
Edwin Covert
Cybersecurity Executive
CISSP, ISSAP,
CISM, CRISC,
QTE, SCF, PMP
US Navy Veteran
Edwin Covert
CISSP, ISSAP,
CISM, CRISC,
QTE, SCF, PMP
US Navy Veteran
CISSP, ISSAP,
CISM, CRISC,
QTE, SCF, PMP
US Navy Veteran
About Me
I am a seasoned cybersecurity executive with over three decades of leadership in cyber risk management, security architecture, and information technology. As a CISO, board advisor, author, and speaker, I bridge cybersecurity with business strategy, ensuring security controls align with mission-critical and financial objectives. A trusted voice in governance and risk quantification, I try to shape security frameworks for Fortune 1000 companies, enhanced third-party risk programs, and influenced cyber insurance underwriting standards. My expertise extends beyond technology — advising boards, mentoring industry professionals, and elevating the cybersecurity profession. A proud U.S. Navy veteran, I bring a mission-driven, results-oriented approach to securing organizations against emerging threats.
- Residence USA
- Address Los Angeles, CA
- Email .(JavaScript must be enabled to view this email address)
Education
- Masters Degree - Management of Information Technology (Concentration: Organizational Leadership and Change Management), Colorado State University Global
- Certificate - Cybersecurity, Ithaca College
- Bachelors of Science - Cyber Security (Minor: Critical Infrastructure Protection), University of Maryland University College
Certifications
- Certified Information Systems Security Professional - #3597
- Information Systems Security Architecture Professional - #3597
- Certified Information Security Management - #0301434
- Qualified Technology Executive - #84844145
- Certified in Risk and Information Security Controls - #1108640
- SABSA Certified Foundations - #SCF18012601
- Open FAIR 2 Foundations - #2834
- Project Management Professional - #321666
Professional Memberships
- Professional Association of CISOs
- Military Cyber Professionals Association
- Digital Directors Network
- FAIR Institute
- ISC2 - Los Angeles Chapter
- ISSA - Los Angeles Chapter
- Golden Key International
- ISACA - Los Angeles Chapter
- OWASP
- Project Management Institute
Work History
Experience
2024 - 2024
Bowhead Specialty UnderwritersChief Information Security Officer
- Strengthened GRC & Board Engagement:Directed the Governance, Risk, and Compliance (GRC) program, ensuring executive risk transparency and adherence to SEC 8-K/10-K and NYDFS cybersecurity requirements, enhancing regulatory compliance and board-level risk decision-making.
- Revamped Third-Party Risk Management: Designed and deployed a third-party risk management framework, reducing vendor-related security incidents and strengthening security across 50+ critical suppliers.
- Transformed Risk Modeling for Business Leaders: Developed a FAIR-based cyber risk quantification model, translating technical risk into financial and reputational business impact, ensuring executive leaders could make data-driven risk decisions with confidence.
2024 - Present
California State University - Los AngelesGuest Lecturer/Adjunct Professor
- Leading the Next Generation: Designed and taught undergraduate cybersecurity courses (e.g., CIS 4730 - Network Security Essentials and Practice), covering key topics like malware, firewalls, access control, wireless security, intrusion detection/response, and network resiliency.
2022 - Present
Bowhead Specialty UnderwritersHead of Cyber Risk Engineering
- Optimized Cyber Risk Assessment: Led the evaluation of 2,000+ organizations' security postures, identifying strategic risk factors and delivering tailored recommendations that strengthened underwriting decisions and reduced financial exposure across a $1B+ insurance portfolio.
- Enhanced Underwriting Precision: Designed and implemented 36+ repeatable cyber risk assessment processes, enabling scalable risk quantification and improving consistency in risk evaluation across Fortune 1000 clients.
- Integrated Threat Intelligence: Monitored and analyzed emerging cybersecurity threats and industry trends, translating findings into refined underwriting policies that proactively mitigated systemic cyber risks.
- Streamlined Risk Visibility:Developed a centralized knowledge base, providing real-time insights and actionable intelligence that strengthened the company's ability to quantify, compare, and predict cyber risks.
