top of page
linkedin-white.png
twitter-white.png
instagram-white.png
mastodon-white.png
Hello World

With over 19 years of experience as an Advanced Information Systems and Cybersecurity Professional, I am a seasoned expert in designing, implementing, and troubleshooting complex systems, network infrastructure, security, and compliance. My expertise in auditing and assessing third-party cyber and information security risks has helped organizations minimize their vulnerabilities and maintain high standards of protection.

As a diligent and highly proficient Third-Party Risk Information Security Professional, I bring over 19 years of comprehensive experience in managing vendor risks, implementing robust security measures, and ensuring regulatory compliance across various organizations. I excel in collaborating with cross-functional teams and external vendors to establish, monitor, and enhance the security posture of third-party engagements. My proven expertise lies in conducting meticulous risk assessments, driving the continuous improvement of security frameworks, and effectively communicating complex security concepts to non-technical stakeholders. I am known for my strategic yet hands-on approach towards problem-solving, complemented by a keen ability to stay ahead of evolving cyber threats. Being a highly committed professional with a strong ethical framework, I have an exemplary track record of leading initiatives that fortify organizational resilience against third-party related cyber risks.

My years of service as a retired Chief Warrant Officer 3 in the United States Marine Corps have honed my skills as a dedicated problem-solver and subject matter expert, and I am passionate about developing top talent and fostering leadership. I am dedicated to staying at the forefront of the latest industry developments and best practices, and I bring a wealth of knowledge and experience to every project I work on.

As a recipient of the National Engaged Leadership Award from the National Society of Leadership and Success, I am dedicated to driving positive change and making a lasting impact in the field of information systems and cybersecurity. Whether working with military or private sector platforms, I am committed to delivering results that meet the highest standards of excellence.

Chad Freese Headshot.JPG

Chad D. Freese

cyber-security.png

CYBERSECURITY LEADER

secure-cloud.png

CLOUD SECURITY RESEARCHER

consultant.png

CYBER/TECH MENTOR

BBH Shield_4x.png

FOUNDER, BIT BYTE HASH

EXPERIENCE

PROFESSIONAL EXPERIENCE

USAA

USAA

Phoenix, AZ

June 2022 - Present

Quality Assurance & Tools Development Lead | Third-Party Cyber Risk Services

• Orchestrated and executed four rigorous  control tests encompassing 120 assessment samples, with over 600  artifacts scrutinized, culminating in a flawless 100% pass rate with  zero discrepancies identified.
• Championed and conducted 700+  Quality Assurance (QA) reviews of risk assessments, pinpointing and  rectifying over 90 defects, thereby elevating the precision of each  assessment prior to final examination and approval by control partners,  auditors, and/or regulators.
• Engaged stakeholders in developing the  CISO Dashboard for senior  leadership, showcasing key metrics related  to third-party risk  assessments and improving executive insight  regarding our risk posture.
• Pioneered a cost-cutting initiative  that transitioned approximately 70+ onsite assessments to virtual  platforms, carving out an impressive savings of ~$259,200 for the  enterprise, all while adhering rigorously to TPRM's mandates and without  amplifying risks. This initiative encapsulated a risk-based approach  for both Net New vendors and Cyber Critical/High vendors, underscoring  our adeptness in adapting innovatively without jeopardizing security or  regulatory accord.
• Utilized adept critical thinking and honed  expertise in data analysis tools including RSA Archer, Enlighta, and  Salesforce to craft and disseminate comprehensive risk reports. These  instrumental reports, advocating a data-driven, risk-based strategy,  informed and catalyzed discerning decision-making among leadership tiers  up to the CISO, engendering pivotal strategic augmentations in our risk  management architecture.
• Dedicated approximately 30 hours  executing an exhaustive alignment and gap analysis between TruSight’s  Best Practice Questionnaire (BPQ) and USAA InfoSec’s Due Diligence  Questionnaire (DDQ), which propelled the efficiency and throughput of  third-party risk assessments substantially.

