Tagline
Chief Risk Officer / Chief Information Security Officer / Risk Quantification / Cybersecurity / Board Governance / Corporate Governance / Regulations
Bio
Matthew Webster has more than 25 years of experience in information technology and information security including the Chief Information Security Officer position within multiple companies – including being a Global Chief Information Security Officer. Towards that end, he has built many security programs from the ground up including the key performance indicators to help measure and manage the security programs. He has worked with cybersecurity frameworks including FISMA (NIST 800-53), HITRUST, HIPAA, SOC 2, ISO 27,001, MARS-E, and so on. He is also the author of Do No Harm Protecting Connected Medical Devices, Healthcare, and Data from Hacker and Adversarial Nation States. Presently he leads the Cybersecurity firm Cyvergence where he helps companies build the appropriate programs for their organizations.
Having started his professional career in 1997, Matthew Webster’s has a long and distinguished career in IT and Cybersecurity. Matthew’s journey started out in an IT capacity at a higher education institution where he quickly rose to run every IT aspect of the computer center. Even before his first Chief Information Security Officer (CISO) position, Matthew started building mature cybersecurity programs for the United States Federal Government – The Center for Medicare and Medicaid Services. Towards that end, Matthew worked on NIST SP 800-53 (FISMA), IRS 1075, and SAS 70. The program was extremely intense as we would sometimes have up to 8 audits in a given year. Eventually this catapulted Matthew to his first CISO position at Healthix. Healthix is a Regional Health Information Organization that ingested more than a million healthcare records daily. Here he worked with such cybersecurity frameworks as SOC 2, HITRUST, and MARS-E – again building the cybersecurity program from the ground up. Eventually Matthew moved into a Global Chief Information Security Officer (by role) at Galway Holdings. Here is balanced NIST CSF, SOC 2, and HITRUST and carefully walked the fine line between compliance and non-compliant systems under tough regulatory scrutiny. He also managed assessments across 5 other organizations and started to centralize the security processes almost as a MSSP. He also focused intensely on security related to mergers and acquisitions – building and standardizing that practice and serving as a lead for cybersecurity processes and integration across the organizations.
Matthew’s background does not stop there, however. He has focused heavily on education (Master or Arts), but also has received more than 20 IT and cybersecurity certifications including some major certifications such as the CISSP, CISA, CRISC, CEH GIAC: Law of Data Security and Investigation, SANS: Auditing Networks, Perimeters, and System, ITIL, and so on. He also regularly attends industry training such as RSA, HIMMS, Cloud Security Alliance, and so on. Matthew brings a wealth of knowledge and experience combined to truly provide a strong assessment and governance background for any organization.
Matthew has also spent several years in cybersecurity sales positions. He has looked at hundreds of products across a large range of technologies – many of which he has used personally. In many cases worked with customers and learned about the pros and cons of many of the solutions. He has helped customers compare and select products to best meet their unique environments and needs.
The full list of what Matthew has focused on has not been covered here, but it is sufficient to say that he brings a truly balanced position when it comes to security across a range of different industries including Federal, State, and commercial enterprises. He has a truly in depth understanding of regulatory compliance frameworks and a unique perspective on the balance between the innovation of the commercial security world and the more stagnant world of compliance. Currently, Matthew leads the cybersecurity firm Cyvergence as the CEO and CISO helping companies with many aspects of their cybersecurity, compliance, and risk needs.
Location
New York, NY, USA
Last Active
3 days ago
Name / Logo
Elevator Pitch
Solving cybersecurity governance and challenges for the modern business.
Industry
Technology
Location
New York, NY, USA
Website
Team Size
Just Me/Co-Founders
Funding Stage
Unsure
Funding Raised
None/Bootstrapped
Annual Revenue
Undisclosed
| Skill | Strength | Explanation |
|---|---|---|
| Risk Management | 95 / 100 | Extensive experience in risk quantification and management as a Chief Risk Officer and CISO. |
| Information Security | 95 / 100 | Over 25 years of experience in information security, including roles as CISO and Global CISO. |
| Compliance | 95 / 100 | In-depth understanding of regulatory compliance frameworks such as NIST, HIPAA, SOC 2, and HITRUST. |
| Cybersecurity Program Development | 95 / 100 | Built mature cybersecurity programs from the ground up for multiple organizations. |
| Security Frameworks | 90 / 100 | Worked with frameworks like FISMA, NIST 800-53, HITRUST, HIPAA, SOC 2, ISO 27001, MARS-E. |
| Strategy | 90 / 100 | Developed and implemented cybersecurity strategies for various organizations, balancing compliance and innovation. |
| Leadership | 90 / 100 | Matthew has held multiple leadership roles including CEO and CISO, leading cybersecurity firms and programs. |
| Certifications | 90 / 100 | Holds over 20 IT and cybersecurity certifications including CISSP, CISA, CRISC, CEH. |
| Healthcare | 85 / 100 | Worked with healthcare organizations like Healthix, managing over a million healthcare records daily. |
| Project Management | 85 / 100 | Managed complex cybersecurity programs and assessments across multiple organizations. |
| Federal and State Government | 85 / 100 | Developed cybersecurity programs for the United States Federal Government. |
| Technology | 80 / 100 | Extensive experience in the technology industry, leading cybersecurity initiatives. |
| Author | 80 / 100 | Authored 'Do No Harm Protecting Connected Medical Devices, Healthcare, and Data from Hacker and Adversarial Nation States'. |
| Public Speaking | 80 / 100 | |
| Sales | 75 / 100 | Experience in cybersecurity sales, helping customers select products and solutions. |
| Published Author | 70 / 100 | |
| Founder | 60 / 100 | Founded and leads the cybersecurity firm Cyvergence. |
| Consulting | 50 / 100 | |
| Regulatory Compliance | 50 / 100 |
Title
Chief Information Security Officer
Position Description
Built cybersecurity programs for a Regional Health Information Organization managing over a million healthcare records daily.
Accomplishment Notes
Implemented SOC 2, HITRUST, and MARS-E frameworks and built a full cybersecurity program from the ground up.
Title
IT Manager
Position Description
Managed all IT aspects of the computer center, rising quickly in the role.
Accomplishment Notes
Oversaw IT operations and infrastructure development.
Title
CEO and CISO
Position Description
Leads the cybersecurity firm Cyvergence, helping companies with cybersecurity, compliance, and risk needs.
Accomplishment Notes
Founded Cyvergence and developed comprehensive cybersecurity programs for clients.
Title
Global Chief Information Security Officer
Position Description
Managed cybersecurity across multiple organizations, balancing compliance and innovation.
Accomplishment Notes
Centralized security processes and managed assessments across 5 organizations.
Title
Security Analyst
Position Description
Developed mature cybersecurity programs for the United States Federal Government.
Accomplishment Notes
Worked on NIST SP 800-53 (FISMA), IRS 1075, and SAS 70 frameworks.