Edwin Covert

About Me

I am a seasoned cybersecurity executive with over three decades of leadership in cyber risk management, security architecture, and information technology. As a CISO, board advisor, author, and speaker, I bridge cybersecurity with business strategy, ensuring security controls align with mission-critical and financial objectives. A trusted voice in governance and risk quantification, I try to shape security frameworks for Fortune 1000 companies, enhanced third-party risk programs, and influenced cyber insurance underwriting standards. My expertise extends beyond technology — advising boards, mentoring industry professionals, and elevating the cybersecurity profession. A proud U.S. Navy veteran, I bring a mission-driven, results-oriented approach to securing organizations against emerging threats.

  • Residence USA
  • Address Los Angeles, CA
  • Email .(JavaScript must be enabled to view this email address)

Education

Certifications

  • Certified Information Systems Security Professional - #3597
  • Information Systems Security Architecture Professional - #3597
  • Certified Information Security Management - #0301434
  • Qualified Technology Executive - #84844145
  • Certified in Risk and Information Security Controls - #1108640
  • SABSA Certified Foundations - #SCF18012601
  • Open FAIR 2 Foundations - #2834
  • Project Management Professional - #321666

Professional Memberships






Work History

Experience

2024 - 2024
Bowhead Specialty Underwriters

Chief Information Security Officer

  • Strengthened GRC & Board Engagement:Directed the Governance, Risk, and Compliance (GRC) program, ensuring executive risk transparency and adherence to SEC 8-K/10-K and NYDFS cybersecurity requirements, enhancing regulatory compliance and board-level risk decision-making.
  • Revamped Third-Party Risk Management: Designed and deployed a third-party risk management framework, reducing vendor-related security incidents and strengthening security across 50+ critical suppliers.
  • Transformed Risk Modeling for Business Leaders: Developed a FAIR-based cyber risk quantification model, translating technical risk into financial and reputational business impact, ensuring executive leaders could make data-driven risk decisions with confidence.


2024 - Present
California State University - Los Angeles

Guest Lecturer/Adjunct Professor

  • Leading the Next Generation: Designed and taught undergraduate cybersecurity courses (e.g., CIS 4730 - Network Security Essentials and Practice), covering key topics like malware, firewalls, access control, wireless security, intrusion detection/response, and network resiliency.


2022 - Present
Bowhead Specialty Underwriters

Head of Cyber Risk Engineering

  • Optimized Cyber Risk Assessment: Led the evaluation of 2,000+ organizations' security postures, identifying strategic risk factors and delivering tailored recommendations that strengthened underwriting decisions and reduced financial exposure across a $1B+ insurance portfolio.
  • Enhanced Underwriting Precision: Designed and implemented 36+ repeatable cyber risk assessment processes, enabling scalable risk quantification and improving consistency in risk evaluation across Fortune 1000 clients.
  • Integrated Threat Intelligence: Monitored and analyzed emerging cybersecurity threats and industry trends, translating findings into refined underwriting policies that proactively mitigated systemic cyber risks.
  • Streamlined Risk Visibility:Developed a centralized knowledge base, providing real-time insights and actionable intelligence that strengthened the company's ability to quantify, compare, and predict cyber risks.


2022 - 2022
WarnerBros. Discovery

Director, Risk Assessments and Testing

  • Team size: Five FTEs and 30 Contractors
  • Budget: Multi-million dollar program

  • Secured Digital Media & Live Events: Led risk assessments for high-profile productions and streaming platforms, ensuring the security of NBA Playoffs content, digital assets, and mission-critical entertainment infrastructure.


2021 - 2022
WarnerMedia

Director - Risk Assessments and Testing

  • Team size: Five FTEs and 30 Contractors
  • Budget: Multi-million dollar program

  • Secured Digital Media & Live Events: Led risk assessments for high-profile productions and streaming platforms, ensuring the security of NBA Playoffs content, digital assets, and mission-critical entertainment infrastructure.


2020 - 2021
WarnerMedia

Director - Technical Security Testing

  • Team size: Six FTEs
  • Budget: Million dollar program

  • Expanded Application Security Coverage: Directed security testing for 100+ enterprise applications, establishing proactive risk management strategies that enabled secure remote content production during the COVID-19 pandemic.


