Daniel has over 25 years of management consulting and senior leadership experience with companies such as Booz Allen Hamilton, Deloitte Consulting, PwC, Fannie Mae, Gannett, HMSHost, and federal agencies (DHS, USCIS, ICE, TSA, FBI, U.S. Army, and others).
- Served as Managing Director, Commercial Practice for boutique cyber security firm in Washington, D.C. Grew practice size and revenue by more than 200% in one year.
- Stood up Digital Innovation division team of resources in NYC, Toronto, and Krakow.
- Director in Strategic Planning Office leading key digital media initiatives for Chief Marketing Officer, Chief Product Officer, and Branded Content executives.
- Director of Strategic Initiatives, Program Operations responsible for program with budget of $140M across 600+ resources
- Led practice team across Europe and South American with 110 practitioners spanning seven countries.
Zac is a penetration tester, red teamer, and security architect. Zac has over seven years of experience performing offensive information security assessments. His balanced skill set encompasses red team operations, threat simulation, network penetration testing, social engineering, physical security penetration testing, and information technology audit and consulting, and PCI compliance. Zac has taught classes and presented on topics related to information security at industry events across the country including various BSides events, Secure360, and Defcon.
Brian is a cybersecurity expert with over a decade of proven experience successfully defending highly targeted U.S. government departments and agencies.
- Security Operations Center (SOC) Lead at the Defense Advanced Research Projects Agency (DARPA), leading a team providing 24×7 security analysis and engineering services.
- Executive Office of the President (EOP) as a Security Operations Branch Chief and Information Security Specialist.
- IT security and engineering in support of the Executive Office of the President, White House Office, and OMB.
Rhett has over twenty-five years of leadership in retail, operations, sales, business development and trade associations.
- Held Vice President positions at National Retail Foundation (NRF), Retail Industry Leaders Association (RILA), Food Marketing Institute (FMI).
- Co-founded the Loss Prevention Foundation to create a robust industry certification for asset protection professionals.
- Served on Commercial Facilities Sector Coordinating Council and the Food and Agriculture Sector Coordinating Council for the Department of Homeland Security.
- Chairman, Board of Directors International Supply Chain Protection Organization (ISCPO).
Dan is a Technology Executive with over 25 years of experience; he spent the first 10 years of his career in Technology Consulting at AMS (now CGI, Inc.) and KPMG, and the last 15+ years in roles of increasing responsibility within financial services firms – The Carlyle Group, Fannie Mae, loanDepot and Impac Mortgage, where he was CIO for two years.
- As CIO, Dan ran all aspects of Technology organization at a publicly traded mortgage originator and servicer.
- Led team of 140 resources (110 FTEs and 30 consultants, on/off shore), representing more than 1/3 of Technology organization for the 2 nd largest nonbank provider of direct-to-consumer loans ($40-plus billion / year) in the US.
- Managed team of 280-plus resources running an application portfolio of 250-plus systems supporting Finance, Enterprise Risk, Credit and Corporate functions, with annual budget of $77 million for a Fortune 50 company.
- Directed program management and execution function for one year ($175 million/year strategic initiative) to re-engineer servicing, bond administration, issuance and disclosure systems and processes to integrate with Common Securitization Solutions (CSS).
Aki has 15 years of experience in government, academia, and in private strategic advisory.
- As Director of Open Source Intelligence (OSINT) at a cybersecurity firm, Aki led the team that investigated and tracked down cybercriminals, violent stalkers, extortionists, online conspiracists, and foreign state officers.
- Former counterterrorism analyst and co-author of the book, Find Fix Finish: Inside the Counterterrorism Campaigns that Killed Bin Laden and Devastated Al Qaeda.
- Published on intelligence and open-source subjects in many publications, including The New York Times, The Washington Post, The Atlantic, NPR, and Politico.
- He frequently appears on Fox, CNN, MSNBC, and BBC as a commentator.
- He starred as an intelligence analyst on the 2017 CBS show Hunted.
- Teaches the intelligence and analysis graduate class at American University in Washington, D.C.
Steve leads the active cyber defense and counter-threat program for the largest payment processor in the world. Recognized cybersecurity and “hacking” expert. He has advised in investigative news segments, provided cyber weapon analysis for warfare planning options, and brings his unique combination of offensive and defensive expertise to bear in targeted adversary emulations, assessments and program development.
- 20 years of Cybersecurity experience across government, private sector, and managed services in both offensive and defensive roles.
