Cyber Security Consulting

Cyber Security ConsultingCyber Security ConsultingCyber Security Consulting

Strategic Advisory & Roadmapping

Services

Wilson Cybersecurity Consulting

Wilson Cybersecurity Consulting Services ......... Key Consulting Program Deliverables: 


  1. Cybersecurity Strategy: The cybersecurity strategy provides a blueprint the organization's cybersecurity program . The goals, objectives and action plans identify key roles / responsibilities, capabilities, processes and desired outcomes. 
  2. Cybersecurity Policy: The cybersecurity policy establishes the security controls that, when implemented,  ensure the confidentiality, integrity and availability of the organization's key computer networks and information assets. The security policy specifies a set of capabilities that protect critical business and personal information from unauthorized access, modification or destruction.
  3. Cybersecurity Assessment Scope: The scope of critical systems and information assets that support the key business line or business process. Once scope is determined, related IT systems and assets will be identified as well as the overall risk assessment approach.  
  4. Cybersecurity Executive Report: Key information summarized in the Cyber Risk Report includes: What is the current state of security? What is the desired state of security? What are the current gaps? What are the critical assets? What are the biggest risks? Do we have the right technology? Do we have the right workforce resources / skills?
  5. System Security Plan: Establishes the desired security state (target profile) of the critical IT systems and information assets. The target profile is based on industry standard security controls (NIST SP 800-53, NIST SP 800-171, CIS Controls, ISO 27002 Controls, etc.) and is in alignment with with the NIST Cybersecurity Framework. The target profile identifies the desired cybersecurity outcomes of the organization. 
  6. Cyber Risk Assessment: Identifies the current security state of the business (current profile) of the critical IT systems and information assets. The current profile is based on industry standard security controls (NIST SP 800-53, NIST SP 800-171, CIS Controls, ISO27002 Controls, etc.) and is in alignment with the NIST Cybersecurity Framework. The Cyber Risk Assessment results indicate which outcomes from the SSP are currently being achieved. 
  7. Gap Analysis / Plan of Action and Milestones (POA&M): The Gap Analysis / Plan of Action and Milestones (POA&M) includes: Weaknesses or deficiencies in deployed security controls and source of the identified weakness. Severity of the identified security control weaknesses or deficiencies. Scope or affected assets of the weakness in components within the environment. Proposed risk mitigation approach to address the identified weaknesses or deficiencies in the security control implementations (e.g., prioritization of risk mitigation actions and allocation of risk mitigation resources).
  8. Cybersecurity Program Maturity Report: Establishes a baseline of the current and desired cybersecurity program maturity. Highlights the strengths, weaknesses and overall maturity of the organization's cybersecurity program.

About Me

Technical Experience

Consulting Experience

Consulting Experience

Larry Wilson is the former Chief Information Security Officer for the University of Massachusetts President's Office. I served in that position from 2009 to 2018. As the University's first CISO, I was responsible for developing, implementing and overseeing compliance with the UMASS Information Security Policy and Written Information Security Plan (WISP).   

  

During that period the University Cybersecurity Program (and I) won several industry awards: 

 

  • 2013 - Information Security Executive (ISE) award for best cybersecurity program in Education
  • 2013 - SANS Person who made a difference award in Cybersecurity Award. 
  • 2014 - UMass Cybersecurity Program featured on the SANS Critical Security      Controls Poster 
  • 2016 - Security Magazine 20 Most Influential People in Cybersecurity


Consulting Experience

Consulting Experience

Consulting Experience

In addition to designing a cybersecurity program for the University, I have developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. This includes his role as Adjunct Faculty at the University of Massachusetts in the Computer Science Department. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations and Practitioners courses, NIST 800-171, the CIS Controls, etc. I am currently developing a class on Secure Software Development. 


I currently provide cybersecurity consulting services to mid-sized and large enterprises. The consulting focuses mainly on designing and building cybersecurity programs based on the NIST Cybersecurity Framework, the CIS Critical Security Controls, NIST 800-53 Security and Privacy Controls, and NIST 800-171 Security Requirements.  


Four Step Approach

Consulting Experience

Four Step Approach

I use a four step approach to design / develop a comprehensive security program: 

 

Step 1: Conduct a kickoff meeting to collect pertinent information from the operation’s team (network diagrams, user-access diagrams, data flow diagrams, asset inventories, security tools inventories, manager names / roles, etc.). 


Step 2: Based on information gathered in Step 1, complete the System Security Plan (SSP), Cybersecurity Risk Assessment (RA)

Plan of Action & Milestones (POA&M), and 

Executive Report (ER).


Step 3: Review the results of the draft documents (SSP, RA, POA&M, ER) with the client to validate any assumptions.  


Step 4: After final feedback is received, and all key assumptions documented and approved, the final documents are delivered to the program lead.

Contact Us

Get ahead of the hackers with our cybersecurity consulting.

Wilson Cyber Security Consulting

Larry Wilson lwilson@wilsoncyber.com