2019 - 2020
WarnerMedia

Director - Security Assessments and Infrastructure Engineering and Architecture

  • Team size: Six FTEs
  • Budget: Million dollar program

  • Fortified Global Security Architecture: Spearheaded the deployment of 17 security stacks across global locations, enhancing Warner Bros’ cybersecurity defenses and minimizing operational vulnerabilities.


2018 - 2019
Warner Bros.

Director - Architecture, Engineering and Asset Security

  • Team size: Six FTEs
  • Budget: Million dollar program

  • Fortified Global Security Architecture: Spearheaded the deployment of 17 security stacks across global locations, enhancing Warner Bros’ cybersecurity defenses and minimizing operational vulnerabilities.


2018 - 2018
Deutsche Bank

Global Head of Security Architecture

  • Team size: 12 FTEs and 1 Contractor
  • Budget: Multi-million dollar program
    • Architected Enterprise Security Strategy: Developed and implemented Deutsche Bank’s first enterprise-wide security architecture, ensuring scalable, risk-based protection of global IT assets.
        Led Multi-Disciplinary Security Governance: Chaired the Security Architecture Review Board, overseeing risk-based evaluations and ensuring alignment between security investments and business objectives.


2016 - 2018
Deutsche Bank

Vice President - Enterprise Security Architecture

  • Team size: Five FTEs
  • Budget: Million dollar program
  • Standardized Security Implementation: Designed 12+ enterprise security reference architectures, accelerating security deployment and streamlining compliance for global financial operations.
  • Established Foundational Architecture: Engineered Deutsche Bank’s first cohesive security architecture, scaling data protection for a global financial infrastructure.

More details

  • Network security
  • Network defense
  • Operating system security
  • Identity, authentication and authorization
  • Data protection
  • Application security
  • Activity audit and monitoring
  • Mobile computing security
  • Partner/vendor access to corporate systems/data

I led the identification and assessment of technology & products in close partnership and collaboration with DB's lines of business as well as with our internal technology partners. In addition to creating technical reference architectures across the enterprise, I developed strategic implementation roadmaps for new cybersecurity capabilities.

I served as the senior architect and technical lead supporting the Global Head of Security Architecture on all IT security strategic planning, risk analysis and other related topics and am the Program Director for the Bank's Enterprise Security Architecture Program. I was a member of the Bank's Security Architecture Council focusing on ensuring new cloud-based solutions and designs meet the Bank's stringent internal and regulatory requirements. Finally, I represented the CSO CTO with corporate IT architecture and technology planning and implementation activities as required.


2011 - 2016
Booz Allen Hamilton

Senior Lead Technologist

  • Team size: 20 FTEs
  • Budget: Multi-million dollar program

  • Drove Cybersecurity Improvements: for multiple federal agencies (SEC, CFPB, OCC, Freddie Mac, etc.) by developing and implementing new solutions and leading cross-firm projects
  • Streamlined the CND Architecture Review Process:by overseeing reviews of new CND architecture documents and artifacts within the DOD's JIE SSA
  • Enhanced the Security Posture: for the Bureau of Census' Decennial systems by leading a team managing and monitoring vulnerability management systems and ensuring secure configuration

More details

  • Validated Security Design: for the Federal Reserve Bank of Richmond's NTRACE project by serving as cybersecurity SME, conducting security assessments, and ensuring proper controls and intrusion detection/firewall placement
  • Successfully Implemented Cybersecurity Components: For the FCC's Enhanced Security Network (ESN) Project by leading a nine-person team, designing components, creating implementation plans, and ensuring APT countermeasures deployment and monitoring
  • Improved the US Navy's HBSS Program: Served as Cyber Defense SME for FLTCYBERCOM/COMTENTHFLT, overseeing the program and working with a global team to deliver programmatic and cybersecurity solutions


2009 - 2011
Applied Network Solutions

Director - Security Programs

  • Team size: Two FTEs
  • Budget: Multi-million dollar program

  • Created revenue:Led all aspects of ANS' information assurance and information security service offerings.
  • Improved Clients' Security: Developed information assurance security/cybersecurity services for government and commercial clients.
  • Ensure Project Success: Performed full-spectrum program management functions for all ANS personnel assigned to programs.