- Holds numerous certifications including the CISSP, OSCE, OSCP, GDAT, CEH, CEPT, and CCNA.
Drew is a Cybersecurity professional with 8 years of experience managing and executing Offensive Security engagements across small, medium, and large organizations.
- Offensive Security engagements have spanned several industries, such as Finance and Critical Infrastructure, and involved:
- Red teaming (e.g., Multi-month attack simulations)
- Purple teaming (i.e., Joint exercises between Red & Blue)
- Penetration Testing (e.g., Network, Application, Wireless, Social Engineering)
- Vulnerability Assessments
- Offensive Security program management, custom training, and tool development (e.g., Powershell, Python, Ruby, C#)
- Drew has also received the below industry relevant certifications:
- Offensive Security Certified Expert (OSCE)
- Offensive Security Certified Professional (OSCP)
- Offensive Security Wireless Professional (OSWP)
- SANS GIAC Reverse Engineering Malware (GREM)
Matt Donato is a Managing Director of CyberSN – a global leader in Cyber Security Staffing and Talent Solutions – and previous Co-Founder & CEO of HuntSource- a Cyber Security, Data Privacy, IT Governance, Risk, & Compliance Executive Search and Staffing firm.
Matt possesses over 15 years of experience in IT and Cyber Security Executive Recruiting, Talent Management, Strategic Consulting, and Staffing experience; specifically focusing in value creation, integrating sales and recruitment strategies into the overall business strategy of an organization can help protect companies and provide the solid foundation they need to grow and transform. Matt received his BS in Economics from Roanoke College and his Executive MBA from Wake Forest School of Business.
Ray serves as an executive advisor and principal consultant with CSRG. Ray is currently the founder and president of Vertex11, a risk management consultancy leading the implementation of risk management strategy to help companies achieve their strategic objectives. He has extensive experience in leading strategy, implementation, remediation and regulatory compliance initiatives. Ray was a founding member of PricewaterhouseCoopers risk assurance, cybersecurity and hacking practice. He distinguished himself by leading the firm’s efforts in the development of internal control guides as part of the firm’s Entertainment and Media practice. Ray’s work became part of the foundational library for risk and controls supporting Sarbanes-Oxley compliance. Ray has held corporate executive roles at TimeWarner/AOL and Fannie Mae. Ray had responsibility for organizing and leading AOL’s governance, risk and controls organization which included program design, operation and testing of financial controls and externally reported digital media metrics.
At Fannie Mae, Ray held several executive roles in cybersecurity, operational risk and compliance. Ray led the firm’s remediation of its material weakness in access management amongst many risk and control challenges.
As a founding partner and principal consultant at SEVN-X, Ryan employs his training, experience, and expertise in helping organizations assess and protect their information security assets as well as respond to cybersecurity events. Ryan’s skillset has been forged from an extensive amount of field work—across various verticals—serving in both strategic and tactical security roles. SEVN-X requires all of its team members to be experts in information security and that starts from the top down.
Ryan is a strategic partner for CSRG, specializing in Red Team Operations.
After years in IT, performing network and system administration, software development, and architecting cloud migrations, Matt began to focus his efforts in cybersecurity. At SEVN-X, Matt draws on his technical competency and law enforcement background to assist clients, in both proactive and incident response capacities. In addition, Matt has developed an arsenal of applications, strategies, policies, and procedures to assist clients in achieving better cybersecurity.
Matt is a strategic partner for CSRG, specializing in Incident Response planning and execution.
We operate as a true attacker whose goal would be to disrupt your business operations. When we begin our assessment, your business is a ‘black box’. We are focused on ensuring our evaluation of your detection and response capabilities are as realistic as they can be. At the outset, we develop rules of engagement with you to identify high value targets that could be most problematic if compromised.
We emulate selected Tactics, Techniques, and Procedures (TTPs) a sophisticated and patient APT (Advanced Persistent Threat) would use to attack your security infrastructure. We work with your security team to identify TTPs you’d like to focus on. You have the flexibility to focus your assessment on specific areas of your security infrastructure or see how vulnerable your business is to commonly accepted TTPs (e.g. MITRE framework, etc.).
We assess your current IR procedures and organizational posture, and recommend how you can better respond to an incident. We leverage the IR assessment and guide your organization through table-top exercises. We simulate an incident in real time, and guide your IR team how to better detect, mitigate, and respond against an attack.