USAA

USAA

Phoenix, AZ

Nov 2019 - Present

Lead Information Security Advisor | Third-Party Cyber Risk Assessments

• Spearheaded third-party risk assessments by  fostering collaborative  engagements with internal partners like  third-party relationship  managers, and second and third-line risk and  compliance auditors, as  well as external partners including vendors and  C-Suite executives. Thrived in a highly collaborative and effective  environment, ensuring a harmonized approach towards comprehensive risk  management and compliance adherence.
• Performed over 300 information  security risk assessments of varying complexity for dynamic projects,  technologies, environments, business partners, and third parties  throughout the financial and tech industries.
• Drafted  enterprise-level requirements for the on-boarding and integration of a  new Governance, Risk, and Compliance (GRC) tool, enhancing system  security configurations and risk mitigation effectiveness while  increasing operational efficiency by 35%.
• Developed 29 Quick  Reference Guides (QRG) and recorded 27 hours of instructional videos,  increasing the efficiency of onboarding, training, and standardized  operating procedures throughout the enterprise.
• Formed partnerships  with internal and external Cyber Threat Intelligence (CTI) teams,  producing over 75 Intelligence Reports that directly contributed to the  reduction of enterprise cyber risk by 27%.
• Developed, published,  and maintained complex Information Security governance (e.g., policies,  principles, standards) that define Information Security requirements.
•  Served on Shared Assessments Standardized Control Assessments (SCA)  Committee providing guidance in the security tenets of Physical  Environment, Server Security, Network Security, Cloud Security, and  Threat Management.

Honeywell Aerospace

Honeywell Aerospace

Phoenix, AZ

Sep 2019 - Nov 2019

Red Team Lead

• Co-led the development and integration of a penetration testing  framework and methodology derived from industry standards and best  practices such as National Institute of Standards and Technology (NIST),  MITRE's Adversarial Tactics, Techniques, and Common Knowledge  (ATT&CK) framework, and Common Attack Pattern Enumeration and  Classification (CAPEC).

Honeywell Aerospace

Honeywell Aerospace

Phoenix, AZ

Nov 2018 - Nov 2019

Principal Cybersecurity Architect

• Served as a key stakeholder in the  development of the cybersecurity team’s penetration testing and  vulnerability assessment roadmap and capabilities for Honeywell  Aerospace's product teams, including the Connected Aircraft, with  specific regards to SATCOM, GPS, and cellular communications.
• As a  co-inventor, submitted three patent applications aiming to solve common  complex Aerospace engineering problems with innovative solutions.
• Led and co-authored a Product Security Guidelines (PSG) handbook for  engineering teams to ensure systems security is woven throughout the  entire Systems Development Life Cycle (SDLC), from concept to market.
• Established a training and education program with a strategic focus in  security through various industry partnerships and Massive Open Online  Courses (MOOC).
• Co-led an effort to establish and standardize Cyber Threat Intelligence (CTI) for the team and organization.
• Authored and reviewed cybersecurity artifacts for Honeywell Aerospace  products and systems adhering to the  Radio Technical Commission for  Aeronautics (RTCA) guidelines (DO-326A, DO-178C and DO-356).

U.S. Marine Corps, Tactical Training and Exercise Control Group

U.S. Marine Corps, Tactical Training and Exercise Control Group

Twentynine Palms, CA

June 2016 - Nov 2018

Signals Intelligence, Electronic and Cyberwarfare Officer

• Managed and operated a $38 million cellular  telecommunications network and virtual cyberspace training environment,  comprised of over 6,000 end items, creating a multi-tiered,  cross-platform-compatible, adaptable, wireless telecommunications  system. This system is utilized in support of service-level training  exercises, providing an Opposing Force communications environment for  the tenets of Signals Intelligence, Electronic Warfare, and holistic  Cyberspace Operations.
• Authored an Urgent Universal Needs Statement  (UUNS) to replace the training network with a plethora of  communications assets valued up to $50 million, updating the training  ranges and electromagnetic signals environment to a modern electronic  battlefield.
• Established a partnership with Defense Advanced  Research Projects Agency (DARPA) on the development and implementation  of Small Unmanned Aerial System (SUAS) swarming technologies implemented  on today’s battlefield and initiated a $3.1 million grassroots project  designed to develop Counter-SUAS training for the Department of Defense  (DoD).
• Trained forward-deploying Marines on Counter  Radio-Controlled Improvised-Explosive-Device Electronic Warfare (CREW)  procedures and electronic countermeasure employment.

