How to Build Cybersecurity Roadmap

As a c-level leader, a cybersecurity roadmap is essential for helping to drive progress and excellence in your cybersecurity program.

“Setting clear security objectives that align with the wider business objectives is absolutely fundamental to the success of any security function.

These objectives need to be clearly communicated via a security roadmap and should be inclusive of both the security team and the wider business as a whole. For a roadmap to be effective, it needs to be understood by business leaders within the organization, whether they have a security background or not.

It becomes very difficult for you as CISO to clearly articulate what you want to achieve, let alone get buy-in from the senior leadership team without a clear plan in place. It is also hard to communicate when something is achieved or to show the true impact and value of the cyber function without a roadmap. Continuing to show value is absolutely essential when it comes to securing future investment in the cyber security program within your organization.

The changing regulatory landscape has also become an accelerator behind why it is essential to have a roadmap in place. Smaller companies and companies across almost every industry are now required to comply in ways they have never had to before. Regulation drives actions and actions need to be adequately scoped with the appropriate resources allocated as part of a broader roadmap.”

Read more about what Jessica has to share. Click here to download How to Build Cybersecurity Roadmap published by Stott & May.

Consciously Secure Living: Privacy and Social Media


As the pandemic stared there is no doubt people connected more online, though various mediums, as a way to build community. The question that remained in regards to some platforms was “How much is to ‘too much’ information to share?”

It’s important to have an awareness of what information is important to keep private. This varies by person, but an individual’s overall understanding of long-term impact also varies by age and level of awareness. For example, the younger the person the more likely they may be willing to post more information about themselves online.

Jessica was featured in this Bustle article that covers good information any individual can consider when posting on social media. This may specifically be of interest to parents, in thinking about their children, and those who live alone.

Enjoy this article by Kaitlin Wylde.


As C-level leaders, is your team prepared to work remotely SECURELY?

The Coronavirus (COVID-19) has impacted communities, events, travel, and the economy. It’s also impacting data and cybersecurity in your business! It’s one thing for an employee to work from home two days a week. It’s another thing for ALL employees to work from home for an extended period of time. The question you have to answer as a C-level leader is whether your company can withstand remote working indefinitely AND still maintain the confidentiality, integrity, privacy and availability of data?

Here are the top three considerations for C-level leaders to NOT let the Coronavirus impact data and cybersecurity in their businesses.

1.      The Importance of a Business Continuity Plan:

  • Do you have a full Business Continuity Plan in place today? Perhaps, you have a Disaster Recovery Plan for your information systems? When was the last time that Plan was reviewed and updated? Like with cybersecurity, C-level leaders have a tendency to wait to implement these Plans until there is a pressing matter that requires them to do so. For example, a cybersecurity incident, a regulation, a natural disaster, or even a pandemic!
  • Do you have an employee who works with a company critical system that is out and not able to perform their daily functions? If that occurred who is their back up and how will your company continue to operate?
  • Taking steps now to document what challenges are occurring, to update or create your Plan, is a way to prevent these same challenges in the future. The good news is you can start today.

2.      Teleworking securely: Are we ALL actually able to do this SECURELY?

  • This is a difficult time to realize that you have a legacy finance system that makes it hard for an account payable employee to do their job while working remotely for an extended period of time.
  • How is your VPN – virtual private network? Is your team able to connect to your intranet securely? Are they able to access company or client data in the most secure way?
  • What if your employee needs to print confidential data?  How do they do that remotely?
  • Are you all communicating quickly and efficiently with the communication tools in place? For small companies a secure text may work, but what about 50+ employee organizations? Having a secure messaging system that can communicate with employees efficiently, and consistently, with the ability to receive responses is critical.
  • Authentication: Is there multi-factor authentication for ALL systems? These are all things that need to be considered and enabled.
  • BYOD – Bring Your Own Device: Are your employees working on their personal devices with confidential company documents or client data?


