For over thirty-five years, Steve has been directly involved in establishing, building and directing Information Security and Privacy functions. He is the founder and President of Security Risk Solutions, LLC an information security company providing consulting and advisory services to major, mid-size, startup and venture capital companies. Steve is an Executive Advisor to Deloitte, is on the Advisory Boards for, Agari. Veriphyr, Glasswall, Vaultive, and ForcePoint. Steve served as a member of the (ISC)² Americas Advisory Board for Information Systems Security and has been an advisor to the executive committee of the Financial Services Sector Coordinating Council (FSSCC).
Steve organized and managed the Information Security Program at JP Morgan for ten years. In 1995, he joined Citicorp/Citigroup after the Russian hacking incident. At Citi, Steve was the industry's first Chief Information Security Officer. He spent the next six years directing Citigroup’s global Corporate Information Security Office. Steve then joined Merrill Lynch as their Chief Information Security and Privacy Officer, where he organized and instituted the company-wide privacy and security program. Recently Steve served as the interim CISO and Advisor to the Head of Technology Risk at Kaiser Permanente. He is also a mentor and coach to a number of CISOs in Fortune 50 companies.
Steve has testified before Congress on numerous information security issues and was appointed as the first Financial Services Sector Coordinator for Critical Infrastructure Protection by the Secretary of the Treasury. He was also the first Chairman of the Financial Services Information Sharing and Analysis Center (FS/ISAC) and is an Advisor to the National Health Sharing and Analysis Center (NH/ISAC) Board of Directors.