Seeing is Protecting

Spheric Security Solutions is a Silicon Valley based cyber security software company. Our singular passion is to help bridge the security chasm - the gap between “the business” and “security”. To bridge the chasm and help enable business-aligned cyber security we provide integrated stakeholder-centric solutions and services.

Our mission – enable the “Cyber Resilience Standard-of-Care Life Cycle” to overcome the current chasm. Even though the cycle should start with fiduciary executives setting clear reasonable care objectives, the cycle has its foundation with the Office-of-Security.

Presenting a compelling business case for an augmented multi-year security enhancement road map to reduce specific business exposures, thereby reaching a desired standard-of-care. Our strategy is to bridge business interests to security activities, and security interests to business activities – the secret to bridging the security chasm. For the crossing to succeed, security leaders must engage business leaders in the language and interests of the business.

Our tactical approach determines the effectiveness, coverage, and maturity of current security capabilities, and derives the overall state-of-protection and corresponding business exposure levels. From knowing your current state, a series of security enhancement road maps with budgets can be constructed and presented as options. Each road map proposes increasingly aggressive measures to achieve the duty-of-care objectives in shorter and shorter time periods, leaving the decision of “how fast” to the business. The key to a successful journey across the chasm is to connect the cost of enhancements directly to the specific business exposure they reduce.

Our solutions enable a compelling visual situational awareness of the relationships between :

  1. 1) The business’s current state-of-protection and corresponding financial exposure level.
  2. 2) The budget for security treatment activities, and
  3. 3) The corresponding direct and specific business exposure reduction the business obtains in return for the funding.

Jacques Remi Francoeur

Founder & CEO

Jacques is an industry and published thought leader in Cyber Risk Management with over 25 years of experience. He is founder and CEO of Spheric Security Solutions, a Software company focused on security situational awareness tools. Jacques actively supports Cyber Risk Management education in the Bay Area and has established a partnership with San Jose State University’s Lucas College and Graduate School of Business to develop a Center for Cyber Risk Management Studies. Previously, Jacques was the co-founder and Executive Director of the Bay Area CSO Council; a member-based nonprofit organization of Chief Information Security Officers. Jacques was also part of Ernst & Young’s Information Security Advisory team, and was a leader in E&Y’s Security Center-of-Excellence. Jacques holds a Bachelor of Applied Science (B.A.Sc) and Master of Applied Science (M.A.Sc) degree in Aerospace Engineering from the University of Toronto. He earned his MBA from Concordia University in Montreal.

L. Argee Mahecha

Principal

In the last twenty five years, Argee has initiated, architected, and managed many successful strategy, re-engineering, and business resumption projects in the US, Europe, Asia and Latin America, both as a company executive and on consulting assignments. He leverages his strategic background in Information Technology to formulate focused solutions to manage risk effectively. Argee’s accomplishments have been achieved through the development of strategic initiatives, including re-engineering, operational resilience and continuity of business, e-business assignments, and the management and transformation of information technology organizations. His qualifications range from understanding the requirements and technical implications of new business models, to developing effective frameworks, implementing advanced technologies, and discussing strategic business issues with senior executives in Fortune 500 companies. Currently Argee leads development of continuity risk and cyber protection solutions to provide precision-security on critical business assets and transform the management of cybersecurity for better protection. Previously, Argee was Global Head Business Continuity Management (BCM) and Enterprise Risk for the Sony PlayStation Network where he developed, established and managed the global Continuity function and Secured CEO sponsorship to facilitate engagement of other stakeholders in the use of indirect resources.

Naresh Malik

VP Partnerships and Customer Success

Naresh leads strategy for customer and partner ecosystem development at Spheric Security Solutions. He owns a track record of growing emerging technology businesses and flagship customers in spaces such as the Internet of Things, cloud managed services & mobile data solutions. His previous positions include Head of Business Development at Leeo Inc an IoT startup in Silicon Valley; Director of Strategy at Cisco where he was responsible for driving transformation for new business; Associate Partner at IBM Global Services, where he led consulting teams for Emerging Business Opportunities. He is an advisor on the Dean’s Leadership Council at San Jose State University and is a mentor to a handful of CEOs at startups. Naresh has worked and lived in Asia, Europe and North America. He earned his MBA from City University Business School, London and his Ph.D in Physics from Oxford University, England.

