Cybersecurity Leader - CISO - BISO - vCISOexpert

Steven Hurst

610-***-**** *.*.********@*****.*** LinkedIn

Summary

Cybersecurity leader with over 18 years of experience as CISO, BISO, and vCISO, guiding security strategies and managing global teams between 4 and 400. Specializes in aligning business governance with technical controls, identity-first security, and cloud posture management across Microsoft 365, Azure, AWS, and Google Cloud. Delivered a critical vulnerability reduction program that cut risks from over a thousand to fewer than ten in under a year and provides advisory guidance on generative AI governance. Career Highlights

• Governance, Risk, & Compliance (GRC) process development resulting in ISO 27001, PCI-DSS, HIPAA, NIST 800-53 certifications of premises and cloud based solutions

•Managed the security services portfolio leading to the growth from less than $1 million to over $350 million a year.

•Supported security solutions for U.S. federal, state and local government agencies and multiple Fortune 1,000 organizations across industries including healthcare, financial services, telecommunications, utilities, manufacturing, retail, and education.

•Developed, documented and productized the AT&T DDoS Defense proactive DDoS identification and mitigation product Experience

Pyramid Consulting

Business Information Security Officer (BISO) Jan 2025 - Mar 2026

•Served an international health insurance and pharmacy service provider as BISO, aligning business governance to HIPAA and NIST CSF controls and facilitating identity management risk identification and control.

•Implemented a critical vulnerability reduction program resulting in a reduction of system, cloud, and application vulnerabilities from over a thousand to less than 10 in under 12 months by integrating cloud security controls and detection tooling.

•Improved security awareness scores through regular presentations, development of a security awareness game show, and a series of short one minute video presentations.

ZS Associates

Business Information Security Officer (BISO) Jun 2023 - Sep 2024

•Spearheaded ZS Associates' cybersecurity initiatives as the inaugural BISO, establishing foundational security practices and fostering robust relationships between the CISO office and client teams, significantly enhancing client trust and security posture.

•Authored influential Point of View papers on generative AI security and zero trust architectures, establishing a governance framework for secure adoption of generative AI.

•Played a pivotal role in the Health-ISAC program committee and led a critical data identification and tagging project, demonstrating exceptional leadership in cybersecurity thought leadership and practical application of security strategies. Wipro Limited

Customer Security Lead Mar 2022 - Jun 2023

•Boosted client trust by leading identity management and cloud security strategies.

•Enhanced operational efficiency by managing a global team implementing endpoint security and incident response practices.

•Drove business growth through strategic focus on budgeting and customer metrics. Account Delivery Head Sep 2019 - Mar 2021

•Directed comprehensive IT and cybersecurity solutions for a global communications firm, surpassing financial goals and boosting account margins through strategic optimizations.

•Led an international team in delivering high-quality services, ensuring strict compliance with industry standards, optimizing resource utilization, and achieving a record customer satisfaction score, thereby fostering strong client relationships and business growth.

•Developed and executed innovative cybersecurity strategies, enhancing key account metrics and reinforcing the company's market leadership.

Program Director - Cybersecurity and Risk Services Nov 2018 - Mar 2022

•Enhanced global financial services security, boosting application safety and compliance.

•Improved security project delivery for an international entertainment company, leading nine security domain teams across two countries.

•Increased compliance efficiency with a Governance, Risk, and Compliance tool for a medical diagnostics firm.

•Developed an automated reporting tool for a US financial services company, enhancing strategic decision-making. Independent Security Consultant

vCISO and Trainer Dec 2017 - Present

•Virtual CISO, offering strategic cybersecurity consulting to diverse companies, enhancing their security posture and compliance with industry standards by implementing tailored security frameworks and strategies.

•Designed and delivered CISSP, CISM, ISO 27001 security training programs for international providers, elevating the cybersecurity knowledge and skills across organizations, as evidenced by an increase in certification pass rates among participants.

•Leveraged expertise in cybersecurity to develop and conduct specialized training sessions, directly contributing to the advancement of global cybersecurity practices and standards.

AT&T

Director of Security Strategy and Governance 2016 - 2017

•Engineered and launched global network and service platforms, enhancing automation and reallocating human resources to more complex tasks, providing strategic cybersecurity leadership.

•Developed and implemented comprehensive security architectures and frameworks, advancing AT&T's managed services to meet stringent security standards, showcasing expertise in cybersecurity solutions.

•Successfully streamlined processes and governance, contributing to MSS Product virtualization strategy and aligning product and operations, evidenced by a 33% reduction in sales cycle times and recovery of lost revenue. Director of Security Architecture and Compliance 2012 - 2016

•Led the strategic oversight of AT&T's managed products as deputy CISO, while driving the growth of multi-customer two-factor authentication products and overseeing secure coding practices, directly contributing to enhanced managed product resilience.

•Orchestrated integration of customer-facing security operations with a portion of the corporate CISO resulting in a new department that achieved more efficient cost management and improved customer experience through the adoption of agile methodologies.

•Championed the design, funding, deployment, and development of GRC and vulnerability management platforms, simplifying compliance and audit processes and achieving a 100% success rate in compliance audits for key financial and retail customers. Director of Product Marketing, and Management, Security Services 2005 - 2012

•Led the strategic direction and oversight of product management teams within the managed security services department, driving the development and marketing of critical security services, resulting in enhanced security solutions for large accounts and government agencies.

•Supported network and premises based security products from development through end of life or developed partnerships with third parties to deliver.

•Orchestrated teams responsible for network-based firewalls, proxy services, endpoint security, and multi-customer security incident and event management products, addressing complex security challenges through collaboration with engineering and development teams.

Data Network Consultant 2001 - 2005

•Engineered wide area networks for diverse clientele, showcasing technical prowess and customer centric solutions.

•Developed the AT&T managed core network embedded DDoS product, establishing a benchmark for network security and resilience, significantly elevating industry standards.

•Spearheaded AT&T's global security subject matter group, emerging as the premier Security Subject Matter Expert for Technical Marketing. This leadership role was instrumental in fortifying AT&T's security posture and asserting market dominance through the development of a streamlined network security evaluation tool. Education

Temple University 1984 - 1986

Master, Education (Technology)

Temple University 1976 - 1982

Bachelor of Arts, Communication and Theater

Temple University 1978 - 1980

Associate of Science, Criminal Justice/Police Science Licenses & Certifications

• TruSecure ICSA Security Practitioner (TICSA)(ret): TruSecure

• Wilderness First Aid and CPR/IED Instructor: Emergency Care and Safety Institute

• ISO 27001:2013 Lead Auditor: BSI

• CISSP (ISC2-CISSP): ISC2 #70846

Selected skills

•Leadership & Management: Team Building, Cross-functional Team Leadership, CISO Leadership, Business Strategy, Risk Management

•Communication & Training: Communication, Public Speaking, Training, University Teaching

•Security Frameworks & Compliance: NIST CSF, SOC 2, HIPAA, CMMC 2.0, Gap Analysis

•Technical Security Expertise & Advanced Tools: Information Security, Cybersecurity, Security Architecture, SOC design and management, Incident Response, Ransomware Resilience, Detection Tooling, AI Governance, Generative AI Security

•Cloud, Identity & Endpoint Security: Cloud Security, Identity Management, Endpoint Security

Contact this candidate