This is a blog for the business leader in a small or mid-size enterprise. I help firms that already have I/T support, but may lack a dedicated internal Security Officer. I provide advice blending business, technology and risk management. My goal is to help you protect yourself from cyber threats. In turn we protect our customers, our employees and the value we build over time.
What is a CISO?
The term CISO is an acronym for Chief Information Security Officer. In short, a CISO leads strategy and implementation of information security policies in concert with business priorities. The CISO’s goal is protection of cyber assets. That requires broad experience in business, technology, legal and organizational operations.
CISO’s help firms:
- Understand cyber-threats and risks (cyber risk management)
- Establish standards and controls (information security policy)
- Respond to cyber incidents (computer security incident response)
- Select security technologies (balance business vs. technical)
- Mitigate risks (transfer, eliminate, control, and plan)
- Comply regulations and audits (rationally apply private/public standards)
I am the founder and president of Working Security, Inc. With decades of experience in the I/T field, I’ve designed, implemented, and managed I/T systems, managed I/T teams, and developed policies and processes for organizations around the globe. I have an engineering and business background.
- Certified Chief Information Security Officer – (C|CISO) – EC-Council
- Certified Ethical Hacker – (C|EH) EC-Council
- Certified Information Systems Security Professional (CISSP from ISC2)
- GIAC Certified Forensics Analyst (SANS Institute)
- Missouri Licensed Private Investigator (#2014024060)
Software Development and I/T:
- Information Technology Infrastructure Library (ITIL v3)
- Project Management Professional (PMP)
- Certified Scrum Master (Agile Software Project Management)
I work directly with business owners and senior leadership in I/T and business lines. I serve as an objective resource on internal deliberations. I help large and small firms acting as an advocate or leading operational teams. I lead cyber security testing and help others survive and excel in audits.
I help clients identify vulnerabilities, develop risk mitigation strategies to meet and exceed compliance mandates under HIPAA, SOX, PCI-DSS, SSAE-16, NERC and other standards.
I’ve served as an engineer, architect, and program manager within multiple business lines at IBM Global Services, security leader of a U.S. cloud hosting provider, and a consultant for multiple information technology solution providers. I know how your vendors and service providers work. I’ve been on the buyer, seller and auditor sides.
I’ve helped over 200 firms across multiple industries:
- Financial: Retail Banking, Financial Markets, Insurance
- Energy and Communication: Energy/Utility, Media, Telecom
- Product and Distribution: Consumer Products, Retail, Travel and Transportation, Wholesale Distributors
- Industrial: Air and Defense, Automobile, Chemical, Electrical
- Public: Education, Health Care, Government, Life Sciences
I speak to accounting, health care, insurance and other professional organizations about cyber-security and threat mitigation.
My work has been featured in print, online and in broadcast media including Hakin9 Magazine, SearchSecurity, CBS/KMOX, The St. Louis Metropolitan Medical Journal.