Bio - Brian Allen
Professional experience summary
- Brian has over 20 years of strategic experience in the Security field, most recently as a former Chief Security Officer for Time Warner Cable, a major critical infrastructure corporation
- Brian served on several national security policy organizations working with global government agencies and national regulators to address cyber policy implementation and implications
- He is an author of two books on Enterprise Security Risk Management and speaks globally on related topics at industry events
- Brian is an Adjunct Professor at the University of Connecticut's School of Business and teaches Advanced Issues and Applications in Risk Management
- As a former Chief Security Officer for a Fortune 125 managing his responsibilities included: cybersecurity, physical security, fraud management, investigations, business continuity, crisis management, security policy (government and regulatory) and managing a 24/7 global security operations center
- Brian was appointed by the FCC to represent the communications industry to work closely with NIST in developing the Cybersecurity Framework and then assist in implementing the Cybersecurity Framework across the Communications Sector
- Experienced lobbyist for an intellectual property trade organization and experience in government policy. Testifying before a variety of Federal and State legislative, judicial and executive proceedings
Cyber Risk Management
- Cyber security risk management function transformations: providing subject matter expertise to boards, executives and CSO’s in the development and transformation of cyber security risk management programs for multiple Global Fortune 100 companies. Engagements resulted in a comprehensive in-depth risk-informed governance structure that applied cybersecurity risk strategy to the business goals and missions. Detailed risk register and risk mappings were developed to communicate proper cyber risk exposure to the board and executives for risk-informed decision-making processes. These programs execute a maturity model methodology to build and define risk tolerance, defining a budgeting strategy to apply appropriate cost-effective resources to risk reduction and define incident management criteria for proper enterprise escalation reporting.
- Developed public disclosure policies and procedures for boards of directors addressing the SEC's guidance to board and executive-level quarterly oversight on cyber risk reporting and cyber risk management responsibilities.