The House that Kuma built, Privacy, Security and…Fixer Upper? #thatsright

Authored by your Kuma Family – Happy New Year!

2017 was quite a banner year for Kuma. 2016 was an impressive one, we’ll admit. Our foundation was solid, our walls were framed, the lines were plumbed, and there was reliable power in the house. Metaphorically, 2017 was the year that we painted the walls, hung the paintings and moved the furniture in. We continued to serve our marquee clients while we formed strong partnerships with new red-letter ones, both nationally and internationally. We’ve developed a quick 2017-recap of how we made the Kuma House the one on the block that everyone runs to after school and on weekends…you know, for providing superior security, privacy and identity management services to our clients (in no particular order):


1. HITRUST Certified CSF Practitioners – Our practitioners are credentialed and are ready to take over the healthcare world.
2. Privacy #CoolKidsClub – You know who we’re talking to.
3. Classification, Notification, Containment, Eradication – Oh my! We helped state governments, non-profits and commercial clients alike assess and build out their Incident Response….and we ran a few exciting table-top exercises to test and demonstrate applicability…and everyone survived!
4. HIPAA Risk Analysis & Risk Management Plans – Have we mentioned lately that we love HIPAA? And, governance? Risk analysis and management plans practically make us swoon. Please ask us how we can help you find your love of HIPAA! I promise, it’s there!
5. CISO & Privacy Liaison engagements – Kuma advanced CISO and Liaison partnerships with clients to provide the strategic oversight and guidance on security and privacy matters for the organization while upholding the vision, mission and guiding principles of the organization through a commitment to financial stewardship and in recognition of balance of resource allocation and organizational goals
6. Privacy Risk Management – Do we need to say more? I mean, we can. NISTIR 8062 (An Introduction to Privacy Engineering and Risk Management in Federal Systems) is an incredible read and compels privacy-engineering forward with a concrete model that mirrors that of the traditional security triad; Kuma has taken the Privacy Risk Assessment Methodology (aka, PRAM) to the next level by tailoring the process for each client’s need, across global commercial organizations, biometric healthcare-based companies, and social services agencies in state government – the applications are limitless. Contact us to find out more.
7. Mobile authentication, trust frameworks, and successfully managing to get a live ambulance in the middle of the Moscone Center for an identity demonstration – perhaps enough said (although there is a great video you can search for!)
8. Conference & Webinar Palooza – Kuma leaders are sought-after speakers given national expertise and proficiency in security, privacy and identity. A few notable experiences include SHIEC, Mobile World Congress, GDPR: Keep Calm & Spend Wisely, and IAPP’s Privacy.Security.Risk conference.
9. Best airport “strategery” of the year: 36 straight hours spent in an airport (actually, 3 airports…2 of them twice each) for a one hour meeting – toss up on the cost-benefit ratio, but some great people were met along the way and the client is still killing it, so we’re calling this one #WorthIt
10. Lesson-learned for the rest of the Kuma team: certain people that shall go nameless ( + Saturday mornings + coffee + HGTV = Do Not Disturb…once this was learned, everything flowed from there
11. Torrey Pines – Work hard, Play hard (…this may also possibly be our new tag line; what do you think? Or should we stick to something about privacy and security? See 2018, #11 for more info.)
12. Community Investment – Kuma places strong value on giving back; this is reinforced in our daily culture and we wanted to put our money and time where our mouth was. Therefore, we kicked off our campaign (KumaTracks) to partner with client organizations to give back to their communities in meaningful ways to them. We will provide updates throughout 2018 of our clients’ great communities, and how we are fortunate enough to support them.

Honestly, there are probably another dozen quick bullet points we could pull together for you, but we tried to be “pithy” (constant struggle…fair warning: you may be reading a 10-page paper without knowing it when you started). However, before we close this, we want to give you insight into some of our 2018 goals for the Kuma House.


