About Secutor

Secutor provides industry-leading cybersecurity consulting services, uniquely tailored to fit the needs of your specific business.

Who We Are

We’re an entrepreneurial enterprise born of a need in the marketplace: the need for affordable cybersecurity. We looked around the cybersecurity landscape and knew we could do better. We created an innovative business model that taps top-notch talent and protects your bottom line.

Today, Secutor is a team of over 100 Information Security and IT professionals with a wide variety of backgrounds. They’ve got a passion for identifying, containing and eradicating cybersecurity issues. And for serving you.

What We Do

We tackle cybersecurity challenges of virtually every size and any type. Our consultants have a wide range of specialties, including building enterprise-class vulnerability management programs, penetration testing for PCI compliance, network security architecture design, and managed SOC operation.

We also instill trust. As we see it, there is a firewall that actually needs to breached… the wall between you and your cybersecurity experts. We work hard to destroy that wall and keep it down, forever. In its place we form bonds based on transparency, value, and partnership.

Our Mission

Our mission is to deliver on-demand, affordable cybersecurity.
To put people first. To be your swift, expert and honest partners in cybersecurity.

Our Expertise

application-security

Application Security

Secutor’s consultants have in-depth experience across application development and application security. We understand the System Development Life Cycle (SDLC) and engineering processes that introduce vulnerabilities hackers exploit like SQL injection, XSS, and CSRF.

cybersecurity-icon

Cybersecurity

We understand a variety of information security disciplines including PCI, HIPAA, and GDPR compliance, risk management, network security and security architecture.

security-architecture-icon

Security Architecture

Our team understands what it takes to be compliant with regulations like PCI DSS, HIPAA, GLBA, and GDPR like the back of their hand. We can write or revise security policies and standards and enhance data protection programs.

vulnerability-management-icon

Threat & Vulnerability Management

Our experienced cybersecurity professionals are experts in Threat & Vulnerability Management including threat intelligence, vulnerability management programs, and vulnerability scanning.

HOW WE DELIVER

Our Team of
Expert Cybersecurity Consultants

Secutor has a team of over 100 Information Security and IT professionals working to provide the highest quality Threat & Vulnerability Management services possible for our customers. Secutor always puts people first, believing that when employees love working here, they’ll treat customers the same way.

  • Only expert-level consultants, with an average of 23 years of industry experience
  • Compliance expertise in COBIT, FFIEC, FISMA, HIPAA ISO 27001, NIST 800-37, PCI DSS, RMF and 800-53

Meet a Few of Our
Senior Team Members:

Meet a few of our
Senior Team Members

Join Our Team

Our work takes great people, and we don’t take their time or talents lightly. We do everything we can to provide them an environment they thrive and excel in.

A FEW OF OUR

Valued Partners

Secutor only uses the most reliable and trustworthy partners to provide services for our clients.

WHY SECUTOR?

We Don't Just Sell Products. We Solve Problems.

top-cybersecurity-talent-icon

Top
Talent

Top Cybersecurity Talent

You work with only the best and most experienced cybersecurity consultants, averaging 22 years of industry experience.
people-first-icon

People
First

People First

We put you, our customer, first. Before profits. Before products. Above all else. We empower our consultants to do what’s right for you, with your success and bottom line in mind.
proven-methodologies-icon

Proven
Methodologies

Proven Methodologies

Our systems have been built on decades of industry experience, ensuring reliability and efficiency in all of our solutions.

Frequently Asked Questions

At the moment, we have over 115 expert consultants that we use to staff engagements.

Our consultants average over 23 years of experience in the industry. There is very little that we haven’t seen or dealt with in Information Security.

Since humans build the applications we use and the underlying infrastructures that run them, humans play a vital role in their protection. From network and application security tools and techniques applied by operators and developers to users being able to recognize scams and fraud. There are a wide range of “wet ware” issues that we in information security have to address.
Information Technology continues to get more complex as the way we use technology evolves. When we started our careers, mobile devices like tablets, cell phones, smart devices, and “Internet of Things” didn’t exist. Being social meant that you went out with friends or family – not hang out online on Facebook, LinkedIn, Reddit, Fiverr, or Nextdoor.

These devices have introduced many modern conveniences, but they’ve also made our jobs more challenging.
Now we must have some understanding of mobile device security, mobile device applications, Cloud security (many providers host their entire environments in the cloud).

