With decades of experience architecting and managing cybersecurity for mid-sized to Fortune companies, we are on a mission to help you build world-class cyber programs.
Tom is a security principal at Core Technology Advisors, where he is on a mission to help organizations build world-class cyber programs. As a first-generation American growing up under a corrupt Communist state, Tom experienced first-hand how disinformation was used to manipulate and suppress the populace. Having lived through this brutal past, Tom finds his passion for helping companies and organizations strengthen their cyber posture so the ideals of democracy can flourish.
Before joining Core Technology Advisors, Tom led multiple global cyber teams at PwC focused on cyber governance, vulnerability engineering, network security, and endpoint security. While at PwC, he championed the creation of a robust cybersecurity infrastructure and architecture, as well as provided guidance on the development of cyber policies and procedures. Before PwC, Tom was a master consultant at Forsythe Solutions Group, where he advised Fortune companies on the implementation and management of large scale, enterprise information systems. He received Forsythe’s Outstanding Performer Awards for 2004, 2005, 2007, 2011, 2012, and 2013.
Tom holds an Honors Bachelor of Science in Electrical Engineering from Penn State University and is fluent in English and Vietnamese.
Provides CISOs with the insight to handle cyber management challenges.
High-level assessment of an organization’s cybersecurity program.
Comprehensive assessment of an organization’s cybersecurity posture (attack surfaces, cyber defenses).
This service uses Qualys to detect and find vulnerabilities in an organization’s IT footprint.
Mobile devices, remediation support.
Out of scope:
This service uses Qualys VM product to scan and find internal and external vulnerabilities in an organization’s IT assets that an attacker may exploit.
1. Kickoff meeting
- Service overview: review scope, requirements, milestones, timeline, and next steps.
- Organizational and technical interviews.
- Gain stakeholders commitment.
2. Staff meetings to review scope, requirements, milestones, timeline, next steps.
3. Scanner setup.
4. Scan executions.
5. Scan result analysis & tuning.
6. Report generation.
7. Report review.
- Found external, severity 4,5 vulnerabilities
- Found internal, severity 4,5 vulnerabilities
8. Next steps.
9. Schedule follow-up assessment.