Kenneth Webb

Kenneth Webb, CISSP, GWAPT, CSSLP, CISA, CIS LA
Strike Graph

Kenneth Webb serves as Strike Graph's Director of Information Security Assessments. With nineteen years of extensive experience in Information Technology, Kenneth has built a diverse and adaptable skill set, beginning his career as a Business Intelligence Analyst. This role laid the foundation for his analytical expertise in data analysis, reporting, and decision support systems.

As he transitioned into roles as a Software Developer and eventually a Software Solutions Architect, Kenneth sharpened his technical abilities, developing robust software solutions and architectures tailored to meet the complex needs of various industries. His experience spans Financial Institutions, Online Gaming, and Cloud-Based Startups, demonstrating his capacity to excel in dynamic environments.

The latter part of Kenneth's career is defined by his focus on Information Security, where he has established himself as a leader over the past eight years. His expertise in application security (AppSec), penetration testing, information security audits, and governance and compliance highlights his foresight into the critical importance of cybersecurity.

Kenneth's commitment to professional development is evident through his numerous industry certifications in software development, database development, Agile methodologies, and information security. His master’s degree in Software Engineering, with a concentration on Information Security, underscores his dedication to continuous learning and specialization.

Active participation in respected organizations such as OWASP, the SANS Advisory Board, ISC2, and ISACA underscores Kenneth's credibility and his commitment to advancing the field of Information Security. His specialties in Secure Software Solutions Design, Penetration Testing, Information Systems Audit, and Information Security Compliance reflect a well-rounded expertise tailored to address today's evolving cybersecurity and compliance challenges.

Connect on LinkedIn

Resources from Kenneth Webb

BLOG

PCI attestation of compliance (AOC): components, steps, samples, and starter kit

Learn to complete a PCI AOC from experts. Avoid common AOC errors to become PCI compliant. Download a free PCI DSS Starter Kit with AOC samples and templates.
November 27, 2024
PCI DSS, PCI DSS
BLOG

Breaking Down the Penetration Testing Process: Phases, Steps, Timelines, and Industry-Specific Strategies

Pen test experts explain each phase, main steps and timing. Learn how AI can streamline the pen testing process. Download free Pen Testing Schedule Template.
November 13, 2024
Designing security programs
PCI DSS Scoping Toolkit
BLOG

Mastering PCI DSS scoping: categories, steps, and how to reduce scope

Compliance experts explain PCI scoping categories, walk you through the process step-by-step, help you reduce your scope & provide a Free PCI Scope Toolkit.
October 29, 2024
PCI DSS, Designing security programs
BLOG

Penetration testing best practices: ensuring consistent and effective security testing

Compliance experts share best practices for pen testing. Learn how to choose the best pen test vendor for your use case. List of Pen Testing Vendor Questions.
September 26, 2024
Pen testing, Measuring/certifying security programs, Designing security programs
BLOG

PCI DSS v4.0 (v4.0.1): Requirements, changes, implementation steps and checklist

PCI DSS compliance experts share the new requirements and changes in PCI DSS v4.0.1. Also, get a v4.0 implementation roadmap and a free PCI DSS v4.0 checklist.
September 10, 2024
PCI DSS, Security compliance, Designing security programs
BLOG

PCI DSS policy essentials: requirements, examples & templates

PCI experts share everything you need to include in a PCI policy for v4.0.1. Free PCI policy template, tips for customizing & how to make compliance easier.
August 27, 2024
PCI DSS, Security compliance, Designing security programs
BLOG

Penetration tests vs. vulnerability scans

Learn how pen testing and vulnerability scanning combat AI cyber threats to fortify your data security in our essential guide.
March 26, 2024
Measuring/certifying security programs, Risk management
BLOG

8 steps for conducting a NIST 800-171 self-assessment

Here’s how to conduct an 8-step NIST 800-171 self-assessment and the boost it can bring to your business.
December 13, 2023
Security compliance, TrustOps, Measuring/certifying security programs
BLOG

PCI DSS levels 101: requirements, examples & starter kit

Our compliance experts explain the PCI DSS levels and requirements. Explore the recent changes to PCI DSS and get a free PCI DSS compliance starter kit.
November 28, 2023
PCI DSS, Security compliance, Designing security programs
BLOG

What to expect during your ISO 27001 and/or ISO 27701 audit

The ISO 27001 and ISO 27701 certification processes may seem complex, but armed with these tips, you’ll be able to tackle them with confidence.
October 19, 2023
ISO 27001, ISO 27701, Security compliance, Measuring/certifying security programs
BLOG

Save time and mental energy with automated evidence collection

Automated evidence collection takes the hassle out of a previously manual and tedious process, allowing you to streamline your entire compliance journey.
October 04, 2023
Security compliance, Operating security programs
BLOG

How many controls are there in ISO 27001:2022?

