About Mark Larson (Partner | CISSP, CISA)

Mark Larson | Linford & Co

Mark Larson started working in the technology industry in 1998 where he worked in a number of different roles prior to transitioning to the public accounting world in 2004 with Ernst & Young (EY).  During his 6 years at EY, Mark provided both assurance and advisory services that spanned multiple industries for both public and private companies. After leaving EY, Mark filled leadership roles within Internal Audit, Technology, and Security functions for several companies.  Mark specializes in SOC examinations and enjoys helping clients establish, formalize, and report on effective control environments while strengthening their security risk profile. 

ALL ARTICLES BY Mark Larson (Partner | CISSP, CISA):
Cybersecurity trends for 2022

New Trends in Cybersecurity: What to Watch for in 2022 & Beyond

As the year comes to an end, it’s important to reflect on the cyber events that captured headlines in 2021 and understand the root causes, impacts, responses, and more importantly, the lessons learned from those events. The following four cyber trends highlight areas that justify increased scrutiny and attention as we transition to the new […]

Vulnerability management programs

Vulnerability Management Program: Insights From an Auditor

Vulnerabilities exist within all technology environments. NIST has developed several definitions for vulnerabilities, including a “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” As time passes, software vendors, threat actors, or security researchers, will inevitably find defects or vulnerabilities in the […]

Vulnerability Assessment vs Penetration Testing for SOC 2 Audits

Vulnerability Assessment vs Penetration Testing for SOC 2 Audits

As a security practitioner and auditor, questions regarding the differences between vulnerability assessments and penetration testing come up often. Even though seasoned security professionals may already know the answer to a question like this, there are a number of non-security professionals who may need help understanding the differences, the benefits, and the costs. While larger […]

Understanding the MITRE ATT&CK Framework

The MITRE ATT&CK Framework: How Does MITRE ATT&CK Work?

If you’re an information security professional, there’s a good chance you’ve already heard about the MITRE ATT&CK framework. If it’s something you haven’t heard of, or if you haven’t found the time to dive into its vast trove of information, it’s never too late to start! The following are some of the most common questions […]

Importance of endpoint security

What is Endpoint Security? Why is it Important?

“Why wash your hands?” “How to Protect yourself and others.” These are headlines that I recently ran across while browsing daily news updates. For months, we’ve been bombarded with advice and guidance on how to stay healthy during the COVID-19 pandemic. While the guidance may vary, the topic of handwashing and avoiding hand contact (i.e. […]