1999 - 2009
Integrated Communication Solutions

Sr. Program Manager

  • Team size: Ten FTEs
  • Budget: Multi-million dollar program

  • Created Value for Clients:Served as Sr. Account Executive for multiple DoD/Intelligence programs, including two with potential contract vehicles totaling $1.4B.
  • Ensured Client Security and Resiliency: Deputy Program Manager and Senior Technical Lead for a homeland security program, overseeing design and implementation of an enterprise-wide information security auditing program


1997 - 1999
Electronic Data Systems

Security Engineer

  • Team size: Three FTEs
  • Budget: Million dollar program

  • Reduced Risk:Performed risk analysis on the Air National Guard (ANG) network and local directorate networks by securing the HQ ANG network from backbone to desktop
  • Improved SecurityDeveloped, led, and managed solutions for disaster recovery, continuity planning, and IT system certification and accreditation (C&A).


1992 - 1996
United States Navy

Cryptologic Technician Interpretive

Honorable discharge


Services Offered



By offering these services, I can bridge the gap between security needs and strategic business goals for a variety of organizations, ensuring proactive risk management, compliance, and cybersecurity maturity while demonstrating tangible ROI.

Executive Cyber Risk Advisory

Business Problem Solved
  • Boards and C-suite executives lack actionable insights into cyber threats, regulatory compliance, and risk quantification.
  • Organizations struggle to translate technical risks into business impact, resulting in poor decision-making and exposure to fines or reputational damage.
Typical Outcomes
  • Informed Decision-Making: Executives can prioritize security investments and align budgets with risk tolerance.
  • Regulatory Confidence: Clear guidance on SEC, NYDFS, and other regulatory mandates.
  • Reduced Liability & Reputation Risk: Proactive identification and mitigation of high-impact vulnerabilities.

Cyber Insurance Preparation & Risk Quantification Consulting

Business Problem Solved
  • Insurance carriers and brokers need accurate, data-driven assessments of an organization’s cyber risk profile.
  • Companies seeking coverage must demonstrate robust security controls to qualify for optimal premiums.
Typical Outcomes
  • Reduced Financial Exposure: Carriers gain precision in underwriting, lowering the risk of large payouts.
  • Competitive Edge: Policyholders can demonstrate stronger security posture, potentially reducing premiums.
  • Data-Driven Decision Making: FAIR-based quantification and consistent risk scoring lead to objective underwriting.

Regulatory Compliance & Audit Preparedness

Business Problem Solved
  • Companies risk fines, legal exposure, and reputational damage by not adhering to SEC, NYDFS, GDPR, or HIPAA regulations.
  • Internal teams may lack the expertise or bandwidth to interpret and implement evolving cybersecurity regulations.
Typical Outcomes
  • Avoidance of Fines & Penalties: Fully prepared for regulatory audits, minimizing negative findings.
  • Enhanced Reputation: Demonstrates mature security practices to customers, partners, and investors.
  • Streamlined Processes: Better documentation and procedures reduce internal friction and confusion.

Interim or Virtual CISO Services

Business Problem Solved
  • Organizations without a full-time CISO face governance gaps, uncoordinated security strategies, and potential compliance violations.
  • Rapidly growing companies need immediate leadership but may not be ready for a full-time, permanent CISO hire.
Typical Outcomes
  • Accelerated Security Maturity: Rapid implementation of best practices without the overhead of a full-time hire.
  • Regulatory Readiness: Structured approach to audits, regulatory filings, and security certifications.
  • Reduced Operational Risk: Effective leadership ensures incident response and risk management are aligned with business goals.

Third-Party Risk Management & Vendor Security Evaluations

Business Problem Solved
  • Companies with complex supply chains struggle to evaluate and monitor vendor security, exposing them to breach risks and regulatory compliance issues.
  • Many organizations lack repeatable processes for onboarding, assessing, and managing third-party relationships.
Typical Outcomes
  • Stronger Supply Chain Resilience: Reduced likelihood of vendor-related incidents or breaches.
  • Streamlined Vendor Management: Clear processes for onboarding, oversight, and offboarding.
  • Regulatory Compliance: Ensures alignment with GDPR, HIPAA, or other data protection laws.