SJSU (San Jose State University) Center For Cyber Risk Management Studies

October 9, 2012 | At San Jose State University

This letter is to express my strong support of the goals and initiatives for the National Science Foundation curricular development proposal submitted by San Jose State University (SJSU) titled: by San Jose State University Masters of Science in Cybersecurity and Information Assurance: Creating Tomorrow’s Cybersecurity Workforce. Get Texas payday loans online with our simple application form. Follow the link texas-loans.net and find out how much you can get today!

PDF

Internet Security Alliance: Bay Area Council Cyber Security Silicon Valley Workshop

October 9, 2012 | At Yahoo

Corporate assets and systems are increasingly being subjected to cyber attacks based on a multitude of motives, from profit, competitive advantage, revenge, punishment, and even conflict advantage. Many current mitigation approaches are increasingly ineffective against cyber threats, sometimes yielding little actual risk reduction. An organization’s resources are limited and competition for those resources is tough. It must make scarce resource allocation decisions as to how to spend its risk management dollars, in consideration of other business risks, in a way that demonstrates that every dollar yields the greatest risk reduction. Under this emerging reality, we invite you to learn how security leaders in prominent organizations in the high technology, aerospace & defense and financial services industries manage cyber risks today, and more importantly how will they manage this worsening risk tomorrow.

PDF

US-Germany Cybersecurity Workshop

June 18, 2012 | At Lawrence Livermore National Laboratory

Cyber threats are not unique to the United States; all nations are facing the ever-increasing challenge to their economic and national security. Participate in discussions with cybersecurity experts from the German Ministry of Defense including the branches of the Air Force, Army and Navy.

PDF

Bay Area Council – Chair of the Threat Intelligence Sharing Sub Committee

March 8, 2012 | San Francisco Bay Area

Threat Intelligence based Cybersecurity is the management of cyber risks based on intelligence of 1) attacker groups and their motivations, techniques, tools, preferences, and methods, and 2) pending and active attacks in a manner that optimizes risk reduction per unit of investment based on the allocates of scarce resources. In order to formulate and execute an effective threat intelligence based cybersecurity strategy and program, the threat sharing sub?committee proposes the formation of four Special Interest Groups focused on the Legal, Strategy, Technology, and Operational issues of threat sharing.

PDF

International Workshop on Global Security: Paris

Paris, France | At Lawrence Livermore National Laboratory

In co-organizing this 28th edition of the workshop with the Center for Strategic Decision Research, the Institute of Higher National Defense Studies that I lead under the authority of the Prime Minister is true to its vocation, which is to stimulate the strategic debate and help disseminate defense issues in France and in a larger context as well. In this respect, the current security situation seems rather new and highly destabilizing. It radically alters the philosophy of war and renders cold war patterns obsolete. In fact, it can only generate debate and careful consideration. The approximately forty nations that are represented here today at this workshop show that our common ambition is already a success. For this opening address and these two days of work on topics that will range from cyber defense to the situation in the Balkans, Afghanistan, Pakistan, Libya, and more generally in Africa, it is an honor for us to welcome the Minister of Defense and Veterans Affairs, Mr. Gérard Longuet. I would like to thank him for agreeing to open this high level workshop.

PDF

German Delegation

June 30, 2011 | Ernst & Young

We must rally together to break down barriers and act as one!

PDF

Network Security Innovation Center (NSIC)

June 22, 2011 | At University California at Berkeley with Lawrence Livermore National Laboratory

Network Security Innovation Center (NSIC) is an industry driven initiative based out of Silicon Valley, California to create a government, academic, industry partnership to foster innovation and information-sharing in cybersecurity. It is bringing together the talent of the largest IT companies and entrepreneurs of the bay area with the computational capacity and unique capabilities of the FFRDC status of Lawrence Livermore National Lab (LLNL).

PDF

Internet Security Alliance: Bay Area Council Cyber Security Trip DC Workshop

April 25-27, 2011 | At Washington D.C.