The aforementioned social media applications have had the direct consequence of introducing new threat vectors and ways for cybercriminals to defraud the general public. Generally with phishing attacks.
We look at the controls in place and make recommendations to either add or enhance those controls. Specifically, we could be talking about server build “gold standards”, patch and configuration management, endpoint security, desktop security, security awareness training, or even application security. You can see that TVM can be complicated and confusing but we’ve been doing this a very, very long time. We can help!
SCAS is the Secutor Cybersecurity Assessment System. SCAS is a human-centric cybersecurity-driven service aimed at assessing, reviewing, and identifying client organizations TVM Program. We seek to analyze how threats and vulnerabilities are detected and ultimately mitigated.
SSVM is the Secutor Signature Vulnerability Management System. The Secutor Signature Vulnerability Management (SSVM) system is a comprehensive solution that serves as the solid foundation upon which all other Cybersecurity is built. Successful vulnerability management can automatically, accurately and consistently prioritize vulnerabilities based on multiple criteria, along with its integration into the organization’s daily work process.
TVM is Threat & Vulnerability Management. Specifically, it’s the process of analyzing an organization’s ability to identify, react, and mitigate threats and vulnerabilities. We help our customers by starting with a threat modeling exercise – we sit down and understand the business and how business and therefore technology decisions create weaknesses in the security architecture. We then determine what tools and techniques our clients use to address and mitigate those threats.
The earlier in the Systems Development Life Cycle (SDLC) that we catch a threat or a vulnerability, the less burden and expense it is on an organization. For example, if we can help our clients eliminate an entire class of vulnerabilities by designing mechanisms to prevent SQLi attacks without having to address every single validation point in either a web application or mobile application- that’s a big win.

The reason is that whenever new SQL injection vulnerabilities are found, Software Engineers react and go fix those specific problems. That means that they must write code, peer review it, perform regression testing (ie, make sure it doesn’t break existing functionality), quality assurance test it (make sure it fixes the problem), move the code into staging and then into production.

You can see why it is so important to catch a vulnerability in the early stages. But because most organizations don’t do much threat profiling, we tend to see a lot of issues caused either directly or indirectly by information technology processes like: server build and configuration processes, database implementation, application development, patching, disaster recovery, change management, and “desktop” support.
We are a provider of Threat & Vulnerability Management services. Namely: Vulnerability Management, TVM Program Analysis, VM MSSP, and Patch & Remediation Effectiveness. We also provide proactive work such as Application and Network penetration tests.
We have decades of experience in the areas we focus on in information security, and where other cybersecurity consultants outsource their work to cheaper, less experienced talent, we use the same experts from client in-take to the end of the engagement.
At the time Secutor was founded, many organizations had Vulnerability Management programs. We found that many companies did VM well but they did not have a comprehensive approach to TVM – which includes a more broad approach to Threat & Vulnerability Management. Plus, many companies had (and still have) a silo approach to security. Secutor works with our clients to integrate multiple parts of the business together to more effective address data security threats.

What Our Client's Say:

“

Scroll to Top
kelly-hammons-headshot

Kelly Hammons

CEO & VP of Customer Success

With over 30 years of experience in IT and cybersecurity, Kelly Hammons helms Secutor Cybersecurity as its CEO and VP of Customer Success. His strategic foresight and innovation have been key to establishing the company as a leader in the cybersecurity field. At the forefront of his recent achievements is the launch of Insider Direct, Secutor’s groundbreaking service that synergizes the expertise of Fractional CISOs with a pioneering zero-margin cybersecurity marketplace. This initiative is a direct reflection of Kelly’s vision to make cybersecurity a strategic advantage for organizations, providing them with access to bespoke strategies and tools without the traditional markup.

Alongside Insider Direct, Kelly is recognized for developing the Secutor Signature Vulnerability Management system. This innovative system leverages network security architecture to identify and prioritize remediation of critical vulnerabilities, demonstrating Kelly’s commitment to advancing cybersecurity methodologies. His balanced focus on both Insider Direct and the Signature Vulnerability Management system showcases a holistic approach to cybersecurity, emphasizing personalized, strategic solutions alongside efficient, cost-effective tool access.

Under Kelly’s leadership, Secutor Cybersecurity has evolved into a beacon of strategic and client-focused cybersecurity solutions. His ability to drive innovation while maintaining a strong commitment to customer success has not only aided large corporations in strengthening their cyber defenses but has also fostered long-lasting relationships with clients. His unwavering pursuit of excellence continues to propel Secutor forward, ensuring clients receive the most effective and advanced cybersecurity solutions.

JP Hill

In memoriam

It is with profound sorrow and heavy hearts that we share the news of the passing of our beloved James (JP) Hill III, who left us on Monday January 26th, 2024. As we come together in this moment of loss, we find solace in celebrating the extraordinary life and legacy of a true pioneer in the cybersecurity community.

JP was not just a leader; he was a visionary, a mentor, and a dear friend to many of us. His unwavering commitment and passion for cybersecurity have left an indelible mark on our organization and on the thousands of lives he touched. Under his guidance, we have grown in the depth of our understanding and our ability to make a difference in the world.

His legacy is not just in the systems we secure, but in the community he nurtured – fostering an environment where learning, sharing, and mutual respect flourished. JP believed in the power of education to transform lives, and his dedication to our cause has inspired countless individuals to pursue and excel in their cybersecurity careers.

