Zach Luze Email & Phone Number

Cheseaux, CH

• Built and leads a 3-person team responsible for the Data & Cloud Security Advisory practice for a 500 person, $50m ARR global security consultancy. Engagements include business development and scope, assessment.
• Responsible for $1m+ in advisory services bookings and recognized revenue
• Perform Azure (including IaaS/PaaS), M365, and AD security assessments (CIS-based), including a multi-billion dollar tech conglomerate and one of the nation’s largest school districts
• Lead implementations of native Azure / M365 (e.g., E5) security capabilities, including Purview, Defender Suite, and Microsoft IAM (e.g., conditional access)
• Designed and created data security and privacy training program for a 1,200 user SLED organization
• Perform data security and privacy strategy / roadmap assessments using the NIST Privacy Framework and KS’ proprietary data security framework

Worldwide, OO

• Manages international team of twelve security professionals delivering enterprise cloud and websecurity services and support to Deloitte practitioners. My team protects Deloitte and its clients from web-borne threats.
• Led six-month CASB migration project (testing, communication and awareness, implementation) for 50k practitioners, saving $1.5m in licensing costs
• Developed and manage exception and support processes for CASB, Proxy, and DLP products to align with business and compliance requirements (e.g., FedRAMP)
• Teamed with development and DevOps organizations to make security tools compatible with their tools and pipelines
• Led pilots of cloud data discovery and risk reduction security tools
• Built data access governance effort, which identifies and remediates data access vulnerabilities (over one million high risk folders remediated and 100 million stale files quarantined)

Reston, VA, US

• Security consultant providing CISO services for Ellucian clients, established and led the securityfunction for a $61m organization.Achievements and projects included:
• Led PCI-DSS compliance effort; identified PCI footprint and developed PCI Policy and Roadmap todeliver sustainable compliance
• Developed and implemented IAM, vulnerability management, and 3rd party risk managementprocesses
• Oversaw security product selection and vendor management process, including requirementsgathering, pilots and contract negotiation
• Created organization-wide, multi-faceted security awareness program, contributing to a simulatedphish-rate of nearly 20% below industry average
• Managed security staff in installing products, threat hunting, and incident response functions

Bloomfield, CT, US

• Senior IT Audit role focused on risk-based information security audits and assessments.Responsibilities and achievements included:
• Led and participated in information security projects, including incident response capability, Windows and AS400 server security, patch management, mobile device management, red team / pentesting, and Agile / DevOps.
• Researched leading practice standards and frameworks (NIST, CIS, SANS) to develop test plans for incident response, Windows, AS400, and patch management assessments
• Served as the audit department’s Information Protection Coordinator (liaison between security function and the business units), creating monthly newsletters to educate employees about the latest security trends and end.
• Oversaw the project management elements of assigned assessments, including developing budgets and timelines, assigning staff and guiding their work, and reporting results to leadership

London, GB

IT risk role focusing on SOX compliance and IT general controls.