2022 - 2022
WarnerBros. DiscoveryDirector, Risk Assessments and Testing
- Team size: Five FTEs and 30 Contractors
- Budget: Multi-million dollar program
- Secured Digital Media & Live Events: Led risk assessments for high-profile productions and streaming platforms, ensuring the security of NBA Playoffs content, digital assets, and mission-critical entertainment infrastructure.
2021 - 2022
WarnerMediaDirector - Risk Assessments and Testing
- Team size: Five FTEs and 30 Contractors
- Budget: Multi-million dollar program
- Secured Digital Media & Live Events: Led risk assessments for high-profile productions and streaming platforms, ensuring the security of NBA Playoffs content, digital assets, and mission-critical entertainment infrastructure.
2020 - 2021
WarnerMediaDirector - Technical Security Testing
- Team size: Six FTEs
- Budget: Million dollar program
- Expanded Application Security Coverage: Directed security testing for 100+ enterprise applications, establishing proactive risk management strategies that enabled secure remote content production during the COVID-19 pandemic.
2019 - 2020
WarnerMediaDirector - Security Assessments and Infrastructure Engineering and Architecture
- Team size: Six FTEs
- Budget: Million dollar program
- Fortified Global Security Architecture: Spearheaded the deployment of 17 security stacks across global locations, enhancing Warner Bros’ cybersecurity defenses and minimizing operational vulnerabilities.
2018 - 2019
Warner Bros.Director - Architecture, Engineering and Asset Security
- Team size: Six FTEs
- Budget: Million dollar program
- Fortified Global Security Architecture: Spearheaded the deployment of 17 security stacks across global locations, enhancing Warner Bros’ cybersecurity defenses and minimizing operational vulnerabilities.
2018 - 2018
Deutsche BankGlobal Head of Security Architecture
- Team size: 12 FTEs and 1 Contractor
- Budget: Multi-million dollar program
- Architected Enterprise Security Strategy: Developed and implemented Deutsche Bank’s first enterprise-wide security architecture, ensuring scalable, risk-based
protection of global IT assets.
- Led Multi-Disciplinary Security Governance: Chaired the Security Architecture Review Board, overseeing risk-based evaluations and ensuring alignment between security investments and business objectives.
2016 - 2018
Deutsche BankVice President - Enterprise Security Architecture
- Team size: Five FTEs
- Budget: Million dollar program
- Standardized Security Implementation: Designed 12+ enterprise security reference architectures, accelerating security deployment and streamlining compliance for global financial operations.
- Established Foundational Architecture: Engineered Deutsche Bank’s first cohesive security architecture, scaling data protection for a global financial infrastructure.
More details
- Network security
- Network defense
- Operating system security
- Identity, authentication and authorization
- Data protection
- Application security
- Activity audit and monitoring
- Mobile computing security
- Partner/vendor access to corporate systems/data
I served as the senior architect and technical lead supporting the Global Head of Security Architecture on all IT security strategic planning, risk analysis and other related topics and am the Program Director for the Bank's Enterprise Security Architecture Program. I was a member of the Bank's Security Architecture Council focusing on ensuring new cloud-based solutions and designs meet the Bank's stringent internal and regulatory requirements. Finally, I represented the CSO CTO with corporate IT architecture and technology planning and implementation activities as required.
