You are Doing Cloud Vendor Assessments Wrong

July 25, 2018 | John McLeod
John McLeod

John McLeod


John is the CISO at AlienVault, responsible for cyber security in the enterprise and our products. John is a former Air Force Special Agent with over 20 years of experience in information security including but not limited to criminal, counter-intelligence, fraud and computer crime investigations. Prior to joining Alienvault, he served as the Director of Information security for National Oilwell Varco. His experience includes management roles for Halliburton, Mandiant, Guidance Software, and Mantech International. The US Intelligence community recognized him for his work in steganography. As a consultant, he responded to some of the highly publicized cyber-attacks, including: Moonlight Maze, Titian Rain, Night Dragon, TJX and Operation Aurora. He holds a B.S. in Information Systems Management from the University of Maryland University College, and M.S. in Network Security from Capitol College in Maryland. Additionally, he is a Certified Information Systems Security Professional (CISSP).

July 25, 2018 | John McLeod

You are Doing Cloud Vendor Assessments Wrong

I’m a firm believer in “trust but verify” and I’m just going to come out and say it, most security professionals are conducting 3rd party assessments wrong. I’m in a unique spot where I’m on both sides of the fence: we conduct vendor assessments and we fill out questionnaires required…

May 30, 2018 | John McLeod

USM Anywhere is GDPR Ready

I am pleased to announce that USM Anywhere and USM Central comply with the European Union General Data Protection Regulation (GDPR), as successfully assessed by a third party. This means that AlienVault customers can be assured of a solution that not only helps to accelerate their own GDPR efforts but also fully meets the standards of data processors as required…

May 23, 2018 | John McLeod

A CISO Perspective on GDPR

There’s much talk about the General Data Privacy Regulation (GDPR) taking effect on May 25 and its impact on US companies with European operations. As more and more information has been collected electronically over the years, it’s become necessary to mandate that companies better protect this information from being breached. With this mandate, the days of collecting…

March 6, 2018 | John McLeod

AlienVault USM Anywhere ISMS is Now Certified to ISO 27001:2013

I’m pleased to announce that AlienVault’s USM Anywhere Information Security Management System (ISMS) is certified to ISO 27001:2013 by an accredited certification body. This certification underscores our commitment to providing effective threat detection and rapid incident response capabilities in a secure cloud environment. Our certification process was led by Coalfire ISO, Inc., an ISO/IEC 27001 Certification Body…

September 19, 2017 | John McLeod

AlienVault Achieves Compliance for PCI DSS, HIPAA, SOC 2

There’s a phrase we’ve been using a lot lately at AlienVault about eating your own dog food. Kind of weird, I know. But, what that means in the world of a product company is to use your own product to test and prove the value of that product. Six months ago, when AlienVault decided to pursue…

March 3, 2017 | John McLeod

CISO Perspective on RSA 2017 - Top 10 Takeaways

RSA conference 2017 is over and a ton of roundups are being written, so here's mine. As expected, the hottest security topics and vendors were related to IoT and the cloud. Additionally, Threat intelligence and SOCs were the subject of conservation with many vendors on the floor. Below are my top 10 key takeaways: 1. CSA Summit: The Summit was the day before…

February 6, 2017 | John McLeod

Training for the Breach

Investigating breaches can be a bit overwhelming and very intimidating for teams that are not prepared. Your incident response (IR) plan should be written so that any of your team members can pick it up and understand going from daily incidents to investigating a major breach. I’ll write more on the IR plan on a later post. Between…