In today’s interconnected digital landscape, where hacks and data breaches make weekly headline news, the importance of a robust cybersecurity strategy cannot be overstated. In Connamara’s 25+ years, we’ve always handled customer data scrupulously to protect our clients from being susceptible to the worst attacks. Of course, our team understands that as technology evolves, so do the methods employed by malicious actors seeking to exploit vulnerabilities and compromise sensitive information.
Connamara is dedicating more resources and time than ever to our commitment to an active security program with provable trust criteria . As Chief Information Security Officer, I want to delve into how our team devised safeguards, achieved SOC 2 Type II certification, prioritized governance risk compliance, and continues to maintain stringent security measures. By sharing my insights and knowledge in the growing regulatory space, I aim to empower fellow organizations looking to strengthen their security posture and build trust among prospective clients.
My Pathway To Becoming Connamara’s First CISO
I joined Connamara in 2007 as an Agile Project Lead. Following many successful customer projects, I was added to the executive team. I completed my Master of Science in Information Systems from DePaul University in 2002, which laid the foundation for my dedication to cybersecurity.
Connamara grew, and so did I. As I watched several competitor companies fall prey to malicious cyber attacks and breaches costing trillions of dollars annually, my focus shifted to an urgency to protect the company and clients I cared deeply about. With Connamara’s resounding support and the encouragement of CEO Jim Downs, I returned to academia and attended a cybersecurity bootcamp through Northwestern University. I am excited to complete my Security+ CISO Certification at CompTIA (Computing Technology Industry Association) in Fall 2023.
Foundations
Before Connamara received our SOC 2 certification (more on that in a minute), our team always enacted stringent security measures. For over twenty five years, the highest standards for client confidentiality and respect for information security have been at the heart of Connamara’s DNA for delivering complex software engineering projects in the capital markets industry.
Connamara encrypts all data for our customers’ applications at rest and in transit. We regularly engage some of the industry’s best application security experts for third-party penetration and vulnerability tests to evaluate the source code of applications and the deployed environments.
We also use high-quality static analysis tooling to secure our product at every step of the development process.
For Connamara’s infrastructure security, we use Amazon Web Services (AWS), utilizing security features within AWS, such as IAM, GuardDuty, and Inspector. Google Cloud Platform has identical tools, which we also leverage. Connamara Systems partners with other third-party vendors to continue our commitment to customer needs and ever-changing global regulations.
And, our Connamara Agile methodology extends not just to software development but to our security philosophy. By responding to the changing compliance and information security requirements of our clients and the industry, we have created a culture of innovation and continuous improvement.
A Demonstrable, Accountable Commitment To Safety
In recent years, Connamara has been honored to collaborate with global, large-scale technology companies. And with great power comes great responsibility. We acknowledge that vendors, big and small, needed assurances beyond our company’s personal adherence to cybersecurity risk mitigation.
Wanting to take our compliance to the next level, we prioritized achieving a SOC 2 (System and Organization Controls 2) Type II report created by the American Institute of Certified Public Accountants (AICPA).
Throughout the three-month audit, our team was educated in the Trust Service Criteria (TSC) of security, privacy, confidentiality, processing integrity, and availability. We collaborated with Vanta for continuous improvement and Johanson Group for our formal certification. One of the most gratifying moments of Connamara’s audit was when I learned auditors had found no exceptions (deficiencies in control designs or operating effectiveness) to any of our TSCs. This distinction is something many companies struggle with, and we were pleased we had passed with flying colors.
In January 2023, Connamara announced our completion of SOC 2 Type II certification, achieving this distinction after carefully reviewing our policies, practices, and systems and subjecting them to an outside audit for compliance.
With these tools in place, Connamara has strengthened our access control by following a policy of least privilege, focusing our efforts on constant monitoring of infrastructure, and building systems for incident response and business continuity.
SOC 2’s Clear Advantage
Besides enhancing security measures and mitigating our and our client’s risk of data breaches, SOC 2 has formalized an ingrained culture of safety and privacy at Connamara. From the moment a prospective team member is interviewed, cybersecurity is instilled as a foundational company value. As a team, we regularly have data protection and safety lunch & learns to get Connamarians up to speed on the latest measures we are taking in the name of compliance. Our employees also are required to take annual security review courses.
SOC 2’s universality has also enhanced our relationship with potential clients. The certification standard gets IT managers, CEOs, and developers to speak a shared language regarding cybersecurity.
Connamara has saved our clients time and money by focusing our energies on cybersecurity and enhancing protections for our most valuable assets. Armed with Vanta, we are constantly learning and keeping up to date on the latest threats to fortify our resources.
