The Sarbanes-Oxley Act of 2002 (SOX) will often protect cybersecurity professionals who work directly for public corporations or those corporations’ service providers. Yet further, the Dodd-Frank Act of 2010 (DFA) could allow information security workers to receive a whistleblower reward for reporting cybersecurity concerns to the U.S. Securities and Exchange Commission (SEC) or the U.S. Commodity Futures Trading Commission (CFTC), in some cases.