Home About

Tim Layton is a cybersecurity and enterprise risk management professional with over 20 years of experience in the field.  He is a trusted advisor to some of world’s leading organizations – both public and private – for whom he has played key roles in developing enterprise cybersecurity and risk management strategies, programs, and processes.  Tim is widely regarded for his strategic and innovative approach to the ever-changing threat landscape and associated risks facing organizations today.

Specialties:

  • Intellectual Property and Trade Secret Protection
  • Cybersecurity Research
  • Malware Analysis/Reverse Engineering (Win/JS/PDF/MSO)
  • Cyber Threat Intelligence Program Development
  • Indicators of Compromise
  • X86 Assembly/Packed exe’s, Obfuscated Browser Scripts
  • Resilient Security Strategies
  • Insider Threats
  • Mobile Security
  • Cloud & Virtual Security
  • Intelligence Driven Security Strategies
  • Social Media Risk Management
  • Defensible Cybersecurity Countermeasures
  • Enterprise Security Program Roadmap Development
  • Cyber Kill-Chain and APT
  • Third-Party Vendor Security Risk Management
  • Incident & Breach Management Maturity Evaluation
  • Identity & Access Management
  • SSAE-16 SOC Audit Reports
  • “White Hat” Penetration Testing and Vulnerability Identification
  • Security Control Validation & Operational Testing

Professional Experience:

  • Fortune 100 Principal Security Strategist | Global Security
  • Fortune 100 Cybersecurity & Risk Management Senior Advisor
  • Fortune 50 V.P. Enterprise Risk Strategist
  • Security & Risk Management Consultant
  • CEO of IT Professional Services Firms
  • Manager of IT Operations
  • Security Engineer

Industry-Specific Experience:

  • Banking/Financial Services
  • Insurance
  • Manufacturing
  • Healthcare
  • Life Sciences

Cybersecurity and Advisory Services:

  • Intellectual Property Protection
  • Web Application Vulnerability Testing & Identification
  • Cybersecurity Strategy Updates & Development
  • Penetration Testing & Ethical White Hat Hacking
  • Incident Response Maturity Evaluations
  • International Standards & Frameworks for Information & Cybersecurity
  • Enterprise Mobile Security
  • Regulatory & Statutory Compliance
  • Security Threat Intelligence
  • Information Security Program Updates & Risk Assessments
  • Third-Party Vendor Risk Assessment & Auditing
  • Social Media Risk Management
  • Advanced Persistent Threats (APT)
  • Policies, Procedures, Guidelines
  • Vulnerabilities, Attacks, Countermeasures
  • Cross-Functional Governance
  • Risk Identification, Analysis, Treatment
  • Security Awareness & Education
  • Operational Security Procedure Development
  • Network & Cybersecurity Controls (Design & Implementation)
  • Network Security Architecture Design & Review

Publications:

  • Information Security – Design, Implementation, Measurement & Compliance (ISBN: 0-8493-7087-6)
  • Information Security Awareness – The Psychology Behind the Technology (ISBN: 1-4208-5632-4)
  • SANS Institute Security Awareness – Train-the-Trainer Curriculum
  • Numerous whitepapers and articles on information security and risk management over the last two decades

Regulatory Requirements and Industry Standards:

  • SOX
  • PCI-DSS
  • FISMA
  • NIST 800 Series
  • HIPAA / HITECH / EHR
  • FFIEC
  • SSAE-16
  • SAS-70
  • Lean / Six Sigma
  • COSO
  • COBIT
  • ITIL
  • ISO 27001 – 27006

Education and Professional Certifications:

  • BA and MBA (specializing in management)
  • CISSP – Certified Information Systems Security Professional # 28180
  • SANS GSEC – Global Information Assurance Security Expert # 1972
  • SANS GCIH – Global Information Assurance Certified Incident Handler # 312
  • SANS GCFW – Global Information Assurance Certified Firewall Expert # 265
  • CCNA/CCDA – Cisco Certified Network Associate/Design Associate
  • ECNE – Novell Enterprise CNE #605
  • MCP – Microsoft Certified Professional
  • SCO ACE – SCO Unix Engineer
© Tim Layton Sr. | All Rights Reserved