About Mark Larson (Partner | CISSP, CISA)

Mark Larson | Linford & Co

Mark Larson started working in the technology industry in 1998 where he worked in a number of different roles prior to transitioning to the public accounting world in 2004 with Ernst & Young (EY).  During his 6 years at EY, Mark provided both assurance and advisory services that spanned multiple industries for both public and private companies. After leaving EY, Mark filled leadership roles within Internal Audit, Technology, and Security functions for several companies.  Mark specializes in SOC examinations and enjoys helping clients establish, formalize, and report on effective control environments while strengthening their security risk profile. 

ALL ARTICLES BY Mark Larson (Partner | CISSP, CISA):
A guide to the Microsoft SSPA

A Guide to Microsoft’s Supplier Security Privacy Assurance (SSPA) Program

Today’s information age mandates organizations take appropriate action to ensure effective security and privacy practices are embedded throughout the entire organization. The effectiveness of privacy and security practices should continually be assessed to ensure they remain adequate and sufficient to support the organization’s ever-changing risk profile. It’s imperative that organizations not only assess their own […]

Cybersecurity trends for 2023 and 2024

New Cybersecurity Trends to Watch for in 2023 & Beyond

As technology continues to evolve at an exponential rate, it’s not uncommon to feel overwhelmed or exhausted by the current rate of change. While new technologies are often introduced with the promise of benefits, they also introduce new challenges and risks. In 2023, there will continue to be plenty of focus on big data, edge […]

SEC proposed cybersecurity rules

What are the SEC’s Proposed Rules on Cybersecurity Risk Management?

The number of cybersecurity incidents continues to rise. This upsurge in frequency and complexity has also resulted in an increase in costs. According to IBM’s 2022 Cost of a Data Breach Report, the average total cost of a data breach is USD $4.35 million, 83% of organizations studied have had more than one data breach, […]

What is cyber threat intelligence (CTI)

Cyber Threat Intelligence – What It Is & How It Relates to SOC 2 Audits

Cyber Threat Intelligence (CTI) encompasses the people, processes, and technologies that a Company uses to proactively identify and mitigate threats to its brand, assets, employees, third parties, and clients. In simple terms, the goal of CTI is to stay one step ahead of malicious actors and take action before an attack occurs or avoid the […]

Vulnerability management programs

Vulnerability Management Program: Insights From an Auditor

Vulnerabilities exist within all technology environments. NIST has developed several definitions for vulnerabilities, including a “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” As time passes, software vendors, threat actors, or security researchers, will inevitably find defects or vulnerabilities in the […]

Vulnerability Assessment vs Penetration Testing for SOC 2 Audits

Vulnerability Assessment vs Penetration Testing for SOC 2 Audits

As a security practitioner and auditor, questions regarding the differences between vulnerability assessments and penetration testing come up often. Even though seasoned security professionals may already know the answer to a question like this, there are a number of non-security professionals who may need help understanding the differences, the benefits, and the costs. While larger […]

Understanding the MITRE ATT&CK Framework

The MITRE ATT&CK Framework: How Does MITRE ATT&CK Work?

If you’re an information security professional, there’s a good chance you’ve already heard about the MITRE ATT&CK framework. If it’s something you haven’t heard of, or if you haven’t found the time to dive into its vast trove of information, it’s never too late to start! The following are some of the most common questions […]

Importance of endpoint security

What is Endpoint Security? Why is it Important?

“Why wash your hands?” “How to Protect yourself and others.” These are headlines that I recently ran across while browsing daily news updates. For months, we’ve been bombarded with advice and guidance on how to stay healthy during the COVID-19 pandemic. While the guidance may vary, the topic of handwashing and avoiding hand contact (i.e. […]

Security Compliance

Security Compliance: Understanding the Difference Between Security Vs. Compliance

Throughout my career, I’ve listened to and participated in the debate or discussion surrounding security vs compliance. Most often it seems that those involved in the discussion feel as though they need to take one side or the other. That co-mingling the two is more of a necessary evil versus an activity that provides value […]