Cybersecurity, Risk, Privacy & AI Governance Leadership.
Trusted advisory across cybersecurity, risk, privacy, and AI governance — serving regulated industries, financial services, governments, institutions, and enterprises navigating the AI era.
The depth your risk demands. The authority your board deserves.
We empower business, government, and technology leaders to make confident decisions across cybersecurity, risk, privacy, and AI governance — in the face of evolving threats, regulatory demands, and rapid AI adoption.
Information Security & Privacy
Security strategies grounded in industry regulations, privacy frameworks, and modern threat intelligence.
Data protection strategies
Privacy-by-design program development
Risk-based security controls & programs
AI Governance & Emerging Technology Risk
Responsible AI frameworks, risk scoring models, and secure-by-default principles for the AI era.
AI/ML risk frameworks & transparency
Cloud & SaaS security architecture
Bias, privacy, and accountability checks
Incident Response & Crisis Management
Tabletop exercises to breach response playbooks — prepare to detect, respond, and recover fast.
Incident response planning & retainer
Ransomware & breach coaching
Disclosure & executive communications
Risk & Compliance Management
Strategies tailored to your business model, risk appetite, and compliance needs across major frameworks.
NIST CSF, ISO 27001, FFIEC, SOC 2
Third-party/vendor risk management
M&A Cyber Due Diligence
About
Clarity. Confidence. Control.
Russell Okoth
Founder & Principal Consultant
"I founded Cyberdiligent to give organizations the clarity, confidence, and seasoned CISO-level expert guidance they need to manage cyber risk — not just react to it."
Russell Okoth is a transformational cybersecurity, risk, privacy, and AI/ML governance executive with over 25 years of cross-industry experience spanning technology, financial services, retail, and telecommunications.
As Founder and Principal Consultant at Cyberdiligent, he delivers strategic engagements focused on strengthening cybersecurity posture, ensuring regulatory compliance, advancing AI/ML governance, and building high-impact risk management programs.
Russell served as CISO and Data Privacy Officer at Pacific Premier Bank and CISO at Apex Fintech Solutions. He built the IT Risk program at Mr. Cooper, overseeing cybersecurity for over 4.2 million customers. He is Cybersecurity Faculty at IANS Research, serves on the Advisory Board of Deeptrack.io and KIPNA.org, and on the Industry Advisory Board of the Mary N. Chaney Cybersecurity Training Center. He has been featured on The Professional CISO podcast and recognized across global industry publications.
25+
Years of Experience
25M+
Consumers Protected Across Financial Services & Digital Platforms
Global
Career Footprint Across Financial Services, Technology & Emerging Markets
Award-Winning Industry Leader
The Strategist
Align business and cybersecurity goals to drive growth and resilience.
The Technologist
Architect modern security using proven frameworks and emerging technologies.
The Advisor
Translate risk into language boards and executive teams understand.
The Guardian
Build a proactive, defensible security posture ahead of the threat landscape.
Core Offerings
Expert guidance. Real results.
Niche practice areas purpose-built for regulated industries, financial services, fintech, governments, institutions, and AI-adopting enterprises.
Executive-level security and AI governance leadership on your terms.
What's Included
Specialist CISO / vCISO engagement
Security program strategy & roadmap
Board & executive risk reporting
Regulatory & audit readiness guidance
Security operating model design
M&A security due diligence
Security leadership during transition or crisis
BEST FORStartups, regulated SMBs, fintech, SaaS, governments, institutions, and organizations in leadership transition.
02 / 07
AI Security & AI Governance Advisory
Specialized advisory for AI/ML and agentic AI risk.
What's Included
AI risk & governance framework design
AI model & tool inventory
Third-party AI platform risk reviews
Responsible AI policy development
AI security architecture & guardrails
Agentic AI control frameworks
NIST AI RMF, ISO 42001, OWASP LLM Top 10
Board & executive AI risk briefings
BEST FORFirms adopting GenAI, LLMs, Copilots, or agentic platforms.
03 / 07
Cybersecurity Risk & Control Assessments
Structured, executive-ready risk insights.
What's Included
Enterprise risk assessments
Security maturity assessments
Threat & control gap analysis
Control effectiveness reviews
Regulatory readiness assessments
Risk register & remediation roadmap
External exposure & attack surface review
AI/ML risk overlays
BEST FORRegulated orgs, fintech, financial services, SaaS platforms.
04 / 07
Third-Party & Supply Chain Risk Management
Vendor and ecosystem security risk oversight.
What's Included
Third-party risk program design
Vendor risk assessment & questionnaires
AI / agentic vendor risk reviews
Continuous vendor monitoring strategy
Critical supplier risk scoring
Contract security clause guidance
Fourth-party risk mapping
BEST FORFinancial services, insurance, healthcare, SaaS ecosystems.
05 / 07
Incident Readiness & Response Advisory
Build the muscle before you need it.
What's Included
Incident response readiness assessments
IR plan development & refresh
Tabletop exercises (exec + technical)
Ransomware scenario simulations
Board-level breach simulations
IR retainer advisory model
Crisis communications alignment
BEST FOROrganizations needing resilience and executive readiness.
06 / 07
Security Program Build & Optimization
Stand up or strengthen your security function from the ground up.
What's Included
Security program stand-up
Policy & standards framework
Security architecture advisory
Identity & access governance strategy
Data protection & privacy control alignment
Security metrics & KPI framework
Zero Trust & cloud security advisory
BEST FORGrowing or transforming security programs.
07 / 07
Privacy & Data Governance Advisory
Turn data protection into a business differentiator.
What's Included
Privacy program assessments
Data protection control mapping
Regulatory alignment (CCPA, GDPR, sectoral)
Data lifecycle & minimization strategy
De-identification & obfuscation controls
Sensitive data exposure reduction strategy
BEST FORConsumer platforms, retail, fintech, regulated data holders.
Advisory Direct by Cyberdiligent
Expert advisory. Precisely scoped.
Precision-scoped cybersecurity, risk, privacy, and AI governance engagements — accessible without long retainers or contracts. Transparent pricing, fast delivery, and board-ready outcomes.
Precision advisory. Delivered on your timeline.
Engage individual services or bundled engagements across cybersecurity, risk, privacy, and AI governance. Each engagement is scoped with estimated advisory hours and delivered in 1–4 weeks.
No Retainer RequiredEstimated Advisory Hours1–4 Week DeliveryBoard-Ready Outputs
Assessment & Readiness
Security Posture Assessment
Evaluate security maturity against NIST CSF 2.0 or ISO 27001. Identify key risks and improvement roadmap.
