My name is Jeff Warren and I started South Lake Cyber Risk, LLC (SLCR), when after more than 20 years in the industry I saw conventional approaches to cybersecurity fall short.

Effective cybersecurity isn’t easy. Misplaced trust in hardware or software solutions and decisions driven by fear, uncertainty, and doubt often lead to disappointment, downtime, data loss, and reputational impacts from which some organizations will never recover. I started SLCR to share my knowledge, experience, and to promote a holistic, risk-centered approach to cybersecurity.

My approach is based on decades of experience in all aspects of information technology where I learned that when people are empowered by effective cybersecurity governance practices, the entire organization benefits. In successful cybersecurity programs, personnel understand their role and the organization’s expectations. Security products are strategic tools with a purpose. Compliance is a guide and companion rather than a detached effort to satisfy a third party.

As a senior executive and former CISO, I have led numerous strategic security and compliance engagements for domestic and global organizations across industry verticals. Key elements to this success are a critical understanding of technology, risk methodologies and experience with complex and dynamic organizations and cultures.

Regardless of your industry, or even if you’re a like-minded cyber-risk consulting organization, I welcome the opportunity to meet with you to discuss your challenges.

Past Projects:

• Designed and implemented an integrated approach to cyber risk management, pairing cybersecurity professionals with IT auditors to facilitate automated, rapid identification and remediation of underperforming controls.
• Led information security incident response and incident handling based on event severity classifications.
• Redesigned an organization’s cybersecurity operations to create the first global SOC to rapidly detect and respond to threats against more than 10,000 endpoints.
• Implemented a weighted third-party risk assessment process to measure the potential impact of supplier processes on cybersecurity posture, aligned by NIST 800-161.
• Led an organization to achieve six, ISO 27001 third-party audit cycles without any material findings.
• Created an organization’s first Information Security Management System and ensured alignment of the organization’s policies with IT, HR, Legal, and Operational needs.