2011 - 2016
Booz Allen HamiltonSenior Lead Technologist
- Team size: 20 FTEs
- Budget: Multi-million dollar program
- Drove Cybersecurity Improvements: for multiple federal agencies (SEC, CFPB, OCC, Freddie Mac, etc.) by developing and implementing new solutions and leading cross-firm projects
- Streamlined the CND Architecture Review Process:by overseeing reviews of new CND architecture documents and artifacts within the DOD's JIE SSA
- Enhanced the Security Posture: for the Bureau of Census' Decennial systems by leading a team managing and monitoring vulnerability management systems and ensuring secure configuration
More details
- Validated Security Design: for the Federal Reserve Bank of Richmond's NTRACE project by serving as cybersecurity SME, conducting security assessments, and ensuring proper controls and intrusion detection/firewall placement
- Successfully Implemented Cybersecurity Components: For the FCC's Enhanced Security Network (ESN) Project by leading a nine-person team, designing components, creating implementation plans, and ensuring APT countermeasures deployment and monitoring
- Improved the US Navy's HBSS Program: Served as Cyber Defense SME for FLTCYBERCOM/COMTENTHFLT, overseeing the program and working with a global team to deliver programmatic and cybersecurity solutions
2009 - 2011
Applied Network SolutionsDirector - Security Programs
- Team size: Two FTEs
- Budget: Multi-million dollar program
- Created revenue:Led all aspects of ANS' information assurance and information security service offerings.
- Improved Clients' Security: Developed information assurance security/cybersecurity services for government and commercial clients.
- Ensure Project Success: Performed full-spectrum program management functions for all ANS personnel assigned to programs.
1999 - 2009
Integrated Communication SolutionsSr. Program Manager
- Team size: Ten FTEs
- Budget: Multi-million dollar program
- Created Value for Clients:Served as Sr. Account Executive for multiple DoD/Intelligence programs, including two with potential contract vehicles totaling $1.4B.
- Ensured Client Security and Resiliency: Deputy Program Manager and Senior Technical Lead for a homeland security program, overseeing design and implementation of an enterprise-wide information security auditing program
1997 - 1999
Electronic Data SystemsSecurity Engineer
- Team size: Three FTEs
- Budget: Million dollar program
- Reduced Risk:Performed risk analysis on the Air National Guard (ANG) network and local directorate networks by securing the HQ ANG network from backbone to desktop
- Improved SecurityDeveloped, led, and managed solutions for disaster recovery, continuity planning, and IT system certification and accreditation (C&A).
1992 - 1996
United States NavyCryptologic Technician Interpretive
Honorable discharge
Services Offered
By offering these services, I can bridge the gap between security needs and strategic business goals for a variety of organizations, ensuring proactive risk management, compliance, and cybersecurity maturity while demonstrating tangible ROI.
Community Involvement
Activities
2025 - Present
ISC2 Los Angeles ChapterPresident
As President of the ISC2 Los Angeles Chapter, I lead the five-member Board's efforts to education, inspire, connect, and secure both the chapter's members and the enterprises they support. As a member of the chapter's Board of Directors, I lead the chapter as it grows into a world-class organization in furtherance of the overall mission of ISC2 and the needs of the cybersecurity community.
2024 - Present
Infragard - Los Angeles ChapterMember
2023 - 2023
Women's Society of CyberjutsuFundraising Organizer
I organized and raised money to benefit Women's Society of Cyberjutsu (WSC). WSC is a nonprofit cybersecurity community for women and girls. Their goal is to train a diverse and defense workforce of cyber talent through hands-on training, networking events, professional development and mentoring. WSC members and supporters have the rare opportunity to impact the direction and goals of the training provided. With this fundraiser, I raised over $600 in three weeks.
2023 - Present
Cybersecurity Collaboration ForumCybersecurity Collaboration Forum Leadership Board Member
As part of the Los Angeles-centric Forum, I work to improve the resiliency of the cybersecurity community through CISO-centric knowledge sharing. I seek to strengthen the community’s ability to share meaningful insights and best practices on the most pressing cybersecurity issues today. I also guide content and curriculum development by recommending thought leaders as potential speakers for Los Angeles events we host.
2023 - Present
ISC2 Los Angeles ChapterCommunications Chair/Board of Directors
As Communications Chair, I lead the chapter's efforts to communicate effectively and efficient about upcoming events, issues before the Board of Directors, and general communications with the chapter's members. As a member of the chapter's Board of Directors, I help guide the chapter and participate in leading the chapter as it grows into a world-class organization. I was formally assisting with event coordination as a way of giving back to the cybersecurity community.
