Todd Hammond

𝘾𝙄𝙎𝙊 𝙋𝙪𝙧𝙨𝙪𝙞𝙣𝙜 𝙉𝙚𝙬 𝙑𝙚𝙣𝙩𝙪𝙧𝙚𝙨🔹𝑪𝒚𝒃𝒆𝒓𝒔𝒆𝒄𝒖𝒓𝒊𝒕𝒚 𝑬𝒙𝒄𝒆𝒍𝒍𝒆𝒏𝒄𝒆🔹𝑬𝒏𝒉𝒂𝒏𝒄𝒆 𝑮𝒐𝒗𝒆𝒓𝒏𝒂𝒏𝒄𝒆🔹𝑹𝒆𝒅𝒖𝒄𝒆 𝑪𝒐𝒔𝒕𝒔🔹𝑩𝒖𝒊𝒍𝒅 𝑹𝒆𝒔𝒊𝒍𝒊𝒆𝒏𝒄𝒆🔹𝘼𝙘𝙝𝙞𝙚𝙫𝙚 𝙂𝙤𝙖𝙡𝙨

New York, NY, United States

Details

Education: Master of Business Administration - MBA

Information Assurance

Johnson & Wales University

2024

Bachelor of Science - BS

Computer and Information Sciences, General

Fitchburg State University

Master of Business Administration - MBA

Security Management, Coursework

Nichols College

Certificate

Digital Forensics

Roger Williams University

Experience: 𝗖𝗜𝗦𝗢, 𝗧𝗿𝘂𝘀𝘁𝗲𝗱 𝗔𝗱𝘃𝗶𝘀𝗼𝗿 & 𝗧𝗲𝗰𝗵𝗻𝗶𝗰𝗮𝗹 𝗘𝘅𝗽𝗲𝗿𝘁

As a Fractional Chief Information Security Officer (CISO) as I provide clients CISO services in a manner that fits their needs and budget.

I develop robust cybersecurity and information risk management strategies and aligning them with IT initiatives, business processes and goals. I blend business acumen, technical prowess, effective leadership, to influence stakeholders harmoniously to establish audit-ready cybersecurity capabilities and risk management programs.

𝗥𝗶𝘀𝗸 𝗔𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁𝘀, 𝗖𝗼𝗻𝘁𝗿𝗼𝗹 𝗚𝗮𝗽 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 & 𝗠𝗮𝘁𝘂𝗿𝗶𝘁𝘆 𝗔𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁𝘀, 𝗟𝗲𝗮𝗱𝗶𝗻𝗴 𝘁𝗼 𝗥𝗶𝘀𝗸 𝗥𝗲𝗱𝘂𝗰𝘁𝗶𝗼𝗻 & 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝘆 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁

I have conducted cybersecurity control gap and maturity assessments for clients, identifying and remediating imminent high risk gaps while developing business risk management oriented information security program and cybersecurity operational strategies, roadmaps, target operational models, policies, standards and procedures.

𝗘𝗻𝗵𝗮𝗻𝗰𝗲𝗱 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗲 𝗖𝗮𝗽𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝘁𝗼 𝗔𝗹𝗶𝗴𝗻 𝗪𝗶𝘁𝗵 𝗘𝗺𝗲𝗿𝗴𝗲𝗻𝗰𝘆 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁

In collaboration with a C2C partner and a PA county I enhanced the countywide 9-1-1 Communications Center cybersecurity incident response plans to align those plans with the county wide Office of Emergency Operations Plans (EOPs), ensuring a seamless and coordinated response in cybersecurity crisis situation.

𝗧𝗮𝗰𝘁𝗶𝗰𝗮𝗹 𝗮𝗻𝗱 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝗶𝗰 𝗥𝗶𝘀𝗸 𝗥𝗲𝗺𝗲𝗱𝗶𝗮𝘁𝗶𝗼𝗻 𝘁𝗼 𝗥𝗲𝘀𝗼𝗹𝘃𝗲 𝗙𝗲𝗱𝗥𝗔𝗠𝗣 𝗜𝘀𝘀𝘂𝗲𝘀

Crafted a cybersecurity strategy that addressed and remediated 12 USDA FedRAMP compliance issues related to Network Security, Identity & Access Management (IAM), Security Information Event Monitoring and Data Loss Prevention (DLP) ensuring the organization's adherence to regulatory standards.

