Eradicating CISO Failure
In 2021 I founded New Cyber Executive, where I work with successful and ambitious CISOs, cybersecurity leaders, and cybersecurity firm founders – combining time-tested executive coaching methods, research from 100s of cyber leader interviews, and insights from my time as a cybersecurity executive and recurrent executive-for-hire.
Over the past 20 years, I have assisted over 100 organizations in public and private sectors transition to risk-based cyber approaches to better address organizational missions and goals, advising on cybersecurity program strategy, design, governance, and cyber risk management. I have led initiatives for clients as an executive-for-hire, including program transformations and turnarounds and risk management stand-ups. I served six years as the Chief Information Security Officer for a healthcare insurer, leading up to and through the initial years of HIPAA Security. The program I developed became a reference implementation for evaluating high-performing health insurers by the U.S. Department of Health and Human Services, Office for Civil Rights.
My cybersecurity strategy and executive coaching clients include several Fortune 100 companies and public sector organizations.
I have developed cyber program and risk program frameworks, along with maturity models, KPIs, and KRIs, and developed self-assessment, internal audit, and diagnostic toolkits for cybersecurity, IT risk, and cyber risk management. I have utilized security and risk standards and regulations such as ISO 27001, ISO 31000/31010, NIST CSF, 800-53, 800-30, 800-39, 800-37, 800-60, COBIT, HIPAA Security, state frameworks, and regulations, and proprietary frameworks.
I am the founder and past president of the Information System Security Association (ISSA) Buffalo Niagara chapter and past president of the Information Systems Audit and Control Association (ISACA) Western New York chapter. I’ve also served as a member of various Information Systems Security Association committees, including the Ethics Committee and the Certification Committee.
Now defunct, I also started infosecpedia.org in 1998.
I hold a Bachelor of Science in Computer Science from the University of New York at Buffalo.