2022 - Present
Center for Cyber Safety and EducationScholarship Review Member
I review applications for cybersecurity scholarships for the Center for Cyber Safety and Education at both the undergraduate and graduate levels. Each candidate is evaluated for passion for cyber, merit, and financial need. These scholarships encourage and support students pursuing a degree with a focus on cybersecurity, information assurance, or similar field globally.
2021 - 2022
Content Delivery and Security AssociationTechnical Content Advisor
I provide cybersecurity advice to the CDSA. CDSA, the Content Delivery & Security Association, is the international content protection association. Founded as a non-profit in 1970, CDSA has served as the worldwide forum advocating the innovative and responsible delivery and storage of entertainment, software and information content. Its global membership includes companies involved in every facet along the digital and physical media supply chain.
2020 - Present
Ithaca CollegeMember - Board of Advisors
As a member of the Advisory Board to the the Cybersecurity Certificate Program at Ithaca College, I work with program leadership to provide advice and consultative feedback for their cybersecurity certification process. This program is designed to train and develop professionals to manage cybersecurity issues within an organization. The program prepares working professionals to analyze, manage, and build cybersecurity competencies that can protect the organization. It provides participants with the insight and expertise needed to solve real-world cybersecurity problems, recommends practical and strategic solutions, and to communicate results. Participants gain technical, analytical, and communication skills through Ithaca College's project-based interdisciplinary curriculum, which seeks to provide a comprehensive understanding of the new cybersecurity threats and players.
2018 - 2018
ISC2 Northern Virginia ChapterChartering Secretary
I helped charter, as an officer of the Chapter, the Northern Virginia Chapter of ISC2. This became the largest ISC2 chapter in the world.
2015 - 2016
FIRST RoboticsCoach
As the co-coach of the Washington County 4H Lego robotics team, I sheparded a team of children through the requirements phase all the way until the qualifier tournament
Interviews and Publications
Interviews
- CISO Series Headlines with Rich Stroffolino - Aug 2024
CISO Series - Source - Assessing and Controlling Risk in Enterprise Architecture - Jul 2024
EdgeScan - Source - A Journey Of Becoming a CISO - Jul 2024
ISC2 Los Angeles Chapter - Source - Becoming a Different Type of CISO Today - Jun 2024
CyberRisk Collaborative - Source - Cyber Insurance Leaders Podcast with Anthony Hess - Apr 2024
Asceris - Source
- Do you really need cyber insurance? with Anthony Dumas - Nov 2023
CyberElite - Source - Risk Qualification vs. Risk Quantification with Jeremy Ventura - Sep 2023
ThreatX - Source - The Data Security Holy War: Business vs Technical with F. Flobo Boyce - Jul 2023
Dasera Data Secured Podcast - Source - The Future of Vulnerability Management Podcast with Lisa Xu - Mar 2023
NopSec - Source - CISO Series - Skills Gap with David Spark and Geoff Belknap - Feb 2023
CISO Series Defense in Depth - Source - Starting out in cybersecurity: Advice for the next generation with Victor Monga - Nov 2022
Virtually Testing Foundation - Source - Culture Country – How to Develop a Human-Centric, Security-Conscious Culture with Aaron Baillio - Nov 2022
CISO Leadership Forum - Source - CyberTech Club Interview with US Military Academy - West Point - Sep 2021
US Military Academy - West Point - Source - Navigating the Cloud: Best Practices for Securing the Cloud with Matt Connors - Apr 2021
CISO Leadership Forum - Source - Techtalk Friday with Tom Gilsenan - Apr 2021
DZ Solutions - Source - Data Standard with Darren Kaplan - Dec 2020
Data Standard - Source - Responding to a cyber security incident - Dec 2019
