We are dedicated to advancing the role of Chief Information Security Officers (CISOs) and cybersecurity leaders through rigorous professional standards embodied in our Code of Professional Conduct, our path to CISO Accreditation, and comprehensive benefits for our members, including mentoring, coaching, professional development, continued learning, well-being resources, and CISO-specific professional liability insurance.

Founded and rapidly scaled a boutique cybersecurity advisory firm specializing in risk management and strategic guidance for small to mid-sized enterprises in high-risk sectors.CORE SERVICESFractional CISOCyber Security Board AdvisoryIT Operation & Information Security Program AssessmentsCloud Security Reviews and WorkshopsGenerative AI Risk Advisory

The Team8 CISO Village is a global community of cyber security senior executives, CISOsand thought leaders from leading enterprises. The Village is an avenue for exchanging ideas,collaborating as an industry, and promoting innovation in cyber security.

The Israeli Startup Advisory Network (ISAN), managed in partnership between Merlin Ventures and Israeli Embassy, is a community of senior security executives with the goal of providing a deep insight into the Israeli cybersecurity startup ecosystem. The community meets periodically to analyze early-stage Israeli security vendors and gives members the ability to collaborate with each other, as well as connect them with any Israeli startups of interest.

Hired as Head of Information Security to modernize the organization's legacy technical stack, build out a comprehensive information security and compliance program, and develop a cloud security roadmap that resulted in a 50% reduction in security incidents and a 25% increase in compliance with industry standards.Recreated and presented information security presentation to the board of directors and audit committee, ensuring that it was tailored to the audience, aligned with the organization's risk appetite, and actionable, increased engagement by 20%.Selected and implemented a DSPM (Data Security Posture Management) to automate the management of data security policies and controls, improving the efficiency of the organization's cloud security program.Renegotiated Managed Detection and Response (MDR) vendor contract, saving the organization $500k over 3 years. Led the successful execution of the entity's annual certifications and audits, ensuring compliance with key industry standards, including DOI, Model Audit Rule, NY DFS, and PCI. This mitigated risks and reinforced business integrity.Reduced operational expenses by $90k by eliminating the need to maintain multiple identity providers.Enhanced compensating security controls in key risk areas, resulting in a 75% reduction in the organization's cyber insurance premium over the prior year.

Hired as the firm's first Information Security Executive to build a security and compliance program that facilitated the organization's growth by 20%, standardized and scaled the firm's technical products, and resulted in two new technical products being brought to market.Developed a comprehensive roadmap for the organization to achieve SOC 2 compliance.Rearchitected employee lifecycle workflows, adding automation, oversight, and security, resulting in a 25% reduction in time to onboard new employees.Worked with stakeholders to define the requirements for corporate security policies, evaluated leading frameworks, and selected the best framework for the organization's needs.Created information architecture for a zero trust security environment for corporate infrastructure and applications, resulting in a 40% reduction in risk.

Hired by the COO to help modernize and scale a lagging business unit within a rapidly growing organization. Transformed the unit from a reactive cost center to a proactive business partner, contributing to a 250% increase in revenue.Proposed and defined a comprehensive multi-million-dollar budget and action plan within 90 days, including a gap analysis of personnel and vendors, an organization-wide security audit, and a roadmap to PCI compliance.Spearheaded the development and implementation of a security engineering team and vulnerability management program that reduced the number of security incidents by 80%.Collaborated with the COO and product owner to define the scope of HIPAA compliance for the entity's serverless telemedicine platform. Successfully built and launched the solution, which contributed to over $1M in revenue.Designed and implemented a DevOps CI/CD pipeline that automated the build, test, and deployment of software, improving the efficiency, reliability, and security of the development process. Encouraged the development of a homegrown self-service form in Python and PHP, which resulted in a 99.5% improvement in onboarding and exit process efficiency and a 30% reduction in missed SLAs.Led a cross-functional team in developing and implementing a comprehensive compliance program for CCPA and GDPR.

Director of IT Infrastructure, reporting to the President/COO. Responsible for all infrastructure, operations, and security to support the needs of a 24/7 healthcare organization.Designed and implement solutions that maximize functional capabilities of systems while exceeding required security and business continuity requirements.Set technology vision for systems infrastructure. Conceive and design new infrastructure solutions that span the product life cycle from R&D through production.Ensured proper design, implementation, performance, availability, security, auditing and capacity management of all systems.Created and managed ongoing monitoring processes and audits to ensure data integrity, redundancy and fail over. Lead disaster recovery planning and incident response for all production assets.Defined, published, and executed the overall IT security strategy with buy-in from operational and business stakeholdersManaged vendor relationships and capital/operational budget for all infrastructure and IT technology areas.

Hired as the firm's first IT Engineer and promoted to Infrastructure Manager after 6 months, reporting to the CTO. Led a team of 4 IT professionals in supporting 9 sites and over 300 people globally, with responsibility for IT infrastructure, operations, and security.Set up asset management lifecycles with seamless zero-touch deployments via Apple's Device Enrollment Program (DEP), automating the provisioning of new devices and ensuring their compliance with the organization's security policies.Initiated and managed a compliance program that oversaw GxP, HITRUST, and PCI programs, ensuring that the firm met its clients' and regulatory obligations.Supported and managed the organization's DevOps and automation environment, ensuring that it was scalable, reliable, and secure.Established a corporate BYOD policy and created an MDM governance framework, which was later consulted on for a client project.