WilliamWeberBill
4015 South Main StreetMailstop #10088
South BendIndiana46680US
bill@cyberfoundry.io
+15718333000
President and Founder
CyberFoundry, Inc.
South BendIndianaUS
January2017
Develop security offerings to assist medium to large enterprises in improving their capabilities. Support reviews of existing operations before audits or in response to incidents. Help organizations orient their security operations to their business strategy.
Developed and deployed OneTrust Third Party Risk Management for the New York City Public Schools
Interim CISO for Penn State University Applied Research Lab FFRDC
Provide Virtual Chief Information Security Officer programs to high-value businesses, including cybersecurity assessments and audit prep
Conduct Incident Response Root Cause Analysis for post-breach clients, helping identify and remove security threats
Provide small business IT services to move into the cloud and modernize business operations securely
Director of Detection, Response, and Forensics Teams / Chief Information Security Officer (CISO)
New York University
New YorkNew YorkUS
January2021October2021
NYU is a top global research university with an annual academic and research revenue of $3.7bn. As director of the Detection, Response, and Forensics department, I led global efforts to implement and manage a Security Operations Center (SOC) and managed internal, matrix, and multi-national teams to implement security services for 13 global sites.
Rebuilt SOC detection and response capabilities by rearchitecting the Splunk SIEM and implementing Palo Alto Cortex SOAR.
Deployed Palo Alto Cortex XDR (Extended Detection and Response) capability across 13 countries.
Rearchitected the network into an ‘Open Campus’ and protected networks using micro-segmentation and ZTNA concepts.
Prepared the organization for IT Outsourcing by standardizing operational procedures, negotiating contracts, and performing risk assessments.
Developed Incident Response Procedures and led multiple Incident Response Activities. Trained leadership on risk and response.
Conducted listening tours to understand stakeholder needs and adapt the program to the organization's culture.
Cyber Security Sector Manager / Chief Information Security Officer (CISO)
Massachusetts Institute of Technology Lincoln Lab
LexingtonMassachusetts
November2018October2020
MIT Lincoln Labs is a Federally Funded, Research and Development Center (FFRDC) with an annual research revenue of $1bn. As the team leader for cyber security operations within the Information Technology division, my responsibilities include the development, implementation, and operation of all cyber security operations within DoD classified and unclassified environments. This role extended into protecting unique and threat-adverse environments under high external interest, sensitivity, and potential security threats.
Developed, managed, and operated DoD classified and unclassified security operations centers (SOC) in compliance with CMMC, FISMA, NIST Risk Management Framework, NIST SP800-53, and NIST SP800-171 standards.
Implemented ACAS and related vulnerability management technologies to support DoD classified systems.
Partnered with researchers to leverage the lab's unique skills to detect and deter cyber security threats using ahead-of-market insights and technologies.
Built collaborative, strategic relationships with stakeholders within the lab to advance the cyber security capability and culture.
Analyzed SOC tooling and procedures allowing a reduction of duplicate capabilities, and provided normalized operating procedures, which were then automated through a Security Orchestration Automation and Response (SOAR) platform.
Created and monitored performance analytics to measure effectiveness.
Principal Security Strategist / Virtual Chief Information Security Officer (vCISO)
eSentire
WaterlooOntarioCanada
September2016September2018
Client Advocate performing comprehensive risk assessments and business impact analysis with remediations.
Partnered with clients to define their risks and map out long-term strategies for their operations.
Created MDR offerings portfolio while supporting sales and marketing. Managed pricing and profitability of the portfolio.
Enterprise Architect / Virtual Chief Information Security Officer (vCISO)
Hewlett-Packard Enterprise (Electronic Data Systems – EDS)
PlanoTexasUS
May2003May2016
Team leader to implement security services for the Navy-Marine Corps Intranet (NMCI) program with 400,000 users and 1m+ assets globally. Functioned in DoD classified and unclassified environments.
Developed and implemented a team-based DHS Continuous Diagnostics and Monitoring (CDM) program winning a $6bn contract position.
Team leader to develop and pitch FedRAMP cloud solution offerings to the US Government.
Provided services as a Virtual Chief Information Security Officer (CISO) to commercial clients.
Served as a HIPAA Compliance Officer and Lead Security Architect for CMS-focused software development efforts.