ESV - Source - The evolution of cloud for enterprise cybersecurity - Nov 2019
Encore Media Group - Source - RIsk-based Security Architecture with Vicki Lord - May 2018
US Department of Transportation - Source
More Interviews
Essays/Articles
- The (formerly) Unsung Incident Response Plan- Jul 2023
Medium.com - Source - In Cyber Insurance, It’s More Than Technical Controls- Jun 2023
Medium.com - Source - Case Study: Conducting a Risk Assessment for an Electrical Utility- Mar 2023
International Conference on Cyber Warfare and Security/ACI - Source - An Examination of SaaS Use Cases- Nov 2022
Medium.com - Source - Security Considerations With Working Remotely- Oct 2022
System Weakness - Source - The Effects of Technological Change on Organizations and Employees- Oct 2022
Medium.com - Source - The importance of understanding SaaS licensing models- Oct 2022
Medium.com - Source - Becoming Comfortable Being Uncomfortable- Sep 2022
Medium.com - Source - The Importance of Roles in Change Management- Sep 2022
Medium.com - Source - A Journey Through Leadership- Aug 2022
Medium.com - Source - Your Mission Statement Must Be Based On Your Values- Aug 2022
Medium.com - Source - Adaptive Leadership in Times of Change- Jul 2022
Startup & Leadership - Source - If I Were Going to Pivot to a Career in Business Continuity Management…- Jul 2022
Medium.com - Source - Application Security Assessments as Risk Management- Jun 2022
System Weakness - Source - Case Study: Business Continuity Planning for a Guitar Maker- Jun 2022
Medium.com - Source - Disaster Recovery: A Practical Exercise- May 2022
Medium.com - Source - Case Study: Nissan’s Revival Plan- May 2022
Medium.com - Source - Understanding Rewards and Motivations in Employees- May 2022
Medium.com - Source - Monitoring Economic Systems in Times of Unrestricted Warfare- Apr 2022
Medium.com - Source - Life in a Time of Constant Change- Apr 2022
Medium.com - Source - A Comparison in Leadership Styles: Bezos and Fraser- Mar 2022
Medium.com - Source - Case Study: Nokia’s Use of Cross-Functional Teams- Mar 2022
Medium.com - Source - Leadership in Cybersecurity: An Examination of a Transformational Leader with Vision- Feb 2022
Medium.com - Source - Protecting All of the Layers- Jan 2022
System Weakness - Source - Viruses, Worms, and Trojans Horses...oh my!- Dec 2021
System Weakness - Source - Understanding the Relationship between CWE and CAPEC Through Two Scenarios- Dec 2021
Medium.com - Source - An Examination of Select Controls for Enforcing the CIA Triad- Nov 2021
Medium.com - Source - Is Outsourcing IT Systems to the Cloud Worth the Audit Hassle?- Oct 2021
Medium.com - Source - Using MITRE's ATT&CK® Framework to Protect Mobile Devices- Oct 2021
Medium.com - Source - External Reviews of Your Risk Management Function? Yes Please.- Oct 2021
Medium.com - Source - COBIT or ISO 27k: Knowing Their Role Will Help Your Organization- Sep 2021
LinkedIn.com - Source - Case Study: TJ Maxx's Data Breach- Sep 2021
Medium.com - Source - Section 230 Needs to be Adapted for Changing Times- Sep 2021
Medium.com - Source - An Ethical Analysis of the Sony Hack Response- Sep 2021
Medium.com - Source - Addressing the Digital Divide- Aug 2021
Medium.com - Source - Case Study: AWS and Capital One- May 2021
System Weakness - Source - No, it’s not cyberterrorism.- Feb 2015
Cyber Defense Magazine - Source - Cyberterrorism as a Strategy (Four-part Series)- Nov 2014
Infosec Institute - Source - Ethical challenges of the internet of things.- Jan 2014
with Angela Orebaugh
SC Magazine - Source - The Ethics of Monitoring Your Employees- Sep 2013
Infosec Island (Originally) - Source - New Training Model for Advanced Persistent Threat Detection and Mitigation- Jun 2013
Infosec Island - Source - Why a technically competent cyber workforce is not enough- Mar 2013
with Sean Kern, Ken Peifer, Greg Touhill, Doug Capellman, Geoff Hancock, Royce Holden, Ajay Porous,Vishwas Rudramurthy, Arjun Singh, Ragna Sveinsdottir, Jeff Teo, George Valencia, and Sameer Valiyani
Cyber Security Forum Initiative - Source - Location, Location, Location: It Works in Risk Management- Mar 2012
Infosec Island - Source - Conducting a Penetration Test/Vulnerability Analysis to Improve an Organization’s Information Security Posture- Oct 2010
with Rhett Marsh
Applied Network Solutions - Source - Using Enterprise Security Architectures to Align Business Goals and IT Security within an Organization- Apr 2010
with Rhett Marsh
Applied Network Solutions - Source - Measuring Risk Using Existing Frameworks- Jan 2005
with Fran Neilsen
Taylor and Francis - Source - What does the CSI/FBI survey really tell us?- Jan 2003
Computer Security Journal - Source - Just Because You Aren't Sick Doesn't Mean You Are Healthy- Jan 2003
Government Security News - Source
More Essays/Articles
Presentations
- Elevating IT Risk to the Boardroom - Nov 2024
Let's Talk Security Forum, Panelist, Let's Talk Secuirty - Incident Response Readiness - Feb 2024
ISACA Orange County Webinar, Moderator, Virtually Testing Foundation - Zero Trust - Another Security Buzzword or a Real Paradigm Shift? - Jan 2024
2024 Enterprise Leadership Network Mini-Retreat, Moderator, ELN3 - Cyber Risk Management will be a Top Priority for Business Leaders - Sep 2023
2023 September Cybersecurity, Privacy and Data Protection Retreat, Moderator, Executive Leadership Network - Human error is still one of the primary reasons for the data breach - Jul 2023
2023 July Cybersecurity, Privacy and Data Protection Retreat, Moderator, Executive Leadership Network - Showcasing the Super Engineer and Super Architect of the Future In The Context of MSSP and MSP Resilience - Jun 2023
Managed Security Services Forum - Los Angeles, Panelist, MSSF - The Demand for Cyber Insurance is Going to Increase, But it’s Going to Become Harder to Get - May 2023
2023 May Cybersecurity, Privacy and Data Protection Retreat, Moderator, Executive Leadership Network - Case Study: Conducting a Risk Assessment for an Electrical Utility - Mar 2023
18th International Conference on Cyber Warfare and Security (ICCWS23), Presenter, ACI - Phishing Continues to Be a Problem - Sep 2022
Cybersecurity, Privacy & Data Protection Retreat, Panelist, Sub-Four Capital - Addressing Today’s Top Five Cloud Security Challenges - Sep 2022
Cybersecurity, Privacy & Data Protection Retreat , Moderator, Sub-Four Capital - GRC Extends Beyond the “Four Walls” of the Enterprise - Jul 2022
Cybersecurity, Privacy & Data Protection Retreat, Panelist, Sub-Four Capital - Addressing Data Poverty to Combat Online Fraud is in Everyone’s Interest - Nov 2021
2021 Cybersecurity, Privacy & Data Protection Retreat, Panelist, Sub-Four Capital - Building More Secure Applications - Oct 2021
US Department of Transportation Cybersecurity Awareness Month, Presenter, US Department of Transportation - Ensuring Security in Global Cloud Environments - Jun 2021
Content Protection Summit - Europe, Presenter, Content Delivery and Security Association (CDSA) - Security Careers - Feb 2020
ToroHack Security Conference, Panelist, California State University - Dominguez Hills - Enterprise Vulnerability Management - Mar 2019
Layer 8 Cybersecurity Conference, Speaker, California State University - Northridge - Certification and Accreditation as Part of Homeland Security - Jun 2006
Security Awareness Week Training Session, Panelist, US Department of Transportation - ICS Certification and Accreditation Support System - Apr 2004
Security Manager's Forum, Speaker, National Institute of Standards and Technology - Lessons Learned from the Common Criteria Process - Oct 2003
Information Assurance Technical Framework Forum, Speaker, National Security Agency - Risk Considerations in the Development of a Security Operations Center: Maximizing Your Benefit (with Maria Horton) - Mar 2003
NebraskaCERT Conference, Speaker, NebraskaCERT