3.      Should we wait until this virus settles before we do more on cybersecurity?

  • There are “already” so many things to do, so why add cybersecurity or continue to execute cybersecurity best practices if it “makes our job harder?” I am sure no company will get a “pass” by a regulator or client, if they have a cyber breach and the company says “Yeah, but our employees had to work from home because of the coronavirus,” or “Did we really have to meet the deadline for the NY Department of Financial Services regulation or NY SHIELD Act during the pandemic?”  This type of thinking will only keep you in fantasyland. The truth is…this is hard, the hackers don’t stop. For C-level leaders, this is what it means to run a business in 2020 and beyond.

The sad truth is there is not a “one size fits all” approach to cybersecurity when suddenly ALL employees are working from home during an unexpected event. Though there are similarities in securing systems and data a tailored approach is needed.

As a C-level leader, you don’t want to make your Compliance leader or HR leader’s job harder than what it needs to be. Putting the team first during this time means making their job easier, which means making your job easier. Neglecting cybersecurity or data protection during this time is a recipe for failure and, other than a sick employee, the last outcome you want as a result of this pandemic is a data breach.

Jessica Robinson, CEO of PurePoint International, and works as a Virtual/Outsourced CISO to middle market business in financial services and insurance. You can reach her at


Coronavirus: Taking Care of Your Team

Wanted to send a few updates in response to the first quarantine in the NYC metro area of the coronavirus and I wanted to be sure you were included. Learn more here:

Here are some immediate next step suggestions:

  • Take inventory of who on your staff, vendors, contractors (critical business partners) that can be impacted (even by a travel commute).
  • Business continuity: If your staff works remotely for the rest of the week can all business critical process be conducted remotely and securely? (Finance, accounts payable, accounts receivable, HR, security etc.
  • Security and Privacy: Is your team able to work remotely and STILL maintain the confidentiality, integrity, privacy and availability of systems data? (Not sure – give Jessica a call and she can take you though a quick check list. 929-800–1184).

Good information shared from one of our PurePoint Community Members:

Regarding any in person meetings (no matter how critical):

  • If someone is not feeling well, it is recommended they stay home and rest.
  • Carry tissues to cough or sneeze into, and have a little “trash bag” to put those used tissues into once finished.
  • Wash hands as soon as staff arrive anywhere after traveling. Avoid touching backs of chairs and handles of doors/shopping carts, etc directly – use a tissue or sanitizing wipe before grabbing.
  • Use hand sanitizer or a sanitizing wipe to clean hands after contact with “life”.
  • Bump elbows when greeting each other.
  • Avoid touching your face.
  • If you have a mask, it’s not about filtering out the germs – the sole purpose of a mask is keeping hands away from mouth and nose.

The other “tip” is get Zinc lozenges. Take one every 2-3 hours (follow package instructions). There has been a memo from a doctor going around where he says Zinc works like a charm for blocking cold and flu viruses, including the corona virus.

The last piece I’d like to share are thoughts  known to help our bodies strengthen its immune system and create an optimized environment in the body so it can do its job:

  • Double up on your nutritional regimen (of course, consult a nutritional/wellness practitioner about double dosing protocol on each item you take).
  • Take an option to lessen alcohol intake for the month of March for extra support to your immune system.
  • Get an ideal night’s sleep. It’s that simple.
  • What we focus on expands. Health and mind-state are linked. Our job is to keep our mind free of fear. Fear suppresses our immune system. So the practice is this: if you catch team/staff dwelling on fear (disappointment/upset/breakdown), as leaders help shift the focus to what is working great, what is amazing, by focusing your attention on gratitude or what’s going well (I.e., thankful our team is healthy).
  • Eat a clean diet – at least for the month of March! (Then go back to your favorite processed foods.) Wherever we can, try cutting out processed foods. We are brilliant machines designed to override invasion to the body. Optimizing our well being makes a difference.

We are here to serve you. Please let me know if you have any questions.

Jessica Robinson, CEO of PurePoint International, and works as a Virtual/Outsourced CISO to middle market business in financial services and insurance. You can reach her at