Incident Response & Business Continuity Planning

Business Problem Solved
  • Many organizations lack proactive plans for breach response, disaster recovery, or continuity of critical operations.
  • Post-incident confusion and delayed recovery can lead to severe financial losses and brand damage.
Outcomes
  • Faster Recovery & Reduced Downtime: Minimizes operational, financial, and reputational damage during incidents.
  • Executive-Level Assurance: Clear roles, responsibilities, and escalation paths reduce confusion and speed decision-making.
  • Regulatory Readiness: Formal IR and BC plans can satisfy audit requirements and bolster compliance posture.

Community Involvement

Activities

2025 - Present
ISC2 Los Angeles Chapter

President

As President of the ISC2 Los Angeles Chapter, I lead the five-member Board's efforts to education, inspire, connect, and secure both the chapter's members and the enterprises they support. As a member of the chapter's Board of Directors, I lead the chapter as it grows into a world-class organization in furtherance of the overall mission of ISC2 and the needs of the cybersecurity community.


Member


Fundraising Organizer

I organized and raised money to benefit Women's Society of Cyberjutsu (WSC). WSC is a nonprofit cybersecurity community for women and girls. Their goal is to train a diverse and defense workforce of cyber talent through hands-on training, networking events, professional development and mentoring. WSC members and supporters have the rare opportunity to impact the direction and goals of the training provided. With this fundraiser, I raised over $600 in three weeks.


Cybersecurity Collaboration Forum Leadership Board Member

As part of the Los Angeles-centric Forum, I work to improve the resiliency of the cybersecurity community through CISO-centric knowledge sharing. I seek to strengthen the community’s ability to share meaningful insights and best practices on the most pressing cybersecurity issues today. I also guide content and curriculum development by recommending thought leaders as potential speakers for Los Angeles events we host.


2023 - Present
ISC2 Los Angeles Chapter

Communications Chair/Board of Directors

As Communications Chair, I lead the chapter's efforts to communicate effectively and efficient about upcoming events, issues before the Board of Directors, and general communications with the chapter's members. As a member of the chapter's Board of Directors, I help guide the chapter and participate in leading the chapter as it grows into a world-class organization. I was formally assisting with event coordination as a way of giving back to the cybersecurity community.


Scholarship Review Member

I review applications for cybersecurity scholarships for the Center for Cyber Safety and Education at both the undergraduate and graduate levels. Each candidate is evaluated for passion for cyber, merit, and financial need. These scholarships encourage and support students pursuing a degree with a focus on cybersecurity, information assurance, or similar field globally.


Technical Content Advisor

I provide cybersecurity advice to the CDSA. CDSA, the Content Delivery & Security Association, is the international content protection association. Founded as a non-profit in 1970, CDSA has served as the worldwide forum advocating the innovative and responsible delivery and storage of entertainment, software and information content. Its global membership includes companies involved in every facet along the digital and physical media supply chain.


2020 - Present
Ithaca College

Member - Board of Advisors

As a member of the Advisory Board to the the Cybersecurity Certificate Program at Ithaca College, I work with program leadership to provide advice and consultative feedback for their cybersecurity certification process. This program is designed to train and develop professionals to manage cybersecurity issues within an organization. The program prepares working professionals to analyze, manage, and build cybersecurity competencies that can protect the organization. It provides participants with the insight and expertise needed to solve real-world cybersecurity problems, recommends practical and strategic solutions, and to communicate results. Participants gain technical, analytical, and communication skills through Ithaca College's project-based interdisciplinary curriculum, which seeks to provide a comprehensive understanding of the new cybersecurity threats and players.


Chartering Secretary

I helped charter, as an officer of the Chapter, the Northern Virginia Chapter of ISC2. This became the largest ISC2 chapter in the world.


2015 - 2016
FIRST Robotics

Coach

As the co-coach of the Washington County 4H Lego robotics team, I sheparded a team of children through the requirements phase all the way until the qualifier tournament