The Bay Area Council is a business-sponsored, public-policy advocacy organization for the nine-county Bay Area. The Council proactively advocates for a strong economy, a vital business environment, and a better quality of life for everyone who lives here. Founded in 1945, as a way for the region’s business community and like-minded individuals to concentrate and coordinate their efforts, the Bay Area Council is widely respected by elected officials, policy makers and other civic leaders as the voice of Bay Area business. Today, approximately 275 of the largest employers in the region support the Bay Area Council and offer their CEO or top executive as a member. Our members employ more than 4.43 million workers and have revenues of $1.94 trillion, worldwide.

PDF

Bay Area CISO Council

March 31, 2011 | At San Francisco Bay Area

Bay Area CSO Council History, Principals, Track Record & Future Vision with Gary Terrell President, CSO Council Bay Area CISO, Adobe Systems. Jacques Francoeur Executive Director, CSO Bay Area IT Risk & Assurance, Ernst & Young, LLP.

PDF

Health Care Security Alliance

June 14, 2010 | At San Francisco Bay Area

It’s all about Trust: The Healthcare industry delivery chain is based on Trust. Health Information Security and Patient Information Privacy are critical considerations for Healthcare Organizations to maintain the trust of their members, patients and regulators… … and knowledge exchange: To date, there has been limited exchange of information among industry participants on best practices to improve the security posture of Healthcare, compared to other verticals The Healthcare Security Alliance is the first industry knowledge exchange group that is dedicated to bringing together leading industry participants to address the ever increasing challenges around Health information Security and Patient Information Privacy.

PDF

Health Care Security Alliance

June 14, 2010 | At SAIC CA Headquarters, San Deigo

Crossing the Line Monitoring, Detecting, & Preventing Inappropriate Behaviour. Crossing the Line; Where is the line; A Balancing Act; Data Sources; Data Overload: Prioritization; Culture; Maturity: Reactive to Preventative; Intent & Consequences.

PDF

CSO Council Bay Area 9th CSO Round Table Federal Judges

April 20, 2009 | San Francisco, CA

Live and almost unscripted. A direct and cross examination scenarios of electronic evidence preservation and admissibility. How the CSO can assist legal counsel to meet evidence authentication requirements and refute attempts by opposing counsel to invalidate your electronic evidence.

PDF

Union of Concerned Cybersecurity Leaders™

January 2010 | At Silicon Valley, CA

UCCL’s mission is twofold: Bring together security leaders to objectively, free of special interests analyze the root causes of the nations’ current security failures and to collectively propose measures to remediate and improve the situation; and to Provide a common and united advocacy platform for security leaders to organize and influence policy makers and agendas so as to standardize and connect different initiatives in ways that drives national awareness and response.

PDF

Digital Signature Assurance & the Digital Chain of Evidence (DSA)

January 2009 | With SAIC, Inc. & Adobe Systems

In today’s global competitive environment, the adoption of end-to-end electronic business process automation and collaboration is no longer an interesting consideration but a question of survival. Most business processes today are electronic but when it comes to capturing signatures for critical approval or agreement purpose, “print to sign” is still very common. In addition, when it comes time to retain a record for a long period of time, “print to retain” is also a common behavior. Both of these behaviors drive costs and delays into the conduct of business at a time when organizations are desperately seeking efficiency and more effective ways to execute their business. Why are these last-mile achievements of digital signature and electronic retention so difficult to attain? Digital Signature Assurance & the Digital Chain of Evidence (DSA).
Some of the most significant concerns inhibiting the adoption of electronically signed records in mission-critical applications are questions about their legal admissibility as evidence in a court of law over their entire retention period (which can be decades). Compliance with governing regulations is a parallel concern of equal importance. To further complicate matters, the standard for the authentication of electronic records offered as evidence in a court of law are increasing. Recent court decisions and judicial opinions support this assertion. Judge Paul Grimm, Chief Magistrate of the United States District Court for the District of Maryland issued a landmark 100 page opinion in May 2007, setting forth the burdens and pitfalls associated with the admission of electronic records as evidence. Consequently, emerging best practices require that a “foundation of authenticity” accompany electronic information offered as evidence as one of many prerequisites to its admissibility. There are many distinct types of electronic records and electronic signatures, creating a wide array of different forms of electronically signed records. This white paper however focuses on a specific type of electronic signature referred to as “digital signatures”. Digital signatures use cryptography and related. This foundation of authenticity must demonstrate at the time of validation, for example in an e-discovery proceeding which can be years after the record’s creation, that the electronic record is still what it purported to be at the time the assertion was made, in this case, at the time a signature was applied.

