Personal Mission: Fix the Broken Industry
Evan grew up an only child, with a mother and father who were both in technology. His father was an MIS Manager in the Marine Corps and his mother was a technology project manager for the federal government. An ADHD child with plenty of time on his hands surrounded by technology was fertile ground for the beginnings of a hacker. In the mid-1980s, the first commercial laptop was marketed (1984) and the World Wide Web wasn't a thing yet (1989).
This was a dawning age for hackers, and it wasn't until 1992 that Evan realized he could make a living at this. His first (paid) job was cleaning boot sector viruses from Windows 3 systems as a contractor for IBM.
Fast Forward 30 Years
The ADHD child became an ADHD adult. Over the last 30 years, Evan has done A LOT.
Here are some of his accomplishments:
- Went from IBM to Jasc Software (original makers of PaintShop Pro to US Bank to UnitedHealth to Wells Fargo to MGI Pharma, etc.
- Founded FRSecure in 2008, an expert-level information security consulting company with more one hundred (100) employees and 3,500 clients across the United States (mostly).
- Founded SecurityStudio in 2017, a software as a service (SaaS) company dedicated to building a community of information security practitioners who speak the same “security language”.
- Created the S2Score, a definitive measurement of information security and vendor risk.
- Created S2Org, the organizational security assessment used by more than 40 partners and 4,000 organizations across 28 industries to assess and manage information security risk.
- Created S2Vendor for third-party information security risk management,
- Co-created S2School for information security risk management in K-12,
- Created S2Team for unparalleled insight into personal security habits, and S2Me, for personal information security risk management.
- Developed (and still teach some of) the FRSecure CISSP® Mentor Program. A free annual training program that started in 2010 with six (6) students. Since it's inception, it has grown every year, in 2023 the program served more than 20,000 students in more than 100 countries.
- Author of the book UNSECURITY: Information security is failing. Breaches are epidemic. How can we fix this broken industry?
- Responded to countless information security incidents of nearly every type.
- Advised legal counsel in high-profile breaches including Target and Blue Cross/Blue Shield.
- 2014/2015 - Consultant to the Special Litigation Committee of the Board of Directors of Target Corporation; derivative action related to the “Target Breach”.
- 2015/2016 – Consultant to legal counsel and Blue Cross/Blue Shield related to remediation efforts (post-breach).
- Served as an expert witness is multiple federal criminal cases, mostly involving alleged stolen trade secrets.
- Served 1,000+ organizations of all sizes and across dozens of industries as an expert consultant, CISO, vCISO, etc.
- Dozens of television and radio appearances; topics included the Target Breach, vendor risk management, artificial intelligence, and others.
- Creator of the UNSECURITY Podcast and Co-Creator of the Security Sh*t Show.
- Delivered more than 100 information security talks at dozens of conferences; audiences ranging from less than 10 to more than a 10,000.
- Written more than 1,000 published articles about a variety of information security topics.
Evan is still the CEO of SecurityStudio and FRSecure, leads the development and delivery of SecurityStudio's CvCISO Program and serves on the Board of Directors for Infosec Pathways (a non-profit he established with co-workers to further expand the CISSP Mentor Program, among other cool things).
The story continues to be written, and the community of CvCISOs we're building together is vital to Evan's mission!