. It may also create convenience for those exercising Public Records Act (PRA) requests. It’s a double-edged sword; it streamlines the processes but increases PRA volume at the same time.

The discussion of the California blockchain law was one most important topics discussed at the ARMA event. Another popular topic was IT Security Assessments.

The urgency in public sector data governance and records management is an incredible opportunity to embed IT security controls for the public sector personnel working at the heart of the ever-expanding challenges.

KAI Partners performs security assessments to address the multitude of challenges facing the public sector. Our assessments help ensure secure and efficient delivery systems where the organizational objectives align with the development of strategic plans and programs. In addition, KAI Partners’ training division—KAIP Academy—works to address technical skills gaps. Our training courses include ITIL, Project Management, Agile/Scrum, and more.

Were you at the ARMA Conference? What were your biggest takeaways about public sector innovation?

About the Author: IT Security Program Manager at KAI Partners, Jamal Hartenstein is a cybersecurity legal expert who has helped some of the country’s largest financial institutions, healthcare companies, and federal agencies develop their IT Security Roadmap programs. In his current role, Jamal provides guidance to executive staff and security professionals on laws, frameworks, and policies that help shape their strategic plan, and helps organizations innovate safely and securely. Prior to working for KAI Partners, Jamal served as an Electronic Warfare Sergeant in the U.S. Army Military Intelligence Corps, where he was a steward for Defense Information Systems Agency (DISA) framework. He earned his undergraduate degree from Georgia Military College and his Juris Doctorate from University of the Pacific, McGeorge School of Law in California.

What IF Conference Recap

Alpen Technology Group, Community Service, Conferences, Event Recap, Healthcare, Information Security, Information Technology, Sacramento, Sacramento Steps Forward, Systems Engineer, Technology, WEAVE, What IF Conference


Photo Credit: Impact Foundry/What IF Conference

By David Baker, CSM

I recently attended the What IF Conference along with a KAI Partners colleague. This event was sponsored by the Impact Foundry and took place at the McClellan Conference Center.

The sold-out event brought together non-profits and service providers from across the region to network and share best practices.

This year’s theme focused on creating sustainable community change, which demands increased collaboration across the non-profit community and increased investment by funders.

Dan Pallotta, a renowned public speaker whose TED Talk is the most viewed in the history of the series, served as Keynote. His presentation brought to light the hypocrisy of society’s expectations of non-profits’ effectiveness and impact while limiting their ability to fundraise, increase overhead costs in order to scale, and attract talent by offering competitive salaries not common in the corporate world (where salaries are inflated and impact is questionable).

As an IT Professional who provides Managed IT Services to small businesses and non-profit organizations, it was interesting to me to learn that IT is low on the priority list of non-profits and yet can yield the most value and ROI.

The What IF Conference provided an excellent opportunity to meet non-profit leaders and discuss the benefits of IT and how it can help them meet their goals. For example, a smooth-running IT infrastructure can help non-profits serve the community faster and more efficiently by:

  • Establishing network uptime, so clients can always reach you;
  • Keeping computers updated with the latest Microsoft patches so employees don’t lose productivity due to a slow computer; and
  • Increasing network security to prevent network breaches or virus attacks.

One panel that focused on the value of IT was Mini City, a start-up based in Atlanta, Georgia, that provides a platform dedicated to serving the homeless population in the area.

Mini City is technology-driven and is a great example of how technology can help non-profits and their customers. To date, Mini City has secured 500 Near Field Communication-enabled wristbands. Like Fitbit, this is wearable technology and serves as an identification tool for homeless residents and a connection to services at no charge to them. I thought it was awesome to see how technology is used to help the homeless.

In our local region, KAI Partners staff have participated in the Sacramento Steps Forward Homeless Point-In-Time (PIT) counts, which helped gain a better understanding of the structure and data recuperated during an event like the PIT count. We also support key healthcare services through our work with healthcare-focused state agencies, and support non-profits like WEAVE to be more productive and effectively serve their community through our managed IT and consulting services.

KAI Partners strives to support systems with our IT and consulting services so that we can assure our vulnerable communities are getting the most from the talented non-profit staff who work tirelessly to provide services to them.

About the Author: Mr. Baker has 11 years of experience in IT ranging from help desk to network/systems engineer and working with different technologies such as Cisco, SonicWALL, Dell, VMware, and Microsoft. Mr. Baker currently works for KAI Partners as a Systems Engineer, helping clients meet their IT needs. For fun, Mr. Baker enjoys enjoy BBQing, photography, and fitness.

next page »