Risk management: The core of continuous monitoring

Today’s cybersecurity attacks are frustrating. Attackers are creative, flexible and never ending. Viewing this at a high level, the Department of Homeland Security has worked with Congress to implement Continuous Diagnostic and Mitigation programs, commonly known as CDM. One variation on that approach is from the Defense Department with a concept of the Comply to Connect program, or C2C.  Much confusion has ensued trying to understand the differences and applications of both concepts.

During a recent interview with Federal News Network, Ryan Latreille, chief technology officer for Three Wire Systems, compared the different concepts. After explaining the key differentiators, he went on to discuss scope of control, the weakness of a point solution, and the value that a framework like ATT&CK provides for cybersecurity.

Latreille also put into perspective how the National Defense Authorization Act can be applied through automation, and its impact on auditing and risk management.

The Relationship Between Comply to Connect and Continuous Monitoring

When there are humans involved in the organization, there will never be perfect security.


ATT&CK is a great framework. That is essentially the tactics, techniques, and procedures that adversaries will use to exploit vulnerabilities inside networks.

Technical Debt

How do I ensure that my network is being secured and how am I automating to alleviate and repurpose some of my human assets to do more human-centric things versus just discerning white noise?


Listen to the full show:

Featured speakers

  • Ryan Latreille

    Chief Technology Officer, Three Wire Systems

  • John Gilroy

    Host of Federal Tech Talk, Federal News Network

Sign up for breaking news alerts