Mike Davis Email & Phone Number

Spring, TX, US

• Value proposition.My diverse experience, results driven approach and wide environment background will enhance your overall company risk minimization program – effectively. Based on what matters most to you, integrating.
• vCISO providing cybersecurity program development and implementation services to a variety of clients.
• Conducted an extensive, enterprise security program assessment for fortune 500 company (using ISO 27001 ISMS)
• Supported multiple startup companies in their security program initiation, including SOC2, policies, risk assessments.
• Provide a risk-managed framework for scalable business operations in a risk-prone business ecosystem.
• Implement and oversee the enterprise cybersecurity and risk management program, focused on resilience.

• ExactlyIT is a next generation managed services provider. From cloud services and cyber security to end-user support and technology solutions, we offer a wide range of managed IT capabilities. Emphasizing security.
• Lead and manage all aspects of the IT security department operations, projects, policies, processes, and initiatives.
• Provide periodic assessments for: IT security practices, processes and metrics, compliance audits, security frameworks (e.g., NIST CSF, CIS CSC, ISO27001, SOC2), penetration tests, vulnerability management, and other.
• Continue a Risk-Based Security Strategy (RBSS) supporting both the IT/OPS environment and senior leadership in strategic planning, development, implementation, and ongoing management of global security services and.
• Lead the computer security incident / data breach response plan, focused on immediate actions and effective communications.
• Within the RBSS and Cyber Security roadmap, oversee several programs: Identity and Access Management (IAM), Threat and Vulnerability Management (TVM) / risk based cyber hygiene and patching, and data security / privacy.

Houston, TX, US

• As the initial company CISO, lead the effective execution our security team’s responsibilities, which include:
• Orchestrate all aspects of the IT security department operations, projects, policies, and initiatives.
• Established a continuous assessment of current IT security practices, processes and systems, including security audits, risk assessments, vulnerability management, and penetration tests.
• Developed and executing a risk based security strategy (RBSS), recommending the ‘best risk value’ capabilities (implementing encryption, DLP, PAM, etc) - enabling the business objectives and innovation.
• Developing an overall privacy protection program supporting GDPR, CCPA, etc. and numerous other laws.
• Developed, implemented and exercising an integrated computer security incident / data breach response plan along with a proactive cyber awareness and training program.

Spring, Texas, US

• Developed and implemented a risk based security strategy (RBSS) supporting the cyber risk lifecycle of global security services and products. No security incidents or data breaches during my tenure.
• Within the RBSS and Cyber Security roadmap, developed: Identity and Access Management (IAM), Threat and Vulnerability Management (TVM), and data security / privacy protection programs enabling the corporate strategic.
• Developed a department wide risk management (RM) initiative – including a RM Plan executing a dynamic risk register, prioritizing mitigations based on overall “risk value.” Significantly lowering the overall threat.
• Conducted data breach and ransomware risk minimization assessments, integrated into the RBSS. Updated and exercised our security incident response plan.
• Enhanced our Security Education, Awareness and Training program and established a Policy Strategy to execute the litany of security policies and processes required.
• Created an enterprise security architecture strategy, based on complying with the NIST cyber security framework and CIS top 20 critical security controls.

Washington, DC, US

• Leadership tour as the Chief Systems Engineer (CSE) (Senior GS-15) for SPAWAR / C4ISR / IT / networks in Navy large deck ships and aircraft integration (e.g., interoperability, architectures, interfaces.
• Command CSE / technical authority for capability development and deployment in complex platforms and aviation integration domains for critical systems supporting overall platform mission assurance – the C4ISR/IT.
• Supported the Command Chief Engineer / senior leadership on wide-ranging enterprise level platform systems engineering (SE) activities centered on complex integration and interoperability issues: standards inputs &.
• Performed cross-platform, cross-system risk assessments. Identified issues and led cross-organization mitigation collaboration gaining enhanced integration and interoperability (I&I).
• Developed integrated test and evaluation processes for C4ISR / IT systems that facilitated verification and validation methods, enhancing ‘systems of systems’ enterprise, end-to-end I&I.
• Developed extensive experience in certification and accreditation, testing/verification/validation and related systems design, integrated / concurrent engineering and capability development activities.STRENGTHS / SKILLS:

San Diego, CA, US

--- Information Assurance (IA) Technical Authority / Process Owner (TPO) (SPAWAR technical warrant holder)- Developed and institutionalized technical processes to ensure that IA standards and processes are accomplished and included within NSA/NIST requirements and best engineering practices, including: requirements, design reviews, certifications and.

Msee, Electrical And Electronics Engineering

Masters, Management