Ground

Your Enterprise

Security

✦Governance✦

✦Risk✦

✦Compliance✦

✦Security Program Development✦

✦Project Management✦

✦Governance✦ ✦Risk✦ ✦Compliance✦ ✦Security Program Development✦ ✦Project Management✦



Enterprise CyberSecurity Management that makes sense for YOUR organization.

UNLESS YOU REALLY ARE MAKING WIDGETS, WHAT YOUR BUSINESS DOES IS NOT CUT AND DRY. MANAGING YOUR CYBERSECURITY PROGRAM ISN’T EITHER. CYBERSECURITY RISK MANAGEMENT SHOULD MAKE SENSE FOR YOUR ORGANIZATION AND SHOULD BE REASONABLE, DILIGENT AND APPROPRIATE.

ANYONE WHO TELLS YOU THEY HAVE DEVELOPED A TEMPLATIZED SYSTEM THAT CAN BRING ANY ORGANIZATION “INTO COMPLIANCE” OR “TO A SECURE STATE” IS SELLING SOMETHING. TRUE CYBERSECURITY RISK MANAGEMENT AND PROGRAMMATIC DEVELOPMENT SHOULD TAKE INTO ACCOUNT THE MISSION, OPERATIONAL OBJECTIVES, OBLIGATIONS AND ORGANIZATIONAL REALITIES OF WHAT IT IS THAT YOU ARE. JOINING THESE ELEMENTS WITH SENSITIVE AND MEANINGFUL MANAGEMENT PRACTICE IS THE ONLY SENSIBLE WAY TO PRACTICE GOOD SECURITY.

ENTER: GROUND SECURITY. IF AN ORGANIZATION IS LIKE A MACHINE WITH MANY COMPONENTS INTERACTING SIMULTANEOUSLY AND (we hope) FLUIDLY, THEN ONE CAN CONSIDER THE ELECTRICITY THAT RUNS THROUGH IT TO BE THE CHARGE AND UNDERLYING SPARK THAT KEEPS IT GOING.

THAT ELECTRICITY MUST RUN THROUGHOUT AND MUCH LIKE A GROUND WIRE IN AN ELECTRICAL CIRCUIT, GOOD SECURITY RISK PRACTICE AND MANAGEMENT SHOULD GROUND THAT CHARGE, ENSURING THAT THE GOOD EFFORTS AND ELECTRICITY MAKES ITS WAY THROUGHOUT THE SYSTEM WHILE ALL THE UNNECESSARY NOISE, OR CURRENT, GETS FILTERED OUT.

GOOD SECURITY PRACTICE SHOULD BE AN ENABLER FOR YOUR BUSINESS, NOT A HINDRANCE. SECURITY PRACTICE AND MANAGEMENT SHOULD MAKE SENSE FOR YOUR ORGANIZATION - BE REASONABLE; BE APPROPRIATE. THAT’S HOW YOU AVOID A NASTY SHOCK -

THAT’S GROUND SECURITY.

Practitioner

SAM NELSON-MANN - CISM, ISO 27001-IA

SAM IS A SEASONED SECURITY MANAGER AND PRACTITIONER AND GO-TO EXPERT IN SECURITY MANAGEMENT AND RISK MITIGATION. WITH A PROVEN TRACK RECORD IN LEADING TECHNICAL SECURITY PROGRAMS AND GOVERNANCE INITIATIVES, SAM BRINGS A UNIQUE BLEND OF ACADEMIC KNOWLEDGE AND HANDS-ON EXPERIENCE TO THE TABLE.

AS A SEASONED TECHNICAL SECURITY PROGRAM MANAGER AND GRC SPECIALIST, SAM HAS SUCCESSFULLY DEVELOPED AND IMPLEMENTED COMPREHENSIVE SECURITY PROGRAMS, ENSURING COMPLIANCE WITH INDUSTRY STANDARDS SUCH AS ISO 27001, CIS-CSC, CIS-RAM AND NIST 800-53. FROM SPEARHEADING RISK ASSESSMENT PROJECTS TO OVERSEEING SECURITY AWARENESS CAMPAIGNS, SAM’S EXPERTISE LIES IN BRIDGING THE GAP BETWEEN TECHNICAL INTRICACIES AND STRATEGIC BUSINESS GOALS. WITH CERTIFICATIONS INCLUDING ISO/IEC 27001:2013 TO THE ISACA CISM AND COMPTIA PENTEST+, SAM IS WELL-EQUIPPED TO TACKLE THE EVOLVING CHALLENGES OF TODAY’S CYBERSECURITY LANDSCAPE. CONTACT SAM TODAY TO ELEVATE YOUR ORGANIZATION’S SECURITY POSTURE AND ACHIEVE PEACE OF MIND IN SECURING YOUR DIGITAL AND PHYSICAL ENVIRONMENTS.

LEVERAGE BALANCED EXPERTISE

01

02

03

04

05

INITIATIVE: RISK ASSESSMENT

SCOPE: CONDUCT COMPANY-WIDE SECURITY RISK ASSESSMENT

RESULTS: SUCCESSFUL COMPLETION

COMPLETED COMPREHENSIVE SECURITY RISK ASSESSMENTS FOR GLOBAL COMPANIES IN THE ACROSS MYRIAD SECTORS. MILESTONES INCLUDE DEVELOPING BUY-IN SUPPORT FROM EXECUTIVE AND TEAM LEARDERSHIP ACROSS THE TECHNOLOGY STACK, DOCUMENTATION AND EVIDENCE REVIEWS WITH TECHNOLOGY TEAMS AND VALIDATION WITH SECURITY, FINAL REPORTING FOR EXECUTIVE TEAMS.

