Consultant, Investor, Board Member, Philanthropist, Speaker, and Author.
I offer consulting services for (cyber) risk management, family offices, and business strategy through Acorn Pass, LLC.
I am also available for software development and data-related projects.
I clean up pretty well and make a good panelist and speaker.
As a serial entrepreneur with executive experience spanning the public and private sector I share my knowledge, help organizations develop new products and enter new markets.
Extensive experience managing cyber risk for organizations and governments. Although I specialize in cyber risk management I have experience with all-hazards risk management as well.
Starting with my own family, my goal is to help multiple generations cope with the cycle of life and the social, educational, and financial challenges at each stage.
I relish the chance to develop software any time I can. I have masted several languages and can pick up just about any language in a few weeks. I also have low-code visual development experience, full stack knowledge, and CI/CD experience.
Python / Perl
Pascal / SQL
BASIC / Lisp
Java / Shell Scripts
Whatever else you want; I'll master it!
I was at the forefront of data science and business intelligence way back in the 1990's. I helped develop and support programs for the agro-chemical giant Syngenta, among others. A little bit of good, clean data can go a long way toward decision support.
Artificial Intelligence (data drives AI)
Unstructured (mining & cleaning to find the gold)
XML / JSON / etc.
PostgreSQL / Oracle / SQL Server / Access / etc.
Applied frequentist and and bayesian statistics
I enjoy helping startups and occasionally invest in them.
I also like helping individuals that need some advice.
I am a retired Senior Advisor for Cybersecurity and Risk Management to the National Risk Management Center, which is a division of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Among other projects, I spearheaded the establishment of the first National Critical Functions Risk Register to help senior government leaders prioritize and coordinate risk management objectives across the entire government ecosystem.
Prior to joining the National Risk Management Center, I served as the CEO of Threat Sketch, a data and analytics firm specializing in solutions for large scale cyber risk management problems. I completed my graduate studies in information security at East Carolina University and I am certified in risk and information systems control by ISACA. I am the author of Cybersecurity: A Business Solution, a definitive guide to managing cyber risk in small organizations. Additional career accolades include representing the interests of small organizations before Congress and through participation in key Homeland Security events. I was also a founding member of the ICT Supply Chain Task Force Executive Council. I served as the first chairman of the North Carolina Center for Cybersecurity and sat on advisory boards for the University of North Carolina at Greensboro, Forsyth Technology Community College and the University of North Carolina at Wilmington.
~ Career Highlights ~
ICT Supply Chain Risk Management
Task Force – Executive Council
Panelist and guest speaking engagements for WSJ and others
NIST CSF Collaboration, OLIR references, etc.
Risk Model Expert
1st Place VC Competition
CEO Round Table
Watch me addresses the House Small Business Committee on cybersecurity.
Cybersecurity: A Business Solution
Bucket list: Write a book ☑
Bucket list: Write a book ☑
Experts agree and studies show that executive involvement is critical to managing cyber risk. But what exactly does that look like to the owners, board members and top managers of resource constrained small and medium businesses? My book strips away the technical aspects and illustrates how to manage the business aspects of cybersecurity.
A National Institute of Standards and Technology (NIST) reference.
30 Cybersecurity Books To Deepen Your Knowledge - Auth0
100 Best Cyber Security Books of All Time - Book Authority / Cyber Magazine
What are the best coding books for cyber security? - Quora
What are the best resources to learn cybersecurity online in 2021 - Great Learning
I was honored to be recorded by the National Institute of Standards and Technology (NIST) to promote adoption of the NIST Cybersecurity Framework.
Personal projects, being incubated under the Acorn Pass, LLC umbrella, include ...
Replace timber's meager, lumpy income stream with an equally green, consistent, and more lucrative use of timber tracts.
Develop an alternative "forest" that produces green hydrogen and hydrogen peroxide.
Develop industrial and/or portable "trees" that produce green hydrogen + hydrogen peroxide using only sunlight & water.
Qualitative vs Quantitative
Redefine the relationship between quantitative and qualitative risk management to be an "and" not an "or" proposition.
Make qualitative, quantitative, objective, and subjective sources of risk estimates that co-exist in a single framework.
Develop a set of verbal, visual, software, and data-backed tools to transparently translate between multiple estimation techniques.