Interviews and Publications



Interviews




Essays/Articles



  • The (formerly) Unsung Incident Response Plan- Jul 2023
           Medium.com - Source
  • In Cyber Insurance, It’s More Than Technical Controls- Jun 2023
           Medium.com - Source
  • Case Study: Conducting a Risk Assessment for an Electrical Utility- Mar 2023
           International Conference on Cyber Warfare and Security/ACI - Source
  • An Examination of SaaS Use Cases- Nov 2022
           Medium.com - Source
  • Security Considerations With Working Remotely- Oct 2022
           System Weakness - Source
  • More Essays/Articles
  • The Effects of Technological Change on Organizations and Employees- Oct 2022
           Medium.com - Source
  • The importance of understanding SaaS licensing models- Oct 2022
           Medium.com - Source
  • Becoming Comfortable Being Uncomfortable- Sep 2022
           Medium.com - Source
  • The Importance of Roles in Change Management- Sep 2022
           Medium.com - Source
  • A Journey Through Leadership- Aug 2022
           Medium.com - Source
  • Your Mission Statement Must Be Based On Your Values- Aug 2022
           Medium.com - Source
  • Adaptive Leadership in Times of Change- Jul 2022
            Startup & Leadership - Source
  • If I Were Going to Pivot to a Career in Business Continuity Management…- Jul 2022
           Medium.com - Source
  • Application Security Assessments as Risk Management- Jun 2022
           System Weakness - Source
  • Case Study: Business Continuity Planning for a Guitar Maker- Jun 2022
           Medium.com - Source
  • Disaster Recovery: A Practical Exercise- May 2022
           Medium.com - Source
  • Case Study: Nissan’s Revival Plan- May 2022
           Medium.com - Source
  • Understanding Rewards and Motivations in Employees- May 2022
           Medium.com - Source
  • Monitoring Economic Systems in Times of Unrestricted Warfare- Apr 2022
           Medium.com - Source
  • Life in a Time of Constant Change- Apr 2022
           Medium.com - Source
  • A Comparison in Leadership Styles: Bezos and Fraser- Mar 2022
           Medium.com - Source
  • Case Study: Nokia’s Use of Cross-Functional Teams- Mar 2022
           Medium.com - Source
  • Leadership in Cybersecurity: An Examination of a Transformational Leader with Vision- Feb 2022
           Medium.com - Source
  • Protecting All of the Layers- Jan 2022
           System Weakness - Source
  • Viruses, Worms, and Trojans Horses...oh my!- Dec 2021
           System Weakness - Source
  • Understanding the Relationship between CWE and CAPEC Through Two Scenarios- Dec 2021
           Medium.com - Source
  • An Examination of Select Controls for Enforcing the CIA Triad- Nov 2021
           Medium.com - Source
  • Is Outsourcing IT Systems to the Cloud Worth the Audit Hassle?- Oct 2021
           Medium.com - Source
  • Using MITRE's ATT&CK® Framework to Protect Mobile Devices- Oct 2021
           Medium.com - Source
  • External Reviews of Your Risk Management Function? Yes Please.- Oct 2021
           Medium.com - Source
  • COBIT or ISO 27k: Knowing Their Role Will Help Your Organization- Sep 2021
           LinkedIn.com - Source
  • Case Study: TJ Maxx's Data Breach- Sep 2021
           Medium.com - Source
  • Section 230 Needs to be Adapted for Changing Times- Sep 2021
           Medium.com - Source
  • An Ethical Analysis of the Sony Hack Response- Sep 2021
           Medium.com - Source
  • Addressing the Digital Divide- Aug 2021
           Medium.com - Source
  • Case Study: AWS and Capital One- May 2021
           System Weakness - Source
  • No, it’s not cyberterrorism.- Feb 2015
           Cyber Defense Magazine - Source
  • Cyberterrorism as a Strategy (Four-part Series)- Nov 2014
           Infosec Institute - Source
  • Ethical challenges of the internet of things.- Jan 2014
    with Angela Orebaugh
           SC Magazine - Source
  • The Ethics of Monitoring Your Employees- Sep 2013
           Infosec Island (Originally) - Source
  • New Training Model for Advanced Persistent Threat Detection and Mitigation- Jun 2013
           Infosec Island - Source
  • Why a technically competent cyber workforce is not enough- Mar 2013
    with Sean Kern, Ken Peifer, Greg Touhill, Doug Capellman, Geoff Hancock, Royce Holden, Ajay Porous,Vishwas Rudramurthy, Arjun Singh, Ragna Sveinsdottir, Jeff Teo, George Valencia, and Sameer Valiyani
           Cyber Security Forum Initiative - Source
  • Location, Location, Location: It Works in Risk Management- Mar 2012
           Infosec Island - Source
  • Conducting a Penetration Test/Vulnerability Analysis to Improve an Organization’s Information Security Posture- Oct 2010
    with Rhett Marsh
           Applied Network Solutions - Source
  • Using Enterprise Security Architectures to Align Business Goals and IT Security within an Organization- Apr 2010
    with Rhett Marsh
           Applied Network Solutions - Source
  • Measuring Risk Using Existing Frameworks- Jan 2005
    with Fran Neilsen
           Taylor and Francis - Source
  • What does the CSI/FBI survey really tell us?- Jan 2003
           Computer Security Journal - Source
  • Just Because You Aren't Sick Doesn't Mean You Are Healthy- Jan 2003
           Government Security News - Source

