4015 South Main StreetMailstop #10088 South BendIndiana46680US
bill@cyberfoundry.io +15718333000
President and Founder CyberFoundry, Inc. South BendIndianaUS January2017 Develop security offerings to assist medium to large enterprises in improving their capabilities. Support reviews of existing operations before audits or in response to incidents. Help organizations orient their security operations to their business strategy.
  • Developed and deployed OneTrust Third Party Risk Management for the New York City Public Schools
  • Interim CISO for Penn State University Applied Research Lab FFRDC
  • Provide Virtual Chief Information Security Officer programs to high-value businesses, including cybersecurity assessments and audit prep
  • Conduct Incident Response Root Cause Analysis for post-breach clients, helping identify and remove security threats
  • Provide small business IT services to move into the cloud and modernize business operations securely
  • Director of Detection, Response, and Forensics Teams / Chief Information Security Officer (CISO) New York University New YorkNew YorkUS January2021October2021 NYU is a top global research university with an annual academic and research revenue of $3.7bn. As director of the Detection, Response, and Forensics department, I led global efforts to implement and manage a Security Operations Center (SOC) and managed internal, matrix, and multi-national teams to implement security services for 13 global sites.
  • Rebuilt SOC detection and response capabilities by rearchitecting the Splunk SIEM and implementing Palo Alto Cortex SOAR.
  • Deployed Palo Alto Cortex XDR (Extended Detection and Response) capability across 13 countries.
  • Rearchitected the network into an ‘Open Campus’ and protected networks using micro-segmentation and ZTNA concepts.
  • Prepared the organization for IT Outsourcing by standardizing operational procedures, negotiating contracts, and performing risk assessments.
  • Developed Incident Response Procedures and led multiple Incident Response Activities. Trained leadership on risk and response.
  • Conducted listening tours to understand stakeholder needs and adapt the program to the organization's culture.
  • Cyber Security Sector Manager / Chief Information Security Officer (CISO) Massachusetts Institute of Technology Lincoln Lab LexingtonMassachusetts November2018October2020 MIT Lincoln Labs is a Federally Funded, Research and Development Center (FFRDC) with an annual research revenue of $1bn. As the team leader for cyber security operations within the Information Technology division, my responsibilities include the development, implementation, and operation of all cyber security operations within DoD classified and unclassified environments. This role extended into protecting unique and threat-adverse environments under high external interest, sensitivity, and potential security threats.
  • Developed, managed, and operated DoD classified and unclassified security operations centers (SOC) in compliance with CMMC, FISMA, NIST Risk Management Framework, NIST SP800-53, and NIST SP800-171 standards.
  • Implemented ACAS and related vulnerability management technologies to support DoD classified systems.
  • Partnered with researchers to leverage the lab's unique skills to detect and deter cyber security threats using ahead-of-market insights and technologies.
  • Built collaborative, strategic relationships with stakeholders within the lab to advance the cyber security capability and culture.
  • Analyzed SOC tooling and procedures allowing a reduction of duplicate capabilities, and provided normalized operating procedures, which were then automated through a Security Orchestration Automation and Response (SOAR) platform.
  • Created and monitored performance analytics to measure effectiveness.
  • Principal Security Strategist / Virtual Chief Information Security Officer (vCISO) eSentire WaterlooOntarioCanada September2016September2018
  • Client Advocate performing comprehensive risk assessments and business impact analysis with remediations.
  • Partnered with clients to define their risks and map out long-term strategies for their operations.
  • Created MDR offerings portfolio while supporting sales and marketing. Managed pricing and profitability of the portfolio.
  • Enterprise Architect / Virtual Chief Information Security Officer (vCISO) Hewlett-Packard Enterprise (Electronic Data Systems – EDS) PlanoTexasUS May2003May2016
  • Team leader to implement security services for the Navy-Marine Corps Intranet (NMCI) program with 400,000 users and 1m+ assets globally. Functioned in DoD classified and unclassified environments.
  • Developed and implemented a team-based DHS Continuous Diagnostics and Monitoring (CDM) program winning a $6bn contract position.
  • Team leader to develop and pitch FedRAMP cloud solution offerings to the US Government.
  • Provided services as a Virtual Chief Information Security Officer (CISO) to commercial clients.
  • Served as a HIPAA Compliance Officer and Lead Security Architect for CMS-focused software development efforts.
  • Managed complex projects requiring strong analytical skills and creative cultural adaptation with government clients.
  • Engineer / Consultant Microsoft San DiegoCaliforniaUS October1999May2003 Windows Kernel Performance engineer deploying Active Directory to the field at its inception. Supported the first very large-scale Active Directory (400,000+ users). Developed and deployed to the field Windows Terminal Server and Internet Security and Acceleration (ISA) services for large-scale internet presences. Developed client base supporting government, healthcare, and fintech client base, winning top region two of two years. Manager, Information Technology Winchester Hospital WinchesterMassachusettsUS 19981999 Senior Consultant New England Medical Center (Tufts) BostonMassachusettsUS 19961998 Production Coordinator Data Link Systems South BendIndianaUS 19901992 Director, Tool and Die Apprenticeship Program Acme Institute of Technology South BendIndianaUS 19891990
    Skills Leadership Dedicated team builder with a history of helping organizations transform their internal security operations into high performance teams capable of shifting culture, reducing risk, and responding to emerging threats. Being a CISO is equal parts partnering within the organization, building the cyber team, and responding to the threat landscape; all with the vision of implementing a strategy to reduce risk to the organization. Leadership Management Security Operations Reducing Risk Security Based in the rigor of government security programs, I’ve developed large scale systems (400,000+ seats), lead the architectural development of Continuous Monitoring Solutions, and built Security Operation Centers for Classified and Unclassified environments. Having operated in strategic and technical environments, I can move between and lead all facets of security and engineering efforts. Navy Marine Corps Intranet (NMCI) Large Scale Systems Architecture Engineering Continuous Monitoring Security Operations Center (SOC) Classified Environments Unclassified Environments Controlled Unclassified Information (CUI) Compliance OneTrust Fellow and highly experienced implementing Governance, Risk Management and Compliance (GRC) programs. Developed compliance programs based on NIST SP800-171, SP800-53, ISO 27001, HIPAA, GDPR, SOX and SOC2 requirements. OneTrust Fellow Governance, Risk Management and Compliance (GRC) NIST SP800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations NIST SP800-53 Security and Privacy Control for Information Systems Organizations NIST SP800-137 Information Security Continuous Monitoring NIST SP800-37 Risk Management Framework HIPAA Healthcare Insurance Portability and Accountability Act GDPR General Data Protection Regulation SOX Sarbanes Oxley Act SOC2 American Institute of Certified Public Accountants (AICPA) Service Organization Control Type 2 Cloud Developed and sold the first FedRAMP Moderate Cloud Solution for HP to government sponsors. Extensive experience driving emerging technologies into existing programs. Amazon Web Services certified. FedRAMP Federal Risk and Authorization Management Program Amazon Web Services certified Infrastructure 35 years of experience, starting as a network and microsystems engineer. Fluent in network and internal infrastructure design having implemented campus networks, regional WAN infrastructure, virtualization platforms and within the Microsoft and now Azure ecosystems. Enterprise Architect and Systems Engineer experienced in developing and implementing large scale infrastructure (400,000+ seats) Network Infrastructure Local Area Network Design Wide Area Network Design Microsoft Azure Microsoft Active Directory Microsoft Entra Enterprise Architect Masters Business Administration University of Texas at Dallas July2011
    Masters Information Technology Security Capella University July2008 Bachelors Computer Information Systems Excelsior College July2006
    Interests Mensa International High IQ Society Mensa has around 150,000 members of all ages in 90+ countries worldwide. The society provides its members with diverse and exciting opportunities for social, cultural, and intellectual interaction. Member https://mensa.org US Mensa Security Special Interest Group (SecSIG) The official Security Special Interest Group of American Mensa SIG Founder and Coordinator https://secsig.org TOOOL The Open Organization of Lockpicking The Open Organisation Of Lockpickers, or TOOOL, is an international group of lockpicking enthusiasts dedicated to advancing the general public knowledge about locks and lockpicking through teaching, research, and competition. TOOOL in the United States is a 501(c)(3) non-profit organization with Chapters in more than 20 states, including affiliated Chapters in Canada. Member https://www.toool.us FBI Infraguard InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure. Through seamless collaboration, InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats. InfraGard’s membership includes: business executives, entrepreneurs, lawyers, security personnel, military and government officials, IT professionals, academia and state and local law enforcement—all dedicated to contributing industry-specific insight and advancing national security. Member https://www.infraguard.org Certifications Federal Communications Commission Amateur HAM Radio General License Amateur General Class Call Sign KD9YTT https://wireless2.fcc.gov/UlsApp/UlsSearch/searchLicense.jsp August2023 OneTrust Fellow of Privacy Technology ID #73644 https://www.onetrust.com (ISC)2 CISSP Certified Information Systems Security Professional ID #29867 https://isc2.org ISACA CISM Certified Information Security Manager ID #1014442 https://isaca.org ISACA CRISC Certified in Risk and Information Systems Controls ID #1004569 https://isaca.org Microsoft> MCSE Microsoft Certified Systems Engineer ID #1793697 https://microsoft.com Microsoft MCITP Microsoft Certified Information Technology Professional ID #1793697 https://microsoft.com Amazon Web Services CCP Certified Cloud Practitioner ID #01783372 https://aws.amazon.com Cisco CCNA Cisco Certified Network Associate ID #CSCO010095762 https://cisco.com Cisco CCDA Cisco Certified Design Associate ID #CSCO010095762 https://cisco.com NSA National Security Agency National Training Standard for Information Systems Security Professionals CNSS 4011 NSA National Security Agency National Training Standard for System Administrators in Information Systems Security CNSS 4013 ICCP Institute for Certification of Computing Professionals CCP Certified Computing Professional ID #240331 https://www.iccp.org CompTIA A+ ID #10445345 https://www.comptia.org CompTIA i-Net+ ID #10445345 https://www.comptia.org CompTIA Network+ ID #10445345 https://www.comptia.org CompTIA Server+ ID #10445345 https://www.comptia.org CompTIA CTT+ Certified Technical Trainer ID #10445345 https://www.comptia.org CFO's Guide to Just Enough Cybersecurity for Venture Capital Firms Bill Weber December2023 CyberFoundry, Inc. Guide to Creating Usable Cybersecurity Policies and Procedures Bill Weber January2024 CyberFoundry, Inc. Top Secret US Department of Defense 2003JanuaryLast Used Entrance on Duty US Department of Homeland Security Cybersecurity Risk Management Information Security Strategic Planning Team Leadership Compliance GDPR HIPAA SOX Security Operations Center (SOC) Incident Response Data Privacy Network Security Continuous Monitoring Threat Intelligence Vulnerability Assessment Cloud Security Security Architecture Regulatory Compliance Governance Information Technology Crisis Management Security Awareness Training Business Continuity Disaster Recovery Information Assurance Identity and Access Management (IAM) Security Policy Development Penetration Testing Encryption Technologies Endpoint Security Intrusion Detection Systems (IDS) Security Information and Event Management (SIEM) Federal Information Security Management Act (FISMA) National Institute of Standards and Technology (NIST) Standards ISO 27001 Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) OneTrust Amazon Web Services (AWS) Cloud Computing Virtual Chief Information Security Officer (vCISO) Artificial Intelligence in Security Cryptocurrency Provide leadership Renault Ross renault_ross@globalrnsc.com RNSC Bill Weber is a rare breed of Information Security practitioners, who I can actually attest not only understands just Cybersecurity strategy, controls and best practices but equally understands how it applies to business goals, objectives and imperatives. His passion is unmatched and keeps him sharpening his toolkit of knowledge in learning and sharing it to improve vendor products, solutions and customer's Enterprise Information Security Programs. Vik Muiznieks vikmuizniels@gmail.com Southern New Hampshire University When I think about who I'd like to have as a CISO, Bill bubbles quickly to the top of a very short list. He has a very broad, deep and strategic view of the security landscape (complemented by a business perspective to match), but can get down into the weeds and sort through the details quickly if and when necessary (and it frequently is necessary...). He also cares deeply about his staff, encourages continuous development and training, and tries to make things fun at the same time. Doesn't hurt that his Mensa scores/skills are second to none, either... Chris Tangora chris.tangora@gmail.com MIT Lincoln Lab I worked with Bill before and into the 2020 Pandemic and saw first hand his strategic views being put into action. Bill urges and facilitates his team to design & develop a security infrastructure to achieve overarching goals. I appreciated Bill’s confidence and candor. Michael Todino michael_todino@hotmail.com MIT Lincoln Lab Bill brings a wealth of knowledge on multiple domains within the cyber and IT areas. His ability to measure risk vs usability is a key towards striking a balance between the two for organizations to protect their data while enabling their staff to work more collaboratively. Bill is also a person of high integrity and solid values. The development and well being of his staff is paramount while he embraces a diversity of ideas and welcomes different perspectives towards problem solving. Bill is a great addition for any organization looking to modernize and develop their cyber program. David Abotchie david.abotchie@stopahack.com Stop A Hack I had the honor of working under Bill's leadership at MIT Lincoln Laboratory. Bill consistently impressed me with his strategic vision, transparent decision-making, and unwavering commitment to our mission. His ability to inspire his team and drive results is truly exceptional. I wholeheartedly recommend Bill for any leadership role or initiative he chooses to undertake. His dedication and prowess in leadership are second to none. Peter Brookman pbrookman@gmail.com CDI LLC I have had the pleasure of working with Bill over the past 3 years. Bill’s command over security and regulatory compliance is extremely impressive. Bill has the rare ability to understand the various compliance (NIST, ISO…) complexities and translate those into business priorities. As a revenue producer who predominantly sells to C-level executives I was fortunate to have Bill on my team. Executives appreciated Bill’s pragmatic approach to problem-solving and his partnership helped me quickly build trust and confidence among our clients/prospects. George Romas george.romas@mantech.com Mantech Bill worked for me as an Enterprise/Security/Cloud Architect, developing solutions for our US Public Sector customers - while building a cybersecurity lab for our organization. He easily grasps the complexities of architecting solutions according to stringent security policies, controls and requirements, and does extremely well in communicating these concepts to any audience. He is a strategic thinker that can also incorporate the details in the solutions he develops. Michael Schwartz Micro Focus I have worked with Bill for close to a decade crossing paths along various client engagements. Bill is very articulate and possesses great knowledge with respect to IT Security, Process, and Policy. A forward thinking individual that would be a great asset to any service organization, think tank, or CTO role Wayne Wright wayne_wright@msn.com Microsoft Bill is an amazing security guru. He is adept at designing, architecting and implementing secure IT environments at all levels of FISMA. I really believe that Bill has the NIST security documents, DISA STIGs, FedRAMP controls, and the Security Risk Management framework memorized. And, perhaps his most important characteristic, he can explain the value and the rationale of security practices to those of us who are challenged by the esoteric nuances of security. Pamela Foster Brady pamelafbrady@gmail.com University of Texas at Austin Bill is a high level thinker - always two to three steps removed from the task and looking at the greater picture. He's free-spirited with a great sense of humor. He was a high performance team member and delivered excellent work on time. Kevin Lawson klawson@ftautocredit.com First Texas Auto Credit Bill and I worked together on several projects together at the University of Texas - Dallas. Bill was always diligent in his preparation and he brought different view points to improve our strategic execution. An example of Bill's solid contribution was when he took the lead on a project to develop the framework and outline which helped keep us organized and focused on the end result. Bill is a great contributor and creative thinker, I highly recommend his abilities. Rachael Babcock rachael.babcock@gmail.com MetsiLabs Bill is a strategic thinker and analyst. You can give him any software or technology and he will quickly understand how it works in detail, and the business and technical implications of an implementation. Bill keeps up to date on the many industry trends and always has a cutting edge and progressive view on security, architecture, and various technologies. I would highly recommend him to lead or be part of the technical team of any major corporation, where cutting edge technologies and business is crucial for market place differentiation. 2024 WilliamWeber All rights reserved. This document may not be copied or distributed without permission. 10January2024