U.S. Marine Corps, 1st Radio Battalion

U.S. Marine Corps, 1st Radio Battalion

Camp Pendleton, CA

June 2013 - June 2016

Cyberwarfare Officer

• Co-Authored a comprehensive Battalion  Cybersecurity Policy covering: Acceptable Use Agreements, Clean Desk  Policy, Change Management, Email Policy, Ethics Policy, Password  Construction and Protection Policy, Authorized Software and End User  License Agreements.
• Led a collaborative project with the Office of  Naval Research (ONR), Massachusetts Institute of Technology Lincoln  Laboratory (MIT-LL), and Johns Hopkins’ Applied Physics Laboratory (APL)  on the development of a multi-million-dollar Tactical Cyber Range (TCR)  to train and certify Marines on full spectrum cyberspace operations,  from the national to the tactical edge.
• Developed a state of the  art Joint Cyberspace Operations Lab for the employment and testing of  Offensive and Defensive Cyberspace Operations (OCO/DCO) tactics,  techniques, and procedures (TTPs). This lab was engineered with no cost  to the command, while valued over $400,000.00.
• Designed mission  critical hardware and software platforms designed to conduct Computer  Network Exploitation (CNE) in a forward-deployed setting while  maintaining secure software updates, policy compliance, and  accountability of $1.2 million of assets.
• Designed, and configured a  state of the art wireless network training lab, enabling the  development of multiple training scenarios allowing for flexibility and  realism utilizing a combination of virtual and physical environments  comprised of over 30 cyber personas, 50 client devices, 45 mobile  devices, 20 servers, and 15 Wireless Access Points (WAPs), using a wide  variety of desktop and mobile operating systems, with a total system  valuation over $1.8 million.
• Led 25 Wireless Network Engineers through a training and certification  program of Signals Intelligence support to Cyberspace Operations and  Computer Network Exploitation on behalf of the National Security Agency  (NSA) and U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER).

National Security Agency (NSA) / U.S. Marine Corps

National Security Agency (NSA) / U.S. Marine Corps

Camp Pendleton, CA

June 2013 - June 2016

Cyberwarfare / Computer Network Exploitation (CNE) Officer

• Served as a Direct Liaison for National Tactical Integration (NTI) of Signals Intelligence support to Cyberspace Operations and Computer Network Exploitation on behalf of the National Security Agency / Central Security Service (NSA/CSS) and U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER).

EDUCATION

EDUCATION

National University

National University

Doctor of Philosophy (Ph.D.)

Cybersecurity - Secure Cloud Computing

2022 - 2026

The Doctor of Philosophy in Cybersecurity (PhD-CY) combines four knowledge areas to complete research or synthesize cybersecurity solutions for enterprises subject to national exposures and global  threats. The combined resolution of risk, compliance, audit, and privacy  will enable graduates to create enhanced solutions while limiting the  need for resources. The Secure Cloud Computing specialization  investigates current and anticipated needs and solutions emphasizing the  cloud computing. Learning and research adds practical and strategic  insights to enable reduced risks for cloud computing and multi-cloud  cybersecurity solutions. The degree is designed to prepare researchers,  consultants, and technology strategists capable of leadership roles and  executive positions in private and public sectors where advanced or  complex cloud computing is important. Competencies include complex  secure data communications, identity management, and access controls.

University of Phoenix

University of Phoenix

Professional Certificate

Cloud Computing

2022 - 2023

Storing data in the cloud makes it easy to access information. But businesses still depend on qualified professionals to do the hard part: setting everything up. With our Certificate in Cloud Computing, you’ll gain the foundational knowledge and skills to help organizations build and manage cloud services. Coursework in this program is aligned to industry certifications exams like those for Amazon Web Services (AWS) Cloud Practitioner, Cloud Developer and SysOps Administrator.

Liberty University

Liberty University

Master of Science (M.S.)

Cybersecurity

2019 - 2020

Throughout this Master's program, I had the  opportunity to enhance my knowledge of advanced defense of computer and  network security, providing me with the analytical framework necessary  for the prevention, detection, countering, and recovery from security  vulnerabilities and cyber incidents.

My studies included  coursework in Advanced Computer Security, Digital Forensics, Ethics,  Legals Issues & Policy, Applied Network Security, Applied  Cryptography, Secure Software Engineering, Security Engineering, Issues  in Security, Privacy, & Anonymity, Web Security, and Ethical  Hacking.


Read more about the program.

Johns Hopkins University

Johns Hopkins University

Master of Science (M.S.)

Cybersecurity

2018 - 2019

No degree completed. Transferred to Liberty University.


Consistently rated as one of the best online master’s degrees in  cybersecurity, the Johns Hopkins Engineering for Professionals  cybersecurity program combines knowledge from instructors who are  working to fight cybersecurity threats on the front lines with relevant  courses designed to put you ahead. Deepen your ability to assess  enterprise security risks, as well as gain skills in encryption, hash  functions, signature schemes, authentication, and research.

Park University

Park University

Bachelor of Science (B.S.)

Information & Computer Science: Networking & Security

2009 - 2017

The Information and Computer Science (ICS) degree program prepares  students to apply problem-solving and critical-thinking skills and use  popular computer technologies in creating technology solutions. 


Networking and Security – prepares students for a career in network infrastructure support, based on Cisco’s CCNA curriculum.

NOLS

NOLS

Professional Certificate

Marine Corps Leadership Expedition

2017

You’ve dedicated your life to service. A NOLS course can honor your  experience and create opportunities to take your skills to new heights.


