Edwin Covert

About Me

I bring nearly 30 years of intelligence, cyber security, and risk management experience. As a practitioner, author, and speaker, I seek to improve organizations’ security posture by ensuring cybersecurity objectives satisfy mission and business needs.

My specialties include:

  • Enterprise security architecture
  • Security program development and management
  • Risk Management
  • Organizational change management and Leadership development
  • Cyber security hygiene assessments
  • Vulnerability management
  • Residence USA
  • Address Los Angeles, CA
  • Email .(JavaScript must be enabled to view this email address)
  • Phone +1.301.331.8257

Education

  • Masters Degree - Management of Information Technology (Concentration: Organizational Leadership and Change Management), Colorado State University, 2022
  • Certificate - Cybersecurity, Ithaca College, 2020
  • Bachelors of Science - Cyber Security (Minor: Critical Infrastructure Protection), University of Maryland University College, 2014

Certifications

  • Certified Information Systems Security Professional - #3597
  • Information Systems Security Architecture Professional - #3597
  • Certified Information Security Management - #0301434
  • Certified in Risk and Information Security Controls - #1108640
  • SABSA Certified Foundations - #SCF18012601
  • Project Management Professional - #321666

Memberships






Resume

Experience

2022 -
Bowhead Specialty Underwriters

Head of Cyber Risk Engineering

As the Head of Cyber Risk Engineering, I sit within the underwriting function and attend meetings with applicants' security teams (CISOs, Heads of Security, etc.) to understand how they are managing their own cybersecurity risk. In support of individual risk decisions, I conduct both inside-out and outside-in analyses to determine risk levels within an applicant both internally and relevant to their peers. I develop responses and recommendations for identified deficiencies. I also monitor emerging trends in the cybersecurity market as well as in the threat landscape to assist with overall portfolio steering.


2022 - 2022
WarnerBros. Discovery

Director, Risk Assessments and Testing

  • Team size: Five FTEs and 30 Contractors
  • Budget: Multi-million dollar program

As the Director for Risk Assessments and Testing, I am responsible for the development of a new process to assess applications, networks, infrastructure, and third-parties leading to a holistic picture of information technology risk. Additionally, I have implemented significant process improvements focused on integrating disparate cybersecurity and non-cyber e.g. sourcing, privacy, and compliance review efforts across the WarnerMedia enterprise. I am currently developing a enterprise-wide profile based on NIST's Cybersecurity Framework that ensures WarnerMedia is successfully meeting its business objectives through cybersecurity.


2021 - 2022
WarnerMedia

Director - Risk Assessments and Testing

  • Team size: Five FTEs and 30 Contractors
  • Budget: Multi-million dollar program

As the Director for Risk Assessments and Testing, I am responsible for the development of a new process to assess applications, networks, infrastructure, and third-parties leading to a holistic picture of information technology risk. Additionally, I have implemented significant process improvements focused on integrating disparate cybersecurity and non-cyber e.g. sourcing, privacy, and compliance review efforts across the WarnerMedia enterprise. I am currently developing a enterprise-wide profile based on NIST's Cybersecurity Framework that ensures WarnerMedia is successfully meeting its business objectives through cybersecurity.


2020 - 2021
WarnerMedia

Director - Technical Security Testing

  • Team size: Six FTEs
  • Budget: Million dollar program

As the Director of Technical Security Testing, I oversee a team of security architects, threat modelers, and penetration testers. In this role, I developed a standardized process for conducting security architecture reviews that covered application documentation, application development, authentication, data flows and business Logic, implemented cryptography and other data protection mechanisms, and application logging. These requirements are mandated by WM security policy and standards. I also developed a process for executing threat models on application using industry-standard processes that assessed an application/system's digital and network assets which comprise the overall solution, identified application weaknesses, determined what threats exist that could exploit those weaknesses, and established with application owners plans to protect or recover from an attack.

More details

Lastly, we implemented penetration testing protocols that covered web applications, web services, mobile applications, cloud applications, and databases. Each of these three core functions were integrated into common processes with standardized SOPs enabling the transfer of knowledge from experience staff to more junior members of the team.


