Ask Our VP of Compliance: December 2019

Due Diligence Can Be a Great Antivirus


A common, and perfectly natural question I am often asked (often at the end of the kickoff meeting), is “So if we get in compliance with these requirements, we’re safe, right?”


The answer is no. Not really.


As much as I would like to comfort these clients and tell them it’s all going to be ok, I can’t. I would be doing them a disservice, and opening my company up to unnecessary liability. Adopting, and adhering to compliance standards is merely a good beginning. The threat landscape is always evolving, and the malefactors usually have the advantage of surprise. In response, the client must always be predicting threats, and adapting to them as proactively as possible.


The client should be continually improving its cybersecurity management system and “adapt[ing] its cybersecurity practices based on previous and current cybersecurity activities, including lessons learned and predictive indicators.” (NIST v1.1) Furthermore, cybersecurity must be fully ingrained into the culture of the company. From the top on down, every employee must be not only aware of present known risks, but on the lookout for new or unknown risks. Finally, the client must leverage the vast sources of external cybersecurity information that exists, and have open communication with vendors or other companies in their supply chain to enable the implementation of proactive controls.


It is not nearly enough to hire the best cybersecurity consultants and implement a top of the line cybersecurity management system; the client must constantly be diligent, and evolving. I know this all sounds like a lot of work, but I promise it’s all very manageable.   

Keith J. Barry, Esq.
VP of Compliance

Keith J. Barry joined Digital Edge in 2013. Keith possesses a BA in Computer Science, a Juris Doctor degree from Brooklyn Law School, as well as several industry certifications including AWS Cloud Architect, CompTIA Network+, and CompTIA Server+. His career has mirrored his diverse interests, and Keith has experience on the technical side as a senior systems administrator, and on the legal/business side as an attorney and cybersecurity compliance officer.

Was this article helpful?