As we mourn his passing, we also reflect on the lessons he taught us: to approach every challenge with integrity, to always be curious, and to care deeply about the well-being of others. His spirit will forever remain a beacon of light guiding our path forward.

He wasn’t just the first to believe in the vision of what Secutor could become; he was instrumental in laying the foundation upon which our company stands. Without his friendship, faith, support, and guidance, Secutor wouldn’t be what it is today. His role in our story cannot be overstated, and our gratitude to him is immeasurable.

You’ll be missed, JP. Rest in peace, dear friend.

Brian Clinkenbeard

Expert Data Scientist

TRANSFORM, MODEL, and VISUALIZE. Advanced infrastructure security planning, design, oversight, assessments, testing and monitoring for businesses and entities who prefer to remain confidential.

  • Incident Response – the main service: containment and eradication
  • Advisory Distribution – issues advisories in regard to new vulnerabilities and how to mitigate same
  • Vulnerability Assessment – performs penetration testing and other assessment techniques to find vulnerabilities and how they may be exploited
  • Intrusion Detection – detects possible compromising events
  • Education and Awareness – bulletins, online boards, workshops, seminars, posters, etc.
  • Technology Watch – keeps abreast of new technologies and explores the feasibility of same
  • Patch Management – keeps software and hardware updated with the latest versions of revisions
  • Forensics – full forensics capabilities

Leon Cook

CYBERSECURITY LEADER, ISC2 CHAPTER BOARD CHAIR

Leon is a highly skilled cybersecurity leader with experience in multiple roles throughout the private, public, and government sector including network, infrastructure, architect, cybersecurity leadership, auditor, consultant and strategist. This allows him to provide a unique perspective on formulating business objectives to secure, purpose driven solutions. He is a forward thinker, while providing a pragmatic approach to deliver secure solutions for the most painful issues. He has also been successful in the management of multi-million-dollar projects for government, intelligence community, and international customers.

Leon has Global level experience in developing and maturing cybersecurity programs including Threat and Vulnerability Management, Threat Intelligence, Threat Hunting, Penetration Testing, Secure Software Development, Security Operations, Incident Response and Management, Governance, and Risk Management.  He also has considerable experience in consulting on privacy, audit, architecture, regulatory compliance, and governance. In addition, he is also experienced in compliance and auditing tasks performed for NIST, FISMA, NIACAP, DIACAP, DCID 6/3, SOX and ICD 503 Certification and Accreditation exercises, and is knowledgeable in PCI, GDPR, and HIPPA compliance.

Jim Deerman

IT Security Consultant III

Jim is a well organized, result oriented professional with extensive experience in a diverse range of information technologies and the knowledge to apply those technologies to meet company’s business goals. He has hands on experience in end-to-end project delivery based on business drivers, including requirements definition; architecture definition, technology evaluation and selection; implementation; and acceptance. Jim has been involved in working closely with operations teams, engineering teams, third party vendors, and upper management in implementing complex systems. Jim is skilled in hardware and software product design; solving complex system and network problems; defining strategic product direction based on long term vision; consulting; and providing technical leadership. He is also effective at explaining complex issues to management and technical staff.

Experience includes:
– Network and security related architecture & design.
– Extensive experience with start-up companies in the role of system architect.
– Virtualization
– Product definition and design.
– Strategic Technology Evaluation.

Specialties:
Jim has worked in the areas of network & system design and architecture for over 30 years. He has extensive experience in the areas of data network technologies, security (both host based and network based), Ethernet switching, routing, and Voice over IP. Jim has done not only network design and architecture, but also network product architecture, system architecture and system software design and development. He has also worked as the technical liaison between Marketing and Development.

Skills

  • End-to-end project delivery
  • Company start-up experience
  • Planning and design of the enterprise network infrastructure
  • Security architecture definition
  • Security and Networking Technology evaluation and selection
  • Defining strategic product direction based on long term vision
  • Strategic Technology Evaluation
  • Technical Requirements Definition
  • Enhanced DataCenter security technologies
  • VoIP service definition
  • Network Management architecture
  • Enterprise firewall traversal technologies for VoIP
  • VoIP policy gateway product deployment
  • Software Development Life-Cycle (SDLC)
  • Malware Research
  • Security Policy evaluation
  • Virtualization, including Software Defined Networks
  • Cloud-based data center evaluation
  • Utilization of Cisco’s UCS system and Nexus switches
  • VMware design and setup
  • VoIP/Mobile security
  • 20+ years of commercial experience
  • 10+ DoD and National Intelligence experience

Steve Blanding

CISO Consultant

CISSP, CISA, CGEIT, CRISC

Steve is an IT management consultant living in Dallas, TX. Steve has over 35 years of experience in executive IT leadership, IT governance, risk and compliance (GRC), systems auditing, quality assurance, information security, and business resumption planning for large corporations in the Big-4 professional services, financial services, manufacturing, retail electronics, and defense contract industries. He has extensive experience with industry best practices for adopting and implementing new technologies, IT service management frameworks, and GRC solutions that have dramatically improved customer satisfaction while reducing cost.

