Identified Expertise

  1. Security & GRC20
  2. Applications & Platforms9
  3. Governance, Risk & Compliance9
  4. Engineering7
  5. Threat & Vulnerability Management6

Content Tomas is Following

Do you trust the data & reports from the big analysts?

Strategy & Architecture

Yes

No

Sometimes

View Results
111.8k viewscircle iconLightbulb on123 Upvotescircle icon58 Comments

Which of the following best describes your biggest challenge with object storage?

Storage

Performance

High cost

Rate of Data Growth

Other (none of the above)

View Results
8.9k viewscircle iconLightbulb on1 Upvotecircle icon3 Comments

We are looking for a WAF for our new SaaS system which uses GraphQL API. The concern is that AWS WAF might not be suitable; the "free" OWASP ruleset would not suffice and custom rules means manpower investment and ongoing costs. Any experience or recommendation would be appreciated!

Peer InsightsPublic Cloud
123 views

Nowadays, many SaaS tools offer SSO integration as a premium feature, sometimes effectively doubling the price-per-user. What is the right way to find balance between when to invest and leverage SSO and when to keep the costs lower and handle the provisioning and de-provisioning manually?

Security & GRCDisruptive & Emerging Technologies
Tomas Honzak
Tomas HonzakVP, CISO at Vendavo in Software6 years ago
It depends on what the original authentication method is. We require multi factor PIV authentication and can only use FedRAMP approved cloud providers which have been vetted to meet NIST requirements so I wouldn’t have an ...read more
745 viewscircle icon1 Comment

Interested in hearing how folks define “cyber resilience” for their current org – is it mainly about minimizing risk/potential losses for you, minimizing MTTR, or something else altogether?

ResilienceSecurity Strategy & Roadmap
Tomas Honzak
Tomas HonzakVP, CISO at Vendavo in Software2 years ago
From an high level perspective, I look at cyber resilience from the lens of three lines of defense, management controls, risk management, and internal audit. Management controls must include the monitoring process (cybersecurity ...read more
Lightbulb on2
Read More Comments
4.1k viewscircle iconLightbulb on26 Upvotescircle icon16 Comments

How do you enhance network security?

Tomas Honzak
Tomas HonzakVP, CISO at Vendavo in Software2 years ago
Hard to give a specific answer without having context, but let me try anyways:
- Create network diagram and review the flow of data through it. Pay attention to understand their sensitivity.
- Review the segmentation ...read more
2k viewscircle icon1 Comment
Tomas Honzak, VP, CISO at Vendavo at Vendavo, Inc. | Gartner Peer Community