Chris leads the information security, risk and compliance management practice for EMA, focusing on IT management/leadership, cloud security, and regulatory compliance.
Chris has over 25 years of industry experience as a noted information security executive, technical evangelist and presenter, focusing on IT and information security management/leadership, cloud security and regulatory compliance. He has had a variety of non-technical professional roles, with his technical career starting in the financial services sector at a credit reporting company, building the technical operations group and the security/compliance practices before leaving as the Principal Technical Architect. He has been the Director of Information Technology for a manufacturing company and the Chief Evangelist for several large technical companies, focusing on cloud security and cloud application transformation. Chris also held the position of CIO of a financial services firm, overseeing the technology-related functions of the enterprise.
Chris holds over a dozen technical certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and the Certificate of Competence in Zero Trust (CCZT). He has also received the Microsoft Most Valuable Professional Award five times for virtualization and cloud and data center management (CDM). He holds a Bachelor of Arts (Summa Cum Laude) from the Metropolitan State College of Denver.
Chris is an avid science fiction fan and yo-yo enthusiast. He splits living between Wisconsin and Colorado with his wife.
B.A., Political Science (Summa Cum Laude), Metropolitan State College of Denver
CISSP, CISA, CCZT
Primary Coverage:
Secondary Coverage
- Application security
- Advanced threat analytics and anomaly detection
- Advanced testing attack simulation
- Bot detection and protection
- Cloud application security management
- Cloud access security broker
- Cryptography and key management
- Container security
- Data leak prevention and data classification
- Electronic governance risk and compliance
- Endpoint protection
- Hardware security modules
- IoT security
- Information rights management
- Managed security service provider
- Patch management
- Runtime application security protection
- Remote access
- Risk management
- Security incident and event management and log management
- Security policy orchestration and automation
- SSL appliances
- Threat intelligence service feeds
- Third-party risk management
- Anti-phishing
- Unified threat management
- Vulnerability management
- Web application firewall
- Workload microsegmentation
- Web security gateway
Tertiary Coverage
- Advanced breach detection
- Antivirus
- Browser isolation
- Consumer identity and access management
- Distributed denial of service protection
- Deception technology
- Digital threat intelligence management
- Intrusion detection/prevention
- Mobile security tools
- Network admission control
- Network APT detection/analysis
- Next-generation endpoint security
- Next-generation firewall/unified threat management
- Secure email gateways and services
- Security operations automation and orchestration
Coverage Definition
Information security, risk, and compliance management is the process by which organizations predict and manage risk by adhering to boundaries set by a business. The practice area encompasses most of the areas and concepts in information security, risk mitigation, and technology regulatory compliance.