Industry Experience

  • State Government: 5 years
  • Retail: 5 years
  • Defense Contract: 5 years
  • Manufacturing: 2 years
  • Health Care: 2 years
  • Local Government: 2 years
  • Public Accounting (Big 4): 7 years
  • Insurance: 3 years
  • Financial Services: 5 years

Key Career Accomplishments

  • Conducted a full-scale ISO27000 audit 4 times over the past 6 years.  Also, conducted a “light” ISO27000 review of a small Dallas-based company in 2007.
  • Developed and authored a comprehensive IT security policy manual, incident response plans, training programs, security contingency plans and configuration management plans for FedRAMP regulatory compliance.
  • Conducted multiple DR and operational backup and recovery IT risk assessments of critical business systems on mainframe, LAN, and distributed system networks located across North America.
  • Conducted data centers audits for Tyco Corporation (Brussels, 2005 and Denver, 2006), Farmers Insurance (Los Angeles, 2006), Zurich Financial Services (Chicago, Kansas City, and Grand Rapids, 2006), and Convergys Corporation (Dallas, 2010, 2011, and 2012).
  • Led a project to remediate segregation of duties and streamline user access system security and HIPAA compliance administration across 5 regions in North America, resulting in cost savings of $700,000 per year (Kaiser Permanente).
  • Implemented Sarbanes-Oxley Section 302 and 404 IT general and application controls, reducing security administration costs and improving operational performance by 50% or $500,000 annually (Tyco Corporation).
  • Led the global SAP business-IT alignment, process re-design implementation initiative for financial accounting, materials management, production planning, quality management, sales and distribution, warehouse management, and plant maintenance, which resulted in creating $2,000,000 in cost savings.
  • Engaged by Arthur Andersen in Houston to transform the local IT organization and then direct 3 organizational mergers/consolidations, which resulted in a 25% reduction in operating costs, or $3,250,000, while improving customer satisfaction by 30%, and improving employee morale, technology availability and the quality of IT infrastructure and service delivery.
  • Assigned by Arthur Andersen global leadership to lead global project teams responsible for data center and customer support call center consolidation, which resulted in annual operational cost savings of 45% or $4,000,000.
  • Implemented ITIL service management practices for problem management, incident management, help desk, project management, and operations management.
  • Conducted SOX 404 audits at Duke Energy (6 months), Red Hat (3 months), Tyco (9 months), Zeon Chemicals (4 months), and Convergys (2 months). Experience includes control design/documentation and effectiveness testing.

Publications:

Author, various articles in EDPACS and Auerbach’s IT Audit Portfolio Series, 1981 – 2001

Author, various articles in the Handbook of Information Security Management, 1993 – 1995

Editor, Auerbach’s Enterprise Operations Management, 2002

Editor, Auerbach’s IT Audit Portfolio Series, 2000 – 2002

Consulting Editor, Auerbach’s EOM Portfolio Series, 1998 -2001

Mark Watjen

Implementation Consultant

Mark is an experienced Implementation Consultant in business operations and IT implementation services including business analysis, data analysis and process improvement. He has numerous successful software implementations in the healthcare and life sciences verticals. He is highly adept at diplomatically facilitating discussions and negotiations with internal and external project stakeholders and cross functional teams. Mark is also well practiced in clarifying business requirements, trouble shooting and performing gap analysis between goals and existing procedures/skill sets, designing process and system improvements to increase productivity and reduce costs.

ADDITIONAL SKILLS

  • Project Management
  • Business and Data Analysis
  • End to End Software Implementation
  • Practiced in Scrum Agile and SDLC/Waterfall methodologies

Richard Eaton

CDPSE, Cisco SAEXS
with a focus on data privacy, and Endpoint Detection and Remediation

Richard is a charismatic, data driven cybersecurity leader with proven success in leading lean, high-performance teams and multimillion dollar production and data science workloads while maintaining security posture. He excels at designing, implementing, and securing distributed cloud environments, DevOps, SecOps, and micro services architectures. Areas of expertise include, security, research and development, SIEM/SOC, IDS, attack surface profiling, governance risk and compliance as it relates to internal audit controls, HITRUST, HIPPA, PCI, SOX, and vendor assessment (SIG), data science environments dealing in Hadoop, kubernetes services, data lakes, data factories, data bricks, data warehouse, ETL logic and the development of heuristics systems and logic engines. Outstanding project and program leader with a track-record of working with both agile teams to quickly drive value faster than competitors, and executives to obtain funding that directly ties with production and security risk mitigation to deliver positive and measurable business outcomes.