With ISO 27001:2022, there are 93 instead of 114 controls, including 11 new ones. In this post we take a closer look at what those are.
June 30, 2023
ISO 27001, Security compliance, Operating security programs
BLOG

Everything you need to know about the SOC 2 audit process

Need to get SOC 2 compliant ASAP? This guide will walk you through everything you need to know about the SOC 2 audit process so you can go in prepared.
March 14, 2023
SOC 2, Security compliance, Measuring/certifying security programs
BLOG

A smarter way to get your security certifications

Strike Graph now includes security certifications. Our all-in-one platform takes you from start to certification — no auditing firm required.
February 15, 2023
Security compliance, Measuring/certifying security programs
BLOG

Can you fail a SOC 2 audit?

Learn why SOC 2 audits aren’t pass-fail, the importance of an auditor opinion, and how to prepare for an audit.
February 02, 2023
SOC 2, Security compliance, Measuring/certifying security programs
BLOG

6 types of vulnerability scanning

Are you performing vulnerability scanning? Here’s why you should and what types of scans are available to ensure your business is secure.
January 27, 2023
Designing security programs, Risk management
BLOG

What is a network security test?

Learn about network security tests, their benefits, and how Strike Graph can help you with testing.
January 26, 2023
Measuring/certifying security programs, Risk management
BLOG

Compliance attestation: What it is and how it affects your business

Do you know the difference between certification and attestation? In this post we explore what compliance attestation is and how it affects your business.
January 25, 2023
Security compliance, Measuring/certifying security programs
BLOG

What is a security audit and how can it benefit your small business?

Security audits may seem overwhelming at first, but don't worry — in this guide, we'll break down what they are and how they benefit your business.
January 09, 2023
Security compliance, Measuring/certifying security programs, Boosting revenue
BLOG

What is compliance tracking?

Compliance tracking is the process of monitoring and organizing compliance-related information and activities. Here’s how your business can do it.
December 29, 2022
Security compliance
BLOG

SOC 2 Type 1 vs Type 2 — What’s the difference?

SOC 2 is quickly becoming one of the most important compliance frameworks for businesses. Which one should your business pursue – SOC 2 Type 1 or Type 2?
November 02, 2022
SOC 2, Security compliance, Designing security programs
BLOG

What are the rule exceptions to HIPAA?

HIPAA rule exceptions include state and federal exceptions, operational and occupational exceptions, emergency situation exceptions, and more.
October 07, 2022
HIPAA, Security compliance, Designing security programs
BLOG

What is a PCI Qualified Security Assessor?

If your company needs to undergo a PCI DSS audit, it will be performed by a PCI Qualified Security Assessor. Here’s how they’ll assess your compliance.
September 21, 2022
PCI DSS, Security compliance, Measuring/certifying security programs
BLOG

How much does ISO 27001 certification cost?

Learn about the cost of ISO 27001 certification and maintenance and decide whether the benefits of ISO 27001 outweigh the costs.
August 31, 2022
ISO 27001, Security compliance, Measuring/certifying security programs
BLOG

What are the 3 rules of HIPAA?