Managed complex projects requiring strong analytical skills and creative cultural adaptation with government clients.
Engineer / Consultant
Microsoft
San DiegoCaliforniaUS
October1999May2003
Windows Kernel Performance engineer deploying Active Directory to the field at its inception. Supported the first very large-scale Active Directory (400,000+ users). Developed and deployed to the field Windows Terminal Server and Internet Security and Acceleration (ISA) services for large-scale internet presences. Developed client base supporting government, healthcare, and fintech client base, winning top region two of two years.
Manager, Information Technology
Winchester Hospital
WinchesterMassachusettsUS
19981999
Senior Consultant
New England Medical Center (Tufts)
BostonMassachusettsUS
19961998
Production Coordinator
Data Link Systems
South BendIndianaUS
19901992
Director, Tool and Die Apprenticeship Program
Acme Institute of Technology
South BendIndianaUS
19891990
Skills
Leadership
Dedicated team builder with a history of helping organizations transform their internal security operations into high performance teams capable of shifting culture, reducing risk, and responding to emerging threats. Being a CISO is equal parts partnering within the organization, building the cyber team, and responding to the threat landscape; all with the vision of implementing a strategy to reduce risk to the organization.
Leadership
Management
Security Operations
Reducing Risk
Security
Based in the rigor of government security programs, I’ve developed large scale systems (400,000+ seats), lead the architectural development of Continuous Monitoring Solutions, and built Security Operation Centers for Classified and Unclassified environments. Having operated in strategic and technical environments, I can move between and lead all facets of security and engineering efforts.
Navy Marine Corps Intranet (NMCI)
Large Scale Systems
Architecture
Engineering
Continuous Monitoring
Security Operations Center (SOC)
Classified Environments
Unclassified Environments
Controlled Unclassified Information (CUI)
Compliance
OneTrust Fellow and highly experienced implementing Governance, Risk Management and Compliance (GRC) programs. Developed compliance programs based on NIST SP800-171, SP800-53, ISO 27001, HIPAA, GDPR, SOX and SOC2 requirements.
OneTrust Fellow
Governance, Risk Management and Compliance (GRC)
NIST SP800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
NIST SP800-53 Security and Privacy Control for Information Systems Organizations
NIST SP800-137 Information Security Continuous Monitoring
NIST SP800-37 Risk Management Framework
HIPAA Healthcare Insurance Portability and Accountability Act
GDPR General Data Protection Regulation
SOX Sarbanes Oxley Act
SOC2 American Institute of Certified Public Accountants (AICPA) Service Organization Control Type 2
Cloud
Developed and sold the first FedRAMP Moderate Cloud Solution for HP to government sponsors. Extensive experience driving emerging technologies into existing programs. Amazon Web Services certified.
FedRAMP Federal Risk and Authorization Management Program
Amazon Web Services certified
Infrastructure
35 years of experience, starting as a network and microsystems engineer. Fluent in network and internal infrastructure design having implemented campus networks, regional WAN infrastructure, virtualization platforms and within the Microsoft and now Azure ecosystems. Enterprise Architect and Systems Engineer experienced in developing and implementing large scale infrastructure (400,000+ seats)
Network Infrastructure
Local Area Network Design
Wide Area Network Design
Microsoft Azure
Microsoft Active Directory
Microsoft Entra
Enterprise Architect
Masters
Business Administration
University of Texas at Dallas
July2011
DallasTexasUS
Masters
Information Technology
Security
Capella University
July2008
Bachelors
Computer Information Systems
Excelsior College
July2006
Interests
Mensa International High IQ Society
Mensa has around 150,000 members of all ages in 90+ countries worldwide. The society provides its members with diverse and exciting opportunities for social, cultural, and intellectual interaction.
Member
https://mensa.org
US Mensa Security Special Interest Group (SecSIG)
The official Security Special Interest Group of American Mensa
SIG Founder and Coordinator
https://secsig.org
TOOOL The Open Organization of Lockpicking
The Open Organisation Of Lockpickers, or TOOOL, is an international group of lockpicking enthusiasts dedicated to advancing the general public knowledge about locks and lockpicking through teaching, research, and competition. TOOOL in the United States is a 501(c)(3) non-profit organization with Chapters in more than 20 states, including affiliated Chapters in Canada.
Member
https://www.toool.us
FBI Infraguard
InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure. Through seamless collaboration, InfraGard connects owners and operators within critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats. InfraGard’s membership includes: business executives, entrepreneurs, lawyers, security personnel, military and government officials, IT professionals, academia and state and local law enforcement—all dedicated to contributing industry-specific insight and advancing national security.
Member
https://www.infraguard.org
Certifications
Federal Communications Commission
Amateur HAM Radio General License
Amateur General Class
Call Sign KD9YTT
https://wireless2.fcc.gov/UlsApp/UlsSearch/searchLicense.jsp
August2023
OneTrust
Fellow of Privacy Technology
ID #73644
https://www.onetrust.com
(ISC)2
CISSP Certified Information Systems Security Professional
ID #29867
https://isc2.org
ISACA
CISM Certified Information Security Manager
ID #1014442
https://isaca.org
ISACA
CRISC Certified in Risk and Information Systems Controls
ID #1004569
https://isaca.org
Microsoft>
MCSE Microsoft Certified Systems Engineer
ID #1793697
https://microsoft.com
Microsoft
MCITP Microsoft Certified Information Technology Professional
ID #1793697
https://microsoft.com
Amazon Web Services
CCP Certified Cloud Practitioner
ID #01783372
https://aws.amazon.com
Cisco
CCNA Cisco Certified Network Associate
ID #CSCO010095762
https://cisco.com
Cisco
CCDA Cisco Certified Design Associate
ID #CSCO010095762
https://cisco.com
NSA National Security Agency
National Training Standard for Information Systems Security Professionals
CNSS 4011
NSA National Security Agency
National Training Standard for System Administrators in Information Systems Security
CNSS 4013
ICCP Institute for Certification of Computing Professionals
CCP Certified Computing Professional
ID #240331
https://www.iccp.org
CompTIA
A+
ID #10445345
https://www.comptia.org
CompTIA
i-Net+
ID #10445345
https://www.comptia.org
CompTIA
Network+
ID #10445345
https://www.comptia.org
CompTIA
Server+
ID #10445345
https://www.comptia.org
CompTIA
CTT+ Certified Technical Trainer
ID #10445345
https://www.comptia.org
CFO's Guide to Just Enough Cybersecurity for Venture Capital Firms
Bill Weber
December2023
CyberFoundry, Inc.
Guide to Creating Usable Cybersecurity Policies and Procedures
Bill Weber
January2024
CyberFoundry, Inc.
Top Secret
US Department of Defense
2003JanuaryLast Used
Entrance on Duty
US Department of Homeland Security
Cybersecurity
Risk Management
Information Security
Strategic Planning
Team Leadership
Compliance
GDPR
HIPAA
SOX
Security Operations Center (SOC)
Incident Response
Data Privacy
Network Security
Continuous Monitoring
Threat Intelligence
Vulnerability Assessment
Cloud Security
Security Architecture
Regulatory Compliance
Governance
Information Technology
Crisis Management
Security Awareness Training
Business Continuity
Disaster Recovery
Information Assurance
Identity and Access Management (IAM)
Security Policy Development
Penetration Testing
Encryption Technologies
Endpoint Security
Intrusion Detection Systems (IDS)
Security Information and Event Management (SIEM)
Federal Information Security Management Act (FISMA)
National Institute of Standards and Technology (NIST) Standards
ISO 27001
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
OneTrust
Amazon Web Services (AWS)
Cloud Computing
Virtual Chief Information Security Officer (vCISO)
Artificial Intelligence in Security
Cryptocurrency
Provide leadership
Renault Ross
renault_ross@globalrnsc.com
RNSC
Bill Weber is a rare breed of Information Security practitioners, who I can actually attest not only understands just Cybersecurity strategy, controls and best practices but equally understands how it applies to business goals, objectives and imperatives. His passion is unmatched and keeps him sharpening his toolkit of knowledge in learning and sharing it to improve vendor products, solutions and customer's Enterprise Information Security Programs.
Vik Muiznieks
vikmuizniels@gmail.com
Southern New Hampshire University
When I think about who I'd like to have as a CISO, Bill bubbles quickly to the top of a very short list. He has a very broad, deep and strategic view of the security landscape (complemented by a business perspective to match), but can get down into the weeds and sort through the details quickly if and when necessary (and it frequently is necessary...). He also cares deeply about his staff, encourages continuous development and training, and tries to make things fun at the same time. Doesn't hurt that his Mensa scores/skills are second to none, either...
Chris Tangora
chris.tangora@gmail.com
MIT Lincoln Lab
I worked with Bill before and into the 2020 Pandemic and saw first hand his strategic views being put into action. Bill urges and facilitates his team to design & develop a security infrastructure to achieve overarching goals. I appreciated Bill’s confidence and candor.
Michael Todino
michael_todino@hotmail.com
MIT Lincoln Lab
Bill brings a wealth of knowledge on multiple domains within the cyber and IT areas. His ability to measure risk vs usability is a key towards striking a balance between the two for organizations to protect their data while enabling their staff to work more collaboratively. Bill is also a person of high integrity and solid values. The development and well being of his staff is paramount while he embraces a diversity of ideas and welcomes different perspectives towards problem solving. Bill is a great addition for any organization looking to modernize and develop their cyber program.
David Abotchie
david.abotchie@stopahack.com
Stop A Hack
I had the honor of working under Bill's leadership at MIT Lincoln Laboratory. Bill consistently impressed me with his strategic vision, transparent decision-making, and unwavering commitment to our mission. His ability to inspire his team and drive results is truly exceptional. I wholeheartedly recommend Bill for any leadership role or initiative he chooses to undertake. His dedication and prowess in leadership are second to none.
Peter Brookman
pbrookman@gmail.com
CDI LLC
I have had the pleasure of working with Bill over the past 3 years. Bill’s command over security and regulatory compliance is extremely impressive. Bill has the rare ability to understand the various compliance (NIST, ISO…) complexities and translate those into business priorities. As a revenue producer who predominantly sells to C-level executives I was fortunate to have Bill on my team. Executives appreciated Bill’s pragmatic approach to problem-solving and his partnership helped me quickly build trust and confidence among our clients/prospects.
George Romas
george.romas@mantech.com
Mantech
Bill worked for me as an Enterprise/Security/Cloud Architect, developing solutions for our US Public Sector customers - while building a cybersecurity lab for our organization. He easily grasps the complexities of architecting solutions according to stringent security policies, controls and requirements, and does extremely well in communicating these concepts to any audience. He is a strategic thinker that can also incorporate the details in the solutions he develops.
Michael Schwartz
Micro Focus
I have worked with Bill for close to a decade crossing paths along various client engagements. Bill is very articulate and possesses great knowledge with respect to IT Security, Process, and Policy. A forward thinking individual that would be a great asset to any service organization, think tank, or CTO role
Wayne Wright
wayne_wright@msn.com
Microsoft
Bill is an amazing security guru. He is adept at designing, architecting and implementing secure IT environments at all levels of FISMA. I really believe that Bill has the NIST security documents, DISA STIGs, FedRAMP controls, and the Security Risk Management framework memorized. And, perhaps his most important characteristic, he can explain the value and the rationale of security practices to those of us who are challenged by the esoteric nuances of security.
Pamela Foster Brady
pamelafbrady@gmail.com
University of Texas at Austin
Bill is a high level thinker - always two to three steps removed from the task and looking at the greater picture. He's free-spirited with a great sense of humor. He was a high performance team member and delivered excellent work on time.
Kevin Lawson
klawson@ftautocredit.com
First Texas Auto Credit
Bill and I worked together on several projects together at the University of Texas - Dallas. Bill was always diligent in his preparation and he brought different view points to improve our strategic execution. An example of Bill's solid contribution was when he took the lead on a project to develop the framework and outline which helped keep us organized and focused on the end result. Bill is a great contributor and creative thinker, I highly recommend his abilities.
Rachael Babcock
rachael.babcock@gmail.com
MetsiLabs
Bill is a strategic thinker and analyst. You can give him any software or technology and he will quickly understand how it works in detail, and the business and technical implications of an implementation. Bill keeps up to date on the many industry trends and always has a cutting edge and progressive view on security, architecture, and various technologies. I would highly recommend him to lead or be part of the technical team of any major corporation, where cutting edge technologies and business is crucial for market place differentiation.
2024
WilliamWeber
All rights reserved. This document may not be copied or distributed without permission.
10January2024