Earl Crane is a wealth of information on Federal Cybersecurity Standards. His history with Federal Cybersecurity is impeccable, a PhD, instructing at Carnegie Mellon, and bringing experience from previous Executive Administration positions while part of FedRAMP development. Earl's network is extensive; if you're addressing a Federal client, he probably knows them or multiple folks in their organization. He brings tremendous drive to finding and fixing problems as they are identified during advisory reviews. He helps to prevent issues from moving forward or working with you to develop a Plan of Action and Milestones (POAMs) that makes sure they are addressed properly. I have seen him creatively solve issues from auditors on the fly, either removing roadblocks or properly reducing the problem to its manageable components. Earl truly makes himself a partner to achieve your organizational goals, understanding your intent, and creatively applying his talent to drive toward the objective. Highly recommended!
Earl is magic. He joined my organization as a consultant to help us work through our FedRAMP preparation. I was impressed with the depth of his expertise and the finesse of his leadership skills, bringing different business areas (product, engineering, compliance, sales, etc) together at just the right time to keep the project moving. Of course Earl is talented and experienced, but he is also humble and kind. I appreciated that he was always open-minded and approachable, even when our opinions conflicted. Earl would absolutely be an asset to any organization.
Earl is a front runner amongst the most talented cybersecurity risk management experts. I had the opportunity to work with Earl for nearly a year at Johnson Financial Group collaborating on several cybersecurity risk initiatives. I am particularly impressed at Earls ability to bring leading edge risk management strategies and models to the table and extract maximum value out of a GRC tool. Earl always approached his work with a "bridge building" mentality. He has maintained excellent collaboration with Risk, Cybersecurity, Vendor, Information Technology, Audit and Compliance teams. Earl would provide tremendous value to any Risk Management and/or Cybersecurity leadership consulting opportunity or leadership position.
I have known Earl since our time at Foundstone and I have stayed in touch with him over the years. Earl is analytical and a life-long learner. While he has developed especially deep skills in policy and risk management, he built that expertise on a solid technical base by doing hands on assessment work. That allows him to balance theory with practicality. I know no one with a more complete understanding of government policy, industry compliance standards and strategic risk assessment.
I have not met many people that have more passion than Earl Crane for the cybersecurity profession as a whole, and for helping people achieve their goals. He is an excellent instructor for our CISO-Executive students, teaching them not just the principles of security governance and risk management but practical hands-on application of these principles within their roles as security professionals. We are very fortunate that he is part of the CMU family!
Earl and I met when Promontory was first developing its practice in cybersecurity and cyber-risk management. He was a new member of a company entering a new field, and he was returning to the private sector after years of public service. Almost immediately, however, he took on a central role, becoming someone that I and many others—senior and junior, colleagues and, more still, clients—could turn to for guidance and leadership. I was far from the only one to benefit from his expertise, his generosity, his mentorship, and his persistent willingness to help, regardless of the load he might be carrying.
I had the pleasure of working with Earl for several years at Promontory Financial Group. Earl is a cyber security expert and a great colleague. As you would expect from a Director, Earl provided keen insight into cyber and technology risk issues, practical guidance on governance, risk and control issues, and some killer metrics with standout dashboards. Our clients always came back for more Earl.
I worked with Earl for two years at the White House and saw his rare combination of deep technical knowledge, business savvy, and great personal skills in action up close. Earl accomplishes more in a day than most people do in a week. He worked at the highest levels of government, working through each individual agency with Chief Information Officers and the Office of Management and Budget. Even after he left government he was my go-to resource for advice on Federal cybersecurity.