Eradicating CISO Failure

In 2021 I founded New Cyber Executive, where I work with CISOs, cybersecurity leaders, and cyber firm founders as an executive coach – combining time-tested coaching methods with insights from my time as a CISO and recurrent cybersecurity executive-for-hire.

Over the past 20 years, I have assisted over 100 organizations in public and private sectors transition to risk-based cyber approaches to better address organizational missions and goals, advising on cybersecurity program strategy, design, governance, and cyber risk management. I have led many initiatives for clients as an executive-for-hire, including program transformations and turnarounds and risk management stand-ups. I served six years as the Chief Information Security Officer for a healthcare insurer, leading up to and through the initial years of HIPAA Security. The program I developed became a reference implementation for evaluating high-performing health insurers by the U.S. Department of Health and Human Services, Office for Civil Rights. I have developed cyber program and risk program frameworks, along with maturity models, KPIs, and KRIs, and developed self-assessment, internal audit, and diagnostic toolkits for cybersecurity, IT risk, and cyber risk management. I have utilized security and risk standards and regulations such as ISO 27001, ISO 31000/31010, NIST CSF, 800-53, 800-30, 800-39, 800-37, 800-60, COBIT, HIPAA Security, state frameworks, and regulations, and proprietary frameworks.

Before my management roles, I served in various technical roles as a system and network administrator and analyst, and I have experience in web application development, network architecture and management, and the planning, design, and development of enterprise applications.

I am the founder and past president of the Information System I am the founder and past president of the Information System Security Association (ISSA) Buffalo Niagara chapter and past president of the Information Systems Audit and Control Association (ISACA) Western New York chapter. I’ve also served as a member of various Information Systems Security Association committees, including the Ethics Committee and the Certification Committee.

I hold a Bachelor of Science in Computer Science from the University of New York at Buffalo.