Maturity scorecard, prioritized recommendations
2 weeksest. 20–30 hrs
Incident Response Readiness Review
Test playbooks, escalation procedures, and communication protocols.
IR playbook gap report + tabletop outline
2 weeksest. 16–24 hrs
Cloud Security Tune-Up (AWS/Azure/GCP)
Validate configurations, IAM, logging, and backup settings.
Cloud findings report + remediation plan
2 weeksest. 18–28 hrs
Data Trust Audit
Evaluate DLP, retention, and privacy controls across systems.
Data inventory, DLP maturity map
3 weeksest. 24–40 hrs
Identity & Access Management
Access Recertification & Review
Comprehensive user access review for SOX/PCI compliance — covering role assignments, entitlement sprawl, and certification workflows.
Recertification report, remediation checklist
2–3 weeksest. 24–40 hrs
Privileged Account Cleanup
Identify and reduce privilege sprawl across key systems.
Audit results + remediation actions
2 weeksest. 18–26 hrs
Identity Governance QuickStart
Foundational role design, access policies, and attestation process setup across your IGA platform.
IGA baseline config + governance doc
3–4 weeksest. 32–48 hrs
SSO & MFA Optimization
Policy review, configuration validation, exception analysis, and phishing-resistant MFA alignment across identity providers.
Config validation report + improvement roadmap
2 weeksest. 20–32 hrs
Vendor & Third-Party Risk
Third-Party Risk Assessment (Tier 1–3)
Review vendor controls, SOC 2 reports, and contract clauses.
Risk rating + mitigation plan
3-day turn/vendorest. 4–8 hrs/vendor
Vendor Program Kickstart
Design third-party risk policy, intake form, and workflow.
Policy pack + tracker template
2 weeksest. 20–30 hrs
Vendor Response Templates
Pre-built security questionnaires and FAQs.
Word/Google Docs templates
1 weekest. 4–7 hrs
Continuous Monitoring Setup
Integrate SecurityScorecard, UpGuard, or Bitsight.
Config + report dashboard
2 weeksest. 16–24 hrs
AI & Emerging Tech Risk
AI Policy & Governance Toolkit
Draft org-specific AI use, approval, oversight, and accountability policies aligned to your risk appetite and regulatory context.
Policy doc, RACI, governance checklist
2–3 weeksest. 28–42 hrs
AI Risk Heatmap Workshop
Structured facilitation to surface and score AI risks across model behavior, bias, explainability, data privacy, and third-party dependencies.
AI risk register + prioritized action plan
1–2 weeksest. 20–30 hrs
GenAI & AI Platform Security Assessment
Evaluate data exposure, access controls, DLP gaps, and governance readiness across GenAI and AI-powered platforms in your environment.
Risk findings report + secure deployment guidance
2–3 weeksest. 24–36 hrs
AI Assurance Report
Map your AI model lifecycle, governance controls, and risk posture to NIST AI RMF, EU AI Act, and ISO 42001 requirements — with board-ready attestation.
Assurance assessment report + attestation package
3–4 weeksest. 38–52 hrs
Governance, Risk & Compliance
GRC Framework Builder
Map controls across NIST, SOC 2, ISO, and CIS 18.
Unified control matrix
2 weeksest. 16–24 hrs
Audit Evidence Sprint
Prepare for SOC 2/ISO audit — gather proof efficiently.
Perspectives on cybersecurity, risk, privacy, and AI governance — written for executives, boards, and leaders navigating a rapidly changing landscape.
Featured · AI Governance · Apr 2026
What the Board Should Be Asking About AI Right Now
Boards are being asked to oversee AI. Most are still receiving technical explanations instead of operational clarity. Effective oversight doesn't require deep technical expertise — it requires the right questions. Where is AI being used? Who is accountable for outcomes? What controls are enforced, not just documented?
Russell Okoth · April 2026 · 2 min read · Read full article →
AI Security · Mar 2026
Cybersecurity for AI, Not Just AI for Cybersecurity
AI enhances security operations. But AI systems are also becoming part of the enterprise attack surface. Most organizations are strong on the first and underdeveloped on the second.
Mar 2026 · 2 minRead →
AI Security · Feb 2026
The New Attack Surface: Securing AI Agents, Not Just Models
AI agents interact with multiple systems, operate autonomously, hold credentials, and trigger actions. Traditional security models are not fully equipped for this shift. The focus must move from model security to system security.
Feb 2026 · 2 minRead →
Privacy · Jan 2026
Privacy in the AI Era Is a Data Governance Problem First
Most AI discussions focus on models. Most privacy risks originate from data. Before a model is trained, key decisions have already been made about what data is collected, whether its use is lawful, and who approved it. Privacy must shift left.
Jan 2026 · 2 minRead →
AI Risk · Dec 2025
AI in Critical Systems: Innovation Without Safety Is a Bad Trade
AI is entering systems that impact physical operations, infrastructure reliability, and human safety. In these environments, performance is not the only metric. What happens when the system fails? Can outputs be overridden? Resilience, not speed, is the goal.
Dec 2025 · 2 minRead →
Regulatory · Nov 2025
DORA Is Live. Now Comes the Hard Part
Regulations create momentum. Operations reveal reality. With DORA now in effect, financial institutions are moving from interpretation into execution. The gap is not in policy — it is in operational proof. Can you demonstrate resilience, not just document it?
Nov 2025 · 2 minRead →
AI Governance · Oct 2025
Agentic AI Needs Guardrails Before Autonomy
AI is evolving from systems that generate answers to systems that take action. Many deployments today are moving faster than governance. Excessive permissions, limited visibility, weak escalation paths — autonomy without structure creates exposure.
Oct 2025 · 2 minRead →
AI Governance · Sep 2025
From Responsible AI to Enforceable AI: What Changed
For two years, Responsible AI lived in policy documents. That is changing. The conversation is shifting from intent to evidence — from "we believe" to "we can demonstrate." Organizations must now prove how their systems behave under scrutiny.
Sep 2025 · 2 minRead →
Zero Trust · Aug 2025
Zero Trust Security: Architecting Trust in a Trustless World
Zero Trust is no longer optional in cloud- and AI-driven enterprises. Every user, device, application, and AI agent must be continuously verified in a perimeterless world.
