The SEC’s enforcement action against Solar Winds and its Chief Information Security Officer Tim Brown is one data point in a trend of regulators putting their sights directly on information security and technology executives. It follows on the DOJ’s prosecution and conviction of Joe Sullivan, Uber’s former Chief Security Officer, and the FTC’s consent decree against Drizly’s Chief Executive Officer James Cory Rellas. The landscape is changing fast – and there’s even more happening behind the scenes. Security professionals need to understand:

– What key regulators are currently focused on and how they are identifying potential targets for further investigations (e.g., sweeps, notice letters, informal inquiries, etc.)
– Regulatory changes by prominent regulatory agencies (e.g., SEC, FTC, NYDFS) and what these represent
– Steps that information security professionals should consider taking now, to stay ahead of the regulators and protect themselves