Brown Chris NewCyberExecutive

New Cyber Executive

I advise on cyber program strategy, planning, and governance, as well as cyber risk assessment and risk management. During the past 20 years, I have assisted over 100 organizations in the public and private sectors transition to risk-based cybersecurity approaches in order to better address organizational missions and goals. I have led a number cyber program initiatives for clients as an executive-for-hire, including cybersecurity program transformations and cyber risk management transformations. I served six years as the Chief Information Security Officer for a healthcare insurer, leading up to and through the initial years of HIPAA Security. The program I developed was used a reference implementation for evaluating high-performing health insurers by U.S. Department of Health and Human Services, Office for Civil Rights. I have also developed cyber program and risk program frameworks, along with maturity models, KPIs, and KRIs, and developed self-assessment, internal audit, and diagnostic toolkits for cybersecurity, IT risk, and cyber risk management. 

 I have utilized security and risk standards and regulations such as ISO 27001, ISO 31000/31010, NIST CSF, 800-53, 800-30, 800-39, 800-37, 800-60, COBIT, HIPAA Security, state frameworks and regulations, and proprietary frameworks.

Prior to my management roles, I served in a variety of technical roles as a system and network administrator and analyst, and I have experience in web application development, network architecture and management, and in the planning, design and development of enterprise applications.

I am the founder and past president of the Information System Security Association (ISSA) Buffalo Niagara chapter, and past president of the Information Systems Audit and Control Association (ISACA) Western New York chapter. I’ve also served as a member of various Information Systems Security Association committees, including the Ethics Committee and the Certification Committee. I hold a Bachelor of Science in Computer Science from the University of New York at Buffalo.