Cyber Crisis Management with NIST Cybersecurity Framework (CSF) 2.0

I’ve been working in cybersecurity since 1992. I started as an air force officer, leading information technology teams. My assignments had us handling very sensitive information related to air-to-air weapons testing, so we were expected to practice what I now call “good cyber hygiene”. My most challenging job during this time was director of wide area network security for the F-22 “Raptor”. At the time, we were getting ready for the first production jets to come down the assembly line. It was very exciting! After the USAF, as a project leader at Stanford Research (SRI), I helped many Fortune 100 firms grapple with cybersecurity on a large scale. The problems they were dealing with were often 5 years or more ahead of the mainstream. So, there were no “off-the-shelf” solutions and many of our customers didn’t even know where to start. With no one else to turn to, they would come to us. Fast forward a few years and I was selected to be Chief Information Security Officer (CISO) of an insurance company. They owned a few subsidiaries, so I was also providing cybersecurity leadership to senior decision-makers of a community bank, credit union, debit/credit card transaction processor, and an IT managed service provider. I learned a lot about the business value of cybersecurity during those years. Then, in June of 2015, I launched my own company, Cyber Risk Opportunities. These days, cyberattacks are hurting businesses, even bankrupting them. That's wrong! We help executives manage cyber as the business risk it has become. So they’ll be ready no matter what happens. Setting priorities is a big goal in our work. Today, we have a lot of customers. Right now, we’re helping both a professional basketball team and a biotech company optimize their cyber risk management programs. It’s great to be able to use the same approach to help organizations that are so different in just about every obvious way. But, just under the surface, they are both very similar in terms of the cyber risk practices they need to follow. My mission is to enable executives to become more proficient cyber risk managers. Our customers include the U.S. Federal Reserve Bank, Boeing, Visa, Intuit, Mitsubishi, DuPont, and many others. And, because so many organizations in the US need better cyber risk management at the executive level, we’ve launched a partnership program so other professionals in positions of trust, such as lawyers and technology service providers, can use our tools and methods to help their existing customers thrive as cyber risk managers. Ask me about it!