Born in part from our founder Paul Petzoldt’s service in the 10th  Mountain Division in World War II, today NOLS is a leading source of  expedition-based leadership training and wilderness medicine  certifications and has been serving military members for decades.


With NOLS, service members will find course options for every phase  in their career, from ROTC and officer candidates to active duty members  to veterans. We are committed to offering experiences that complement  and enhance your training—and your life.


Read more about the program.

LICENSES & CERTIFICATIONS

LICENSES & CERTIFICATIONS

Click to Verify
Certified Information Systems Security Professional (CISSP)
CompTIA Secure Cloud Professional (CSCP)
Certified in Risk and Information Systems Control™ (CRISC)
Certified Cloud Security Professional (CCSP)
CompTIA Cloud Admin Professional (CCAP)
Certified Data Privacy Solutions Engineer™ (CDPSE™)
Certificate of Cloud Security Knowledge (CCSK) v.4
AWS Certified Cloud Practitioner
Shared Assessments CTPRP Badge
CompTIA Cloud+ ce Certification
Google Cloud - Cloud Digital Leader
Certified Regulatory Vendor Program Manager (CRVPM®) Level III
SKILLS
White Abstract

GOVERNANCE & RISK MANAGEMENT

95%

SECURITY ASSESSMENT 

95%

COMPLIANCE & AUDIT MANAGEMENT

95%

ASSET SECURITY

85%

COMMUNICATION & NETWORK SECURITY

95%

IDENTITY & ACCESS MANAGEMENT

90%

CRYPTOGRAPHY

85%

DATA PRIVACY

90%

THIRD PARTY RISK MANAGEMENT

95%

CLOUD COMPUTING & ARCHITECTURE

95%

CLOUD DESIGN REQUIREMENTS

90%

CLOUD INFRASTRUCTURE SECURITY

90%

CLOUD DATA SECURITY

95%

CLOUD PLATFORM SECURITY

95%

CLOUD OPERATIONS

90%

CLOUD LEGAL REQUIREMENTS

85%

CLOUD OPERATIONS

90%

CONTAINERIZATION

85%

SKILLS

PATENTS-PUBLICATIONS

PATENTS & PUBLICATIONS

Mobile Device Authenticator (MDA)

​​ABSTRACT

Critical Transportation Systems (CTS) are becoming edge--enabled to connect mobile devices for safe and secure connected vehicle services. However, these edge-enabled CTS networks have weak cybersecurity implementations. To mitigate cybersecurity threats in the edge enabled CTS network, the paper proposes a novel idea for secure mobile device authentication in the edge enabled CTS network. The proposed idea is a mobile device authenticator module, which allows any mobile device to connect securely to legacy devices through wireless connectivity. This allows a simple implementation to enable a secure Public Key Infrastructure (PKI) solution to authorize mobile devices to connect to legacy devices.

CO-INVENTORS

Andrew WisePraveen K R

 

DOCUMENT INFORMATION:

 

IP.com Disclosure Number: IPCOM000260138D

 

Publication Date: 2019-Oct-25

COPYRIGHT: Honeywell Aerospace

Pub Gif.gif

PSYOP, Deception, and Cyberspace in the Open: Analysing Fake
News in a Cyber new Normal Communications Environment

​​ABSTRACT

Over the past 24 months; fake news and integrity cyberspace attacks have become a serious threat to government entities, companies, and individuals. The intended, and unintended, consequences that result from these types of attacks have escalated in complexity, costs, and appear to be a new collection of attack methodologies unique to today’s cyber enabled communications environment. Compromising information systems and exposing the results of targeted information attacks however, have always been a component of warfare tactics called psychological operations (PSYOP) and deception operations. In this paper, we explore the recent rise of the use of traditional psychological and deception attacks against multiple organizations like the Country of Sweden, the United States Democratic National Committee, and hacks against European financial institutions like Deutchse Bank using open-source unclassified cyberspace tools and methods. We apply a Grounded Theory approach to the problem set in order understand how fake news works as a process and determine why some stories go viral and others don’t. We present a resulting model that is both militarily influenced and biologically inspired. We argue that biological nature of the emerged model confirm many exert hypothesis that getting rid of fake news is impossible, but that companies, governments, and individuals can take steps to ‘immunize’ themselves. Throughout the paper, we highlight the effectiveness of these attacks in terms of explicit costs and tacit organizational power. The research shared in this paper also reveals a potential trend towards these types of attacks for the foreseeable future. We conclude this paper by positing a definition of the Cyber New Normal Communications Environment where government entities and businesses conduct information competitions using these tactics to gain business and political advantage.


Keywords: fake news, cyber new normal communications environment, information warfare, biologically inspired
information attacks, integrity attacks, and grounded theory

CO-AUTHORS

Terry Traylor • William Wong