Aug 2025 · 3 minRead →
Incident Response · Jul 2025
Incident Response Excellence: Building Resilience Through Preparedness
Cyber incidents are inevitable. The differentiator is how quickly you detect, contain, and recover. What mature IR looks like in practice — and why it's a business capability, not just a technical one.
Jul 2025 · 1 minRead →
Third-Party Risk · Jun 2025
Third-Party Risk Management: Securing the Extended Enterprise
MOVEit. Change Healthcare. CrowdStrike. Vendor vulnerabilities cascade fast. A framework for assessing and managing third-party risk across your entire ecosystem.
Jun 2025 · 3 minRead →
Privacy · May 2025
CCPA/CPRA Compliance: Key Consumer Rights
The most comprehensive U.S. consumer privacy legislation creates both compliance obligations and competitive opportunities. What organizations handling California resident data must know.
May 2025 · 2 minRead →
AI Governance · Apr 2025
Navigating the EU AI Act: Building Responsible AI in a Regulated Future
The EU AI Act establishes a risk-based framework affecting organizations worldwide. Beyond compliance, it signals how regulators, customers, and partners will evaluate AI trustworthiness.
Apr 2025 · 3 minRead →
AI Governance · Mar 2025
Why Responsible AI Is More Than Just a Buzzword
Biased algorithms. Facial recognition failures. Medical AI on unrepresentative data. When AI goes wrong, the consequences are real and documented. What Responsible AI actually means in practice.
Mar 2025 · 3 minRead →
Regulatory · Feb 2025
PCI DSS 4.0: What You Need to Know
PCI DSS 4.0 introduces greater flexibility but stricter authentication, continuous monitoring mandates, and a stronger risk-based approach. What changed and how to stay ahead of the audit.
Feb 2025 · 2 minRead →
Privacy · Jan 2025
GDPR Compliance: Protecting Personal Data with Cyberdiligent
GDPR is the global gold standard for data protection. With fines up to €20 million or 4% of annual turnover, it's also one of the most consequential regulatory frameworks in existence.
Jan 2025 · 2 minRead →
Regulatory · Dec 2024
DORA Compliance: Building a Robust Cybersecurity Program
The Digital Operational Resilience Act is a roadmap for reducing ICT risk, enhancing incident response, and managing third-party relationships in financial services.
Dec 2024 · 2 minRead →
Regulatory · Nov 2024
NYDFS Cybersecurity Regulation: Strengthening Your Organization's Security
23 NYCRR 500 protects financial services from cyber threats. Non-compliance means substantial fines and reputational damage. A breakdown of key requirements and how to meet them.
Nov 2024 · 2 minRead →
AI Governance · Oct 2024
Artificial Intelligence in Cybersecurity: Friend or Foe?
AI improves threat detection and automates response. But adversarial attacks, model bias, and privacy concerns mean it can also become a foe. How to harness AI responsibly.
Oct 2024 · 2 minRead →
Data Governance · Oct 2024
Data Quality: A Cornerstone of Effective Data Governance in Cybersecurity
Inaccurate or incomplete data undermines threat detection, delays incident response, and creates compliance exposure. Why data quality is a strategic imperative, not just a technical concern.
Oct 2024 · 2 minRead →
Frameworks · Apr 2024
The Diamond Model for Intrusion Analysis
A structured framework for analyzing cyber threats by examining four components: adversary, capability, infrastructure, and victim. How to put it to practice across the security lifecycle.
The 18 Critical Security Controls represent a comprehensive cybersecurity framework crafted by experts from government, academia, and industry. A guide to implementation and benefits.
Feb 2024 · 2 minRead →
Leadership · Oct 2023
Lesson from the Saddle: Pedaling Through Regulatory Challenges and Cyber Realities
The journey of a CISO resembles a cyclist's ride — balance, strategy, and adaptability are paramount. Drawing parallels between cadence, speed, power, hills, and the security leader's role.
Oct 2023 · 2 minRead →
Leadership · Apr 2023
Drawing Parallels: Beavers and Information Security
Listening to 'The Beauty of Beavers' sparked reflections on what these industrious creatures share with information security: diligence, adaptability, collaboration, and protection.
Apr 2023 · 2 minRead →
Subscribe to The Brief
Get the latest insights delivered.
No filler. Concise, executive-ready perspectives on cybersecurity, AI risk, and governance — when it matters.
Contact
Let's Work Together
Start the Conversation
Whether you need niche security advisory, an AI governance framework, incident response program, or a CyberShop engagement — we are ready to help.
What the Board Should Be Asking About AI Right Now
Russell Okoth · April 2026 · 2 min read
Boards are being asked to oversee AI.
Most are still being given technical explanations instead of operational clarity.
Effective oversight does not require deep technical expertise. It requires the right questions.
Boards should be asking:
Where is AI being used across the organization?
What decisions does it influence?
What data does it rely on?
Who is accountable for outcomes?
What controls are enforced — not just documented?
How is risk monitored and reported?
What is the escalation path when something goes wrong?
The goal is not to understand the model.
It is to understand: impact, risk, control, and accountability.
Governance becomes meaningful when answers are clear, consistent, and evidence-based.
AI oversight is not about slowing innovation. It is about ensuring that innovation is controlled, explainable, and aligned with enterprise risk.
Cyberdiligent helps boards and executives ask better questions — and get defensible answers.Get in touch →
AI Security · March 2026
Cybersecurity for AI, Not Just AI for Cybersecurity
Russell Okoth · March 2026 · 2 min read
AI is increasingly used to enhance cybersecurity operations.
At the same time, AI systems themselves are becoming part of the enterprise attack surface.
This creates a dual challenge: using AI to strengthen security, and securing the AI systems being deployed.
Many organizations are strong in the first area and underdeveloped in the second.
AI systems should be treated like any other critical asset:
They must be inventoried
Their dependencies must be understood
Their data flows must be mapped
Their behavior must be monitored
Their failures must be recoverable
Without this, organizations risk introducing new vulnerabilities while trying to improve defenses.
The question is not whether AI can improve cybersecurity. It is whether cybersecurity programs have evolved to include AI systems within their scope.
Cyberdiligent helps organizations build security programs that treat AI as both a tool and an asset requiring protection.Get in touch →
AI Security · February 2026
The New Attack Surface: Securing AI Agents, Not Just Models
Russell Okoth · February 2026 · 2 min read
As AI systems evolve, the attack surface expands.
The focus is moving beyond models to the systems that surround them.
