Profiles search

Drew Blandford-Williams

CISO / Principal, Cybersecurity / Data Privacy & NIST ISMS Writer
Boise, ID, United States

Details

Education: Master's Degree

Homeland Security

The George Washington University

2015 : 2016

Bachelor's

Communications/English

Brigham Young University

1985 : 1990

Skill set Certifications for DoD-based Service in Public Affairs (1980--1982)

Information Management, Public Affairs, Journalism & Broadcasting

Defense Information School

1980 : 1982

High School



Schoolcraft High School

1976 : 1978



Information Security Certifications

ISACA / ISSA / SANS (GIAC)

1999 : 2004
Experience: • Developed suite of BC/DR, Zero-trust, Tabletop Exercises, SOC2 readiness reviews, vCISO, PCI, ISMS libraries as part of establishing this cybersecurity practice from concept to client.

• Currently direct cybersecurity operations for critical infrastructures across all various infrastructure sectors, with emphasis on ransomware, assessments, threat analytics & data privacy development (GDPR / CCPA).

• Provide NIST-based GRC deliverables/resourcing frameworks & cybersecurity guidelines (PCI / FEDRAMP / HIPAA / HECVAT).

2020 : Present

Guidacent, Inc.

CISO / Director, ThreatRecon Cybersecurity Practice

• Leadership & KPI development for team of 28 security managers & consultants.

• Drove billable Security Services representing $2 billion in revenues.

• Defined operational protocols for application security for 2,000 software engineers while serving as Application vCISO for the world's largest restaurant franchise.

• Provided 85% billable utilization for Governance, Risk & Compliance consulting services.

• Assessed existing security controls, technical security architecture, policies, procedures, and developing transformation delivery recommendations.

• Created hands-on training program for newly hired employees to acclimate each person to company policies and procedures and individual job duties.

2018 : 2019

Capgemini

GRC Practice Manager, North America

2017 : 2019

Capgemini

Senior Security Consultant

Directed Security Solutions operations (28 security managers & consultants), representing $2 billion in revenues. Oversaw security compliance initiatives (PCI / HIPAA / FISMA), for 2,000 software engineers for world's largest food franchise.

-- Defined KPI expectations for 28 cybersecurity consultants, overseeing $2 billion in services.

-- Generated 85% billable utilization in Governance, Risk & Compliance Consulting Services.

-- Conducted Risk Assessments for global organizations based on NIST 800/53 guidelines.

-- Authored Incident Response Playbook addressing recovery from critical loss of assets resulting from series of Ransomware attacks.

-- Transformed existing security controls, technical security architecture, policies, processes.

-- Created hands-on training program for national sales force.

-- Implemented Agile business practices to oversee projects throughout North America.

-- Drove operational improvements resulting in significant savings / improved profit margins through better communications and coordination of resources to accommodate $2 billion portfolio.

-- Expanded partnerships (Veracode, Black Duck, Burp Suite), Application Security Testing vendors.

2017 : 2019

Capgemini

Manager Security Services

Improved overall business operations pertaining to “IT Risk Management / Security Services” by restructuring Security Services portfolio while serving for mid-enterprise markets representing 800 customer companies and $900 million in revenue.

• Directed recovery efforts from a $6.8 million Sodinokibi Ransomware attack on a mid-enterprise MSP.

• Drove recovery efforts from six additional Ransomware attacks.

• Authored a series of Security Incident Recovery & Mitigation Playbooks.

• Oversaw SOC2 Type 2 Audit Compliance for international consulting operations.

• Developed new market opportunities around NIST 800 Security Framework services.

• Led campaigns to reduce phishing & improve Security Testing & Awareness Training.

2016 : 2019

Condition Zebra U.S.

Director Security Services
Company: Guidacent, Inc.
Years of Experience: 32
Spoken Language: American Sign Language, English

Skills

Adobe Premiere Pro, Business Continuity Planning, Business Development, CCPA, Cloud Computing, Cloud Security, Computer Security, Critical Infrastructure, Cybersecurity, Disaster Recovery, Employee Training, Enterprise Software, Executive Management, GDPR, Go-to-market Strategy, GRC, Identity & Access Management (IAM), Information Security, Information Security Management, Information Technology, Infrastructure, Leadership, Management, Management Consulting, Marketing Communications, Media Relations, Microsoft Excel, Microsoft Office, Microsoft PowerPoint, Microsoft Word, NIST, Policy, Policy Compliance Auditor (Security, Operations), Product Development, Product Marketing, Professional Services, Program Management, Public & International Policy Author, Public Relations, Public Speaking, Published Author, Risk Management, SaaS, SecDevOps, Security, Software Development Life Cycle (SDLC), Strategic Partnerships, Strategic Planning, Team Leadership, Training

About

Trust. Stewardship. Confidence. - These are three important tenets that drive an expected level of performance for U.S. Navy Veteran and cybersecurity expert, Drew Williams.



Drew began his career in Information Security while Jimmy Carter was still president. Drew started out on the flight deck of an aircraft carrier and transitioned below decks to the Public Affairs Office and Combat Information Center, where he began what became a lifelong career in Information Security. In his first years as a DoD Information Specialist, Drew reported on Soviet ship movements in the Indian Ocean and Western Pacific, coordinated shipboard defense communications activities for command and control centers, and was part of the battle group that supported the failed US-Iran rescue mission, Operation Eagle Claw in 1980. He served on carriers, Coral Sea, Midway, Nimitz and George HW Bush, as well as on USS Gridley, Roark, Brooke, Cook, Ingersoll & British Submarine HMS Churchill, and with the US Seabee Battalions.



Drew was part of launching one of the first Host Intrusion Detection systems (HIDS) and one of the first SIEM tools. He co-developed an early Security Services/Hacker Research team (Symantec SWAT). He was also on the original team that transitioned the former Kennedy Kassebaum Act into what became the Health Insurance Portability and Accountability Act (HIPAA). Drew was also part of the core development team, working with MITRE to establish the CVE reference system, and was part of the core team that established Symantec as a global cybersecurity empire.



Drew has a master’s degree in Homeland Security Leadership from the George Washington University and an undergraduate in Technical Communications from Brigham Young University.



A former host of Hacker Halted Asia, and first principal funding source for the Black Hat Briefings, Drew takes the subject of securing everyone for a safer world to heart.



SUMMARY OF RESPONSIBILITIES:

- Director of ThreatRecon Cybersecurity Practice / CISO

- Designed & Delivered Cybersecurity Services product line for US-based consulting practice

- Business Continuity / Disaster Recovery tabletop exercises & reviews

- FedRAMP / POAM Assessments

- CMMC & ITAR-regulated team leadership

- Ransomware tabletop exercises

- PCI / SOC 2 pre-audit readiness assessments

- HITRUST / HIPAA security awareness / BC|DR training

- NIST 800/53 & 171 baseline assessments

- Weekly “Two-minute Warning” cybersecurity awareness video productions

- ISO 27001 / ITIL ISMS library development

- DevOps “Threat Modeling” workshops