The CISO Desk Reference Guide volume 1 and 2 form the basis for the CISO Desk Reference series of books, more titles coming this year. The goal is to create a platform to deliver resources for the CISO and create a community where senior Information Security professionals can share their experiences and learn from their peers.

The experience and diversity of TechVision Research consulting analysts provides business-level support for CXOs and Sr. IT executives. The TechVision team delivers pragmatic architecture and deep technology analysis through our workshops, consulting and research advisory services.TechVision Research is rapidly becoming a leader in Identity Management, Privacy, Data Security, IoT security and core Internet and application infrastructure building blocks.The combination of “real world” front-line experience, consulting and “best of breed” analyst skills give TechVision clients the best guidance in the industry. TechVision has assembled well-known industry experts from Fortune 500 companies, Homeland Security, NSA, and leading research & advisory companies.Expertise: From risk analysis >> security and technology program design >> mastery of control frameworks and business process engineering. Areas of specialty include: - IoT and IoT Security - Identity Management - Information security program design - Organization / Talent Assessment & Transformation - Communication and Change Management - Security Audit and Readiness - Security Due Diligence - M&A Support

The experience and diversity of TechVision Research consulting analysts provides business-level support for CXOs and Sr. IT executives. The TechVision team delivers pragmatic architecture and deep technology analysis through our workshops, consulting and research advisory services.TechVision Research is rapidly becoming a leader in Identity Management, Privacy, Data Security, IoT security and core Internet and application infrastructure building blocks.The combination of “real world” front-line experience, consulting and “best of breed” analyst skills give TechVision clients the best guidance in the industry. TechVision has assembled well-known industry experts from Fortune 500 companies, Homeland Security, NSA, and leading research & advisory companies.

The San Diego CISO Round Table was founded in 2007. The organization started with 15 members and now has grown now to 110+ members and meets eight times annually. The Round Table consists of representatives from many different industries including Energy, Critical Infrastructure, Medical/Hospitals, Defense, Electronics, Banking/Financial, E-commerce, and others.The focus of this group is to share current threats, Intel, and concerns as well as mentor the younger/newer CISO’s within the group. This promotes an atmosphere of learning and engagement for all members. All meetings for the round table are conducted under Chatham House rules and we do not typically allow non-members or vendors to attend so that everyone can speak candidly and adhere to the strict rule of confidentiality within this group. If you are a senior information security professional in the greater San Diego area and are interested to learn more, contact the board at: sandiegocisos@gmail.com.

Member, Ubiq (formerly FHOOSH), Inc. Board of Advisors: With a focus on “faster data, more secure,” San Diego cybersecurity developer Ubiq, Inc. is creating solutions that boost both system performance and security. Ubiq safeguards organizations’ critical business and customer data from cyberthreats by storing it in a state that is worthless to hackers, and it does so up to eight times faster than even storing data unprotected.

Consulting with colleagues and industry experts to improve the information security posture of companies and individuals through security initiatives in threat intelligence, targeted asset protection, information security education and awareness and behavior modification. Focused on Cyber Security, Internet of Things (IoT) Security, Privacy and Identity Management.

Founded eCyberAdvisory Group in 2014 to deliver on the "Virtual CISO” model. This model is specifically geared to small and medium size businesses where a part-time or interim CISO is needed and large enterprises needing high level strategic or GRC (governance, risk, compliance) expertise. This role is ideal as a trusted advisor to the CIO / CEO for small and medium enterprises and for designated special projects in the office of the CISO for large enterprises.

As VP Product Marketing and Chief Strategist for FHOOSH, I have the ability to focus my passion for bringing game-changing cybersecurity tools to market. I am thrilled to be a member of this incredible team of professionals.FHOOSH, Inc. develops high-speed cybersecurity software that protects data from inception, in transit and at rest at speeds certified up to eight times faster than handling unencrypted data. FHOOSH delivers on the promise of “Faster Data, More Secure™” using patented protections that fragment, disassociate, separately encrypt and then disperse data upon capture from the edge to the cloud for storage or archiving. FHOOSH enables stronger data protection with faster performance, built-in threat detection, rapid recovery from ransomware attacks and “always-on” compliance. With FHOOSH, security is built in from architecture to implementation, and an unauthorized access to your systems or network does not expose sensitive data. FHOOSH software easily integrates with both legacy and new technologies and is the right option to secure data in any cloud, IoT or enterprise environment.