When it comes to the 3 rules of HIPAA — the Privacy Rule, the Security Rule, and the Breach Notification Rule — what do you need to know?
August 09, 2022
HIPAA, Security compliance, Designing security programs
BLOG

The difference between SOC 1, SOC 2, and SOC 3

Learn about the difference between SOC 1 and SOC 2 attestations. Read how Strike Graph can speed up your SOC 2 compliance efforts.
July 24, 2022
SOC 2, SOC 1, SOC 3, Security compliance, Designing security programs
BLOG

Comparing ISO 27001 & ISO 27701: Differences, similarities, and dual certification process

Learn how these frameworks overlap and differ. See how to save time & money by doing both certifications at once. Plus, implementation tips & free checklist.
June 21, 2022
ISO 27001, ISO 27701, ISO 27701, Security compliance, Designing security programs
BLOG

Understanding and accelerating security questionnaires

Learn how security questionnaires are used and how to speed up the sales process.
March 24, 2022
Measuring/certifying security programs, Risk management
BLOG

12 vendor management best practices

Read these 12 Vendor management best practices help you increase the value from your vendor relationships.
March 02, 2022
Security questionnaires, Operating security programs, Risk management
BLOG

The differences between ISO 27002: 2013 and ISO 27002: 2022

ISO 27002 provides guidance on the implementation of controls from ISO 27001 Annex A. On February 15, 2022, ISO 27002: 2013 was updated to 27002: 2022.
February 17, 2022
ISO 27002, Security compliance, Designing security programs
BLOG

Penetration testing costs: Key factors, pricing insights and cost management

Compliance experts share average costs, factors affecting pricing, and pricing models. See questions to ask vendors before buying pen testing.
February 15, 2022
Pen testing, Measuring/certifying security programs, Risk management
BLOG

What is a bridge letter in a SOC 2 report?

A bridge letter is a document made available by vendors to cover a period of time between the reporting period end date of the current SOC report and the release of a new SOC report.
January 19, 2022
SOC 2, Security compliance, Measuring/certifying security programs
BLOG

SOC 2 test exceptions — what are they and how to address them

Your type 2 SOC 2 audit is underway and appears to be going well. Your auditor finds a ‘test exception’. Did you just 'fail' your audit? Not necessarily.
August 05, 2021
SOC 2, Security compliance, Measuring/certifying security programs
BLOG

Security questionnaires 101: the basics

Security Reports are a fact of life in the SaaS procurement process. Unlock revenue quickly and efficiently with an AI ML approach.
July 28, 2021
Measuring/certifying security programs, Risk management
BLOG

Interview with a penetration tester

Our resident penetration test expert provides his insights, and tips for how and when to undergo a seamless penetration test in this exclusive interview.
May 27, 2021
Measuring/certifying security programs, Risk management
BLOG

Pen test FAQs

What is a pen test and what does it entail? What is the difference between a pen test and a vulnerability scan? How does one find a good pen tester?
April 20, 2021
Security compliance
BLOG

The secret ingredient for a smooth SOC 2 audit

Any auditor will tell you, the unifying theme of all their smoothest, most seamless audits can be traced back to one thing: readiness. Preparation is key.
April 15, 2021
SOC 2, Security compliance, Measuring/certifying security programs
BLOG

Our #1 tip for completing security questionnaires

Security questionnaires are a redundant hassle. Our system helps you maximize your time and efforts by leveraging answers from your unique control library.
April 08, 2021
Measuring/certifying security programs, Risk management
BLOG

SOC 2 vs. ISO 27001: differences, similarities and standards mapping

The pros and cons of a SOC 2 audit or ISO 27001 certification explained. First consider the scope and maturity of your organization's security program.
March 24, 2021
SOC 2, ISO 27001, Designing security programs
BLOG

Are you ready for your SOC 2 audit?

There are a few steps you can take to determine whether you are ready to kick off your SOC 2. Control mapping and control coverage are where to start.
February 04, 2021
SOC 2, Security compliance, Measuring/certifying security programs
BLOG

Don't fail your SOC 2 because of a just-do-it attitude

For SOC 2 It's easy to find a list of "typical policies" and modify them. The result is unnecessary cyber security requirements that can fail your audit.
May 19, 2020
SOC 2, Security compliance, Measuring/certifying security programs
Load More items
See all resources

Keep up to date with Strike Graph.

The security landscape is ever changing. Sign up for our newsletter to make sure you stay abreast of the latest regulations and requirements.

foot-dark-shade

Strike Graph offers an easy, flexible security compliance solution that scales efficiently with your business needs — from SOC 2 to ISO 27001 to GDPR and beyond.

Frameworks

Design

Operate

MEASURE

Learn more

    © 2024 Strike Graph, Inc. All Rights Reserved • Privacy PolicyTerms of Service