PDF

Master Information Management (MIM)

January 2010 | SAIC

The 2006 changes to the Federal Rules of Civil Procedure now bring into the scope of legal discovery all electronically stored information (ESI) deemed relevant in the custody, control, or possession of an organization, subject to rather narrowly construed objections that such ESI is “not reasonably accessible“. These changes, combined with the pervasive use of electronic records and information retention strategies (or lack thereof) that retain the bulk of unstructured information, have increased costs and risks traditionally already perceived to be high to an even higher level. There are fundamentally two approaches to reducing the costs and mitigating the risks of ESI discovery. The first is to become more efficient and effective at legal discovery (e.g., searching, identification, preservation, analysis, production); the second is to reduce (in a legally permissible manner) the amount of information that must be searched during the discovery process. In fact, a combination of both is the ideal strategy and the basis of this white paper. This white paper proposes an information life-cycle management strategy called Master Information Management (MIM), which is designed to enhance the legal discovery process and reduce the spiraling cost and risk associated with unstructured information retention and discovery.

PDF

Evolving Landscape of Legal Discovery and the Expanding Role of the CISO

January 2010 | SAIC

Significant changes occurring to the landscape of legal discovery are substantially impacting the enterprise and the legal discovery process. What impact do these changes have on the CISO specifically and Information Security (IS) in general? What strategic and tactical contributions can the CISO make? These are just a few questions that will be addressed in this discussion white paper. This paper is also intended to identify IS issues and pose questions to stimulate discussion between information security professionals and their legal, IT, audit and electronic record management peers. The goal – to drive increased clarity of the roles and responsibilities between IS and other key stakeholders.
It is the author’s intent to discuss the recent electronic discovery-related amendments to the Federal Rules of Civil Procedure (FRCP) and the consequences of electronic discovery in the context of the existing Federal Rules of Evidence (FRE) only as they both relate to Information Security; more general discovery and evidentiary issues are most appropriately the province of traditional legal research and analysis. The information contained in the paper is not legal advice.
The role of the Chief Information Security Officer (CISO or equivalent) has been evolving since the 1980s during the Electronic Data Interchange days where security started as a technical IT function. Network administrators were designated as “security” while having very little understanding of business drivers and day-to-day operations. Security was, and still is, perceived by many key stakeholders as a business inhibitor whose power was based on creating fear, uncertainly and doubt and the ability to say “no”, resulting in project no-go’s or delays. The advent of the Internet, the information explosion, and the globally distributed and transient nature of the workforce positioned IT and its information as business critical so that they now play a central business enablement and competitive advantage role.

PDF

Speaking Engagement: Cyber Risk Management: Closing The Chasm

September 21, 2011 | Ernst and Young at Naval Postgraduate School, Monterrey California

Significant changes occurring to the landscape of legal discovery are substantially impacting the enterprise and the legal discovery process. What impact do these changes have on the CISO specifically and Information Security (IS) in general? What strategic and tactical contributions can the CISO make? These are just a few questions that will be addressed in this discussion white paper. This paper is also intended to identify IS issues and pose questions to stimulate discussion between information security professionals and their legal, IT, audit and electronic record management peers. The goal – to drive increased clarity of the roles and responsibilities between IS and other key stakeholders.
It is the author’s intent to discuss the recent electronic discovery-related amendments to the Federal Rules of Civil Procedure (FRCP) and the consequences of electronic discovery in the context of the existing Federal Rules of Evidence (FRE) only as they both relate to Information Security; more general discovery and evidentiary issues are most appropriately the province of traditional legal research and analysis. The information contained in the paper is not legal advice.
The role of the Chief Information Security Officer (CISO or equivalent) has been evolving since the 1980s during the Electronic Data Interchange days where security started as a technical IT function. Network administrators were designated as “security” while having very little understanding of business drivers and day-to-day operations. Security was, and still is, perceived by many key stakeholders as a business inhibitor whose power was based on creating fear, uncertainly and doubt and the ability to say “no,” resulting in project no-go’s or delays. The advent of the Internet, the information explosion, and the globally distributed and transient nature of the workforce positioned IT and its information as business critical so that they now play a central business enablement and competitive advantage role.

PDF