AI agents introduce new dynamics:
They interact with multiple systems
They operate with varying levels of autonomy
They may hold credentials or access sensitive data
They can trigger actions across environments
This creates new risks:
Unauthorized actions
Credential misuse
Data leakage across systems
Manipulation of decision flows
Traditional security models are not fully equipped for this shift.
Organizations need to rethink:
Identity for non-human actors
Access control for AI-driven workflows
Monitoring and logging of agent behavior
Trust boundaries between systems
AI is no longer just a tool. It is becoming an active participant in the enterprise environment. Securing it requires moving from model security to system security.
Cyberdiligent helps organizations extend their security posture to include AI agents, workflows, and non-human identities.Get in touch →
Privacy · January 2026
Privacy in the AI Era Is a Data Governance Problem First
Russell Okoth · January 2026 · 2 min read
Most AI discussions focus on models.
Most privacy risks originate from data.
Before a model is trained or deployed, key decisions have already been made:
What data is collected
Whether its use is lawful
How it is classified and labeled
Who approved its use
How it can be reused or repurposed
This is where privacy risk begins.
In many organizations, privacy is still treated as a downstream review — a checkpoint before deployment. That approach no longer works.
AI systems amplify:
Data reuse
Inference
Correlation
Exposure
Privacy must shift left in the lifecycle. It becomes a design decision, a governance function, and a shared responsibility across security, legal, and data teams.
The question is not whether AI systems are compliant. It is whether organizations can trace, explain, and justify the data that powers them.
Privacy is not an output of AI. It is a function of how data is governed before AI begins.
Cyberdiligent helps organizations build privacy governance frameworks designed for the AI era.Get in touch →
AI Risk · December 2025
AI in Critical Systems: Innovation Without Safety Is a Bad Trade
Russell Okoth · December 2025 · 2 min read
AI is rapidly expanding into environments that extend beyond digital workflows.
It is entering systems that impact physical operations, infrastructure reliability, and human safety.
This changes the risk equation.
In these environments, performance is not the only metric that matters. Leaders must consider:
What happens when the system fails?
Can outputs be overridden?
Are there fallback mechanisms?
What dependencies exist across systems?
AI errors in critical systems are not just inconvenient. They can be consequential.
The challenge is not whether to adopt AI in these environments. It is whether organizations are prepared to manage failure scenarios with the same rigor as success scenarios.
Innovation without safety creates fragile systems. The more critical the environment, the more important it becomes to design for predictability, control, and intervention. Speed is not the goal. Resilience is.
Cyberdiligent helps organizations assess and govern AI risk in high-stakes environments.Get in touch →
With DORA now in effect, financial institutions are moving beyond interpretation into execution. This is where many programs encounter friction.
DORA is not just a cybersecurity requirement. It is an operational resilience mandate.
It forces organizations to answer harder questions:
Can we continue operating during disruption?
Do we understand our third-party dependencies?
Are our response capabilities tested — not just documented?
Can we demonstrate resilience to regulators and stakeholders?
Common challenges emerging:
Fragmented ownership across risk, IT, and security
Limited visibility into third-party ICT risk
Over-reliance on static control frameworks
Inconsistent testing of incident response and recovery
DORA is effective because it shifts focus from controls to outcomes. Resilience is not defined by what is written. It is defined by what holds under pressure.
Cyberdiligent helps financial institutions move from DORA interpretation to operational proof.Get in touch →
AI Governance · October 2025
Agentic AI Needs Guardrails Before Autonomy
Russell Okoth · October 2025 · 2 min read
AI is evolving from systems that generate answers to systems that take action.
This shift — from response to agency — is where risk accelerates.
Agentic AI systems can:
Access enterprise data
Invoke tools and APIs
Trigger workflows
Make decisions without immediate human intervention
The risk is not just what the model produces. It is what the system is allowed to do.
Many deployments today are moving faster than governance. The result is a familiar pattern: excessive permissions, limited visibility into decisions, weak or undefined escalation paths, no clear mechanism to stop or override actions.
Autonomy without structure creates exposure. Organizations should be thinking in terms of guardrails, not capabilities.
The right questions to ask:
What is the system allowed to access?
What actions require approval?
What is logged and auditable?
What are the boundaries of operation?
How is the system stopped if something goes wrong?
AI does not fail only because models are wrong. It fails because systems lack ownership, boundaries, and control.
Cyberdiligent designs agentic AI control frameworks that define boundaries before granting autonomy.Get in touch →
AI Governance · September 2025
From Responsible AI to Enforceable AI: What Changed
Russell Okoth · September 2025 · 2 min read
For the past two years, Responsible AI has largely lived in policy documents, principles, and internal guidelines. Organizations defined what "good" looked like, but enforcement remained uneven.
That is changing.
The conversation is shifting from intent to evidence. From "we believe" to "we can demonstrate." Responsible AI is no longer just a philosophy — it is becoming an operational requirement.
Organizations are now expected to:
Document how models are developed and trained
Explain data sources and usage
Demonstrate risk controls and governance structures
Assign clear accountability for outcomes
This is not just about compliance. It is about trust.
The organizations that succeed will not be those with the most polished AI policies. They will be the ones that can prove how their systems behave, how decisions are made, and how risks are contained.
The question for leadership is no longer: Do we have Responsible AI principles? It is: Can we defend how our AI operates — technically, legally, and ethically — under scrutiny?
Cyberdiligent helps organizations move from AI principles to AI evidence — building governance structures that can withstand regulatory and stakeholder scrutiny.Get in touch →
Risk & Operations · Zero Trust
Zero Trust Security: Architecting Trust in a Trustless World
Russell Okoth · August 29, 2025 · 3 min read
Zero Trust has become the dominant model for modern cybersecurity, replacing perimeter-based defenses with continuous verification of every user, device, application, and service. The traditional network perimeter has effectively disappeared as organizations embrace cloud computing, distributed workforces, SaaS ecosystems, and AI-powered applications.
Three Core Principles
Verify Explicitly: Every access request is authenticated and authorized using multiple contextual signals including identity, device health, location, behavioral anomalies, and threat intelligence. Verification is continuous, not a one-time login event.
Least-Privilege Access: Users, applications, and automated services receive only the minimum permissions required. Just-in-time and just-enough-access models reduce standing privileges.
Assume Breach: Controls limit blast radius, restrict lateral movement, and detect abnormal behavior through segmentation, endpoint protection, and continuous monitoring.