2014 : Present

TMJL Group

Fractional Chief Information Security Officer (CISO)

𝗗𝗲𝗱𝗶𝗰𝗮𝘁𝗲𝗱 𝘁𝗼 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗶𝗻𝗴 𝗣𝗲𝗼𝗽𝗹𝗲

I've been fortunate to learn from exceptional mentors who've instilled in me the value of mentorship. Today, I'm committed to guiding aspiring cybersecurity professionals on their journeys.

𝗖𝗹𝗮𝘀𝘀𝗿𝗼𝗼𝗺 𝗟𝗲𝗰𝘁𝘂𝗿𝗲𝘀, 𝗟𝗮𝗯𝘀 & 𝗘𝘅𝗽𝗲𝗿𝗶𝗲𝗻𝘁𝗶𝗮𝗹 𝗟𝗲𝗮𝗿𝗻𝗶𝗻𝗴

My focus is on leading the Introduction to Cybersecurity course, which encompasses classroom instruction and hands-on labs. I equip students with essential knowledge in areas like Network Security, NIST Frameworks, Application Security, Windows Security, and Linux Security, Threats, Vulnerabilities and Risk, Security Tools, Penetration Testing and more.

𝗠𝗲𝗻𝘁𝗼𝗿𝘀𝗵𝗶𝗽 & 𝗖𝗮𝗿𝗲𝗲𝗿 𝗕𝘂𝗶𝗹𝗱𝗶𝗻𝗴

In addition to classroom learning, I prioritize providing folks guidance and mentorship as they navigate their career development journey. I am always happy to advisory guidance, ideas and perspectives to help students not only excel in their studies but also build successful careers in cybersecurity field or wherever their path takes them. I strongly believe in knowledge sharing and supporting students and colleagues beyond the workplace and classroom.

2023 :

ThriveDX

Cybersecurity Instructor Lead

𝗠𝗮𝘀𝘁𝗲𝗿 𝗗𝗲𝗴𝗿𝗲𝗲 𝗟𝗲𝘃𝗲𝗹 𝗧𝗲𝗮𝗰𝗵𝗶𝗻𝗴 & 𝗟𝗲𝗮𝗿𝗻𝗶𝗻𝗴

As an instructor for the master's degree level Introduction to Cybersecurity class, my primary objective was to provide students with a comprehensive, technically rigorous, and business-focused understanding of the cybersecurity domain. The course aimed to equip students with the knowledge and skills necessary to excel in this dynamic field, some topics covered included :

𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸𝘀, including the Zero-Trust model, NIST Cybersecurity Framework, and ISO 27001.

𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘀𝘁𝗮𝗻𝗱𝗮𝗿𝗱𝘀, encompassing NIST 800-53 Revision 5, ISO 27002, OWASP, and CIS.

𝗡𝗲𝘁𝘄𝗼𝗿𝗸 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆, Cryptography, and the operational application of encryption, including Public Key Infrastructure (PKI) and SSL/TLS.

𝗔𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆, covering the Secure Software Development Lifecycle, API Security, and secure software practices.

𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗧𝗲𝗰𝗵𝗻𝗼𝗹𝗼𝗴𝘆, Firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and Gateway Filtering solutions.

User Authentication, multi-factor authentication, and identity management.

𝗖𝗹𝗼𝘂𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 best practices for securing data and applications in cloud environments.

Insights into cyber attacks, techniques, and tactics employed by cyber adversaries.

𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁, including the identification, assessment, and remediation of vulnerabilities.

In-depth understanding of firewalls, their configuration, and their role in safeguarding network perimeters.

