Mike Skinner

Mike is the partner in charge for HORNE Cyber. His primary focus is to enable clients to fully leverage technology innovations by providing the insights critical to safeguarding their business, customers’ critical data and brand reputation. He is responsible for information technology audit, regulatory compliance, information security consulting, internal control consulting and business solution implementation.
Find me on:

Recent Posts

Nov 1, 2019 6:30:00 AM

Friday Brief: How Contractors can Prepare for Upcoming CMMC Requirements

What is the CMMC? Earlier this year, the DoD announced a new standard for cybersecurity certification of its contractors and sub-contractors. The standard is known as Cybersecurity Maturity Model Certification and includes a five-tier approach to determining the adequacy and effectiveness of contractors’ controls and processes for protecting the department’s controlled unclassified information (CUI).

Topics: NIST 800-171

Mar 15, 2018 10:00:00 AM

What You Need to Know About the SEC’s New Cyber Guidance

During the primetime of the 2017 10K filing season, the SEC issued additional guidance and expectations for cybersecurity disclosures. Cyber has been a hot topic for the SEC in the last several years. The financial impact to companies to prevent and then respond to a breach cannot be overstated.

Topics: risk management, Cyber Assurance Insights, Cyber SOC

Feb 27, 2018 1:04:33 PM

Providing Peace of Mind Around Your Law Firm's Data Security

Have you ever wondered why Amazon Web Services (AWS) is so focused on security? When you visit their compliance page, they have nearly every privacy and security badge available, noted with the global standards highlighted below:

Topics: cybersecurity, SOC 1 Audit, securing your data, SOC for Cybersecurity, Cyber Assurance Insights, Cyber SOC, Compliance

Feb 2, 2018 4:06:23 PM

6 Steps to NIST 800-171 Compliance

NIST 800-171 provides a framework for the protection of controlled, unclassified information (CUI). The framework is intended to provide guidance for nonfederal entities working with and accessing the data of federal entities. However, NIST 800-171 serves as a best practice for controls for privacy and security for many types of unclassified data.

Topics: Cyber Assurance Insights, IT GRC, Cyber GRC, Cyber Regulations, Compliance, NIST 800-171

Jul 25, 2017 10:02:00 AM

What You Need to Know About Cyber Regulations

Everyone hears about cyber risk, but not everyone is aware that that the federal government is taking steps to help protect public companies and investors from malicious hackers.  Recently, the Senate moved forward a bill requiring public companies to 1) name a cyber security expert on the board or 2) explain the other cyber security steps taken if no board member has cyber security expertise (the Cybersecurity Disclosure Act of 2017).  The bill has bipartisan support and is a common sense next step.  This bill is very similar to the requirement that came out of SOX that required a financial expert on audit committees. 

Topics: Cyber Assurance Insights, Cyber Regulations

Jul 20, 2017 10:37:00 AM

Better, Faster, Cheaper? What Audit Clients Should Expect from Next Generation Audits

The auditing profession is understandably shaken by the impact of automation on audit services. A substantial portion of what we as auditors do now as auditors can and will be accomplished by machines in the not too distant future. Oddly enough for a client service profession, the topic of how these changes will impact our clients has never come up. A quick Google search shows no articles or information on what audit clients should expect to experience in the next 3-7 years. With all the focus on our profession, processes and standards, we’ve lost focus on the most important part of our services: the client.

Topics: Next Gen Audits, Audit of the Future

Jun 23, 2017 7:05:00 AM

Four Steps to Managing Vendor Security

Target. Home Depot. Wendys.  The stories of significant cyber breaches are in the headlines every day.  Board members and CEOs are growing more and more concerned about cyber risk management in their organization.  But most don’t realize that each of the three breaches listed above were linked to 3rd party service providers and business associates.

Topics: SOC for Cybersecurity, Cyber Assurance Insights

May 25, 2017 10:03:00 AM

Cybersecurity: Are You the Gazelle at the Back of the Herd?

In response to the headline breaches plaguing organizations across the globe, there have been numerous solutions and recommendations that have gained popularity in the fight to combat cyber-crime. New security appliances, 24x7 network monitoring services and red team assessments are a few of the solutions being discussed among IT leadership and the cybersecurity services community. While each of these solutions plays a crucial role in strengthening the cyber resilience of organizations, their efforts are often futile if the appliances are not being used correctly or if vulnerabilities are not remediated properly and expeditiously.

Topics: Cyber Assurance Insights, IT GRC, Cyber GRC

May 17, 2017 10:31:00 AM

Cyber SOC – What Board Members Need to Know

The AICPA has issued its much awaited standard on cyber security.  The new guidance, referred to as the “Cyber SOC,” allows CPA’s to audit a company’s cyber security.  In the past, organizations relied on various consultants, internal resources, and sometimes just plan luck, in identifying and mitigating cyber risks.  The Cyber SOC fundamentally changes how cyber threats are evaluated and managed.  It allows for an independent, objective look at an organizations processes, policies and controls around cyber risks. 

Topics: Cyber Assurance Insights, Cyber SOC

May 16, 2017 10:00:00 AM

President Trump's Cybersecurity Executive Order: What You Need to Know

Last weekend’s global cyber-attack shocked a lot of us due to its size, scope and impact. As news broke of the attack around the globe, each story was more concerning and raises the question:  what is the US doing about cyber security?

Topics: Cyber Assurance Insights, Cybersecurity Executive Order

Mar 30, 2017 10:05:00 AM

Audit Risk in Penetration Tests: What You Should Know

Cyber risk is prevalent in almost every business today. Any business which has a web page, keeps information online, or uses the cloud is at risk for a cyber breach. It’s very interesting to me that these risks are so significant and widespread, but are rarely considered in an audit or internal audit engagement. The AICPA is working on a much awaited framework for evaluating and reporting cyber risks. In the meantime, auditors should begin to familiarize themselves with ways to identify and mitigate cyber risks.

Topics: advanced penetration testing

Feb 21, 2017 9:15:37 AM

R.I.P. VCRs: Lessons in Disruption for the Audit Industry

I was shocked to learn the last VCR rolled off the assembly line in July 2016. I remember my family buying our first VCR – the magic of being able to watch any one of our 6 cassette movies at any time, pausing when you needed a break, fast forwarding through the boring parts. It was a miracle and changed how we watched. As I reflected, I’m even more shocked that VCRs were still being made as recently as last year. Movies, television, “content” are all available on any live streaming device. I watch movies on my phone from the air when I travel. It’s a far cry from the good old days of Betamax. The accounting profession is facing the same type of changes as VCR manufacturers. Tax services have already seen the impact of technology with the advent of tax return software. Audit has been a little slower to be impacted – but believe me when I say change is coming. Technology is currently available that allows for automation of a lot of what our staff accountants did as recently as last year. Lead sheets, roll forwards, analytics and even financial statements can be prepared with a click of a few buttons.

Oct 11, 2016 10:00:00 AM

AICPA Exposes Guidance for Cybersecurity Risk Management Examinations

The American Institute of Certified Public Accountants (AICPA) recently released two exposure drafts on criteria for cybersecurity.  The first Proposed Description Criteria for Management's Description of an Entity's Cybersecurity Risk Management Program is entirely new.  This draft gives organizations guidelines on how to create and document their cybersecurity risk management program.  This guidance also sets forth standards for public accounting firms to report on such programs.  In other words, this provides clear guidance for CPAs to provide assurance on cybersecurity.

Oct 4, 2016 10:00:00 AM

Alphabet Soup: Understanding the Qualifications of Risk Management Professionals

You’ve just gotten an email from a potential vendor looking to make a connection.  In their signature, following their name is a list of five abbreviations, all intended to make them appear qualified, reputable, and knowledgeable.   But what do they actually mean?  Are they relevant to the service you are trying to procure?  A pilot’s license is crucial for a commercial airline pilot but irrelevant for practicing law.  Similarly, technical certifications are outstanding for your IT department, but not so relevant when looking for someone to issue a Service Organization Control (SOC) Report.  If you need to provide a SOC Report  to your clients or customers, no matter the version you need, you’ll need a CPA.  Other organizations may require very specialized certifications, such as Pulse and STAR requiring a CTGA (Certified TR-39 Auditor) to perform ATM and PCI Pin compliance audits.  

Topics: risk management

Aug 16, 2016 1:00:00 PM

How InTREx Changes Audits

On June 30th, 2016, the FDIC announced that the Information Technology Risk Examination (InTREx) Program would be replacing the existing Information Technology Risk Management Program (IT-RMP) effective July 1st, 2016. 

Topics: InTREx

Jun 28, 2016 10:30:00 AM

4 Tips for Password Management

With the recent high-profile social media account hacks, it has become apparent that password management is a challenge for users that has not been adequately addressed. After all, if the founder of the most popular social network’s accounts can be hacked, we (as a society) have somehow missed the boat on proper password management. Not only is password management a problem for celebrities, but password hacks are becoming a problem for many enterprise organizations such as Citrix (and countless others).

Topics: cybersecurity, Password management

Jun 15, 2016 10:30:00 AM

Key Takeaways From the FFIEC Joint Statement on Cybersecurity

This past week the FFIEC issued a statement advising financial institutions to actively manage the risks associated with interbank messaging and wholesale payment networks. The FFIEC warned financial institutions to assess their risk and to determine the presence of risk management practices and controls. The FFIEC urged institutions to request specific security control recommendations from their payment system provider.

Topics: cybersecurity