About Mark Larson (Partner | CISSP, CISA)

Mark Larson | Linford & Co

Mark Larson started working in the technology industry in 1998 where he worked in a number of different roles prior to transitioning to the public accounting world in 2004 with Ernst & Young (EY).  During his 6 years at EY, Mark provided both assurance and advisory services that spanned multiple industries for both public and private companies. After leaving EY, Mark filled leadership roles within Internal Audit, Technology, and Security functions for several companies.  Mark specializes in SOC examinations and enjoys helping clients establish, formalize, and report on effective control environments while strengthening their security risk profile. 

ALL ARTICLES BY Mark Larson (Partner | CISSP, CISA):
Vulnerability management programs

Vulnerability Management Program: Insights From an Auditor

Vulnerabilities exist within all technology environments. NIST has developed several definitions for vulnerabilities, including a “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” As time passes, software vendors, threat actors, or security researchers, will inevitably find defects or vulnerabilities in the […]

Vulnerability Assessment vs Penetration Testing for SOC 2 Audits

Vulnerability Assessment vs Penetration Testing for SOC 2 Audits

As a security practitioner and auditor, questions regarding the differences between vulnerability assessments and penetration testing come up often. Even though seasoned security professionals may already know the answer to a question like this, there are a number of non-security professionals who may need help understanding the differences, the benefits, and the costs. While larger […]

Understanding the MITRE ATT&CK Framework

The MITRE ATT&CK Framework: How Does MITRE ATT&CK Work?

If you’re an information security professional, there’s a good chance you’ve already heard about the MITRE ATT&CK framework. If it’s something you haven’t heard of, or if you haven’t found the time to dive into its vast trove of information, it’s never too late to start! The following are some of the most common questions […]

Cybersecurity trends

Cybersecurity Trends: Industry Trends To Watch for in 2021

There’s nothing like another significant security breach to once again remind us all that, whether we like it or not, security has to remain top of mind and a priority for businesses, organizations, and individuals alike. News of the U.S. Treasury and Commerce Depts. hack, also referred to as the active exploitation of SolarWinds software, […]

Importance of endpoint security

What is Endpoint Security? Why is it Important?

“Why wash your hands?” “How to Protect yourself and others.” These are headlines that I recently ran across while browsing daily news updates. For months, we’ve been bombarded with advice and guidance on how to stay healthy during the COVID-19 pandemic. While the guidance may vary, the topic of handwashing and avoiding hand contact (i.e. […]