PROJECTS

• Fills the role of Virtual CISO
- Presents to a cybersecurity committee
- Prepares presentations for boards of directors
- Conducts strategic planning

Recent Projects:

• Policy exception request form
• Information security program summary
• Mission / vision statements
- Privacy management program
- Threat hunting program
• Identity and access management policy
• Strategic planning workshop
• Cloud security strategy
• Vendor risk profile
• Cyber risk self-insurance
- Research and analysis
• 3 days of on-site planning meetings
- Outbrief presentation
• Architecture review board process
• Procedures manual - Identity and access management
• Procedures - Third party risk management
- SOC report review
- Vendor artifacts review
• Mitigating vulnerability trends

Reference the current project list within my LinkedIn profile.

2021 Select Projects:

• Program welcome packet
• Vendor contract security requirements
• Cyber risk appetite statement
• Metrics and reporting packages - Third party risk management
- Vulnerability management
• Established and populated a risk register
• Insider threat toxic combinations
• Procedures manual - Third party risk management
• Risk governance process, including risk register
• Workforce development plan
• Ransomware risk analysis
• Incident response plan (4 scenarios)
• Zero trust controls analysis (134 controls)
• Vulnerability management metrics, KPIs & KRIs
• Procedures manual - Vulnerability management
• Assessments
- Agile security testing (119 Controls)
- Penetration test program (199 Controls)
- Cybersecurity risk (409 Controls)
- Cybersecurity program (303 Controls)
- Cyber exercise program (99 Controls)
- Business process risk (327 Controls)
- Security awareness program (87 Controls)

2020 Select Projects:

• Performance and development plans
• Cybersecurity metrics, KPIs & KRIs
• Internal control framework
• Risk governance process, including risk register
• Workforce development plan
• Assessments - Cybersecurity risk, threat landscape & controls analysis, risk register process, insider threat and fraud prevention (561 Controls)
- Security Operations Center (SOC)

2019 Select Projects:

• Cybersecurity insurance information supplement
• Third party risk management program
• Cloud security strategy
• IT asset management requirements