OTHER AREAS OF FOCUS:

  • Email security and privacy – O365
  • Vulnerability remediation 
  • Firewall / switch reviews, audits, and config backup
  • Remote management and monitoring
  • Active Directory Group Policy, AzureAD Intune policy

With over 15 years of system administration experience and an added 10 years of Cybersecurity engineering totaling 25 years of experience, Richard can develop a solution that is flexible for everyone. Security should never impede operations and operations should be able to function under the guidelines of security and company policy.

Elvis Moreland

award-winning data security and privacy risk management executive

Elvis Moreland is an award-winning data security and privacy risk management executive, celebrated for his pioneering efforts in developing comprehensive security and privacy programs across both private and public sectors within crucial infrastructure realms. His illustrious security journey began in 1999, assuming the role of the first command information security officer, marking the inception of a career dedicated to enhancing cybersecurity landscapes.

Elvis’s leadership is characterized by a relentless curiosity and a proven track record in managing, operationalizing, and advancing cybersecurity measures. He excels in implementing leading governance frameworks, developing cyber risk management policies, processes, and standards, and designing robust enterprise security programs and system security plans. His expertise extends to assessing and identifying data and privacy risks, determining enterprise risk management priorities, coordinating corrective actions, managing continuous diagnostics, and overseeing vendor relations.

Known as a strategic change agent and an innovative problem solver, Elvis thrives in dynamic and challenging environments. He is a natural team builder, fostering an empowering atmosphere for his staff through vision, comprehensive training, guidance, and unwavering support.

Elvis holds professional certifications that underscore his deep expertise across several key data security and privacy risk management domains, including Governance, Engineering, Assessment (Audit), Risk Management, Compliance, and Continuous Quality Assurance. He specializes in developing quality-based management systems leveraging NIST, ISO, and CERT/CC standards, which have consistently resulted in efficient, cost-saving risk management programs, policies, processes, and capabilities.

His specialties encompass a wide range of standards and frameworks, including COSO, ERM, CMMC, FISMA, RMF, CJIS, HIPAA, CMS, FFIEC, SOX, GLBA, PCI DSS, IRS 1075, Systems Security Engineering (ISSE) Process, and various NIST and ISO standards. At Secutor, Elvis Moreland continues to drive strategic cybersecurity initiatives, guiding our clients through the complexities of data security and privacy with unparalleled expertise and a forward-thinking approach.

Anthony Sawyer

cybersecurity expert

Anthony Sawyer is a highly skilled cybersecurity expert with over 15 years of experience in designing, executing, and maintaining sophisticated enterprise-wide solutions. His career spans across military, government, and civilian sectors, where he has been instrumental in bridging the gap between management and technical teams to deploy critical technology solutions. Anthony’s expertise lies in crafting and integrating robust information security systems, underscored by his role in managing and securing over 250,000 workstations globally. His international experience includes pivotal work in regions such as Afghanistan, Kuwait, Iraq, Korea, Japan, Germany, and across the United States, primarily supporting US military operations.

As a Subject Matter Expert (SME) in McAfee Security Architecture and multi-tier security infrastructure, Anthony has led projects focusing on systems planning & engineering, Windows systems security, project management, risk analysis, and quality assurance. His deep understanding of DOD IT requirements, coupled with his exceptional leadership in team management and incident communication, has positioned him as a go-to professional for cybersecurity challenges.

Anthony holds several prestigious certifications, including PMP, ITILv4, CASP, CSM, SEC+, and McAfee Certified Product Specialist (MCPS) in ePO, HIPS, and NSP, along with McAfee Certified Assessment Specialist (MCAS)-Network. His decorated veteran status further highlights his commitment to excellence and security in every endeavor. At Secutor, Anthony continues to leverage his vast experience and technical acumen to safeguard critical information assets, ensuring the highest standards of security and operational integrity for our clients.

Tracy Reed

Cybersecurity Management Expert

Tracy Reed is a seasoned cybersecurity management expert with over 25 years of experience in the field. Tracy has dedicated his career to serving organizations by developing scalable cybersecurity strategies tailored to their specific needs. His profound expertise and consulting acumen have been crucial in transforming businesses through enhanced cybersecurity measures.

Tracy has been integral to establishing key relationships across various industries, securing multi-million-dollar contracts, and ensuring that Secutor acts efficiently on all cybersecurity matters within organizations. His detailed background spans several core areas of cybersecurity, including containerization, cloud security, and vulnerability management. His efforts have consistently ensured secure operations for large organizations, demonstrating his commitment to robust cybersecurity practices.

Beyond his technical skills, Tracy is passionate about utilizing his multifaceted cybersecurity expertise to influence success and contribute to the longevity of security within organizations. He has been involved in global and government-focused security projects, driving growth and expanding knowledge in cybersecurity practices. Tracy is also committed to training others, sharing his insights and experience to empower professionals to run their businesses securely and successfully.

