Jason Miller

Article Dean Dorton

As enterprise cybersecurity awareness continues to evolve, so do the layers of protection any business or nonprofit organization needs to have in order to protect themselves. From user awareness training to vendor management, Dean Dorton Technology’s new cybersecurity team helps clients regularly diagnose, manage and mitigate their cybersecurity risks.

Dean Dorton Technology’s team provides holistic solutions that can be scaled from small nonprofit organizations to large public companies. Not sure where to start or struggling to hire and retain information security professionals? Dean Dorton Technology now has the team to provide your own outsourced Information Security Office.

Gui Cozzi joins Dean Dorton Technology with more than 20 years of experience in cybersecurity and successfully implements pragmatic and risk based security programs to meet compliance with organizations’ security requirements. Gui leads a team responsible for delivering enterprise cybersecurity services and personally specializes in information security program development, implementation, and assessment. His work is focused on positioning organizations to successfully identify and manage their information security risks.

Prior to joining Dean Dorton, Gui served in various Information Security leadership roles including implementing the Security Risk Management program for one of the nation’s largest health systems, leading teams of cybersecurity consultants, and serving as Chief Information Security Officers for organizations in various industries.

“We are thrilled to have Gui Cozzi on our team. As cyberattacks become an everyday occurrence, it is essential organizations adapt their cyber-governance programs and take proactive steps to ensure they are compliant and protected across the board,” says Jason Miller, Director of Business Consulting Services. “Many security controls and systems are behind the scenes and until they are comprised organizations may not know if they are providing the level of protection they expect and at that point too much damage has already occurred. Our Information Security Office program, led by Gui, offers peace of mind to clients that their cybersecurity programs are effective across the board.Learn More About our Cybersecurity ServicesDean Dorton Technology brings every aspect of cybersecurity programs in one place with a variety of features, products, and services that complement each other and deliver multiple, key layers of cybersecurity including:

  • Virtual Information Security Office
    • Security Risk Assessments
    • Security Policies and Procedures
    • Security Awareness Program
    • Technical Security Solutions
    • Incident Response
    • Security Reporting
  • Cybersecurity Assessment Services
    • External/Internal Security Assessments
    • Adversarial Threat Simulation (Pen testing)
    • Application Security Assessments
    • Cloud Security Reviews
    • Mobile Device Security Reviews

Beyond the technology and the platform capabilities, Dean Dorton’s cybersecurity team reviews and analyzes any testing results and assessments, effectively adding another layer of analysis (and protection) to determine the maturity of your organization’s cybersecurity program and procedures. Dean Dorton then designs, implements, and can help clients maintain their comprehensive line of security program services, tailored to clients’ needs.

“We are thrilled to have Gui Cozzi on our team. As cyberattacks become an everyday occurrence, it is essential organizations adapt their cyber-governance programs and take proactive steps to ensure they are compliant and protected across the board.”

Jason Miller, Director of Business Consulting Services

Article Dean Dorton

By: Jason Miller

“Cybersecurity” has become a buzzword over the last couple of years, especially with more cybersecurity attacks against large companies or corporations that are recognizable by name, but have you really taken the time to sit down and assess your organization’s IT security position?

Many organizations quickly punt the topic of cybersecurity to the IT department. While IT plays a huge role in cybersecurity, it is the responsibility of those charged with organization governance to ensure compliance. Board members and senior leadership should be asking the questions and confirming that the organization is devoting the proper resources and attention to cybersecurity.

“One and done” doesn’t work here

It is critical to understand that cybersecurity is not a one-time project. It is a continual evolution and initiative.

Leadership needs to also recognize there can be substantial costs associated with cybersecurity activities and for some organizations such as colleges and universities, they are not optional. Across the public and private sectors, it is imperative that organizations continue to enhance cybersecurity in order to meet evolving threats to controlled unclassified information and challenges to the security of such organizations.

With the ongoing focus on your organization’s bottom line, it might be tempting to defer projects related to cybersecurity to reduce budgets. However, doing so could put your organization in a position where you are not prepared, or even worse, in noncompliance with certain regulations specific to your industry. Cutting corners on cybersecurity compliance could wind up costing your business more in the end.

The “I’m covered already” approach

When evaluating your cybersecurity preparedness, there are several factors to consider. Let’s take a step back – right now, your priority is your business. You’re buying new technology, investing in new infrastructure and most likely trying to adapt to changing business models like cloud. It’s all good work but it takes time and effort.

Hackers desperately want access to your customer data, employee data, or intellectual property because it’s worth a lot. A single theft could cost your company severe financial damage. And sometimes, in the case of ransomware, all they have to do is lock it down and force you to pay to get it back as you’ve heard about in some of the latest attacks.

Why do you hear terms like “dynamic threat landscape” these days? Because you aren’t facing a group of hacktivists in a basement anymore – you are now facing professionals with a lot to gain.

Your business and the threat landscape around you are ever changing.  It is imperative that your organization conducts an annual cyber risk assessment. This allows the entire organization to consider current and future risks and put forth a plan to mitigate the identified risks.

Some businesses will run out and acquire every new solution they hear about for protecting their organization against cyber risks. While having a multi-layered approach to cybersecurity is important, it is also equally important to have an organized approach and to use tools that are designed to work together.  If your solution is designed properly, you could end up with what we call the security effectiveness gap. As you add more solutions that don’t work together, the complexity exponentially increases. So, every time you add another solution or another vendor, you add another gap – another vulnerability.

A robust cybersecurity solution will:

  1. Stop threats at the edge
  2. Protect users where they work (especially when team members are working remotely or on a personal device)
  3. Find and contain problems fast
  4. Control who gets on your network and from where
  5. Simplify network segmentation
  6. Provide compressive monitoring and detection

…But I have cyber security insurance

That insurance probably doesn’t cover anywhere near what you think it does. Should you invest in cybersecurity insurance? That’s a topic for a different day.

Your business, no matter what size or type, needs to be prepared to handle a cyberattack at a moment’s notice. It is important to work with credentialed professionals with cybersecurity expertise and experience to help you maximize your investment and make sure you have all the appropriate measures in place to keep hackers at bay.

Learn more about Dean Dorton’s cyber security services and solutions for your organization.

As originally featured in Louisville’s Business First

Article Dean Dorton

Dean Dorton has been engaged by two physician owned hospitals with focuses on surgical procedures. Our project is to evaluate their business needs as it relates to electronic health record (EHR) systems and facilitate the evaluation, selection, contracting, and implementation of a new EHR solution. We are currently underway with the requirements definition phase of the project.

Where do you fit in? First, we would appreciate your time in filling out a very brief survey related to your existing EHR solution. The information gathered will help us determine the best possible direction and hopefully help assist us in avoiding any lessons that you may have learned the hard way.

Second, if you have found yourself in the same position as our clients (using an EHR that is not meeting Meaningful Use requirements or an EHR that has been purchased by another company and is expected to be retired), would you be interested in joining the project to explore and identify the best possible solution to meet your organization’s needs? We are planning to move both clients forward together or separately, if necessary. If a common solution can be identified, our goal is to use the combined size of the clients as price and contract negotiation leverage. Ideally, this approach will allow each client to have options that may otherwise be cost and resource prohibitive. We would be glad to include your organization in this process.

Click the button below to complete our physician owned hospital EHR survey by Friday, June 3.Take the Survey by June 3

Thank you very much for your time and consideration. Any feedback you can share will be invaluable to us in our project. For those completing the survey, we will plan to share the results with all survey participants.

Feel free to contact Jason Miller, Director of Technology Consulting, at jmiller@ddaftech.com with any questions.

View Jason Miller’s Bio

Article Dean Dorton

Today your business relies on email and web more than ever. As the use of email and web increases, so does the number of advanced threats targeted at infecting users through these critical channels. An advanced email and web security strategy is critical to maintain business operations and protect your organization’s business-sensitive data.Watch this short video on Cisco email and web security solutions to learn about:

  • The current email and web threat landscape
  • Why traditional security solutions are falling short
  • What you need to protect your organization
  • How Cisco email and web security can help

Watch NowUpcoming Events

Join us this spring as we discuss comprehensive business network security topics including Cisco’s Advanced Malware Protection suite of products that provides a solution to secure your infrastructure before, during, and after a malware attack. We highly encourage company chief financial officers, chief operating officers, and chief information officers in the industry to attend this event.3:00 – 5:00 p.m.

Crank & Boom Craft Ice Cream
1210 Manchester Street
Lexington, KY 40504

Registration Closes April 193:00 – 5:00 p.m.

Against the Grain Brewery
401 East Main Street
Louisville, KY 40202Register NowContact Jason Miller at jmiller@ddaftech.com or David Rice at drice@ddaftech.com if you have any questions.View Jason Miller’s Bio

Article Dean Dorton

Are your defenses as resilient as your digital ambitions?

Digitization – creating business value through digitized assets and expanded connectivity – is increasing exposure to cyber attacks. As a result, cyber-risk strategies are under the microscope.

New threat intelligence and trend analysis in the Cisco 2016 Annual Security Report explains advances by the security industry and by criminals. Gain insights into how to effectively combat these threats with increased collaboration, communication, and coordination, and by investing for resilience. You’ll also learn how your security peers assess the state of security preparedness in their organizations.

Report highlights include:

  • How industry efforts have crippled major attacks
  • Shifts in tactics by cybercriminals to make money
  • Expert insights into top vulnerabilities
  • How adaptive, integrated solutions can quicken time to detection
  • An update about the state of enterprise security preparedness

Cisco 2016 Annual Security Report: Achieving Attack Resilience in a Digital Age

Contact Jason Miller (jmiller@ddaftech.com) or David Rice (drice@ddaftech.com) for more information.


View Jason Miller’s Bio

Article Dean Dorton

Cyber criminals have been around for quite some time and continue to make our lives challenging. As you continually see in the news headlines, there are many forms of criminal activity occurring through the use of Internet technology. We have typically been hearing about user names and passwords being stolen. However, manufacturers have very valuable information and data that is being targeted as well.

Here are five tips for manufacturers to protect against data theft:

  1. Executives must put priority on data and trade secret information
    This seems obvious, but many organizations do not have the right protection plans in place and in many cases rely on dated equipment, software and procedures to keep their data and trade information safe.If key executives put a priority on increased security measures for confidential data and make it a continued company initiative then the necessary resources and support will be given to better protect this crucial information and data security can continue to be evaluated and updated as necessary.
  2. Identify what your most valuable data assets are and where they are stored
    Identifying the most important data and where it is stored may feel daunting with the amount and type of data that manufacturers have these days, but a good starting point is engineering and R&D type design files. Obviously, this type of data is confidential and very important to manufacturers.
  3. Label critical data assets
    Make sure that digital and paper documents are clearly marked with “Confidential” or “Internal Use Only”.This provides a visual alert to all employees who have access to these documents that anything marked with this designation should be treated with extra care and protection.
  4. Think Like a Cyber Criminal
    Make it a practice to step back and take an outsider’s point of view and look at all your business processes and practices to identify where data theft could occur.
  5. Improve Employee Awareness
    Put detailed company theft and confidential protection instruction and documentation in all manuals and employee agreements.   In addition, include this type of employee security awareness in your training programs at all levels of the organization.

It is easy to become complacent with the valuable information that we handle on a daily basis and it is very important to be on constant alert for criminal activity. It is crucial to have an evolving security plan for protection.  In addition, an effective security plan would include a response plan to guide reaction in the event of a breach threat or incident.

For more information on protecting your company against data theft contact Lance Mann at 502-566-1005 or lmann@deandorton.com or Jason Miller at 859-425-7626 or jmiller@ddaftech.com.


View Lance Mann’s Bio


View Jason Miller’s Bio