This interview is with Eric Garcia, Founder & Cybersecurity Consultant at Cyber Wise Consulting.

Eric Garcia, Founder & Cybersecurity Consultant, Cyber Wise Consulting

Could you please introduce yourself and share a bit about your professional background in the cybersecurity, compliance, and risk management fields?

Hi, I’m Eric Garcia, founder and lead consultant at Cyber-Wise Consulting. With over 14 years in cybersecurity, I’ve worked across both military and corporate environments, focusing on compliance and risk management. In my military career, I developed a deep understanding of operational security under high-pressure environments, and in the corporate world, I’ve applied that knowledge to industries like healthcare, financial services, and SaaS. I hold certifications like CISSP, CISM, and CCSP, with expertise in areas such as vulnerability management, security control assessments, and frameworks like NIST and SOC 2.

How did your journey lead you to become an expert in cybersecurity, and what key moments or decisions shaped your career path?

My journey into cybersecurity started in the military, where I was exposed to the high-stakes world of operational security. I picked this career path not knowing anything about it but quickly gaining an interest in it. One key moment that shaped my path was transitioning from the military to the private sector. That shift gave me the opportunity to apply my skills to different industries, and it challenged me to explore frameworks and requirements outside of the defense sector.

Thinking back to the start of your career, what's one piece of advice you wish you had received regarding cybersecurity, compliance, or risk management that you would like to share with those newer to the field?

One piece of advice I wish I had received early on is this: don’t get lost in the complexity—focus on the fundamentals. In cybersecurity, compliance, and risk management, it’s easy to be overwhelmed by the sheer volume of tools, frameworks, and regulations. But the most effective security measures often come from mastering the basics and applying them consistently.

You've touched on the importance of frameworks like RMF. How have you seen these types of frameworks evolve to address the rapidly changing landscape of cyber threats, and what are your thoughts on their effectiveness?

Frameworks like the Risk Management Framework (RMF) have evolved significantly to keep pace with the ever-changing landscape of cyber threats. Initially, RMF and similar frameworks were more rigid, focusing primarily on compliance and basic security controls. However, as cyber threats have become more sophisticated and diverse, these frameworks have adapted to become more risk-focused and flexible, allowing organizations to tailor controls based on their unique threat environment. One of the biggest shifts has been the emphasis on continuous monitoring and real-time risk assessment. Rather than being a checkbox exercise completed once a year, frameworks now encourage an ongoing process of identifying, assessing, and mitigating risks. This shift reflects the understanding that cyber threats can emerge at any time, requiring a more proactive approach.

With data protection becoming increasingly critical, how can organizations strike a balance between implementing robust security measures and ensuring that these measures don't hinder productivity or innovation?

Balancing robust security with productivity is achievable by adopting a risk-based approach, applying stronger controls to critical assets while keeping less-essential activities efficient to reduce friction. Implementing user-friendly security solutions, like single sign-on (SSO) or multi-factor authentication (MFA), can minimize disruptions while maintaining protection. By embedding security early in processes, organizations can foster secure innovation without slowing progress. Additionally, clear communication and ongoing training help employees understand and embrace security measures, ensuring they can follow best practices without hindering their workflow. When security is seen as an enabler, it can protect the organization while allowing for growth and innovation.

Transparency and accountability are crucial in cybersecurity. How can organizations effectively communicate cybersecurity risks and mitigation strategies to stakeholders who may not have a technical background?

Organizations should use plain language, avoiding jargon and focusing on the business impact, such as potential financial or reputational damage. Visual aids like charts and infographics can help simplify ideas, while analogies make technical concepts more relatable. It’s also important to provide clear, actionable insights, explaining how specific steps will reduce risks and align with business goals. Presenting risks within a structured framework, like a risk matrix, helps stakeholders easily understand the severity and mitigation efforts in place.

Looking ahead, what are some of the emerging trends or technologies in cybersecurity, compliance, or risk management that you believe will significantly impact organizations in the coming years?

Artificial intelligence (AI) will play a significant role in shaping cybersecurity, compliance, and risk management. AI-driven tools are already transforming how organizations detect and respond to threats by automating tasks like threat detection, vulnerability management, and incident response. However, as AI becomes more integrated into cybersecurity, there will also be new risks, such as AI-generated attacks or adversarial AI, requiring organizations to adapt their security strategies accordingly.

What final piece of advice would you offer to fellow professionals in the field to help them navigate the evolving world of cybersecurity, compliance, and risk management?

My final piece of advice is to stay adaptable and continuously educate yourself. New threats, technologies, and regulations are emerging all the time. At the same time, collaboration is key—lean on your network of fellow professionals, share knowledge, and work together. Adaptability, continuous learning, and collaboration are essential for long-term success in this field.