2019 - 2020
WarnerMedia

Director - Security Assessments and Infrastructure Engineering and Architecture

  • Team size: Six FTEs
  • Budget: Million dollar program

As the Director of Security Assessments and Infrastructure Engineering and Architecture, I worked with our leadership and system/application owners to assess the risk new and current information systems bring to the WarnerMedia enterprise including Warner Bros, CNN, HBO, Turner, among others. These assessments include architectural reviews, technical security testing, controls assessments, and other critical elements.

More details

For the WarnerMedia infrastructure, my team and I design and engineer new security capabilities to ensure all parts of WarnerMedia closest to the user are actively protected from both common threat actors as well as the latest cybersecurity risks. This engineering effort includes the development of the endpoint security architecture across all platforms as well as ensuring these tools and capabilities remain at the peak of their operating capacity.


2018 - 2019
Warner Bros.

Director - Architecture, Engineering and Asset Security

  • Team size: Seven FTEs
  • Budget: Multi-million dollar program

As the Director of Architecture, Engineering, and Asset Security, I led a team that designed, build, and operated business critical cybersecurity solutions for Warner Bros. My team and I supported the Warner Bros Technology organization’s core mission to provide secure production, post-production digital media, on-line and mobile gaming, web-hosting services and technical leadership to various WB divisions.

More details

I provided technical expertise in defense of our internet-facing server infrastructure and in support of our security services. I led a team of security architects and engineers as we planned, developed, implemented and maintained WB's Information & Content Security technologies related to the secure operation of production, post-production, game and web systems and services. Key aspects of this effort included the re-configuration of Warner Bros. global security stacks to include firewalls, IDS, C2 sensors, PCAP devices, and honeypots.


2018 - 2018
Deutsche Bank

Global Head of Security Architecture

  • Team size: 12 FTEs and 1 Contractor
  • Budget: Multi-million dollar program

As the Global Head of Security Architecture, I led an enterprise security architecture team that spans the globe. This bank-wide role worked with top leaders across the bank to advocate, strategize, design, develop, and advance security controls into a dynamic and challenging environment. This team covered enterprise security architecture, cyber risk management, cryptographic architecture, data architecture and privacy, and application security architecture (and associated program management and budgeting concerns). The security architecture team was a key component of the Bank’s global architecture efforts and ensures all projects and strategies put forward within the Bank have an alignment to the Bank’s Enterprise Security Architecture. My team also performed special assignments from the Chief Security Officer including engineering and consulting throughout the Bank.


2016 - 2018
Deutsche Bank

Vice President - Enterprise Security Architecture

  • Team size: Five FTEs
  • Budget: Million dollar program

I was responsible for developing Deutsche Bank’s enterprise security architecture enabling scalable and effective protection of all Bank IT assets and data globally. As a member of the Chief Security Officer's (CSO) Chief Technology Office (CTO) as well as the Chief Architects Forum, I worked with global business leaders to match their critical business requirements with those of the Bank, it's worldwide regulators, and industry standards thus creating secure solutions and architecture components with a focused on:

More details

  • Network security
  • Network defense
  • Operating system security
  • Identity, authentication and authorization
  • Data protection
  • Application security
  • Activity audit and monitoring
  • Mobile computing security
  • Partner/vendor access to corporate systems/data

I led the identification and assessment of technology & products in close partnership and collaboration with DB's lines of business as well as with our internal technology partners. In addition to creating technical reference architectures across the enterprise, I developed strategic implementation roadmaps for new cybersecurity capabilities. I served as the senior architect and technical lead supporting the Global Head of Security Architecture on all IT security strategic planning, risk analysis and other related topics and am the Program Director for the Bank's Enterprise Security Architecture Program. I was a member of the Bank's Security Architecture Council focusing on ensuring new cloud-based solutions and designs meet the Bank's stringent internal and regulatory requirements. Finally, I represented the CSO CTO with corporate IT architecture and technology planning and implementation activities as required.


2011 - 2016
Booz Allen Hamilton

Senior Lead Technologist

  • Team size: 20 FTEs
  • Budget: Multi-million dollar program

I oversaw Booz Allen’s cyber security efforts at a plethora of agencies that compose the Regulators and Housing segment of their Federal Civilian work. These agencies included SEC, CFPB, OCC, and Freddie Mac among others. I developed new solutions and implemented coordinated cross-firm projects for these clients. I led Booz Allen’s work on the National Institute of Standards and Technology’s National Vulnerability Database program. I ensured deliverables are successfully submitted to all client in accordance with requirements and quality goals. I provided research, analysis, and content to develop a national-level cyber security strategy document for an international client. I recommended policies based on evaluation of European and Middle Eastern cyber security policies and strategies and provided timely feedback and input on client policy documents to develop a robust and effective cyber program.

