Wilson Cybersecurity Consulting Services ......... Key Consulting Program Deliverables:
Larry Wilson is the former Chief Information Security Officer for the University of Massachusetts President's Office. I served in that position from 2009 to 2018. As the University's first CISO, I was responsible for developing, implementing and overseeing compliance with the UMASS Information Security Policy and Written Information Security Plan (WISP).
During that period the University Cybersecurity Program (and I) won several industry awards:
In addition to designing a cybersecurity program for the University, I have developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. This includes his role as Adjunct Faculty at the University of Massachusetts in the Computer Science Department. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations and Practitioners courses, NIST 800-171, the CIS Controls, etc. I am currently developing a class on Secure Software Development.
I currently provide cybersecurity consulting services to mid-sized and large enterprises. The consulting focuses mainly on designing and building cybersecurity programs based on the NIST Cybersecurity Framework, the CIS Critical Security Controls, NIST 800-53 Security and Privacy Controls, and NIST 800-171 Security Requirements.
I use a four step approach to design / develop a comprehensive security program:
Step 1: Conduct a kickoff meeting to collect pertinent information from the operation’s team (network diagrams, user-access diagrams, data flow diagrams, asset inventories, security tools inventories, manager names / roles, etc.).
Step 2: Based on information gathered in Step 1, complete the System Security Plan (SSP), Cybersecurity Risk Assessment (RA)
Plan of Action & Milestones (POA&M), and
Executive Report (ER).
Step 3: Review the results of the draft documents (SSP, RA, POA&M, ER) with the client to validate any assumptions.
Step 4: After final feedback is received, and all key assumptions documented and approved, the final documents are delivered to the program lead.