Presentations



  • Elevating IT Risk to the Boardroom - Nov 2024
    Let's Talk Security Forum, Panelist, Let's Talk Secuirty
  • Incident Response Readiness - Feb 2024
    ISACA Orange County Webinar, Moderator, Virtually Testing Foundation
  • Zero Trust -  Another Security Buzzword or a Real Paradigm Shift? - Jan 2024
    2024 Enterprise Leadership Network Mini-Retreat, Moderator, ELN3
  • Cyber Risk Management will be a Top Priority for Business Leaders - Sep 2023
    2023 September Cybersecurity, Privacy and Data Protection Retreat, Moderator, Executive Leadership Network
  • Human error is still one of the primary reasons for the data breach - Jul 2023
    2023 July Cybersecurity, Privacy and Data Protection Retreat, Moderator, Executive Leadership Network
  • More Presentations
  • Showcasing the Super Engineer and Super Architect of the Future In The Context of MSSP and MSP Resilience - Jun 2023
    Managed Security Services Forum - Los Angeles, Panelist, MSSF
  • The Demand for Cyber Insurance is Going to Increase, But it’s Going to Become Harder to Get - May 2023
    2023 May Cybersecurity, Privacy and Data Protection Retreat, Moderator, Executive Leadership Network
  • Case Study: Conducting a Risk Assessment for an Electrical Utility - Mar 2023
    18th International Conference on Cyber Warfare and Security (ICCWS23), Presenter, ACI
  • Phishing Continues to Be a Problem - Sep 2022
    Cybersecurity, Privacy & Data Protection Retreat, Panelist, Sub-Four Capital
  • Addressing Today’s Top Five Cloud Security Challenges - Sep 2022
    Cybersecurity, Privacy & Data Protection Retreat , Moderator, Sub-Four Capital
  • GRC Extends Beyond the “Four Walls” of the Enterprise - Jul 2022
    Cybersecurity, Privacy & Data Protection Retreat, Panelist, Sub-Four Capital
  • Addressing Data Poverty to Combat Online Fraud is in Everyone’s Interest - Nov 2021
    2021 Cybersecurity, Privacy & Data Protection Retreat, Panelist, Sub-Four Capital
  • Building More Secure Applications - Oct 2021
    US Department of Transportation Cybersecurity Awareness Month, Presenter, US Department of Transportation
  • Ensuring Security in Global Cloud Environments - Jun 2021
    Content Protection Summit - Europe, Presenter, Content Delivery and Security Association (CDSA)
  • Security Careers - Feb 2020
    ToroHack Security Conference, Panelist, California State University - Dominguez Hills
  • Enterprise Vulnerability Management - Mar 2019
    Layer 8 Cybersecurity Conference, Speaker, California State University - Northridge
  • Certification and Accreditation as Part of Homeland Security - Jun 2006
    Security Awareness Week Training Session, Panelist, US Department of Transportation
  • ICS Certification and Accreditation Support System - Apr 2004
    Security Manager's Forum, Speaker, National Institute of Standards and Technology
  • Lessons Learned from the Common Criteria Process - Oct 2003
    Information Assurance Technical Framework Forum, Speaker, National Security Agency
  • Risk Considerations in the Development of a Security Operations Center: Maximizing Your Benefit (with Maria Horton) - Mar 2003
    NebraskaCERT Conference, Speaker, NebraskaCERT



Cyber News from Twitter

Contact

Los Angeles, California

.(JavaScript must be enabled to view this email address)

How Can I Help You?

Please enter the word you see in the image below: