top of page
Chad Freese Headshot.JPG

Chad D. Freese

CYBERSECURITY LEADER

CLOUD SECURITY RESEARCHER

RESPONSIBLE AI INTEGRATOR

CYBER/TECH MENTOR

BBH Shield_4x.png

FOUNDER, BIT BYTE HASH

Hello World

TL;DR: I translate the complexities of information security, data privacy, cloud security, artificial intelligence, and automation into strategic business insights.

Hi there! I’m Chad Freese and I am an Information Security Risk Professional with over 20 years of comprehensive experience in developing and implementing robust cybersecurity strategies. I serve as a Lead Information Security Advisor at USAA, where I manage cloud security risk reviews and lead the development and integration of innovative risk assessment, security, and automation tools. I have a proven track record of successfully identifying, assessing, and handling security risks to safeguard organizational assets across businesses of all sizes, from startups to Fortune 100 companies, including law firms and medical providers. My adeptness at leading cross-functional teams, implementing best practices, and ensuring compliance with industry standards has allowed me to lead assessments for major cloud service providers, including AWS, Google Cloud, Microsoft Azure, and Rackspace.

Throughout my professional journey, I've excelled in distilling the intricacies of information security, data privacy, cloud security, AI, and automation into actionable strategic insights for businesses. My strength lies in simplifying complex security concepts for non-technical audiences and fostering a culture of security awareness throughout various organizations. With a wealth of experience, I've been instrumental in bolstering the information security frameworks of forward-thinking companies, demonstrating my capacity to evolve and innovate within the rapidly changing cybersecurity landscape.

My background also includes significant achievements in leadership roles on the Third-Party Cyber Risk Assessments & Intelligence teams at USAA and as a Principal Cybersecurity Architect at Honeywell Aerospace, where I developed critical security architectures for the aviation industry and NASA.

As a retired Marine Corps Chief Warrant Officer 3, my distinguished military service in Signals Intelligence, Electronic Warfare, and Cyberspace Operations is marked by significant contributions to ISR Systems Engineering, Computer Network Exploitation, and Cyberwarfare. My military career included multiple combat tours in the Middle East and vital technical roles supporting the NSA and MARFORCYBER.

EXPERIENCE

PROFESSIONAL EXPERIENCE

USAA

USAA

Phoenix, AZ

Oct 2023 - Present

Cloud Security Risk, Tools Development & Integration Lead | Third Party Cyber Risk Intelligence

• Selected as Speaker for Shared Assessments Third-Party Risk Summit, sharing insights focusing on 4th & Nth Party management and strategies.

• I have the privilege of leading a dynamic team of cloud security experts, specializing in comprehensive risk reviews for enterprise-level SaaS applications. Our team excels in navigating the complex landscape of cloud security, ensuring the highest level of protection and resilience for critical business applications.

• Responsible for TPRM (Third Party Risk Management) and GRC (Governance, Risk, and Compliance) tools development and integrations, leveraging automation to enhance efficiency across platforms such as Archer, Enlighta, Salesforce, etc., ensuring advanced risk management and compliance strategies are seamlessly implemented and integrated throughout the enterprise.

• As an innovative consultant and strategic advisor, I contribute to the Shared Assessments' AI & Emerging Technology Committee and Products Development Committee. My work spans discussing emerging technologies, including Artificial Intelligence (AI) variations like Generative AI, NLP, and Machine Learning, as well as Cloud Services and 5/6G communications. I drive productivity and digital transformation, focusing on sectors influenced by AI, Blockchain, and Cryptocurrencies. Additionally, I offer technical guidance on security measures and threat management, responding to new U.S. and international privacy and security guidelines. My efforts help shape advanced cybersecurity and privacy practices to meet evolving global standards.

• Invested around 30 hours in conducting a thorough alignment and gap analysis between TruSight's Best Practice Questionnaire (BPQ) and USAA InfoSec's Due Diligence Questionnaire (DDQ), significantly enhancing the efficiency and throughput of third-party risk assessments.

• Skilled in BitSight, Security Scorecard TruSight, Archer, Enlighta, ServiceNow, Snowflake, Obsidian Posture Management

USAA

USAA

Phoenix, AZ

June 2022 - Oct 2023

Quality Assurance Team Lead | Third-Party Cyber Risk Services

• Orchestrated and executed four rigorous control tests encompassing 120 assessment samples, with over 600 artifacts scrutinized, culminating in a flawless 100% pass rate with zero discrepancies identified.

• Championed and conducted 700+ Quality Assurance (QA) reviews of risk assessments, pinpointing and rectifying over 90 defects, thereby elevating the precision of each assessment prior to final examination and approval by control partners, auditors, and/or regulators.

• Engaged stakeholders in developing the CISO Dashboard for senior  leadership, showcasing key metrics related to third-party risk  assessments and improving executive insight regarding our risk posture.

• Pioneered a cost-cutting initiative that transitioned around 70 onsite assessments to virtual platforms. Saved approximately $259k for the enterprise while adhering to TPRM mandates.

• Utilized adept critical thinking and honed expertise in data analysis tools including RSA Archer, Enlighta, and Salesforce to craft and disseminate comprehensive risk reports. These instrumental reports, advocating a data-driven, risk-based strategy, informed and catalyzed discerning decision-making among leadership tiers up to the CISO, engendering pivotal strategic augmentations in our risk management architecture.

USAA

USAA

Phoenix, AZ

Nov 2019 - June 2022

Lead Information Security Advisor | Third-Party Cyber Risk Assessments

• Spearheaded third-party risk assessments by  fostering collaborative  engagements with internal partners like  third-party relationship  managers, and second and third-line risk and  compliance auditors, as  well as external partners including vendors and  C-Suite executives. Thrived in a highly collaborative and effective  environment, ensuring a harmonized approach towards comprehensive risk  management and compliance adherence.
• Performed over 300 information  security risk assessments of varying complexity for dynamic projects,  technologies, environments, business partners, and third parties  throughout the financial and tech industries.
• Drafted  enterprise-level requirements for the on-boarding and integration of a  new Governance, Risk, and Compliance (GRC) tool, enhancing system  security configurations and risk mitigation effectiveness while  increasing operational efficiency by 35%.
• Developed 29 Quick  Reference Guides (QRG) and recorded 27 hours of instructional videos,  increasing the efficiency of onboarding, training, and standardized  operating procedures throughout the enterprise.
• Formed partnerships  with internal and external Cyber Threat Intelligence (CTI) teams,  producing over 75 Intelligence Reports that directly contributed to the  reduction of enterprise cyber risk by 27%.
• Developed, published,  and maintained complex Information Security governance (e.g., policies,  principles, standards) that define Information Security requirements.
•  Served on Shared Assessments Standardized Control Assessments (SCA)  Committee providing guidance in the security tenets of Physical  Environment, Server Security, Network Security, Cloud Security, and  Threat Management.

Habits of Data

Habits of Data

Mesa, AZ

Feb 2022 - Present

Co-Founder, CIO

Transforming your data to drive intelligent business decisions.

Honeywell Aerospace

Honeywell Aerospace

Phoenix, AZ

Nov 2018 - Nov 2019

Principal Cybersecurity Architect & Red Team Lead

• Secured the design and tested safety-critical systems and communication assets for the commercial aerospace industry and NASA.

• Led a globally distributed team of Engineers and fostered collaboration across continents by identifying challenges and communicating effectively with management to achieve positive business outcomes.

• Co-invented and submitted three patent applications that addressed complex aerospace engineering problems with innovative solutions and permanent corrective actions.

• Co-authored a Product Security Guidelines (PSG) handbook that enabled the integration of systems security throughout the Systems Development Life Cycle (SDLC) for engineering teams.

• Played a key role in developing the cybersecurity team's penetration testing and vulnerability assessment roadmap and capabilities. Focused on connected aircraft, SATCOM, PSG, and cellular communications.

• Co-led the development and integration of a penetration testing framework and methodology derived from industry standards and best practices such as National Institute of Standards and Technology (NIST), MITRE's Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, and Common Attack Pattern Enumeration and Classification (CAPEC).

U.S. Marine Corps, Tactical Training and Exercise Control Group

U.S. Marine Corps, Tactical Training and Exercise Control Group

Twentynine Palms, CA

June 2016 - Nov 2018

Signals Intelligence, Electronic and Cyberwarfare Officer

• Managed and operated a $38 million cellular  telecommunications network and virtual cyberspace training environment,  comprised of over 6,000 end items, creating a multi-tiered,  cross-platform-compatible, adaptable, wireless telecommunications  system. This system is utilized in support of service-level training  exercises, providing an Opposing Force communications environment for  the tenets of Signals Intelligence, Electronic Warfare, and holistic  Cyberspace Operations.
• Authored an Urgent Universal Needs Statement  (UUNS) to replace the training network with a plethora of  communications assets valued up to $50 million, updating the training  ranges and electromagnetic signals environment to a modern electronic  battlefield.
• Established a partnership with Defense Advanced  Research Projects Agency (DARPA) on the development and implementation  of Small Unmanned Aerial System (SUAS) swarming technologies implemented  on today’s battlefield and initiated a $3.1 million grassroots project  designed to develop Counter-SUAS training for the Department of Defense  (DoD).
• Trained forward-deploying Marines on Counter  Radio-Controlled Improvised-Explosive-Device Electronic Warfare (CREW)  procedures and electronic countermeasure employment.

U.S. Marine Corps, 1st Radio Battalion

U.S. Marine Corps, 1st Radio Battalion

Camp Pendleton, CA

June 2013 - June 2016

Cyberwarfare Officer

• Co-Authored a comprehensive Battalion  Cybersecurity Policy covering: Acceptable Use Agreements, Clean Desk  Policy, Change Management, Email Policy, Ethics Policy, Password  Construction and Protection Policy, Authorized Software and End User  License Agreements.
• Led a collaborative project with the Office of  Naval Research (ONR), Massachusetts Institute of Technology Lincoln  Laboratory (MIT-LL), and Johns Hopkins’ Applied Physics Laboratory (APL)  on the development of a multi-million-dollar Tactical Cyber Range (TCR)  to train and certify Marines on full spectrum cyberspace operations,  from the national to the tactical edge.
• Developed a state of the  art Joint Cyberspace Operations Lab for the employment and testing of  Offensive and Defensive Cyberspace Operations (OCO/DCO) tactics,  techniques, and procedures (TTPs). This lab was engineered with no cost  to the command, while valued over $400,000.00.
• Designed mission  critical hardware and software platforms designed to conduct Computer  Network Exploitation (CNE) in a forward-deployed setting while  maintaining secure software updates, policy compliance, and  accountability of $1.2 million of assets.
• Designed, and configured a  state of the art wireless network training lab, enabling the  development of multiple training scenarios allowing for flexibility and  realism utilizing a combination of virtual and physical environments  comprised of over 30 cyber personas, 50 client devices, 45 mobile  devices, 20 servers, and 15 Wireless Access Points (WAPs), using a wide  variety of desktop and mobile operating systems, with a total system  valuation over $1.8 million.
• Led 25 Wireless Network Engineers through a training and certification  program of Signals Intelligence support to Cyberspace Operations and  Computer Network Exploitation on behalf of the National Security Agency  (NSA) and U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER).

EDUCATION

EDUCATION

Western Governors University

Western Governors University

Master of Business Administration (MBA)

Information Technology Management

2023 - Present

This program is designed for professionals looking to advance their  careers in technology leadership. It emphasizes the development of both  business management and IT skills, tailored for those who have  experience in the tech field and wish to expand their managerial and  strategic competencies.

University of Phoenix

University of Phoenix

Professional Certificate

Information Assurance & Security

2023

The Information Assurance and Security Certificate provided interactive,  hands-on refresher in information systems security, network security, risk management and mitigation, asset protection, technical support, cloud security,  robust cybersecurity program management, and applied cryptography.

University of Phoenix

University of Phoenix

Professional Certificate

Cloud Computing

2022 - 2023

Storing data in the cloud makes it easy to access information. But businesses still depend on qualified professionals to do the hard part: setting everything up. With our Certificate in Cloud Computing, you’ll gain the foundational knowledge and skills to help organizations build and manage cloud services. Coursework in this program is aligned to industry certifications exams like those for Amazon Web Services (AWS) Cloud Practitioner, Cloud Developer and SysOps Administrator.

Liberty University

Liberty University

Master of Science (M.S.)

Cybersecurity

2019 - 2020

Throughout this Master's program, I had the  opportunity to enhance my knowledge of advanced defense of computer and  network security, providing me with the analytical framework necessary  for the prevention, detection, countering, and recovery from security  vulnerabilities and cyber incidents.

My studies included  coursework in Advanced Computer Security, Digital Forensics, Ethics,  Legals Issues & Policy, Applied Network Security, Applied  Cryptography, Secure Software Engineering, Security Engineering, Issues  in Security, Privacy, & Anonymity, Web Security, and Ethical  Hacking.


Read more about the program.

Johns Hopkins University

Johns Hopkins University

Master of Science (M.S.)

Cybersecurity

2018 - 2019

No degree completed. Transferred to Liberty University.


Consistently rated as one of the best online master’s degrees in  cybersecurity, the Johns Hopkins Engineering for Professionals  cybersecurity program combines knowledge from instructors who are  working to fight cybersecurity threats on the front lines with relevant  courses designed to put you ahead. Deepen your ability to assess  enterprise security risks, as well as gain skills in encryption, hash  functions, signature schemes, authentication, and research.

Park University

Park University

Bachelor of Science (B.S.)

Information & Computer Science: Networking & Security

2009 - 2017

The Information and Computer Science (ICS) degree program prepares  students to apply problem-solving and critical-thinking skills and use  popular computer technologies in creating technology solutions. 


Networking and Security – prepares students for a career in network infrastructure support, based on Cisco’s CCNA curriculum.

LICENSES & CERTIFICATIONS

LICENSES & CERTIFICATIONS

Click to Verify
Certified Information Systems Security Professional (CISSP)
CompTIA Cloud+ ce Certification
Google Cloud - Cloud Digital Leader
Certified Cloud Security Professional (CCSP)
CompTIA Secure Cloud Professional (CSCP)
AI Aware
Certified Information Privacy Professional/United States (CIPP/US)
CompTIA Cloud Admin Professional (CCAP)
GenAI Fundamentals - AI-ML
Certificate of Cloud Security Knowledge (CCSK) v.4
AWS Certified Cloud Practitioner
Intro to GenAI
SKILLS
White Abstract

GOVERNANCE & RISK MANAGEMENT

95%

SECURITY ASSESSMENT 

95%

COMPLIANCE & AUDIT MANAGEMENT

95%

ASSET SECURITY

85%

COMMUNICATION & NETWORK SECURITY

95%

IDENTITY & ACCESS MANAGEMENT

90%

CRYPTOGRAPHY

85%

DATA PRIVACY

90%

THIRD PARTY RISK MANAGEMENT

95%

CLOUD COMPUTING & ARCHITECTURE

95%

CLOUD DESIGN REQUIREMENTS

90%

CLOUD INFRASTRUCTURE SECURITY

90%

CLOUD DATA SECURITY

95%

CLOUD PLATFORM SECURITY

95%

CLOUD OPERATIONS

90%

CLOUD LEGAL REQUIREMENTS

85%

CLOUD OPERATIONS