Zero Trust in the Age of AI
Modern enterprise environments include AI agents executing tasks autonomously, LLM-powered applications accessing knowledge bases, service accounts acting on behalf of models, and third-party AI platforms processing proprietary data. Without Zero Trust applied to AI systems, organizations risk creating highly privileged, opaque automation layers that attackers can exploit.
Core Components
Identity and Access Management: MFA, privileged access management, conditional access, workload identity controls, and continuous risk evaluation.
Network Security: Micro-segmentation, SASE, and policy-based access control to limit lateral movement.
Data Protection: Classification, encryption, rights management, and DLP extended to AI training datasets, embeddings, prompts, and model outputs.
Cyberdiligent supports organizations in designing Zero Trust programs that account for cloud, SaaS, and AI-driven environments.Get in touch →
Risk & Operations · Incident Response
Incident Response Excellence: Building Resilience Through Preparedness
Russell Okoth · July 31, 2025 · 1 min read
Cyber incidents are no longer rare events. They are operational realities. The differentiator is how quickly you detect, how effectively you contain, and how confidently you restore operations. Prepared organizations reduce downtime, limit financial loss, and protect stakeholder trust.
What Good IR Includes
Preparation: Defined roles across Security, IT Ops, Legal, Comms, HR, and Execs; playbooks for ransomware, BEC, data breach, and insider scenarios; backup validation.
Detection and Analysis: Usable log visibility (SIEM + endpoint + identity), triage routines, and threat intel context.
Containment and Eradication: Short-term containment to prevent spread, long-term stabilization, and thorough eradication of credentials, persistence mechanisms, and compromised assets.
Recovery: Prioritized restoration by business criticality, validation systems are clean, and heightened monitoring during return to normal.
Post-Incident Learning: Root cause analysis, tracked control improvements, and executive reporting that drives investment decisions.
Training and Testing
Incident response degrades without rehearsal. Strong programs run tabletops for decision-making, technical simulations for detection and response execution, and red/purple team exercises for realistic adversary testing.
Cyberdiligent builds IR programs that work when it matters.Get in touch →
Risk Management · Third-Party Risk
Third-Party Risk Management: Securing the Extended Enterprise
Russell Okoth · June 30, 2025 · 3 min read
Recent supply chain attacks highlight a critical truth: vendor vulnerabilities can quickly escalate into organizational crises. The 2023 MOVEit Transfer vulnerability and the 2024 Change Healthcare cyberattack underscore how third-party risks directly influence organizational security.
Categories of Third-Party Risks
Cybersecurity Risks: Vendors require access to sensitive data and critical systems. The 2020 SolarWinds incident highlights the need for stringent controls and ongoing monitoring.
Operational Risks: The 2024 CrowdStrike software update failure demonstrated how operational issues can lead to widespread disruption. Assess dependency on key vendors and establish backup arrangements.
Compliance and Regulatory Risks: Companies are responsible for ensuring third-party data processing complies with GDPR, HIPAA, PCI DSS, and other regulations.
Concentration Risks: Over-reliance on a single vendor amplifies risks and diminishes negotiating power.
Fourth-Party Risks: The relationships vendors maintain with their own suppliers introduce additional risk layers that effective programs must address.
Continuous Monitoring: Staying proactive in assessing and managing vendor risks is essential for fostering a secure and resilient organizational environment.
Cyberdiligent transforms vendor relationships from vulnerabilities into strategic assets.Get in touch →
Regulatory & Compliance
CCPA/CPRA Compliance: Key Consumer Rights
Russell Okoth · May 30, 2025 · 2 min read
The California Consumer Privacy Act and its enhancement through the California Privacy Rights Act represent the most comprehensive consumer privacy legislation in the United States, influencing privacy regulation nationwide.
Core Consumer Rights
Right to Know: Consumers request detailed information about what data is collected, sources, purposes, and third parties. Organizations must respond within 45 days.
Right to Delete: Consumers can request deletion of personal information. This requires robust data management to identify and delete data across all systems.
Right to Opt-Out: Consumers can opt out of the sale or sharing of their data and limit the use of sensitive personal information.
Right to Correct: Consumers can request corrections to inaccurate personal information, requiring effective verification processes.
Right to Non-Discrimination: Organizations cannot penalize consumers for exercising privacy rights.
Data Minimization
The CPRA requires businesses to limit data collection, use, retention, and sharing to what is necessary for declared purposes. CPRA expands protections for sensitive personal data including Social Security numbers, precise geolocation, race, religion, and health data.
Cyberdiligent provides tailored CCPA/CPRA compliance services including data mapping, policy development, and consumer rights request workflows.Get in touch →
AI Governance · Regulatory
Navigating the EU AI Act: Building Responsible AI in a Regulated Future
Russell Okoth · April 30, 2025 · 3 min read
The EU AI Act marks a shift in how regulators, customers, and business partners evaluate AI trustworthiness. Organizations that treat governance as a strategic capability rather than a documentation exercise will be better positioned to scale AI responsibly.
The EU AI Act Framework
Prohibited Practices: AI systems using subliminal manipulation, exploiting vulnerable groups, enabling real-time public biometric identification by law enforcement (with limited exceptions), and social scoring are banned outright.
High-Risk AI Systems: AI in biometric identification, critical infrastructure, education, employment, essential services, law enforcement, migration, and administration of justice face stringent requirements including conformity assessments, risk management systems, and human oversight.
General Purpose AI Models: Foundation models must provide technical documentation and comply with EU copyright law. Models exceeding 1025 FLOPs must also conduct systemic risk assessments and adversarial testing.
Building Competitive Advantage Through Compliance
Organizations that approach the AI Act proactively often uncover broader strategic benefits: stronger customer and partner trust, clearer accountability for automated decisions, improved AI reliability, and greater readiness for future regulation beyond Europe.
Cyberdiligent supports organizations in translating AI Act obligations into practical, defensible operating models.Get in touch →
AI Governance
Why Responsible AI Is More Than Just a Buzzword
Russell Okoth · March 31, 2025 · 3 min read
Responsible AI refers to the design, development, and deployment of AI systems aligned with ethical values, laws, and societal expectations. It is built on principles including fairness, transparency, accountability, security, privacy, and inclusivity.
Why It Matters: The Stakes Are High
When AI goes wrong, the consequences are serious: biased hiring algorithms that disadvantage women or minorities; facial recognition systems that misidentify people of color; predictive policing tools that reinforce systemic injustices; medical AI trained on unrepresentative data that puts lives at risk. These issues are real, documented, and damaging — not just for individuals but for the companies behind the tools.
How to Start Practicing Responsible AI
Establish ethical guidelines aligned with your mission and values
Run bias and fairness audits on models before deployment — and continuously after
Use model cards and data documentation to track assumptions, limitations, and risks
Create cross-functional governance teams including legal, compliance, HR, and data science
Educate teams on ethical AI design and embed it into your product development lifecycle
Tools and Frameworks
Microsoft Responsible AI Toolbox, IBM AI Fairness 360, Google's What-If Tool, NIST AI Risk Management Framework, and Partnership on AI's Shared Responsibility Principles all provide structured support for operationalizing Responsible AI.
Responsible AI is a competitive advantage rooted in transparency, inclusivity, and accountability.Get in touch →
Regulatory & Compliance
PCI DSS 4.0: What You Need to Know
Russell Okoth · February 28, 2025 · 2 min read
PCI DSS 4.0 introduces key changes impacting how organizations manage and protect cardholder data.
What's New
Increased Flexibility: Greater flexibility to implement security measures tailored to your specific environment while still meeting the standard's intent.
Stricter Authentication: Enhanced multi-factor authentication for all access to cardholder data environments.
Continuous Monitoring: Emphasis on continuously monitoring payment systems to detect and respond to vulnerabilities in real time.
Enhanced Risk-Based Approach: Focus resources on critical assets and potential threats.
How Cyberdiligent Helps
Gap Analysis and Risk Assessment identifying gaps between current practices and PCI DSS 4.0 requirements
Remediation Planning and Support from updating security protocols to new technologies
Compliance Roadmap Development guiding your organization through achieving and maintaining compliance
Continuous Monitoring and Maintenance ensuring systems remain secure and compliant over time
Training and Awareness programs for your team
Non-compliance can result in hefty fines, security breaches, and loss of customer trust.Get in touch →
Regulatory & Compliance · Privacy
GDPR Compliance: Protecting Personal Data with Cyberdiligent
Russell Okoth · January 31, 2025 · 2 min read
GDPR is the global gold standard for data protection. With fines up to €20 million or 4% of annual global turnover, it applies to any organization processing the personal data of individuals in the European Union, regardless of where the business is located.
Key Requirements
Data Minimization: Collect only what is necessary for specific, declared purposes.
Lawful Basis: Ensure all personal data processing has a clear legal basis.
Breach Notification: Report personal data breaches within 72 hours of discovery.
Data Subject Rights: Access, rectification, deletion, and portability for individuals.
Cyberdiligent's Framework
GDPR Readiness Assessments identifying gaps and providing a clear compliance roadmap
Data Mapping and Inventory tracking personal data, data flows, and processing activities
Privacy Impact Assessments evaluating risks and ensuring data protection by design
Policy Development and Training on GDPR obligations
GDPR compliance is an opportunity to build a culture of trust and transparency with customers.Get in touch →
Regulatory & Compliance · Financial Services
DORA Compliance: Building a Robust Cybersecurity Program
Russell Okoth · December 31, 2024 · 2 min read
The Digital Operational Resilience Act sets a new benchmark for financial institutions, introducing comprehensive requirements for managing ICT risk, reporting security incidents, and ensuring third-party oversight. DORA is more than another regulation — it is a roadmap for reducing ICT risk and enhancing incident response.
Key Focus Areas
ICT Risk Management: Identifying and mitigating information and communication technology risks across the organization.
Incident Reporting Readiness: Processes for reporting significant incidents within strict timeframes.
Third-Party Risk Management: Monitoring and managing risks posed by vendors and service providers.
Cyberdiligent's Approach
ICT Risk Assessments protecting against evolving threats
Third-Party Risk Programs providing real-time oversight of vendor relationships
Compliance Readiness Assessments identifying gaps and providing actionable recommendations
Continuous Monitoring maintaining alignment with DORA over time
DORA presents an opportunity to strengthen cybersecurity posture while meeting regulatory requirements.Get in touch →
Regulatory & Compliance · Financial Services
NYDFS Cybersecurity Regulation: Strengthening Your Organization's Security
Russell Okoth · November 22, 2024 · 2 min read
The NYDFS Cybersecurity Regulation (23 NYCRR 500) was implemented to protect the financial services industry from cyber threats. Non-compliance can lead to substantial fines, reputational damage, and increased vulnerability.
Key Requirements
Cybersecurity Program: A comprehensive program identifying risks and implementing security measures.
Cybersecurity Policy: Written policies protecting financial data confidentiality, integrity, and availability.
Incident Response Plan: An IR plan with notification to NYDFS within 72 hours of a significant cybersecurity event.
Third-Party Risk Management: Assessing and managing risks associated with third-party vendor access.
Regular Risk Assessments: Ongoing assessments to evaluate vulnerabilities and program effectiveness.
Cyberdiligent's NYDFS Services
NYDFS Compliance Readiness Assessment, Cybersecurity Program Development, Policy and Procedure Development, Third-Party Risk Management guidance, Incident Response and Reporting preparation, and Ongoing Monitoring and Compliance Management.
Compliance with NYDFS is about securing critical assets, not just meeting regulatory requirements.Get in touch →
AI Governance
Artificial Intelligence in Cybersecurity: Friend or Foe?
Russell Okoth · October 31, 2024 · 2 min read
By leveraging AI technologies, organizations can improve threat detection, enhance response times, and automate many security processes. But with its many benefits come potential risks. Is AI a friend to cybersecurity, or could it become a foe in the wrong hands?
AI's Role in Cybersecurity
Threat Detection: AI analyzes vast amounts of data quickly to identify potential threats. ML models detect unusual activity and flag potential breaches.
Automated Responses: AI responds to threats in real-time, reducing response times and allowing human teams to focus on higher-priority tasks.
Predictive Analytics: By analyzing historical data, AI predicts future attacks and proactively implements defensive measures.
Phishing and Malware Detection: AI models recognize phishing emails and malicious software before they cause harm.
The Risks
Adversarial Attacks: Attackers use AI to launch sophisticated attacks that manipulate or deceive AI systems.
Bias and Overfitting: AI models trained on biased or incomplete data make inaccurate predictions and overlook key threats.
Privacy Concerns: AI's ability to analyze massive datasets raises concerns over user privacy.
Cyberdiligent helps organizations deploy AI Governance and security technologies that enhance cybersecurity while minimizing associated risks.Get in touch →
Data Governance
Data Quality: A Cornerstone of Effective Data Governance in Cybersecurity
Russell Okoth · October 1, 2024 · 2 min read
Maintaining high-quality data is not just a matter of operational efficiency; it is a fundamental pillar of effective data governance, essential for safeguarding against cyber threats and mitigating risks.
Why Data Quality Matters
Accurate Threat Detection: Inaccurate data undermines threat detection mechanisms, leaving organizations vulnerable.
Timely Incident Response: Poor data quality delays response efforts, allowing attackers to escalate activities and inflict more damage.
Compliance and Reporting: GDPR, HIPAA, or PCI DSS compliance requires accurate and reliable data. Non-compliance due to data inaccuracies results in severe penalties.
Risk Management: Poor data quality leads to erroneous risk assessments, exposing organizations to unforeseen cyber risks.
Strategies for Maintaining Data Quality
Data Profiling and Analysis to identify inconsistencies and establish a quality baseline
Automated Data Cleansing to remove duplicates and standardize formats
Data Governance Framework outlining policies, procedures, and responsibilities
Continuous Monitoring and Validation with automated checks and anomaly detection
Employee Training and Awareness programs
Data quality is a strategic imperative. Cyberdiligent partners with organizations to enhance cybersecurity posture through effective data governance.Get in touch →
Frameworks & Controls
The Diamond Model for Intrusion Analysis
Russell Okoth · April 21, 2024 · 2 min read
The Diamond Model provides a comprehensive framework for analyzing cyber threats by focusing on four key components: adversary, capability, infrastructure, and victim.
Capability: The tools, techniques, and procedures (TTPs) adversaries use. Identifying these allows analysts to assess the sophistication and potential impact of a threat.
Infrastructure: The command and control servers, malware distribution networks, and compromised endpoints adversaries use. Analyzing this infrastructure provides insights into operational tactics.
Victim: Understanding characteristics of the victim organization — industry sector, size, geographic location — helps assess the threat's relevance and potential impact.
Putting the Model to Practice
The Diamond Model is applicable across threat intelligence research, incident response activities, and defensive strategy development. It promotes collaboration and information sharing among security teams, enabling more proactive and coordinated defense efforts.
Cyberdiligent leverages advanced analytical frameworks like the Diamond Model to empower organizations to navigate the cybersecurity landscape with confidence and resilience.Get in touch →
The 18 Critical Security Controls represent a comprehensive cybersecurity framework crafted through collaboration among cybersecurity experts from government, academia, and industry.
Key Components
Inventory of Authorized and Unauthorized Devices: Maintaining an accurate device inventory helps detect and mitigate potential security risks proactively.
Continuous Vulnerability Management: Regular vulnerability scanning and patching minimize the risk of exploitation.
Secure Configuration: Implementing secure configuration standards ensures systems are hardened against common cyber threats.
Access Control Management: Least privilege and role-based access controls help enforce security policies effectively.
Benefits of Implementation
Reduced Risk Exposure by prioritizing controls based on risk to focus resources on critical gaps
Improved Incident Response capabilities through continuous monitoring
Enhanced Regulatory Compliance as many frameworks reference the 18 Critical Security Controls
Cyberdiligent helps organizations leverage frameworks like the CIS Controls, NIST, COBIT, and COSO to build more robust, secure digital environments.Get in touch →
Leadership & Strategy
Lesson from the Saddle: Pedaling Through Regulatory Challenges and Cyber Realities
Russell Okoth · October 20, 2023 · 2 min read
The journey of a CISO closely resembles the intricacies of a cyclist's ride, where balance, strategy, and adaptability are paramount. Just as cyclists harmonize cadence, speed, power, hills, and intervals, CISOs must navigate the intersection of regulatory pressures, technological advancements, and cybersecurity challenges.
Cadence: Harmonizing Compliance and Innovation
Just like cyclists harmonize their cadence for optimal performance, CISOs must help their organizations find the right balance between compliance requirements and innovative solutions — a delicate dance that ensures growth without compromising security.
Speed: Pacing Agility
Cyclists adapt their speed to the terrain. CISOs must do the same in a rapidly changing cybersecurity landscape. Maintaining agility is essential, but building resilience is crucial for an organization's survival.
Power: Empowering Cyber Resilience
Powerful cyclists generate the strength to conquer challenging routes. CISOs guide their organizations with robust cybersecurity measures to build trust among stakeholders, protect valuable assets, and resume operations during cyber events.
Hills: Confronting Regulatory Complexities
Conquering hills requires determination and strategy. CISOs must be innovative and steadfast to confront regulatory complexities head-on, ensuring compliance with various industry-specific regulations.
Cyberdiligent understands the intricate journey of a CISO and specializes in empowering organizations to navigate the cybersecurity landscape with balance, strategy, and adaptability.Get in touch →
Leadership & Culture
Drawing Parallels: Beavers and Information Security
Russell Okoth · April 13, 2023 · 2 min read
As I listened to 'The Beauty of Beavers' on Headspace, I reflected on the remarkable qualities exhibited by these industrious creatures and the striking similarities they share with the world of information security.
The Six Parallels
Diligence and Persistence: Much like beavers tirelessly work on their dams, information security professionals must exhibit unwavering diligence in continuously monitoring and enhancing security measures.
Attention to Detail: As beavers meticulously construct their lodges, security professionals must pay meticulous attention to detail — carefully analyzing system logs, network traffic, and security configurations to detect anomalies.
Adaptability: Beavers adapt their building techniques based on environmental factors. Security professionals must adapt to new threats and technological advancements, constantly updating skills and strategies.
Collaboration and Teamwork: Beavers demonstrate strong collaboration in construction projects. Security professionals must collaborate across departments to implement comprehensive security measures and respond to incidents collectively.
Defense and Protection: Just as beavers build dams to protect themselves, security professionals focus on building robust defenses to safeguard sensitive data and systems from malicious actors.
Environmental Awareness: Beavers' activities profoundly impact their ecosystem. Security professionals must be aware of the broader impact on the organization's digital ecosystem, considering compliance, user privacy, and ethical implications.
At Cyberdiligent, we translate these principles into actionable strategies, empowering clients to navigate the cybersecurity landscape with confidence and resilience.Get in touch →
Privacy Policy
Effective Date: May 1, 2026 · Cyberdiligent · cyberdiligent.com
Cyberdiligent (“we,” “us,” or “our”) operates the website cyberdiligent.com (the “Site”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our Site or engage with our services. By using the Site, you agree to the practices described in this policy.
1. Information We Collect
We collect information you provide directly to us, including:
Contact and inquiry data: name, last name, email address, phone number, organization, area of interest, and message content submitted through our contact form.
Communications: any correspondence you send us by email or other means.
We also collect certain data automatically when you visit the Site:
Usage Data: IP address, browser type and version, pages visited, time and date of visit, time spent on pages, and other diagnostic data.
Cookies and tracking technologies: small data files stored on your device to support Site functionality, preferences, and analytics.
2. How We Use Your Information
We use the information we collect to:
Respond to your inquiries and provide advisory services
Send you The Cyberdiligent Brief and other communications you have opted into
Improve the Site and our service offerings
Comply with legal obligations and enforce our policies
Protect the security and integrity of the Site
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
3. Cookies
We use session, preference, and security cookies to operate and improve the Site. You may instruct your browser to refuse all cookies or to alert you when cookies are being sent. Disabling cookies may affect certain Site functionality.
4. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Newsletter subscription data is retained until you unsubscribe. Contact form submissions are retained for a reasonable period to follow up on inquiries.
5. Data Security
We implement commercially reasonable administrative, technical, and physical safeguards to protect your personal information. However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
6. Disclosure of Information
We may disclose your personal data in the following limited circumstances:
Service providers: trusted third parties who assist us in operating the Site and delivering our services, subject to confidentiality obligations.
Legal requirements: when required by law, court order, or government authority, or to protect the rights, property, or safety of Cyberdiligent, our clients, or the public.
Business transfers: in connection with a merger, acquisition, or sale of assets, with appropriate notice to affected individuals.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
Access the personal data we hold about you
Request correction of inaccurate information
Request deletion of your personal data
Opt out of marketing communications at any time by clicking “unsubscribe” in any email or contacting us directly
To exercise any of these rights, contact us at info@cyberdiligent.com. We will respond within a reasonable timeframe.
8. Third-Party Links
The Site may contain links to third-party websites, including IANS Research, Deeptrack.io, KIPNA.org, and others. We are not responsible for the privacy practices or content of those sites. We encourage you to review their privacy policies.
9. Children’s Privacy
The Site is not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the revised policy on this page with an updated effective date. Your continued use of the Site after any changes constitutes your acceptance of the revised policy.
11. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of law provisions. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Texas.
12. Contact Us
Questions about this Privacy Policy or our data practices? Contact us at:
Effective Date: May 1, 2026 · Cyberdiligent · cyberdiligent.com
These Terms of Service (“Terms”) govern your access to and use of the Cyberdiligent website (cyberdiligent.com) and any services, content, or advisory engagements provided by Cyberdiligent (“we,” “us,” or “our”). Please read these Terms carefully. By accessing the Site or engaging our services, you agree to be bound by these Terms.
1. Use of the Site
You may use the Site for lawful purposes only. You agree not to:
Use the Site in any manner that violates applicable laws or regulations
Attempt to gain unauthorized access to any portion of the Site or its infrastructure
Transmit unsolicited commercial communications or malicious code
Reproduce, distribute, or commercially exploit any content from the Site without our express written consent
We reserve the right to terminate or restrict your access to the Site at any time, without notice, for conduct that we determine violates these Terms or is harmful to other users, us, or third parties.
2. Advisory Services
Cyberdiligent provides cybersecurity, risk, privacy, and AI governance advisory services. Any engagement for professional services is subject to a separate written agreement or statement of work between Cyberdiligent and the client. These Terms do not constitute an advisory engagement or create any professional obligation absent such an agreement.
Content published on the Site, including The Cyberdiligent Brief, is provided for informational purposes only and does not constitute legal, regulatory, financial, or professional advice. You should seek qualified professional counsel for advice specific to your circumstances.
3. Intellectual Property
All content on the Site — including text, articles, graphics, logos, the Cyberdiligent name and mark, and the overall design — is the property of Cyberdiligent or its licensors and is protected by applicable intellectual property laws. You may not copy, reproduce, distribute, modify, or create derivative works of any Site content without our prior written permission.
The Cyberdiligent Brief articles and thought leadership content are original works. Sharing links to our content is encouraged; reproducing the content in full without attribution or permission is not permitted.
4. Confidentiality
Any information you share with Cyberdiligent through the Site’s contact form or in the course of an advisory engagement will be treated with professional discretion. Cyberdiligent will not disclose client-specific information to third parties except as required by law or with your express consent.
5. Disclaimer of Warranties
The Site and its content are provided on an “as is” and “as available” basis without warranties of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement. We do not warrant that the Site will be uninterrupted, error-free, or free of viruses or other harmful components.
Cybersecurity and risk advisory services inherently involve uncertainty. While Cyberdiligent applies deep domain expertise to every engagement, we cannot guarantee specific outcomes or that all risks will be identified or mitigated.
6. Limitation of Liability
To the maximum extent permitted by applicable law, Cyberdiligent and its principals, employees, and advisors shall not be liable for any indirect, incidental, special, consequential, or punitive damages — including loss of profits, data, or business — arising from your use of the Site or our services, even if we have been advised of the possibility of such damages.
Our total liability for any claim arising from or relating to these Terms or the services shall not exceed the amounts paid by you to Cyberdiligent in the three (3) months preceding the claim.
7. Third-Party Links and Resources
The Site may contain links to third-party websites and resources. These links are provided for convenience only. Cyberdiligent does not endorse, control, or assume responsibility for the content, privacy practices, or reliability of any third-party sites. Access to third-party sites is at your own risk.
8. Privacy
Your use of the Site is also governed by our Privacy Policy, which is incorporated into these Terms by reference. Please review our Privacy Policy to understand our practices.
9. Modifications to Terms
We reserve the right to update or modify these Terms at any time. Changes will be posted on this page with a revised effective date. Your continued use of the Site following any changes constitutes your acceptance of the revised Terms. We encourage you to review these Terms periodically.
10. Governing Law and Dispute Resolution
These Terms are governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of law provisions. Any dispute, claim, or controversy arising out of or relating to these Terms or the Site shall be resolved exclusively in the state or federal courts located in Tarrant County, Texas. You consent to the personal jurisdiction of such courts and waive any objection to venue in such courts.
11. Severability
If any provision of these Terms is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that the remaining Terms will otherwise remain in full force and effect.
12. Entire Agreement
These Terms, together with our Privacy Policy and any written service agreement between you and Cyberdiligent, constitute the entire agreement between you and Cyberdiligent with respect to the Site and supersede all prior or contemporaneous understandings regarding such subject matter.
