About
Empowering Teams to achieve continuous risk awareness and cyber resilience
There are plenty of checklists, tools, security alerts to give any Manager dear-in the-headlights paralysis! It seems the more you read then the less you know - an avalanche of information that causes you to question if you are doing all that you should. The industry has a simple answer - hire more people, buy tools, write better code, get more alerts. What if adding people and budget are not options? The cybersecurity requirements (yes, they are requirements) still need attention. How do determine where to place your limited resources?
I've been there - managing systems in the DMZ without options to add people or buy tools. I had Development and Operations teams at full capacity to sustain, repair and improve an eCommerce system. One day we learned an important lesson the hard way. The industry, client and partners all took a pass: "there was no way to prevent the when the patch wasn't available", "perimeter scans couldn't see it coming", "software analyses were clean".
I rejected the fait accompli and resolved to find a way to become proactive using whatever skills, tools, and processes we could muster. The changes I implemented essentially fused the Development and Operations groups into a high-performance Team.
I wouldn't call it DevOps (or variants of DevSecOps) but it did accelerate development-deployment by 10x factor. Threat and vulnerability awareness was real-time, confidence in cyber resilience climaxed, and we were no longer sleep-deprived.
When the infamous Equifax hack hit, the Team stopped the breach and had a full report (analysis, remediation plan) and self-made patch ready in a few hours. There's much more to this story - how we got there, practical processes/tools, and how we overcame industry deficiencies.
This is the stuff I want to equip your Team to achieve. It is built from over 35 years of IT experience in software development, systems integration, and Internet services. I've managed solutions in manufacturing, engineering, logistics, and eCommerce. I've shared my findings with IA Teams and workshops at ITEA, (ISC)2, and NIST.
I encourage you to give me a call or drop me an email to discuss what cybersecurity issues keep you up at night. I'm eager to share how I might help your Team see the same successes.
Let's get started!
Industry Engagements:
Areas I Can Help You With
Consulting
Advise Management and Team leaders to shift to a proactive cybersecurity approach and continuous risk awareness.
Process Engineering
Retool processes to simultaneously assess cybersecurity readiness beyond compliance.
Team Coaching
Heighten cyber awareness and analysis through modest process changes and Team integration.
Cyber Security
Comprehensive approach to system awareness, measure risk, and close gaps.