Chris Cronin is a partner at HALOCK Security Labs and Chair of the DoCRA Council. He is the principal author of the DoCRA Standard and CIS RAM, Center for Internet Security’s Risk Assessment Method. Chris’ clients include Fortune 100 companies, large and mid-sized organizations, start-ups, litigators, and regulators. Since 2010 Chris has helped his clients manage their information security risks to an evidence-based, reasonable level. Chris’ work as an expert witness has helped his clients, regulators, and litigators evaluate the reasonableness of security controls and programs during regulatory oversight or post-breach legal action. As a frequent speaker and cybersecurity writer, Chris contributes to helping professionals strengthen their security and risk programs. His most work, HALOCK and Reasonable Risk’s Annual 10-K Survey, offers insight and guidance on the SEC’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule. He collaborates with peers in industry collaboratives and think tanks, including Sedona Conference, to help bring equity and due care to cybersecurity and risk management.

SPEAKING & PANELIST ENGAGEMENTS

RSA Conference 2025: Establish Legal Defensibility & Communicate to Non-Technical Executives | April 30, 2025

FutureCon Chicago: Techniques to Evolve Risk Governance | January 23, 2025

CAMP IT Enterprise Risk: Techniques to Evolve Risk Governance | October 11, 2024

Cyber Risk Webinar: How Executives Make Informed Cyber Decisions | September 19, 2024

Cyber Executive Forum 2024: Framework for Cyber Risk Management | February 23, 2024

FutureCon Cybersecurity Conference Chicago: CISO Panel | January 25, 2024

Midwest Cyber Security Alliance (MCSA): Understanding the Impact of the SEC Cybersecurity Rules | October 2023

Compliance Week: Almost Everybody is Unprepared for SEC Cybersecurity Disclosures. But You Can Get Through This. | October 2023

SGS Certification Solutions: Meeting New Regulations Adopted by the SEC in 2023 | Thursday, September 28, 2023 2:00 PM Eastern Daylight Time

Archive360 Podcast: What is “Reasonable Data Security”?

MER Conference: Defining “Reasonable Security Measures” When it Comes to Data Protection | Wed May 11, 11:00 AM – 12:00 PM EDT / 10:00 AM – 11:00 AM CDT

Cleveland-Marshall College of Law – Cleveland State University: 2022 Cybersecurity and Privacy Protection Conference | May 19-20, 2022

Center for Internet Security, Inc. (CIS®) Podcast: Conceptualizing Reasonableness for Risk Analysis

RIMS 2022: The Questions a Judge Will Ask You After a Data Breach | April 11, 2022

Center for Internet Security, Inc. (CIS®): CIS Risk Assessment Method (RAM) v2.1 for Implementation Group 2 (IG2) Workshop | Tuesday, February 8, 2022 | 2:00 p.m. EST

Midwest Cyber Security Alliance (MCSA): You’re Expected to Know and Disclose the Foreseeable Cybersecurity Threats that Face Your Organization and Reasonably Defend Against Them: How Do You Do This? | Nov 16, 2021

The Center for Internet Security, Inc. (CIS®): CIS Risk Assessment Method (RAM) v2.0 Webinar | Nov 17, 2021

RSA Conference 2021: Forecasting Threats is Way Easier Than You Think | May 18, 2021

RSA Conference 2021: Your Breached Controls May Have Been Reasonable After All | May 19, 2021

RSA Conference 2021: Panel What Makes for Reasonable Measures and do they Defend Against Cyber Security Lawsuits? | May 19, 2021

National Foundation for Judicial Excellence (NFJE) 2020 Annual Judicial Symposium Law in the New Age: How Automation and Artificial Intelligence Will Change Judging in Substance and Procedure | Judging Efforts to Protect Personal Information: What Test Should Apply? | Oct. 15, 2020

Cyber Security Summit: Denver Threat Forecasting – Using Open Source Data to Foresee Your Next Breach | Sep 10, 2020

Cyber Security Summit: Chicago CMMC and CCPA. Using Duty of Care Risk to Comply With New Challenges | Sep 1, 2020

Cyber Risk Podcast Can DoCRA Duty of Care Risk Analysis tell you if your cybersecurity controls reasonable? | Aug 4, 2020

Federal Trade Commission Information Security and Financial Institutions: FTC Workshop to Examine Safeguards Rule | July 13, 2020

NetDiligence Cyber Risk Summit 2020 What is Reasonable Cyber Security? | July 7, 2020

The Sedona Conference Online Meeting for Draft Commentary on Proactive Privacy and Data Security Governance | June 24, 2020

CyberNext Summit 2019 – KuppingerCole Analysts The Questions A Judge Asks You After a Data Breach | Gallery

CUNA (Credit Union National Association) Technology Council Conference The Questions a Judge Will Ask You After a Data Breach – A Panel Discussion

Cyber Security Summit: Chicago 2019 Reasonable Security in the Age of Risk | Gallery

ITAC: W3 The Cycle of Cybersecurity Integrating Cyberdefense into your Risk Decision-Making Process

Cleveland-Marshall’s Cybersecurity and Privacy Protection Conference Cyber Risk Management (or How to Comply with Everything)

Compliance Week Webinar The Questions A Judge Asks You After a Data Breach

NIST Cybersecurity Risk Management Conference 2018 Evaluating “Reasonable” Cyber Risk Using the Center for Internet Security Risk Assessment Method

CIS RAM ((Center for Internet Security Risk Assessment Method) Workshop Live & Webinar

Cyber Security Summit: Chicago 2018 CIS RAM: This Math will Save You

CIS Controls v7 Launch | Gallery