Projects

PROJECTS

• Fills the role of Virtual CISO
- Presents to a cybersecurity committee
- Prepares presentations for boards of directors
- Conducts strategic planning
- Leads risk register meetings

Recent Projects:

• 3 days of on-site meetings (March)
- Cybersecurity committee meeting
- Strategic planning
- Brainstorming
- Outbrief presentation
• Insider risk monitoring and response
- Continuous data exfiltration monitoring
- Monitoring when an employee tenders resignation
- Monitoring triggered by behavioral indicators
• Data exfiltration by an employee or contractor
- Incident response playbook
- Return of company data letter
- Process diagram
• Tabletop exercise (TTX)
- Cybersecurity incident response
• Cybersecurity risk management framework
- NIST Cybersecurity Framework v1.1
- PCI Data Security Standard v4.0
- Added controls to identify and mitigate risk
- Mapped controls to roles and artifacts
- Startup company
• 30, 60, 90 day plans (2)
• Process owners - Privacy risk management briefing
• Privacy program executive update
• Privacy management program strategy
• Cybersecurity risk assessment (340 controls)

2022 Select Projects:

• 3 days of on-site meetings (March, June and November)
- Cybersecurity committee meetings
- Strategic planning
- Brainstorming
- Outbrief presentations
• Risk management routines - Cybersecurity (18)
• Process and procedures inventory - Cybersecurity (13)
• Cybersecurity risk management framework
• Permit to build - Authorization to operate
• Threat landscape and controls analysis
• Monthly program status updates
• Zero trust executive briefing
• Staffing capacity and headcount request
• Incident response tabletop exercise (9 scenarios)
• Policy exception review process
• Planning exercises - Building and leading security strategy (2)
• Boundaries, defense and monitoring analysis
• Cybersecurity job descriptions (2)
• Voice of the customer feedback sessions - Cybersecurity (8)
• Health check methodology and planning
• Process design and risk assessment briefings (4)
• Privacy program, risk scenarios and framework review
• Policy exception request form
• Information security program summary
• Mission / vision statements
- Privacy management program
- Threat hunting program
• Identity and access management policy
• Strategic planning workshop
• Cloud security strategy
• Vendor risk profile
• Cyber risk self-insurance
- Research and analysis
• Architecture review board process
• SIEM monitoring alert requirements
• Procedures manual - Identity and access management
• Procedures - Third party risk management
- SOC report review
- Vendor artifacts review
• Mitigating vulnerability trends

Reference the current project list within my LinkedIn profile.

2021 Select Projects:

• Program welcome packet
• Vendor contract security requirements
• Cyber risk appetite statement
• Metrics and reporting packages - Third party risk management
- Vulnerability management
• Established and populated a risk register
• Insider threat toxic combinations
• Risk governance process, including risk register
• Workforce development plan
• Ransomware risk analysis
• Incident response plan (4 scenarios)
• Zero trust controls analysis (134 controls)
• Vulnerability management metrics, KPIs & KRIs
• Procedures manuals
- Third party risk management
- Vulnerability management
• Assessments
- Agile security testing (119 controls)
- Penetration test program (199 controls)
- Cybersecurity risk (409 controls)
- Cybersecurity program (303 controls)
- Cyber exercise program (99 controls)
- Business process risk (327 controls)
- Security awareness program (87 controls)

2020 Select Projects:

• Performance and development plans
• Cybersecurity metrics, KPIs & KRIs
• Internal control framework
• Risk governance process, including risk register
• Workforce development plan
• Assessments - Cybersecurity risk, threat landscape & controls analysis, risk register process, insider threat and fraud prevention (561 controls)
- Security Operations Center (SOC)

2019 Select Projects:

• Cybersecurity insurance information supplement
• Third party risk management program
• Cloud security strategy
• IT asset management requirements