Contributor Biography

Home  /  Blogs  /  Contributors  /  Contributor Biography
Rick Tracy

Richard Tracy

Richard Tracy joined the Telos in October 1986 and held a number of management positions within the company’s New Jersey operation. In February 1996, he was promoted to vice president of the Telos information security group and in this capacity established a formidable information security consulting practice. In February 2000, Rick was promoted to senior vice president for operations. Since that time, Rick has pioneered the development of innovative and highly scalable enterprise risk management technologies that have become industry-leading solutions within the federal government and the financial services verticals. He is the principal inventor listed on four patents and seven patents pending for Xacta IA Manager. He assumed the role of chief security officer in 2004.

Control Inheritance: The Power of Crowd Sourcing

Rick Tracy
November 7, 2019

Whether you call it control inheritance or crowd sourcing, the reality is that, the more data sharing there is, the greater the benefit to the broader ATO ecosystem. 

Continue Reading ...

Xacta and IT GRC: Similar Tools for Different Jobs

Rick Tracy
October 28, 2019

If a GRC solution is a hammer, then by contrast, Xacta is a screwdriver.  Both tools are useful, but are designed to perform similar — but different — functions.

Continue Reading ...

Xacta.io, the Next Generation of Cyber Risk Management

Rick Tracy
October 9, 2019

Yesterday we celebrated an important milestone in Telos’ corporate history: the general availability of Xacta.io™ — the next generation of our renowned cyber risk management platform. 

Continue Reading ...

Xacta.io: The Next Step in our Innovation Journey

Rick Tracy
September 26, 2019

Recently, Telos announced Xacta.io – our next-generation cyber risk management solution that leverages  cutting-edge technologies to ensure massive scalability, ease of access to more types of data at hyper scale, and the ability to deploy in the cloud, on premises, or in a hybrid environment.

Continue Reading ...

Establish a Cyber Risk Management Program with Cybersecurity Stepping Stones

Rick Tracy
July 25, 2019

Want to establish a cyber risk management program, but don’t know where to start? Here are 18 security controls most organizations should consider implementing right now.

Continue Reading ...

Could NIST SP 800-171 Be A Model for the Cyber Insurance Industry?

Rick Tracy
July 10, 2019

As discussed in a recent blog post, NIST SP 800-171 is a compliance requirement intended to improve the overall security posture of the 65,000 or so organizations that do work for the federal government. 

Continue Reading ...

NIST SP 800-171B: The Natural Evolution of NIST SP 800-171

Rick Tracy
June 25, 2019

As expected, earlier this week NIST released DRAFT NIST SP 800-171B, which includes 33 enhanced Controlled Unclassified Information (CUI) requirements for critical systems and high value assets.  NIST indicates the focus of these new requirements is on organizations that are likely targets of advanced persistent threat (APT) attacks. 

Continue Reading ...

The Quest for Continuous ATO

Rick Tracy
June 18, 2018

Download the new case study from AWS and Telos featuring the U.S. Intelligence Community

Continue Reading ...

Mark Zuckerberg Opens a Door for Greater Privacy Protection

Rick Tracy
May 2, 2018

Mark Zuckerberg’s pledge to make GDPR information available to all Facebook users may open the floodgates to more data-privacy legislation.

Continue Reading ...

Xacta 360 Offers an Easy Button for Upgrading to New Versions of NIST SP 800-53

Rick Tracy
December 12, 2017

News of a new version of NIST SP 800-53 is enough to make many information security professionals want to cry.  The truth is, this upgrade process can be painful when performed manually via spreadsheets, and is magnified based on the number of systems that need to be upgraded.

Continue Reading ...

Q&A with NIST’s Matt Barrett on CSF Adoption

Rick Tracy
November 29, 2017

To learn more about the adoption rates of the CSF since its introduction in 2014, Rick Tracy spoke with Matt Barrett, Program Manager for the NIST CSF.

Continue Reading ...

The NIST CSF and the Freedom of Flexibility

Rick Tracy
October 12, 2017

The CSF isn’t linear and it’s not static; it is a living, breathing framework that is constantly evolving. For so many companies and organizations it’s pivotal to have a framework that evolves as the organization does, so that your risk management process and security infrastructure can adapt to changes and remain strong.

Continue Reading ...

A Tale of Two Frameworks: The NIST CSF and NIST RMF Are Not the Same

Rick Tracy
May 18, 2017

One of the most important aspects of the new Cybersecurity Executive Order (EO) is also the aspect of the order causing the most confusion.

Continue Reading ...

Encouraging NIST CSF Adoption with Automation

Rick Tracy
May 3, 2017

Automation has a critical role to play when operationalizing the NIST Cybersecurity Framework (CSF). Emerging tools can help organizations embrace the CSF without spending heavily to meet compliance requirements. This will further reduce barriers to deploying the CSF, increasing the number of “native speakers” and continuing a sea change in

Continue Reading ...

