Mike Ortlieb


Mike is a Director in Protiviti’s Orlando Technology practice. He has 13 years’ experience in the Information Security field. He also has five years’ experience as a software developer working on web and database applications for the U.S. Military.

At Protiviti, Mike oversees client engagements related to information security programme management, industry compliance, and technical assessment. This includes security assessments, penetration testing, PCI compliance consulting projects and computer forensic investigations. Mike is also a member of the Protiviti national information security practice and the Qualified Security Assessor (QSA) team.​

Major Projects

  • Mike has led and performed multiple internal and external penetration tests for Protiviti’s clients in the financial services, healthcare, insurance, hospitality and retail industries. These penetration tests include discovering network and application layer flaws using both automated and manual techniques as well as social engineering attacks. At the conclusion of each penetration test, Mike also provides recommendations, guidance and reporting to management on remediation strategies.
  • As a QSA, Mike performs the PCI-DSS audit procedures and creates the Report on Compliance (ROC) for Protiviti’s clients in the retail, hospitality, restaurant, and healthcare industries. Mike leads the assessment effort, assists with remediation strategies and provides training and support to client personnel.
  • Mike has conducted assessments of the information security governance programme of clients in the healthcare and financial services industries. This included determining security strategy, defining the roles and responsibilities of IT and Information Security, assessing security and governance policies, analysis of the reporting structure, and overall guidance on mitigating risk
  • Mike assisted in PCI gap analysis and remediation project for a many of Protiviti’s clients. These projects involve identifying all gaps within the PCI-DSS, developing remediation strategies, executing action plans and overseeing client personnel.
  • Mike developed the information security training programme for new employees at a leading entertainment client as part of a PCI compliance project. This project involved the design of a framework to train employees on information security policies and procedures, as well as lead training exercises and simulations for the client’s incident response team.
  • Mike has led and performed multiple information security assessments for clients across various industries. These projects include performing vulnerability assessments, identifying technical and process-based risks, conducting information security training, and assessing the maturity of an enterprise’s overall security programme, as compared to the ISO 27001 and 27002 standards.

Areas of Expertise

  • Information Security
  • Incident Response
  • Penetration Testing
  • PCI-DSS Compliance

Industry Expertise

  • Hospitality
  • Healthcare
  • Financial Services
  • Restaurant & Retail


  • B.S. – Computer Science, University of Central Florida
  • Graduate Certificate – Computer Forensics, University of Central Florida

Professional Memberships and Certifications

  • GPEN