Summary of Services

Provides vCISO and other advisory services to companies that are struggling to fill leadership gaps in their security organization or desire to implement modern security strategies. The following are typical services that David can provide clients on an hourly or retainer basis:

• Virtual/fractional security leadership (vCISO, program/project management, architecture)
• Current state assessments and validation of regulatory compliance against common frameworks
• Analysis of security capabilities to support due diligence for mergers & acquisitions
• Planning & architecture support for upgrades/acquisition of security technologies (on-prem or Cloud) or MSSP services

Monday, March 21, 2022

Partnering with 6Clicks

When I decided to provide vCISO and Cybersecurity Advisory services last year I felt that I needed to use a technology platform to help me manage a client’s security program.  Using spreadsheets and email to manage assessments, initiatives, assets, strategies, risks/incidents and work activities won’t make it easy to juggle the demands of multiple clients.  I have some great spreadsheets but doing it this way isn’t sustainable.
After looking at the tools available and their business models for working with companies that provide advisory services like mine I decided to partner with 6clicks.  They have a great platform that is highly customizable and can integrate with data sources using Zapier to help build reports and dashboards without manual downloads.
I’m in the process of converting my models into 6clicks and building out a complete operating model that I can deploy to my vCISO clients or for other CISO’s that are ready to move past “stone knives and bearskins”.
Reach out when you’re ready to learn more.  Here is my listing on the partner directory:

Friday, January 21, 2022

AITP vCISO Panel

I'll be speaking as part of a panel at the AITP meeting in February.  This is open to both members and non-members.  

Register here:  https://aitpchicago.com/event-4601945

  • Wed, February 16, 2022
  • 5:30 PM - 7:00 PM
  • Virtual Zoom Meeting

Topic:  The rise of the vCISO – Determining if fractional information security leadership is the right fit for your organization

In the past 5 years the Information Security industry has experienced a rise in the number of firms and individuals offering fractional leadership and governance offerings, especially to medium and small-sized client organizations who may not have the resources (team size, funding, etc.) to build out and mature a robust program. These virtual (v) a.k.a. vCISOs are representing a growing presence in the information security ecosphere.

Structure:

Ninety minute program. Moderator and panel will introduce themselves (15m). Moderator will summarize panel talks for the audience and have two to three planned questions to start the panel discussion (60m). Questions and answer session (15m).

Content:

Panel will largely address the difference between an in-house CISO and vCISO and pros/cons of each, with an emphasis on the unique advantages of the vCISO model. The moderator and panel will also address general security topics and their approach to solving them.

  • What is a fractional or vCISO?
  • Why do we need a CISO?
  • How do we create value?
  • What are the challenges for a vCISO?
  • and more.

Saturday, January 1, 2022

Contact Info & Bio

David Tyree, CISSP, CCSP
Managing Advisor

Youngtree Advisors LLC
Greater Chicago/Milwaukee Area
262-228-8667
david.tyree@youngtree.com
https://www.linkedin.com/company/youngtree-advisors-llc
Book a meeting at: https://calendly.com/youngtree/30min?month=2022-03

 

David Tyree, CISSP, CCSP has worn many hats during his 20+ years in IT with a focus on information security and risk management.  He has performed technical leadership & architecture roles inside large enterprise security teams, as well as delivering solutions and supporting technical sales for leading integrators and MSSP’s.  He provides vCISO and other advisory services to companies that are struggling to fill leadership gaps in their security organization or desire to implement modern security strategies.

He can deliver engagements onsite in the Chicago/Madison/Milwaukee area but expects most engagements will be remote.  David’s network includes leaders from peer consulting organizations and market-leading security vendors that can be “weaponized” to solve the most difficult security problems facing organizations today.

Saturday, October 16, 2021

News from Crowdstrike Fal.con conference Oct 12 - 14

I virtually attended sessions at the Crowdstrike Fal.con conference this week.  Here are some of the highlights:

  1. They launched their XDR service.  It incorporates their Humio acquisition to provide the SIEM functionality to handle other log sources.  
  2. They've also made a free version of Humio (Community Edition) available.  
  3. They announced their Fusion platform for building and managing SOAR activities.  The demos focused on remediation actions at the endpoint and information gathering to support investigations.
  4. Falcon Filevantage is a new service that uses the Falcon agent for FIM.
Everything is available on demand.  Most of the sessions were scheduled for 30 minutes but didn't always last that long.  The 1 hour workshops typically include 10 minutes of CS platform overview then a scripted hands-on walkthrough of key capabilities where you had direct access to the CS console.  After the session it was nice to be able to poke around.


If anyone has questions about EDR/MDR/XDR vendor capabilities please reach out.  I'm helping several companies define requirements and choose a provider that best fits their needs and budgets.

Thursday, August 5, 2021

Webinar & Panel Discussion

August 5 @ 12:00 pm - 1:00 pm  CT
I will be part of a panel that will discussing Cybersecurity for SMB's.
Topic: SMB Cybersecurity Series: Partner to Enhance Security Capabilities
Organizations of all sizes are realizing the advantages of moving from on-prem IT to the cloud. Instead of bolting on security point solutions to their on-prem technologies, security is often a feature to be enabled and configured – it now comes in-the-box. The availability of “everything as a service” and the difficulty finding & retaining qualified talent is driving CIO’s to rethink their security strategies.

Join cybersecurity thought leaders Todd Fitzgerald, Bezawit Sumner, and David Tyree as they discuss these security trends and key considerations for engaging and building successful relationships with your integrators and security services providers.

The SMB Cybersecurity Series is free webinar series sponsored by Nodeware to provide insights and advice to SMBs, MSPs, vCISOs, and partners who are actively securing small and midsize businesses.
https://www.linkedin.com/events/modelingyourmsppartnershipforsu6821251525298524160/about/Venue