More details

I provided operational support to the CND Architecture Working Group and I oversaw reviews of new CND architecture documents and artifacts as part of the DOD’s Joint Information Environment (JIE) Single Security Architecture (SSA). I led a team of analysts at the Bureau of Census’ Decennial Systems and Contract Management Organization performing management and monitoring of vulnerability management systems ensuring secure configuration on Decennial systems. I served as the cyber security subject matter expert for the Federal Reserve Bank of Richmond’s Network Tier Realignment and Core Enhancement Project (NTRACE) Security Review. Conducted security assessments reviewing incident response, access control, contingency planning, identification and authentication, system communication and system integrity controls to ensure proper intrusion detection and firewall placement in a new architecture at the Federal Reserve’s Richmond location.

I led a staff of nine that included cyber security engineers, cyber security analysts, technical writers, and quality control personnel for the Federal Communications Commission’s Enhanced Secured Network (ESN) Project. I collaborated with team to design cyber security components into the ESN and create implementation plans for those components and I ensured advanced persistent threat countermeasures were deployed and monitored.

I served as a Cyber Defense Subject Matter Expert for the US Navy Fleet Cyber Command/Commander Tenth Fleet (FLTCYBERCOM/COMTENTHFLT) program management office responsible for overseeing and managing the Navy’s deployment of the Host-based Security System (HBSS) program at Fort Meade, MD. In this capacity I worked with a global Navy team in a challenging and dynamic environment that combines technical security operations talent with business consulting skills to deliver high-value programmatic and cyber security solutions to the Navy.


2009 - 2011
Applied Network Solutions

Director - Security Programs

  • Team size: Two FTEs
  • Budget: Multi-million dollar program

I was responsible for all aspects of ANS' information assurance and information security service offerings. I also developed the information assurance security/cybersecurity services ANS provided to its government and commercial clients. I developed risk management frameworks and security policy for healthcare organizations. In addition, I was the Program Manager for ANS' work with the USAMS 2 (USSTRATCOM) contract, the ITSSS (FBI) contract, and all ANS work at the Defense Information Systems Agency (DISA) as well as the US Navy Seaport-E contract. I regularly liaised with prime contractors and their clients about current and forthcoming work. In addition, I conducted the full spectrum of program management functions for all ANS personnel assigned to programs.


1999 - 2009
Integrated Communication Solutions

Sr. Program Manager

  • Team size: Ten FTEs
  • Budget: Multi-million dollar program

I was the Sr. Account Executive for several DOD/Intelligence Programs for ICS. My most recent assignment was as the Senior Program Manager for Diplomatic and Law Enforcement Programs for ICS. Within these programs, ICS had two significant contract vehicles potentially worth a combined $1.4 billion. Previously I served as a Sr. Solution Engineer for ICS' Solutions Engineering Group. My role included acting as a principle technical support for ICS' Business Development Team and ICS' Operational Units. I was responsible also for researching and developing new services for ICS' clients in order for the company to become even more responsive to our clients' needs. As the Program Manager for ICS' work at a large federal agency, I was tasked with overseeing all of ICS' work within the agency.

More details

I developed, led, and managed solutions ranging from disaster recovery and continuity planning to certification and accreditation of major IT systems. Among, other projects, I have overseen the implementation of a accreditation effort for all of the infrastructure systems at the organization's new HQ facility in Washington, DC. My responsibilities included daily client interfacing. As the Deputy Program Manager and Senior Technical Lead for a homeland security-related program, I was responsible for overseeing the design and implementation of all of ICS’ technical solutions for a enterprise-wide information security auditing program. I was responsible for ensuring the tasks are completed in accordance with customer specifications and quality requirements. I also provided information security expertise to the six-member team.


1997 - 1999
Electronic Data Systems

Security Engineer

  • Team size: Three FTEs
  • Budget: Million dollar program

I led a team of three security specialists that conducted reviews for compliance to US Air National Guard (ANG) security regulations. I secured the HQ ANG network from backbone to desktop as well as prepared all security related documentation for the ANG Inspector General. I developed the ANG certification and accreditation (C&A) manual. I also conducted user audits to ensure passwords for the ANG user community were in the prescribed format. I developed standard operating procedures for network incidents as well as performed risk analysis on all sections of the ANG network and its local directorate networks. I also participated in the various phases of the ANG’s incident response process including coordinating with US Air Force and federal law enforcement personnel.