1. HITRUST, HITRUST, HITRUST – Kuma is proud to expand our relationship with HITRUST Alliance in 2018. We are preparing to kick off a CSF Basics Pilot Program with HITRUST in short-order, in addition to engaging with clients in their readiness journey to HITRUST Certification. Additionally, we are pleased to soon announce yet another endeavor expanding the Kuma and HITRUST relationship – but you’ll just have to check back later in 2018 to find out what it is!
2. Staying the course with our client focused delivery: 15+ years of experience + Passionate subject matter experts + small business rates = Value to our Clients.
3. Security and privacy in virtualized environments – We have kicked off some exciting engagements with clients advancing the boundaries of virtualized environments, from cloud migrations of on-prem sites to clinical utilizations of data lakes. We are proud to oversee implementation of innovative security and privacy practices to keep pace with the technological advances.
4. CISO & CPO Engagements – Kuma’s first baby born this year is another exciting CISO engagement with a healthcare organization; Kuma’s expertise in leveraging senior-level resources for every client enables our ability to provide precise services to strengthen organizational security and privacy postures with efficient, non-invasive methods.
5. Mobile authentication, production use cases, and getting a helicopter into a conference center. Challenge issued, Go.
6. State and Local Expansion– 2017 brought Kuma to contract vehicles and exciting engagements with governments in South Carolina, Hawaii, Texas, Virginia, Oregon and California. Arguably, for security, privacy and identity, State and Local is where it’s at. Join the party in 2018!
7. #KumaWest – Some of our favorite airports are on the West Coast these days as Kuma continues to grow our presence there with amazing clients, and we support these clients with a balance of approachable remote engagements with regular face-to-face sessions. (perhaps a new office….?)
8. Magnolia, here we come! We now have KumaResidency in Waco, Texas (another person that shall go nameless…thank you, Therefore, Jeff’s personal 2018 goal is to get Chip and Joanna to hire Kuma for something – anything; this is Jeff’s personal goal (wonder how this came about, hmm…See 2017, #10.)
9. Identity management –In many ways, Kuma’s roots are in identity management. Many of us met through one (or five) identity-related projects and initiatives. As Kuma continues to expand across sectors and arenas in delivery of privacy and security services, we do not forget these roots. We look forward to delivering identity management services and projects, effectively growing Kuma’s identity branches. (Kuma houses; Kuma trees…graduate school educations…we can mix metaphors with the best of them!)
10. FICAM, 800-63-3, ISO, FedRamp, FISMA, 800-53, GDPR – Oh my! Plus, NIST CSF, HIPAA compliance (note: don’t let anyone sell you HIPAA Certification; it does not exist); HITRUST, PRAM, and many more. Do you have an assessment, audit, certification or readiness need? Reach out – we have the team to help you get there, likely with some humor and definitely with a final report that you can actually do something with.
11. Kuma Website and Tag Line – Not the biggest of goals, but one that we’re tracking. We’re going to have a grand unveiling of our new website (no, it’s not up yet…be patient!), complete with an updated tag line that better reflects our commitment to providing our clients with the best privacy, security and identity management services out there. (See 2017, #11.)
12. You tell us! Each and every one of our clients invokes a sense of partnership for us. We take that partnership, and that relationship, very seriously. (Refer to 2017, #12.) As we move forward into 2018, what would you like for us to accomplish? Message us back here, or send us a note at We’ll leave the light on for you!
13. Baker’s Dozen – Thank you to all of our clients for such an amazing 2017. We enjoy working with each of you, and find ourselves very happy with our work each and every day – that is in large part to you and how you are just as committed to making your organizations safe, secure and privacy-enhancing. #2018 #KumaStrong #MicDrop


Share This Post:


Subscribe To Our Newsletter

Signup for our newsletter to get updated information, news, and promotions.
Start Here

Send us a message

Please take a moment to submit your information. A member of our consulting team will be in touch shortly.