“We turned tribal knowledge into a repeatable, auditable playbook — think blue‑team discipline with rogue‑hacker swagger.
What we did:
-
Recon: Interviewed engineers, architects, analysts, and leaders to expose undocumented ops and inconsistent controls.
-
Exploit the gaps: Mapped policies, SOPs, and GRC to reveal missing/ineffective controls and untracked risks.
-
Score & Prioritize: Work with second line of defense to standardized risk scoring (likelihood × impact) aligned to NIST/ISO.
-
Deploy the framework: Process → Risk → Controls with owners, templates, review cadences, and preventive/detective/corrective controls.
-
Ship culture: Accessible docs, continuous monitoring, and training to make resilience repeatable.
Result: From chaotic scripts to a hardened playbook — proactive risk management that works.
SPEAKERS:
Curtis Jones is a cybersecurity professional with a strong background in information systems and a commitment to advancing enterprise security programs. He holds a bachelor’s degree in management information systems from San Diego State University (SDSU).
Curtis began his career in Technology Governance, helping mature the policy management process through annual reviews, new policy development, and alignment with the NIST Cybersecurity Framework. He later led the creation of the Process, Risk, and Controls (PRC) Program, establishing its foundational structure and driving its evolution.
He is currently focused on expanding the PRC Program by integrating Key Risk Indicators (KRIs) and building an enterprise risk register to support proactive approaches to risk. Curtis continually strengthens his technical expertise and holds certifications including Security+, CySA+, AWS Cloud Practitioner, and CRTO.
As a strategic cybersecurity executive, Mark bridges the gap between technical defense and revenue protection for global enterprises.
Mark’s career is defined by helping companies shift from reactive security to proactive, risk-based governance. His focus is on designing and implementing frameworks that align with business objectives, establishing risk visibility and accountability globally. By partnering directly with the C-suite to establish enterprise data protection programs, he has helped organizations reduce critical loss events with minimal impact on day-to-day business operations. He has had the privilege of building and mentoring high caliber teams of professionals across EMEA, APAC, and the Americas.
Mark’s leadership philosophy is simple: empower individuals through inclusivity and mutual respect, and the metrics will follow.