Do not condone or otherwise permit “EKG” security controls.

Everyone has likely seen an electrocardiogram (EKG) or heart rate monitor. Generally, everything appears to be normal and in rhythm until excitement or pain is introduced which makes the measurement line spike or indicate an abnormality.  A cybersecurity program has the potential to perform the same way if it is not properly managed: everything may appear to be running steadily for eleven months of the year until you are notified of an upcoming exam, audit, or other control assessment.

The excitement or pain introduced can make your cybersecurity program heartbeat spike, where seemingly half of the organization begins scrambling to produce artifacts, figure out the questions that will be asked, or even kick off a full-blown project to manage your responses. This behavior has an impact on the daily operations of your organization, the support provided to your customers, and may even delay other ongoing projects. If this sounds familiar, you should stop this vicious cycle.

Managing an effective cybersecurity program is not something that should be done once a year. Producing artifacts or supporting evidence for potentially hundreds of controls in a very short period of time is almost impossible to do with accuracy. Your program should be in place to protect your organization from risks, not to have acceptable results on an assessment or audit report. This will require some work, but it is easily achievable with an appropriate plan that can be managed for you by a trusted cybersecurity partner.

Contact Vistrada to learn how our vCISO services can keep your cybersecurity program running smoothly every day of the year.

About Vistrada

Vistrada is a business, technology and management services firm dedicated to helping clients plan, design and implement initiatives supporting business transformation, integrated risk management, cybersecurity and managed services. Vistrada provides seasoned expertise with a flexible team structure allowing agility and responsiveness to our client’s evolving needs. This ensures deploying the right team during a client’s journey to optimize their investment.

Vistrada’s vCISO offering takes a holistic view of cybersecurity allowing you to assess your risks and determine the appropriate mitigation strategies for your business. Vistrada helps identify and implement the right level of security support and service to ensure protection and compliance in a rapidly changing cyber environment. Vistrada also engages with clients for point of need cybersecurity services through our full suite of services.

Learn more at

Contact us via email at

about author


Bryon is a tenured CISO, cybersecurity professional, and GRC thought leader with over 25 years of experience. He has designed, implemented, and driven the maturation of comprehensive security programs across the globe that enable organizations to exceed internal goals and achieve continuous compliance with external requirements.

Bryon’s finance, energy, healthcare, e-commerce, government, and other industry experience includes managing all facets of security programs including the implementation of control frameworks, security assessments, policies and procedures, incident response, IT risk management, identity & access management, cybersecurity technologies, business continuity, vendor due diligence, security awareness training, and compliance audits. He is also passionate about leading and mentoring security team personnel at all stages of their careers to help develop tomorrow’s security leaders.

Working with other executives as a trusted partner, Bryon collaborates to define corporate tactical and strategic plans that support successful programs by balancing internal, contractual, and regulatory requirements with business operations.