At Secutor Cybersecurity, Tracy Reed’s role involves:

  • Scaling businesses through expert cybersecurity efforts, ensuring secure operations organization-wide.

  • Training professionals looking to expand their knowledge on cybersecurity practices.

  • Influencing both small and large businesses through initiatives in cloud security, containerization, intrusion detection, and various other cybersecurity focuses.

Tracy is eager to connect with like-minded professionals and contribute his extensive knowledge and experience to the broader cybersecurity community. His leadership and expertise are invaluable assets to our team, driving forward our mission to provide comprehensive and effective cybersecurity solutions.

Jason Fruge

Consulting Chief Information Security Officer (CISO)

Jason Fruge is an accomplished Consulting Chief Information Security Officer at Secutor Cybersecurity, bringing over 25 years of deep expertise in information security. His storied career includes leading and managing robust security programs for Fortune 500 companies across retail, banking, and fintech sectors. His current role involves providing strategic guidance and advisory services to clients, focusing on security governance, risk management, and compliance.

Apart from his consulting responsibilities, Jason is an active member of the global cybersecurity community. He is a Villager at Team8, a prestigious collective of senior cybersecurity executives and thought leaders. Additionally, he serves as an Advisor at NightDragon, an innovative growth and venture capital firm specializing in cybersecurity and enterprise technologies.

Jason’s tenure as a CISO is marked by a proven track record in developing and implementing comprehensive security policies and procedures. He adeptly leverages security frameworks and industry best practices to mitigate risks, safeguarding sensitive data and assets. His expertise encompasses incident response and root cause analysis, where he has notably managed cyber incidents to prevent breaches and minimize business disruption and customer impact.

A key aspect of Jason’s role has been the creation and facilitation of executive and board-level cyber risk committees, ensuring organizational alignment and awareness. His responsibilities have extended to maintaining compliance programs for standards such as PCI and SOX, as well as leading privacy and business continuity programs. Holding prestigious certifications like CISSP, QSA, and QTE, Jason is also a recognized thought leader, contributing articles on cybersecurity to InformationWeek.

Jason’s passion lies in driving innovation and fostering collaboration in the cybersecurity field. He is currently seeking an executive CISO role in a leading retail, finance, or fintech organization, where he can continue to make significant contributions to the cybersecurity landscape.

Bob Davenport

Senior Consultant

Bob Davenport stands at the forefront of cybersecurity and business strategy as a distinguished Senior Consultant at Secutor Cybersecurity. With an MBA and over two decades of experience, Bob has established himself as a linchpin in delivering transformative, data-driven cybersecurity solutions, particularly for Fortune 100 and Federal clients.

His journey with Secutor is marked by an unwavering commitment to customer success, underpinned by his extensive expertise in developing business cases that advocate for strategic cybersecurity initiatives. Bob’s approach to cybersecurity transcends traditional boundaries, blending network security know-how with a sharp acumen for business strategy. This unique blend allows him to evaluate new business prospects not only based on technological capabilities but also through the lens of market opportunities.

At Secutor, Bob is known for his ability to collaborate effectively with cross-functional teams, structuring and navigating through complex strategic challenges with ease. His passion lies in crafting and implementing best practices in cybersecurity that elevate customer satisfaction, retention, and loyalty. He is a master communicator, influencing process and product improvements through research-based insights.

What sets Bob apart is his dyslexic thinking approach, a trait that empowers him to identify and untangle intricate technical challenges innovatively. His attention to detail and forward-thinking mindset are instrumental in offering clients innovative and secure network solutions that are perfectly aligned with their needs and strategic goals.

Bob’s mission at Secutor is clear: to guide our clients towards achieving their objectives by providing them with cutting-edge, secure network solutions that not only meet but exceed their expectations.

Shay Reshef

Strategic Information Security Executive

Shay Reshef is a Strategic Information Security Executive at Secutor Cybersecurity, recognized for his exceptional leadership in driving enterprise protection and innovation. With a distinguished history in information security management, Shay brings to the table extensive experience in spearheading comprehensive security and privacy initiatives for enterprises.

At the core of Shay’s expertise is his ability to pioneer cutting-edge technology solutions while meticulously overseeing projects within strict timeframes and budgetary constraints. He is renowned for his proficiency in establishing and executing effective information security directives, policies, and state-of-the-art software/hardware frameworks, ensuring robust information security across organizations.

Shay’s leadership extends to steering IT infrastructure, cloud migration, virtualization strategies, and automation ventures. His proactive approach to eliminating security vulnerabilities and optimizing operations has been instrumental in enhancing the security postures of numerous enterprises. He excels in implementing continuous security control enhancements and fostering a secure ecosystem across multi-cloud landscapes.

Recognized for his innovative and forward-thinking mindset, Shay is committed to upholding and advancing robust information security measures. His proven track record is a testament to his dedication to enhancing IT

infrastructure and security in a variety of technological environments. His skills are particularly evident in his ability to navigate multi-cloud environments, ensuring that security measures are not only effective but also adaptable to the ever-evolving digital landscape.

Shay Reshef’s role at Secutor Cybersecurity involves more than just implementing security measures; it’s about transforming the way organizations perceive and interact with their security architecture. He is dedicated to driving operational advancements that are secure, efficient, and aligned with the latest technological innovations.

With a clear vision for the future of cybersecurity, Shay invites connections and collaborations to explore how his expertise can elevate security architecture and bring about lasting improvements in operational practices.

Torrey Woodhouse

Security Cleared IT Professional

Torrey Woodhouse is a Security Cleared IT Professional at Secutor Cybersecurity, where he leverages his extensive experience in network engineering, computer systems engineering, virtualization, and security. Torrey’s professional journey reflects a strong commitment to deepening his expertise in cutting-edge areas such as Splunk, DevSecOps/Cloud, and Cybersecurity.

With a background rich in technical skills and practical experience, Torrey’s proficiency encompasses a range of IT domains, making him adept at addressing complex technological challenges. His clearances in security signify his trusted status and competence in handling sensitive information, which is crucial in the cybersecurity field.

Torrey’s current focus is on delving deeper into the realms of Splunk, a powerful tool for analyzing big data, and exploring the nuances of DevSecOps and Cloud technologies. This direction is driven by his desire to stay at the forefront of the rapidly evolving cybersecurity landscape and contribute more effectively to Secutor’s mission of providing advanced cybersecurity solutions.

At Secutor, Torrey’s role is not just about applying his existing knowledge; it’s about continuously expanding his skills and expertise. His dedication to exploring new facets of IT and cybersecurity positions him as a key contributor to our team, ensuring that we remain ahead of the curve in technological advancements and security practices.

Jennifer Bayuk

Cybersecurity Risk Management Expert

Jennifer Bayuk is a highly esteemed cybersecurity risk management thought leader and subject matter expert at Secutor Cybersecurity. Her extensive experience encompasses managing and measuring large-scale cybersecurity programs, system security architecture, and a wide array of cybersecurity tools and techniques. Jennifer’s expertise is further deepened with her proficiency in cybersecurity forensics, the audit of information systems and networks, and technology control processes.

Jennifer’s skill set is comprehensive, including specialization in cybersecurity risk and performance indicators, technology risk awareness education, risk management training curriculum, and system security research. Her academic achievements are noteworthy, holding Masters degrees in Philosophy and Computer Science, and a Ph.D. in Systems Engineering. This strong academic background provides a solid foundation for her practical and strategic approach to cybersecurity challenges.

Certified in Information Systems Audit, Information Systems Security, Information Security Management, and IT Governance, Jennifer is a well-rounded professional in the field. Her credentials are further enhanced by her license as a New Jersey Private Investigator, adding a unique dimension to her cybersecurity expertise.

At Secutor, Jennifer plays a pivotal role in steering cybersecurity initiatives, aligning them with organizational risk appetites and strategic objectives. Her ability to educate and train in the realm of technology risk has been instrumental in raising awareness and enhancing the cybersecurity posture of our clients. Her dedication to research and continual learning makes her an invaluable resource in navigating the ever-evolving cybersecurity landscape.

Jennifer Bayuk’s blend of academic prowess, practical experience, and certifications make her an indispensable part of our team, as she continues to drive forward-thinking cybersecurity solutions and risk management strategies.

Paul Feather

Technology Risk Management and Compliance Advisor

Paul Feather brings over twenty years of expertise in Technology Risk Management and Compliance Advisory services to Secutor Cybersecurity. His primary goal is to reduce risk by enhancing overall technology controls, making him a vital asset to our team and our clients. Paul’s extensive experience supports a broad range of key organizational roles, including CFO, CIO, CISO, and Board Advisory Services.

Paul’s expertise lies in designing, building, and implementing compliance programs within heavily regulated industries. He has a profound understanding of numerous compliance frameworks, such as FFIEC, GLBA, SOx, HIPAA, PCI-DSS, NIST CSF, CIS 20, ISO 27k, DFARS, and CMMC (NIST 800-171). His ability to navigate these complex regulations ensures that our clients’ compliance needs are met with precision and efficiency.

A significant part of Paul’s work involves conducting application and IT systems risk and cybersecurity risk assessments. His proficiency in GRC (Governance, Risk Management, and Compliance) Program Design, Implementation, and Management is central to his approach in safeguarding our clients’ information assets.

At Secutor, Paul employs the A.R.M methodology (Assess, Remediate, and Monitor), which provides internal guidance and support to meet various complex compliance requirements. His approach focuses on designing efficient internal compliance programs and reworking existing programs to optimize them with the right mix of people, processes, and technology.