1992 - 1996
United States Navy

Cryptologic Technician Interpretive

Honorable discharge


Community Involvement

Activities

2021
Content Delivery and Security Association

Technical Content Advisor

I provide cybersecurity advice to the CDSA. CDSA, the Content Delivery & Security Association, is the international content protection association. Founded as a non-profit in 1970, CDSA has served as the worldwide forum advocating the innovative and responsible delivery and storage of entertainment, software and information content. Its global membership includes companies involved in every facet along the digital and physical media supply chain.


2020
Ithaca College

Member - Board of Advisors

As a member of the Advisory Board to the the Cybersecurity Certificate Program at Ithaca College, I work with program leadership to provide advice and consultative feedback for their cybersecurity certification process. This program is designed to train and develop professionals to manage cybersecurity issues within an organization. The program prepares working professionals to analyze, manage, and build cybersecurity competencies that can protect the organization. It provides participants with the insight and expertise needed to solve real-world cybersecurity problems, recommends practical and strategic solutions, and to communicate results. Participants gain technical, analytical, and communication skills through Ithaca College's project-based interdisciplinary curriculum, which seeks to provide a comprehensive understanding of the new cybersecurity threats and players.


2018
ISC2

Chartering Secretary

I helped charter, as an officer of the Chapter, the Northern Virginia Chapter of ISC2. This became the largest ISC2 chapter in the world.


2015
FIRST Robotics

Coach

As the co-coach of the Washington County 4H Lego robotics team, I sheparded a team of children through the requirements phase all the way until the qualifier tournament


2015
International Conference on Cyber Warfare and Security

Committee Member

As member of the Committee of the International Conference on Cyber Warfare and Security (ICCWS), I work with conference organizers to review submitted papers for consideration for inclusion in the conference proceedings.


2013
Montreat College

Team Advisor

I assisted the Montreat College National Cyber League team as they competed in regionals and nationals by providing practical experience and guidance as requested in the areas of penetration testing and vulnerability exploitation.


2013
ISC2

Volunteer

The Safe and Sound Online program teaches children, parents, and school teachers in our community how to be responsible digital citizen through in school visits and presentations.


Media



Interviews




Essays/Articles



  • An Examination of SaaS Use Cases- Nov 2022
               Medium.com - Source

  • Security Considerations With Working Remotely- Oct 2022
               System Weakness - Source

  • The Effects of Technological Change on Organizations and Employees- Oct 2022
               Medium.com - Source

  • The importance of understanding SaaS licensing models- Oct 2022
               Medium.com - Source

  • Becoming Comfortable Being Uncomfortable- Sep 2022
               Medium.com - Source

  • More Essays/Articles
  • The Importance of Roles in Change Management- Sep 2022
               Medium.com - Source

  • A Journey Through Leadership- Aug 2022
               Medium.com - Source

  • Your Mission Statement Must Be Based On Your Values- Aug 2022
               Medium.com - Source

  • Adaptive Leadership in Times of Change- Jul 2022
                Startup & Leadership - Source

  • If I Were Going to Pivot to a Career in Business Continuity Management…- Jul 2022
               Medium.com - Source

  • Application Security Assessments as Risk Management- Jun 2022
               System Weakness - Source

  • Case Study: Business Continuity Planning for a Guitar Maker- Jun 2022
               Medium.com - Source

  • Disaster Recovery: A Practical Exercise- May 2022
               Medium.com - Source

  • Case Study: Nissan’s Revival Plan- May 2022
               Medium.com - Source

  • Understanding Rewards and Motivations in Employees- May 2022
               Medium.com - Source

  • Monitoring Economic Systems in Times of Unrestricted Warfare- Apr 2022
               Medium.com - Source

  • Life in a Time of Constant Change- Apr 2022
               Medium.com - Source

  • A Comparison in Leadership Styles: Bezos and Fraser- Mar 2022
               Medium.com - Source

  • Case Study: Nokia’s Use of Cross-Functional Teams- Mar 2022
               Medium.com - Source

  • Leadership in Cybersecurity: An Examination of a Transformational Leader with Vision- Feb 2022
               Medium.com - Source

