CISO-as-a-Service - Is your growing organization in need of a highly-qualified and experienced CISO? I can offer part-time CISO-as-a-Service from a range of experienced former CISOs looking to provide advice and insight as a cost-effective alternative to hiring someone full-time. We can help set up your program, build the structure and capabilities, and even help you identify, interview & transition a full-time candidate.
Governance & Compliance - I have a wide-range of cyber regulatory experience, and I am able to support risk assessment and risk treatment programs against multiple evaluation frameworks. I have worked with multiple banks to resolve MRA/MRIAs through response and remediation programs, and operational cure programs. I also have deep expertise in the federal sector in governance and risk management programs, and can support FAR/DFAR programs for contracting and acquisition, and gap analysis against multiple industry frameworks, including:
- NIST CSF
- NIST 800 Series
- ISO/IEC 27001 ISMS program
- GDPR / BS10012
- HIPAA/HITEC Compliance
- FedRAMP Cloud Security
- Cloud Security Alliance
- FFIEC IS / Cyber Examinations
- NERC CIP
- CIS Critical Security Controls
Board Work - Through collaboration with the National Association of Corporate Directors, I have lectured, taught, and trained through their NACD Advanced Director Professionalism program. [Transcript] I am available for executive board participation and cyber expert consultation.
Cyber Strategy - Do you have the right cyber risk management strategy in place, and Are you thinking about cyber risk in the right way to enable growth, business success, and to contribute to your bottom line? As a cyber executive within Homeland Security, the White House, and advising multiple financial institutions and Fortune 500 firms, I have seen a number of different cybersecurity programs and models. I can help you develop your program specifically for your unique business requirements and challenges.
Government Cybersecurity Expert Advisor - With ten years of federal service, I have a lot of experience in federal program cybersecurity, and can help your organization interface with and meet government requirements. I can help you with specific programs like FISMA and FedRAMP, or more broadly understand the federal ecosystem. I can help your organization strategically navigate the nuances, complexities and avoid the pitfalls of the federal enterprise.
Cyber Program Execution:
Program Standup and Operations - Do you need help building your SOC? How about establishing your threat intelligence operations? I have these capabilities and more, and can help build yours, incorporating state-of-the-art tools, techniques and procedures (TTPs), as used within the federal government, financial institutions, and other leading organizations.
Incident Response - I have responded to multiple incidents, from a technical forensic analyst to executive oversight at the highest levels of government. I know what it means to be there when it gets difficult, and I can help you work through your incident response strategically from the top-down and the bottom-up. I can coordinate with the response team on-the-ground, and help message the impact for executive and board consumption.
Specialized Campaigns - What is your next big push? What do you want to improve most this year? I have established and operated a number of cyber risk management programs and can help move yours forward, including:
- Security awareness campaign creation & execution
- Insider threat incident response, investigation, analysis, strategy, governance & remediation
- Security architecture establishment, review, roadmap and upgrade program
- Cybersecurity product roadmap development, program management, market test and GTM rollout.