Chad D. Freese

• Selected as Speaker for Shared Assessments Third-Party Risk Summit, sharing insights focusing on 4th & Nth Party management and strategies.

• I have the privilege of leading a dynamic team of cloud security experts, specializing in comprehensive risk reviews for enterprise-level SaaS applications. Our team excels in navigating the complex landscape of cloud security, ensuring the highest level of protection and resilience for critical business applications.

• Responsible for TPRM (Third Party Risk Management) and GRC (Governance, Risk, and Compliance) tools development and integrations, leveraging automation to enhance efficiency across platforms such as Archer, Enlighta, Salesforce, etc., ensuring advanced risk management and compliance strategies are seamlessly implemented and integrated throughout the enterprise.

• As an innovative consultant and strategic advisor, I contribute to the Shared Assessments' AI & Emerging Technology Committee and Products Development Committee. My work spans discussing emerging technologies, including Artificial Intelligence (AI) variations like Generative AI, NLP, and Machine Learning, as well as Cloud Services and 5/6G communications. I drive productivity and digital transformation, focusing on sectors influenced by AI, Blockchain, and Cryptocurrencies. Additionally, I offer technical guidance on security measures and threat management, responding to new U.S. and international privacy and security guidelines. My efforts help shape advanced cybersecurity and privacy practices to meet evolving global standards.

• Invested around 30 hours in conducting a thorough alignment and gap analysis between TruSight's Best Practice Questionnaire (BPQ) and USAA InfoSec's Due Diligence Questionnaire (DDQ), significantly enhancing the efficiency and throughput of third-party risk assessments.

• Skilled in BitSight, Security Scorecard TruSight, Archer, Enlighta, ServiceNow, Snowflake, Obsidian Posture Management

• Orchestrated and executed four rigorous control tests encompassing 120 assessment samples, with over 600 artifacts scrutinized, culminating in a flawless 100% pass rate with zero discrepancies identified.

• Championed and conducted 700+ Quality Assurance (QA) reviews of risk assessments, pinpointing and rectifying over 90 defects, thereby elevating the precision of each assessment prior to final examination and approval by control partners, auditors, and/or regulators.

• Engaged stakeholders in developing the CISO Dashboard for senior  leadership, showcasing key metrics related to third-party risk  assessments and improving executive insight regarding our risk posture.

• Pioneered a cost-cutting initiative that transitioned around 70 onsite assessments to virtual platforms. Saved approximately $259k for the enterprise while adhering to TPRM mandates.

• Utilized adept critical thinking and honed expertise in data analysis tools including RSA Archer, Enlighta, and Salesforce to craft and disseminate comprehensive risk reports. These instrumental reports, advocating a data-driven, risk-based strategy, informed and catalyzed discerning decision-making among leadership tiers up to the CISO, engendering pivotal strategic augmentations in our risk management architecture.

• Spearheaded third-party risk assessments by  fostering collaborative  engagements with internal partners like  third-party relationship  managers, and second and third-line risk and  compliance auditors, as  well as external partners including vendors and  C-Suite executives. Thrived in a highly collaborative and effective  environment, ensuring a harmonized approach towards comprehensive risk  management and compliance adherence.
• Performed over 300 information  security risk assessments of varying complexity for dynamic projects,  technologies, environments, business partners, and third parties  throughout the financial and tech industries.
• Drafted  enterprise-level requirements for the on-boarding and integration of a  new Governance, Risk, and Compliance (GRC) tool, enhancing system  security configurations and risk mitigation effectiveness while  increasing operational efficiency by 35%.
• Developed 29 Quick  Reference Guides (QRG) and recorded 27 hours of instructional videos,  increasing the efficiency of onboarding, training, and standardized  operating procedures throughout the enterprise.
• Formed partnerships  with internal and external Cyber Threat Intelligence (CTI) teams,  producing over 75 Intelligence Reports that directly contributed to the  reduction of enterprise cyber risk by 27%.
• Developed, published,  and maintained complex Information Security governance (e.g., policies,  principles, standards) that define Information Security requirements.
•  Served on Shared Assessments Standardized Control Assessments (SCA)  Committee providing guidance in the security tenets of Physical  Environment, Server Security, Network Security, Cloud Security, and  Threat Management.

Transforming your data to drive intelligent business decisions.

• Secured the design and tested safety-critical systems and communication assets for the commercial aerospace industry and NASA.

• Led a globally distributed team of Engineers and fostered collaboration across continents by identifying challenges and communicating effectively with management to achieve positive business outcomes.

• Co-invented and submitted three patent applications that addressed complex aerospace engineering problems with innovative solutions and permanent corrective actions.

• Co-authored a Product Security Guidelines (PSG) handbook that enabled the integration of systems security throughout the Systems Development Life Cycle (SDLC) for engineering teams.

• Played a key role in developing the cybersecurity team's penetration testing and vulnerability assessment roadmap and capabilities. Focused on connected aircraft, SATCOM, PSG, and cellular communications.

• Co-led the development and integration of a penetration testing framework and methodology derived from industry standards and best practices such as National Institute of Standards and Technology (NIST), MITRE's Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, and Common Attack Pattern Enumeration and Classification (CAPEC).

• Managed and operated a $38 million cellular  telecommunications network and virtual cyberspace training environment,  comprised of over 6,000 end items, creating a multi-tiered,  cross-platform-compatible, adaptable, wireless telecommunications  system. This system is utilized in support of service-level training  exercises, providing an Opposing Force communications environment for  the tenets of Signals Intelligence, Electronic Warfare, and holistic  Cyberspace Operations.
• Authored an Urgent Universal Needs Statement  (UUNS) to replace the training network with a plethora of  communications assets valued up to $50 million, updating the training  ranges and electromagnetic signals environment to a modern electronic  battlefield.
• Established a partnership with Defense Advanced  Research Projects Agency (DARPA) on the development and implementation  of Small Unmanned Aerial System (SUAS) swarming technologies implemented  on today’s battlefield and initiated a $3.1 million grassroots project  designed to develop Counter-SUAS training for the Department of Defense  (DoD).
• Trained forward-deploying Marines on Counter  Radio-Controlled Improvised-Explosive-Device Electronic Warfare (CREW)  procedures and electronic countermeasure employment.