  • Case Study: Conducting a Risk Assessment for Edison International Industrial Control Systems- Jan 2022
               System Weakness - Source

  • Protecting All of the Layers- Jan 2022
               System Weakness - Source

  • Viruses, Worms, and Trojans Horses...oh my!- Dec 2021
               System Weakness - Source

  • Understanding the Relationship between CWE and CAPEC Through Two Scenarios- Dec 2021
               Medium.com - Source

  • An Examination of Select Controls for Enforcing the CIA Triad- Nov 2021
               Medium.com - Source

  • Is Outsourcing IT Systems to the Cloud Worth the Audit Hassle?- Oct 2021
               Medium.com - Source

  • Using MITRE's ATT&CK® Framework to Protect Mobile Devices- Oct 2021
               Medium.com - Source

  • External Reviews of Your Risk Management Function? Yes Please.- Oct 2021
               Medium.com - Source

  • COBIT or ISO 27k: Knowing Their Role Will Help Your Organization- Sep 2021
               LinkedIn.com - Source

  • Case Study: TJ Maxx's Data Breach- Sep 2021
               Medium.com - Source

  • Section 230 Needs to be Adapted for Changing Times- Sep 2021
               Medium.com - Source

  • An Ethical Analysis of the Sony Hack Response- Sep 2021
               Medium.com - Source

  • Addressing the Digital Divide- Aug 2021
               Medium.com - Source

  • Case Study: AWS and Capital One- May 2021
               System Weakness - Source

  • No, it’s not cyberterrorism.- Feb 2015
               Cyber Defense Magazine - Source

  • Cyberterrorism as a Strategy (Four-part Series)- Nov 2014
               Infosec Institute - Source

  • Ethical challenges of the internet of things.- Jan 2014
    with Angela Orebaugh
               SC Magazine - Source

  • The Ethics of Monitoring Your Employees- Sep 2013
               Infosec Island (Originally) - Source

  • New Training Model for Advanced Persistent Threat Detection and Mitigation- Jun 2013
               Infosec Island - Source

  • Why a technically competent cyber workforce is not enough- Mar 2013
    with Sean Kern, Ken Peifer, Greg Touhill, Doug Capellman, Geoff Hancock, Royce Holden, Ajay Porous,Vishwas Rudramurthy, Arjun Singh, Ragna Sveinsdottir, Jeff Teo, George Valencia, and Sameer Valiyani
               Cyber Security Forum Initiative - Source

  • Location, Location, Location: It Works in Risk Management- Mar 2012
               Infosec Island - Source

  • Conducting a Penetration Test/Vulnerability Analysis to Improve an Organization’s Information Security Posture- Oct 2010
    with Rhett Marsh
               Applied Network Solutions - Source

  • Using Enterprise Security Architectures to Align Business Goals and IT Security within an Organization- Apr 2010
    with Rhett Marsh
               Applied Network Solutions - Source

  • Measuring Risk Using Existing Frameworks- Jan 2005
    with Fran Neilsen
               Taylor and Francis - Source

  • What does the CSI/FBI survey really tell us?- Jan 2003
               Computer Security Journal - Source

  • Just Because You Aren't Sick Doesn't Mean You Are Healthy- Jan 2003
               Government Security News - Source


Presentations



  • Phishing Continues to Be a Problem - Sep 2022
    Cybersecurity, Privacy & Data Protection Retreat, Panelist, Sub-Four Capital

  • Addressing Today’s Top Five Cloud Security Challenges - Sep 2022
    Cybersecurity, Privacy & Data Protection Retreat , Moderator, Sub-Four Capital

  • GRC Extends Beyond the “Four Walls” of the Enterprise - Jul 2022
    Cybersecurity, Privacy & Data Protection Retreat, Panelist, Sub-Four Capital

  • Addressing Data Poverty to Combat Online Fraud is in Everyone’s Interest - Nov 2021
    2021 Cybersecurity, Privacy & Data Protection Retreat, Panelist, Sub-Four Capital

  • Building More Secure Applications - Oct 2021
    US Department of Transportation Cybersecurity Awareness Month, Presenter, US Department of Transportation




Cyber News

Contact

Los Angeles, California

+1.301.331.8257

.(JavaScript must be enabled to view this email address)

How Can I Help You?

Please enter the word you see in the image below: