Articles By Brian Rutledge

Brian Rutledge

Principal Security Manager

Brian Rutledge is a Certified Information Systems Security Professional (CISSP) in the cybersecurity industry for more than 20 years. He’s currently the security and compliance engineer at Spanning driving all audit compliance initiatives and managing the company's overall security posture. Previously, Brian was a PCI DSS Qualified Security Assessor (QSA) for Trustwave Holdings working with small business, banking, and enterprise clients to help them become Payment Card Industry compliant. Brian has worked in the telecom industry for notable companies like Verizon and MCI maintaining the Windows server infrastructure and driving vulnerability management programs. Brian has also worked as a navigation electronics technician aboard a US Navy submarine.

The GDPR vs Australian Data Privacy Regulations

Data privacy and security have moved to the forefront of boardroom visibility in 2018. Constant focus on how we manage personally identifiable information (PII) and personal health information (PHI) is moving in a new direction. Not only are we concerned about what we’re storing and processing, but we now need to understand the “where, why, […]


READ MORE >


Countdown to GDPR #4: Impact on Customer Communication and Experience

To prepare for the upcoming GDPR we’re doing a series of blogs about key regulations and ways to be compliant with them.  In Part 1 we discussed the Right to Be Forgotten, in Part 2 we spoke about Privacy by Design and by Default and in Part 3 we understood why Designating Data a Protection Officer […]


READ MORE >


Ransomware Targets Education: How Do You Protect Your Data?

Ransomware attacks are on the rise, and not just in business and government — they also increasingly occur in education. In fact, in a warning issued on Jan. 31, 2018, the FBI and the Department of Education inspector General stated that hackers have tried to sell over 100 million private records from almost 100 schools […]


READ MORE >


Countdown to GDPR #3: Do You Need a Data Protection Officer?

To prepare for the upcoming GDPR we’re doing a series of blogs about key regulations and ways to be compliant with them. In Part 1 we discussed the Right to Be Forgotten and in Part 2 we spoke about Privacy by Design and by Default. In this blog we analyze the emerging role of the […]


READ MORE >


HIPAA: Check your Backup and Restore Solution

Despite the huge damage of a data breach in terms of cost, reputation, and business losses, backup and recovery systems are currently in use at only 45% of surveyed healthcare organizations, and more than 38% are not planning to use backup and recovery systems at all. Why put yourself and your organization under the looming […]


READ MORE >


Are Meltdown and Spectre Security Threats to SaaS Companies Like Spanning?

Everyone is talking about Meltdown and Spectre, and for good reason. SaaS providers are at risk, but we have your back. Here’s what you need to know about your data protected by Spanning Backup, by our Principal Security Engineer Brian Rutledge.     What are Meltdown & Spectre? Meltdown breaks the most fundamental isolation between […]


READ MORE >


Countdown to GDPR #2: Privacy by Design and by Default

The deadline for compliance with GDPR is closing in and many of us are grappling with its regulations and their impact. In this blog series, we’re unpacking GDPR’s key provisions and exploring the implications for your compliance and technology teams. We started the series with Countdown to GDPR: The Right to Be Forgotten where we […]


READ MORE >


Pointers for HIPAA Compliance in the Cloud

SaaS applications like G Suite, Office 365, and Salesforce are revolutionizing the healthcare industry with improvements to agility, connectivity, and accessibility. On the flip side, Public Health Information (PHI) breaches are also on the rise and proper data protection remains a top concern. That is because PHI data is incredibly valuable on the black market; […]


READ MORE >


Countdown to GDPR: The Right to Be Forgotten

The EU General Data Protection Regulation (GDPR) deadline is looming, and no one’s entirely sure about its implications and compliance requirements. What we do know is that with GDPR the onus of compliance lies with both the data controller (primary data holders/managers/subscribers) and the Data processors (secondary data holders, SaaS/vendor apps). Or as Google put […]


READ MORE >


Security Awareness Training: Trick or Treat Your Employees?

Real-life cybersecurity horror stories abound. The Equifax breach threatens most of our identities. The KRACK vulnerability makes the Wi-Fi networks we live on unsafe. Our vulnerable electronic voting systems threaten our democracy. Breach fatigue is real, not only among consumers, but businesses as well. In fact, most expect breaches to be inevitable. According to a […]


READ MORE >