CyberHive is a unique, innovative business shared workspace and incubator program that delivers business and technical support to early stage companies providing cybersecurity and high tech related products and services.Mission:•CyberHive is a sustainable non-profit co-work space and incubator/accelerator community focused in the area of high technology and cybersecurity.•The CyberHive model is based on treating co-work space and incubator/accelerator Members as real operating businesses everyday.•Members are mentored as they fine tune their business model, use cases and go to market strategies.•Members contribute to the support of the CyberHive community by paying modest fees and/or equity to the CyberHive which ensures the program remains sustainable well into the future.•Every company that graduates from the CyberHive community will be a new employer.http://cybertechnetwork.org/

Built a top-notch team of IT security professionals. Responsible for 35+ person team delivering all aspects of security engineering, security operations, Access Management, and Governance, Risk and Compliance. Delivered best-in-class security and security compliance outcomes. Led the development of a compliance business partner program to embed within business units and create compliance competencies. Over a three-year period, enabled self-funding of innovative new programs in cyber security and threat intelligence by evaluating security tools, identifying and eliminating redundancies, aligning tools with outcomes, and creating efficiencies with staff-intensive processes. Developed and implemented a control framework that enabled business units to safely and securely migrate to public cloud, private cloud, and hybrid hosting models.Eliminated fire drill audits and compliance failures through creation of a central team of experts to handle the continually expanding and increasingly complex audit and certification portfolio.Drove the requirements assessment and built the roadmap, budget and staffing plan for Intuit’s workforce Identity and Access Management program.Instituted a central repository for access rights, automated access reviews and certifications, tripled coverage from 75 to 225 systems while reducing the team size by 50%.Conceptualized, developed and implemented a proactive engagement model with auditors resulting in a 40% reduction in testing requirements, minimization of audit findings from 50 to 10, and a $250,000 savings in annual audit expense in the first year.Honored recipient of Intuit Innovation awards for three patent submissions.

Designed and implemented identity and access management programs for assessing and mitigating access control gaps for SOX and SAS 70 compliance. Successfully remediated significant and long-standing deficiencies for both internal back-office systems with SOX exposure and customer facing systems subject to SAS 70 audit. The scope of the projects was greater than five project years each. The assessment technique was presented at the Pink Elephant International IT Service Management Conference in February, 2008.Created a center of excellence for identity and access management that allowed all business units and functional groups to leverage the best practices employed for SOX and SAS 70 access controls.Developed partnerships with key groups, including Internal Audit, Information Security and Legal to implement collaborative approaches to addressing access management risks.Drove company-wide project to implement automated access GRC tools using the SailPoint IdentityIQ.Honored recipient of Intuit Finance Recognition of Excellence.

Design and develop visually engaging and technically savvy websites for small to medium size companies. Clients included:Link TV (www.linktv.org)InVision Technologies (now a division of GE)Quintus (now a division of Avaya)ADAC Labs (now a division of Philips Medical)FineGround (Now owned by Cisco)

Provided senior Information Technology consulting to SF Bay Area firms as interim CIO, technical adviser, information security, special projects, office build outs, hiring. Clients included Callidus, InVision, Watergate Software, others.Aligned technology, content and web functionality to ensure adherence to client requirements and business objectives.Drove the creation of Information Technology strategy for pre-IPO Callidus Software encompassing service delivery, information security, data protection as well as identity and access management. Performed comprehensive needs and risk analysis for information systems and developed a technology blueprint addressing all functional areas, created an all-encompassing strategy for information technology, service delivery, information security, data protection and access control while reducing new hire provisioning from 10 days to day of hire for Callidus Software.Forged relationships with ‘C’ level clients at client accounts to ensure project milestones were understood, cascaded to front-line staff and executed according to service level agreements. Collaborated with senior management to align Information Technology, hire staff, audit network and information security risk, data classification and assess system readiness at Quintas Corporation.Transformed the Information Technology department of InVision Technology into a crucial business partner, implemented help desk, streamlined information security programs. As a member of the technology steering committee, helped Central Garden and Pet, a $1.8 billion pet, lawn and garden supply client toward centralized Information Technology, identified and hired a CIO, adopted enterprise-wide Information technology and information security standards and implemented corporate productivity solutions.

As a member of the Technology Advisory Board, helped Central Garden and Pet, a $1.8 billion pet, lawn and garden supply client toward centralized Information Technology, identify and hire a CIO, adopt enterprise-wide Information technology and information security standards and implemented corporate productivity solutions.

Responsible for all aspects of information technology and information security. Managed applications development, systems, networks, data communications, information security and privacy, help desk, and all capital expenditures.Delivered high quality IT services at 30% less than the industry average cost by aggressively managing assets, service contracts and personnel costs.Managed a complete overhaul and integration of multiple, disparate accounting and order processing systems. Scope of project was 8,000 man-hours.Cut response time by 80% for simple service requests, reduced project backlog by 75%, implemented a centralized help desk, established an IT steering committee to set priorities and achieve cross-department cooperation.Directed the construction of 3 facilities, each over 35,000 sq ft, including state of the art data centers.