𝗙𝗼𝘂𝗻𝗱𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆, ensuring students had a solid grounding in fundamental principles such as defense in depth, threats, vulnerability and attacks.

𝗜𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗶𝗼𝗻 𝗼𝗳 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘄𝗶𝘁𝗵𝗶𝗻 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗢𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝘀, aligning cybersecurity initiatives with business objectives.

2023 :

Pace University

Cybersecurity Adjunct Professor

𝗘𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝘆, 𝗕𝘂𝗶𝗹𝘁 𝗮 𝗧𝗿𝘂𝗲 𝟮𝗻𝗱 𝗟𝗶𝗻𝗲 𝗼𝗳 𝗗𝗲𝗳𝗲𝗻𝘀𝗲

I devised and executed a comprehensive ERM transformation strategy that garnered board approval and ensured regulatory compliance. This strategic initiative not only addressed long-standing NCUA and NYDFS compliance issues but also positioned the organization for enhanced risk management in a rapidly evolving financial landscape.

𝗢𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗙𝘂𝗻𝗰𝘁𝗶𝗼𝗻𝘀 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁, 𝗠𝗮𝘁𝘂𝗿𝗲𝗱 𝗔𝗰𝘁𝗶𝘃𝗶𝘁𝗶𝗲𝘀 𝗶𝗻𝘁𝗼 𝗣𝗿𝗼𝗴𝗿𝗮𝗺𝘀

To bolster our ERM I carved out 1st Line of Defense operational functions from ERM areas, including physical security, medical response, and vendor management transforming them into well-defined operational programs. This strategic move not only focused and streamlined the risk oversight and governance processes, it improved risk governance capacity by more than 85%. By creating distinct operational programs for these critical aspects, we were able to focus resources more effectively and proactively manage risks, and formalize the operational activities into mature programs.

𝗧𝗲𝗮𝗺 𝗘𝗺𝗽𝗼𝘄𝗲𝗿𝗺𝗲𝗻𝘁 𝗜𝗺𝗽𝗿𝗼𝘃𝗲𝗱 𝗧𝗲𝗰𝗵𝗻𝗼𝗹𝗼𝗴𝘆 𝗨𝘁𝗶𝗹𝗶𝘇𝗮𝘁𝗶𝗼𝗻

One of my key achievements during my time at Teachers Federal Credit was the mentorship and empowerment of the ERM team. I fostered an environment where team members were encouraged to take ownership and lead. This resulted in development of program documentation, SLAs, workflows, and RACIs as well as the establishment of configuration requirements for the Quantivate GRC platform, a collaborative effort that increased use of the GRC platform's capabilities more than 71% including use cases for Incident Management, Risk Register, Control Inventory, Third Part Risk Management and Control, Risk and Compliance Mapping.

2021 : 2022

Teachers Federal Credit Union

Head of Enterprise Risk Management

𝗖𝘆𝗯𝗲𝗿 𝗥𝗶𝘀𝗸 𝗚𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲 𝗣𝗿𝗼𝗴𝗿𝗮𝗺 𝗕𝘂𝗶𝗹𝗱𝗼𝘂𝘁, 𝗜𝗻𝗰𝗿𝗲𝗮𝘀𝗲𝗱 𝗢𝘃𝗲𝗿𝘀𝗶𝗴𝗵𝘁 𝟴𝟬%

Recruited to repair a client relationship, rebuild trust and revamp a 2nd Line of Defense cyber risk governance program. Utilizing industry best practices such as NIST CSF, ISO/IEC 27001/2, COBIT, and FFIEC guidance, I worked key client stakeholders make comprehensive programmatic improvements. These enhancements led to improved quality and depth of assessments and an 80% quarterly increase in the number of assessments.

𝗔𝗪𝗦/𝗔𝘇𝘂𝗿𝗲 𝗖𝗹𝗼𝘂𝗱 𝗧𝗿𝗮𝗻𝘀𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻, 𝗘𝘀𝘁𝗮𝗯𝗹𝗶𝘀𝗵𝗲𝗱 𝗦𝗜𝗘𝗠/𝗦𝗢𝗖

I orchestrated the end-to-end design and delivery of SIEM/SOC managed security services provider initiatives as part of Croc's cloud transformation. As a result of these effort OPTIV realized a subs

Company: TMJL Group

Years of Experience: 16

Skills

Amazon Web Services (AWS), Communication, Cross-team Collaboration, Cyber Risk Management, Cybersecurity, Cybersecurity Tools, Data Analysis, Digital Forensics, Financial Analysis, Governance, Risk Management, and Compliance (GRC), Incident Response, Information Technology, ITIL, IT Strategy, Lean Principles, Linux, Operations Management, Problem Solving, Program Management, Project Management, Public Speaking, Risk Management, Security Architecture, Security Awareness, Security Strategy, Senior Stakeholder Management, Stakeholder Management

About

𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀-𝗼𝗿𝗶𝗲𝗻𝘁𝗲𝗱 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 & 𝗥𝗶𝘀𝗸 𝗟𝗲𝗮𝗱𝗲𝗿

I have a rock-solid technical and security foundation encompassing a BS in Computer Information Systems, public safety, big-4 equivalent cybersecurity consulting, and a lineup of certifications, including CISM, CISA, CISSP, CDPSE, ITPD, CFE, and CCM. I've navigated over 10,000 hours of technically intricate detailed digital forensics& incident response (DFIR) investigations. Complementary I am set to complete an MBA Q1 '24, and I have over 10 years experience working in global businesses.

𝗘𝘅𝗽𝗲𝗿𝘁𝗶𝘀𝗲 & 𝗔𝗰𝗵𝗶𝗲𝘃𝗲𝗺𝗲𝗻𝘁𝘀

I've excelled in leading security audits, conducting risk assessments, and crafting cybersecurity and risk governance strategies, aligning them seamlessly with IT and business objectives. My role as a fractional Chief Information Security Officer (CISO) spans various industry verticals and navigating complex global organization and regulatory challenges.

Some of my accomplishments include achieving an 80% increase in risk governance oversight, creating $6M in cost savings without increased risk, navigating FedRamp compliance issues, and resolving M&A cybersecurity concerns. I operate in diversely in domains such as cybersecurity operations, risk management, Data Loss Prevention (DLP), Network Security, Identity and Access Management (IAM), Incident Response, Business Continuity and others.

𝗣𝘂𝗯𝗹𝗶𝗰 𝗦𝗽𝗲𝗮𝗸𝗲𝗿

I bridge the technical speak communication gap having shared insights with novices, executives, boards, and notable organizations like the Providence Journal, Rutgers University, Roger Williams School of Law, and U.S. Cyber Command.

𝗘𝗱𝘂𝗰𝗮𝘁𝗼𝗿 & 𝗠𝗲𝗻𝘁𝗼𝗿

I have committed to coaching and mentorship, serving as an Advisory Board Member and Adjunct Professor at Pace University and instructing at ThriveDX-affiliated universities, including Central Florida University and Long Beach University.

𝗣𝗵𝗶𝗹𝗼𝘀𝗼𝗽𝗵𝘆

I hold high ethical standards and believe in extreme ownership, building talent and championing risk awareness by weaving it into the business in day-to-day operations.

𝗖𝗼𝗻𝗻𝗲𝗰𝘁 & 𝗖𝗼𝗻𝘁𝗮𝗰𝘁

Let's connect on LinkedIn and schedule a conversation on Calendly https://www.calendly.com/toddhammond

𝗦𝗸𝗶𝗹𝗹𝘀

Threat Intelligence

Awareness & Training

Endpoint Security

Third-party Risk

Privacy

Patch Management

Red/Blue Teaming

M&A Due Diligence

Stakeholder Management

DFIR

IT Security Audits

Regulatory Compliance

Six Sigma Process Improvement

Program Development

Stakeholder Management

Risk Management