Lance Hayden, Ph.D. Email & Phone Number

Keene, NH, US

San Antonio, Texas, US

• As an executive leader in our Information Security & Privacy Group (ISPG), I have direct ownership of key enterprise capabilities including:
• Strategic Cyber Planning - I am responsible for researching and developing innovative approaches to cyber security trends and challenges. Examples include cyber risk quantification, improved tabletop exercises for.
• Compliance Center of Excellence - I lead the team responsible for continuous monitoring of our integrated controls framework (which incorporates ISO 27001, AICPA Trust Services Criteria, and PCI DSS) and successfully.
• Third-Party Security Risk Management - I built and lead our enterprise program for assessing and managing cyber risk in our vendors and subcontractors. We address both upstream (client-facing) and downstream.
• Security Training, Awareness, and Culture - I developed and lead our information security training program and content, including annual security training as well as continuous awareness activities (phishing tests.
• Legal and Regulatory Support - As ISPG's subject matter expert for Legal, I support the legal team on contractual negotiations, provide regulatory research and support on cyber security matters, and provide risk.

Austin, TX, US

• I teach graduate courses and mentor students and researchers in topics including:
• Information Security
• Privacy and Surveillance in Society
• Information Behaviors in Espionage and the Intelligence Community
• Blockchain Technology, Uses, and Applications

Austin, TX, US

Austin, Texas, US

Executive responsibility for protecting Elligo’s sensitive information assets, including personal health information (PHI) and sensitive corporate data. I developed and led Elligo's HITRUST certification program initiative. I successfully supported all security related vendor and regulatory audits.

Austin, Texas, US

Executive responsibility for protecting ePatientFinder's (ePF’s) sensitive information assets, including personal health information (PHI) and sensitive corporate data. Reporting directly to the CEO, I created and led ePF's enterprise security program and chaired ePF's Executive Security Committee. I developed ePF's compliance program strategy.

Emeryville, CA, US

Through BRG's Technology Advisory Practice (TAP), I helped clients build strategic capabilities for information security, privacy, and IT GRC, including security programs and operations, security framework requirements, effective policies and processes, and qualitative and quantitative risk assessment models.

San Jose, CA, US

• I led a team of Cisco Advanced Services solutions architects providing global enterprise customers with Security Advisory and IT GRC consulting engagements, including:
• Information Security and Privacy Program Strategy and Governance
• Compliance and Audit Support (ISO 27001, HIPAA, NIST, FFIEC, COBIT)
• Vulnerability Program Management
• Security Risk Management and Modeling
• Enterprise Security Metrics and Performance

San Jose, CA, US

Within Cisco Advanced Services I was responsible for all business-side and customer-facing aspects of a global penetration testing and red team consulting practice, offering customers industry leading tools and expertise for testing and securing their IT networks and systems.

US

As a CIA officer I was responsible for planning and conducting human intelligence (HUMINT) operations in support of national security strategies and objectives. My activities and experience includes planning operations, recruiting and managing HUMINT assets, and briefing policymakers, senior government officials and industry representatives on subjects of.

Phd, Information Science

M.L.I.S, Information Science

B.A, English, History