INITIATIVE: GOVERNANCE - POLICY SUITE

SCOPE: VARIOUS

RESULTS: COMPREHENSIVE POLICY LIBRARIES DEVELOPED FOR ORGANIZATIONS ACROSS INDUSTRIES

POLICY LIBRARIES DO COME IN PACKAGES, BUT OFTEN TIMES THE SAME POLICY LIBRARIES WORK FOR SOME ORGANIZATIONS BETTER THAN OTHERS. TAKING THE TIME TO ESTABLISH APPROPRIABILITY OF POLICY LIBRARIES AND VETTING AND IMPLEMENTING THOSE POLICIES IN COOPERATION WITH LEGAL AND COMPLIANCE TEAMS IS CRITICAL TO MAKING SURE YOUR GOVERNANCE IS DESIGNED PROPERLY.

INITIATIVE: COMPLIANCE AUDIT - BCP/DR & SECURITY REQUIREMENTS

SCOPE: ORGANIZATION-WIDE SECURITY COMPLIANCE PRACTICE

RESULTS: PRE-FINRA AUDITS COMPLETED

REGULATORY COMPLIANCE VARIES WIDELY FROM COMPANY TO COMPANY. DO YOU KNOW HOW YOUR SECURITY PRACTICE MEASURES UP TO THAT REGULATORY SCRUTINY? FOR OBVIOUS REASONS, THESE QUESTIONS ARE IMPORTANT TO ANSWER. LEVERAGE OUR EXPERTISE IN SAVING COUNTLESS HOURS OF TOIL IN ANSWERING THESE QUESTIONS BASED ON COMMON-SENSE EXPERIENCE.

INITIATIVE: PHYSICAL SECURITY IMPLEMENTATION

SCOPE: MULTI-OFFICE PHYSICAL SECURITY AUDIT, SOLUTIONS EVALUATION & IMPLEMENTATION; POLICY AND PROCEDURAL ARTIFACTS TO GOVERN USE.

RESULTS: SUCCESSFUL IMPLEMENTATION AND INSTALLATION.

PHYSICAL SECURITY IS A PART OF A SECURITY TEAM’S PERVIEW - HOW UP-TO-DATE ARE YOUR PHYSICAL SECURITY MEASURES? ARE YOU LEVERAGING THEM PROPERLY TO ENSURE DEFENSE-IN-DEPTH FOR YOUR WORK FACILITIES, EMPLOYEES AND SENSITIVE RESOURCES? IT CAN SEEM LIKE A BIG JOB BUT ADOPTING A SYSTEMATIZED APPROACH AND APPROPRIATE EXPERTISE CAN MAKE ALL THE DIFFERENCE.

INITIATIVE: COMMON-SENSE SECURITY PROGRAM DEVELOPMENT AND MANAGEMENT

SCOPE: SECURITY OPERATIONS COMPANY-WIDE

RESULTS: SYNERGISTIC MANAGEMENT ENABLES PRACTITIONERS AND REASSURES EXECUTIVES.

THE MANAGEMENT OF A SECURITY PROGRAM SHOULD TAKE THE IMPORTANT THINGS INTO ACCOUNT; HOW DO YOU ENSURE THAT DAY-TO-DAY SECURITY PRACTICE OF YOUR TEAM IS IN LINE WITH THE MISSION, OPERATIONAL OBJECTIVES AND OBLIGATIONS OF YOUR ORGANIZATION AS A WHOLE? IS PROJECT MANAGEMENT A HELP OR A HINDRANCE FOR YOUR SMEs? HOW UP-TO-DATE IS YOUR GRC PRACTICE? INTRODUCE SOME STABILITY TO YOUR SECURITY PROGRAM AND GROUND YOUR SECURITY.

WHAT PEOPLE ARE SAYING

WHAT PEOPLE ARE SAYING ✦


“If time, cost, and scope are the standards of a project triangle, Sam understands that culture, engagement, and purpose are the drivers and character. That makes the difference between a team achieving what they are told to achieve, and actually succeeding at what matters to the organization.”

CHRIS CRONIN,

ARCHITECT, CIS RIS ASSESSMENT METHODOLOGY

“Sam is hands down the best project/program leader I’ve worked with on a security team. He demonstrates a keen understanding of security concepts, keeping up with current trends and events. Sam is a model of effective communication and organization, keeping stakeholders informed and projects on schedule. He’s not afraid to get technical and can dive as deeply as needed to obtain the best outcome for any situation. Sam is also an expert in GRC and makes effective use of this expertise to steer and inform all aspects of a security program.”

PETER LARSON,

STAFF CLOUD SECURITY ENGINEER, AKUNA CAPITAL.

“Sam leads projects effectively and considers the finer implementation details while never losing sight of the bigger picture. His impressive work standing up a GRC program at [Organization] brought multiple disjointed departments to a shared goal and pushed the organization forward. I recommend him to any team that needs a program manager and a strong leader.”

DAVID ZHANG,

SENIOR SECURITY ENGINEER, DV TRADING

IT ALL BEGINS WITH AN IDEA

IT ALL BEGINS WITH AN IDEA ✦



HAVE QUESTIONS?

let’s chat.