Leveraging NIST to Its Fullest Potential

Mamadou Niang
Mamadou Niang EY
John Bates
John Bates EY

On-Demand Webinars

Webinar Speakers

Mamadou Niang is a Principal in the Technology Consulting practice of Ernst & Young LLP. He has over 17 years of experience in information technology and cybersecurity strategy and policy development, risk management and quantification, and business intelligence analytics and operations across various sectors including state government, technology, media, telecommunications, advanced manufacturing, aerospace and defense, and financial services. Mamadou has extensive experience leveraging industry frameworks such as NIST to help clients build, mature, and benchmark their cybersecurity practices against peers and leading practices. Mamadou holds a Masters degree in Industrial Technology (specialization: Biometrics) and a Bachelor’s in Computer Technology. He holds CISSP, CRISC, and PCI-QSA (inactive) certifications.

John Bates is a Senior Manager within the Cybersecurity Consulting practice at Ernst & Young. He is aligned with the Cyber Program Transformation competency. He has counseled clients on cybersecurity matters for over 15 years and focuses on highly regulated industries, including healthcare, pharmaceuticals, and financial services. As in-house counsel within tech companies from start-ups to the Fortune 500, he has direct experience with numerous regulatory bodies (DOJ, U.S. Attorney’s Office, Secret Service, FBI, FTC, OCR and FINRA). As a CISO, he initiated ISO 27001 and HITRUST programs through recurring audits. He has significant experience within Big Data, including cloud security, cloud infrastructure, and software development across multiple cloud platforms. He has supported sales, product, go-to-market, partner, OEM/ISV, and procurement teams with cyber governance, development, Open-Source Software (OSS) development, data protection, licensing, and third-party risk. He received a BA in Philosophy from University of Illinois at Urbana-Champaign and JD from Illinois Institute of Technology, Chicago-Kent College of Law. He currently holds the following professional certifications: CISSP (Provisional), CCSP, CIPP/US, and CIPP/E.


There’s no question that frameworks need to stay relevant with current and emerging threats so organizations can conduct assessments as efficiently as possible and provide practical, yet meaningful, assurances to stakeholders. NIST CSF is a strong base because it’s so practical — so how can companies leverage it to its fullest potential? This session explores how organizations can get the most value from NIST, including best practices for reporting to the board and investors.

View Webinar Now