Compliance Is Not Security!

In this fascinating Nomad Futurist Podcast, Tom Brennan, the Americas Executive Director of CREST, a cybersecurity company, speaks with Nabeel Mahmood and Phil Koblence about his life as a public interest technologist.

Brennan has been intrigued by technology ever since he was a child growing up on Long Island. His early exposure to computers dates to his grandfather bringing home two Televideo TS-802H machines which he disassembled and reassembled. He began to play some of the first interactive video games and ended up working in a local computer store selling and installing Amigas, Commodores and used IBMs.

Early on, Brennan got involved in bulletin boards as a means of engaging with a wider world and joining the hacker community.

“It was a cultural underground…We’d go to Manhattan every so often and we'd catch up at the local 2600 meeting. That's where we met a lot of folks, some of whom I stay in contact with today.”

In addition to working in the digital field, Brennan served in the Marine Corps where he learned about ethics and serving a higher purpose. After a serious injury during a live fire exercise, Brennan left the army and initiated his cybersecurity career working for a private investigator which led to writing software to help with forensics investigations. He went on to gain skills working for a range of companies including the first company that developed online transactional trading as well as numerous dot com startups.

“My security background always crept in because we were building something and had to defend it, and then we were hacked, and we'd have to figure out why it happened.”

Brennan learned much of his craft on the job and his unfailing passion gave him the impetus to solve difficult challenges.

“I was and am still comfortable with looking at a really complex problem, trying to break it down to simple nuggets and then attacking those nuggets.”

As an advisor for several universities, Brennan discusses the criticality of establishing a basic syllabus for cybersecurity that addresses some prerequisite technical abilities.

“It really comes down to proof of competency. Can you demonstrate the appropriate ability to do incident response or security services or penetration testing?”

Brennan shares insights on a range of topics from cryptocurrency to the nuances between compliance and security.

“Security is not compliance. Compliance is compliance; security helps. But if you’re secure, you’re most likely going to be compliant because all the standards out there are the best practices.”

Given that the cybersecurity space is constantly evolving, Brennan emphasizes the importance of community participation where everyone can share their experiences.

“Our job is to watch out for the folks that can't watch out for themselves and in cyber that's pretty much everybody, right?”

His advice to the young:

“Go deep, enjoy what you do and try to go wide at the same time, meaning, understand what else is going on out there…and don’t be afraid to ask for help!”

Tom Brennan leads the U.S. arm of CREST International, a cybersecurity and infrastructure security agency. Brennan collaborates with government and commercial organizations on cybersecurity accreditation and advocates for industry standards. His focus is on the agency’s 16 critical infrastructure sectors, which are essential to US security, the national economy, and public health and safety. He spearheads strategic plans for CREST USA’s organizational growth and serves as an industry evangelist and educator on the importance of using accredited cybersecurity products and professionals to improve consumer privacy, security, and protections globally.

In addition, Brennan is the CIO of the national law firm Mandelbaum Barrett where he oversees critical infrastructure, privacy, and security operations. He is also a member of the Gerson Lehrman Group’s Advisory Board, a member of the County College of Morris’ Information Technology Advisory Committee, a Senior Advisor and Industry Advisory Board Member of the New Jersey Institute of Technology, and a member of the NYU Tandon School of Engineering’s Cyber Fellows Advisory Council. Brennan also has extensive experience working with OWASP (Open Web Application Security Project).