The Next Chapter of Compliance – To the Cloud!

Rick Tracy
November 29, 2016

The next chapter of IT security and risk compliance management, is compliance in the cloud.

Continue Reading ...

Easing the CSF Implementation Burden with Xacta

Rick Tracy
November 7, 2016

Cyber risk management is a complex business process requiring extensive explanation and guidance. However, many companies do not have the time or expertise necessary to understand, implement, and operationalize such frameworks.

Continue Reading ...

IT GRC Geek Speak: Controls Inheritance

Rick Tracy
August 17, 2016

What is controls inheritance, and how can it help your organization manage risk?

Continue Reading ...

IT GRC Geek Speak: Body of Evidence

Rick Tracy
August 9, 2016

What is a body of evidence and why does your organization need it?

Continue Reading ...

IT GRC Geek Speak: Compliance vs. Security

Rick Tracy
August 2, 2016

Everyone in the IT GRC space has heard it: “Compliance does not equal security,” usually said as a way to portray compliance as a burdensome, check-the-box process, that doesn’t do anything to keep your organization safe. But it’s a false argument.

Continue Reading ...

NIST CSF: A Swiss Army Knife for Managing Cyber Risk

Rick Tracy
July 12, 2016

The NIST CSF can be used to address a wide range of cyber risk management activity… it is the Swiss Army Knife for managing your cyber risk.

Continue Reading ...

Three Reasons NOT to Use Spreadsheets for Cyber Risk Management

Rick Tracy
June 8, 2016

Spreadsheets are great for many tasks — but not for managing risk and compliance processes. Choose an IT GRC platform that best meets your organization’s needs.

Continue Reading ...

How to Operationalize Cyber Risk Management Frameworks

Rick Tracy
May 5, 2016

IT-GRC platforms like Xacta AE help organizations navigate the complex process of cyber risk management.

Continue Reading ...

What Constitutes a Reasonable Cyber Risk Management Practice?

Rick Tracy
April 28, 2016

It isn’t just a failure to manage cyber risk that can be costly to a company; the inability to demonstrate such cyber risk management practices exist can be just as costly in the court of law.

Continue Reading ...

Empowering the NIST Cybersecurity Framework with Cyber Insurance — and Vice Versa

Rick Tracy
April 13, 2016

Cyber insurance and the NIST Cybersecurity Framework have a symbiotic relationship, in which one enables and reinforces the other.

Continue Reading ...

The Cyber “Buck” Stops in the Board Room

Rick Tracy
April 4, 2016

Officers and directors held accountable for cyber risk management.

Continue Reading ...

Who Influences You?

Rick Tracy
February 12, 2015

Like it or not, we are all products of our environments and our life experiences. The people we choose to surround ourselves with, personally and professionally, have a huge impact. My career in cybersecurity is a testament to …

Continue Reading ...

Protected: Cyber Insurance Could Benefit from A&A and Continuous Monitoring Processes

Rick Tracy
June 18, 2014

There is no excerpt because this is a protected post.

Continue Reading ...

Protected: Continuous Monitoring: Agents vs Vulnerability Scanners

Rick Tracy
March 31, 2014

There is no excerpt because this is a protected post.

Continue Reading ...

Protected: In a Networked World, Physical and IT Security Can Be Indistinguishable

Rick Tracy
December 2, 2013

There is no excerpt because this is a protected post.

Continue Reading ...

Protected: The Shared Responsibility of Cybersecurity

Rick Tracy
October 14, 2013

There is no excerpt because this is a protected post.

Continue Reading ...

Protected: Continuous assessment is great, but lets not stop there.

Rick Tracy
March 11, 2013

There is no excerpt because this is a protected post.

Continue Reading ...

Protected: Risk-based Decision Making. It’s a business thing.

Rick Tracy
January 9, 2013

There is no excerpt because this is a protected post.

Continue Reading ...

Protected: Continuous is for people, too.

Rick Tracy
September 25, 2012

There is no excerpt because this is a protected post.

Continue Reading ...

Protected: Beyond Continuous Monitoring: Continuous Remediation is the New Frontier

Rick Tracy
September 12, 2012

There is no excerpt because this is a protected post.

Continue Reading ...

Protected: Despite Criticism, Compliance Plays Important Role in Security Process

Rick Tracy
August 20, 2012

There is no excerpt because this is a protected post.

Continue Reading ...

Protected: SmartPhones Extend the Perimeter of Your Network and Increase Risk

Rick Tracy
October 20, 2010

There is no excerpt because this is a protected post.

Continue Reading ...