Cal is a Managing Director with Protiviti, currently leading the security and privacy solutions consulting business globally. He is responsible for both global delivery and developing service offerings in this area. This specifically includes directing our work in privacy, security, and identity management design and implementation.
Prior to joining Protiviti in September 2008, he was with IBM Corporation for 30 years and led their global Security and Privacy Services team from its creation in 1998 until 2008.
He has worked with clients of all sizes in a wide variety of industries providing a broad array of information security and risk management services. His expertise includes developing and evaluating comprehensive information security strategies and program, data privacy and compliance program design and assessments, incident response planning and execution, and security architecture services.
Representative Engagements Include:
- Led the work with a global industrial client to assess their overall security program strength. Defined client objectives and areas for improvement (with prioritised initiatives, project estimates and timelines) and worked with the client Board of Directors to formalise the strategic plan and budget for the program
- Led the work with a U.S. based healthcare organisation to understand their compliance with FISMA and HITRUST CSF standards in order to retain and grow their government business. This review also took into account the integration of new technologies (iPad) into an established security environment
- Managed the evaluation of the security organisation, program and infrastructure of a global financial services organisation. The deliverables included the reduction of support cost by 7%, the improvement of enterprise threat identification and analysis as well as the rationalisation of tools supporting that analysis
- Led the work with a global Financial Services company to define internal compliance with over 2000 security controls. During this engagement, it became clear that ownership for specific control compliance was incomplete and that there was no clear linkage between the controls and the variety of enterprise business and regulatory requirements. His team was successful in establishing ownership and a priority scheme for remediation which tied to business priorities
- Worked with a global Logistics organisation to define a global data governance program. Beyond the Chief Privacy Officer and legal organisation, the client did not recognise the sensitivity of the information they were processing. Protiviti was able to establish an approach to information classification, an appropriate lifecycle stewardship for the specific sensitive
- BSBA Bucknell University
Professional Memberships & Certifications
- Certified HITRUST CSF Assessor