Paul Feather’s deep experience and strategic approach to technology risk management and compliance make him an invaluable part of our team. His work is crucial in ensuring that our client’s technology environments are not only compliant with regulatory standards but also resilient against evolving cybersecurity threats.

Andy Stokes

Senior Cyber Security Analyst

With an illustrious career rooted in the information technology and services industry, Andy Stokes is a highly experienced Senior Cyber Security Analyst at Secutor. His expertise is defined by a rich blend of hands-on experience and academic prowess, particularly in the realms of ISO 27001, Vulnerability Management, Computer Forensics, and Management.

Andy’s tenure in the cybersecurity field is marked by a demonstrated history of successfully navigating complex security landscapes. He possesses a profound understanding of how to safeguard digital assets against emerging threats, ensuring robust and resilient security postures for our clients. His skill set extends beyond technical mastery, as he is equally adept at steering teams towards achieving strategic cybersecurity goals.

At Secutor, Andy’s role involves a holistic approach to cybersecurity, intertwining rigorous analysis, strategic planning, and effective management. His contributions have been instrumental in enhancing our clients’ defenses, ensuring compliance, and fostering a culture of cybersecurity awareness. His deep-seated knowledge and proactive approach make him a cornerstone of our cybersecurity consulting team.

Paul Mellen

IT Security Specialist

Paul Mellen is a seasoned IT Security Specialist at Secutor Cybersecurity, bringing nearly a quarter-century of experience in the IT industry, including over 15 years dedicated to IT security. His career is marked by a diverse and broad background, spanning avionics, IT hardware engineering, software development, and IT Security consultancy. This varied experience equips him with a unique perspective and a multifaceted skill set that he applies to his work at Secutor.

Paul’s qualifications are as diverse as his experience, holding certifications in each of his areas of expertise. His most recent achievement is earning the ECSA (EC-Council Certified Security Analyst) certification, further solidifying his credentials as an IT security expert.

In his recent projects, Paul has been tasked with engineering bespoke security solutions tailored to address specific and defined scenarios. These solutions often involve a creative blend of custom hardware and refined software applications. He specializes in designing systems that can operate either standalone or as part of a larger system, complete with sophisticated command and control functionalities.

Paul’s approach to cybersecurity is not just about implementing standard security measures; it’s about innovatively addressing the unique challenges and requirements of each situation. His ability to develop customized solutions that perfectly align with the client’s needs makes him an invaluable asset to our team.

At Secutor Cybersecurity, Paul Mellen’s extensive experience, innovative problem-solving skills, and commitment to excellence are crucial in delivering advanced, tailored cybersecurity solutions to our clients.

James (JD) Grisham

Chief Operations Officer and vCISO

James Grisham is an esteemed Information Security and Risk Management Expert at Secutor Cybersecurity, renowned for his 30+ years of multifaceted experience in executive and hands-on roles. His expertise encompasses Information Security, Risk Management, Privacy, and Compliance, making him a pivotal figure in our team.

James’s approach to cybersecurity is deeply rooted in generating revenue, protecting assets, and building resilient client bases founded on trust model frameworks. His results-driven methodology, underscored by a track record of delivering projects on time and within budget, has made him a trusted advisor in multiple industries, including banking, financial services, software, and healthcare.

With a strong business acumen, development skills, and extensive consulting and sales experience, James has been instrumental in facilitating information security governance. This includes the implementation of governance programs and chairing information security steering committees. He views Information Security as a vital business function, aligning companies’ business strategies with cybersecurity best practices and industry frameworks, while ensuring compliance.

James’s career is marked by global experiences, having worked with leading minds and leaders from Silicon Valley to Manhattan, and from India to the Philippines. He has adeptly managed, built from the ground up, and scaled information security programs for both SMBs and global organizations.

His value to Secutor lies not only in his vast experience but also in his comprehensive toolkit of professionals, services, solutions, processes, and methodologies. These resources meet or exceed compliance standards and incorporate the best risk mitigation strategies, including ISO/COBIT 5, ITIL, CERT CSF, and the Cloud Security Alliance.

Unique in his ability to transform corporate culture around cybersecurity and risk matters, James’s background as an entrepreneur and business owner gives him a sharp insight into aligning security solutions with business operations and revenue goals.

His expertise in Governance, Risk, and Compliance (GRC) is extensive, covering CCPA, CMMC, GDPR, HIPAA, FISMA, SOX, FedRAMP, PCI-DSS, and more, making him an invaluable asset to our team and clients at Secutor Cybersecurity.

Introducing:
Secutor Insider Direct

Discover a new era in cybersecurity purchasing. No markups, no hidden fees. Just the right tools at the right price, tailored to your needs, with expert advice from our seasoned cybersecurity professionals.

Ready to Find Your Solution?

Use the form to schedule a consultation, and we’ll reach out within 48 hours to confirm the appointment.

Considering this delay, please only select meeting dates 48 hours or more in advance. Your information will only be used to facilitate a meeting.