Hello!
I help funded startups, midsize, and fortune 500 companies in the healthcare, technology, and government contracting industries. I do this by implementing cybersecurity frameworks that address compliance and protect data, thereby enhancing your marketability and trustworthiness.
My expertise includes 20 years of experience, knowledge from real world experience, and industry certifications (i.e. CISSP, CISM, ISO 27001.) My clients have included healthcare EHR, telemedicine, mobile, medical device, and behavioral health organizations. Other clients have been within the fintech, retail, and non-profit industries. These dynamic ecosystems have equipped me with the ability to provide tailored solutions for your unique needs.
Compliance Expertise:
HIPAA: I am a healthcare information security and privacy practitioner. I have successfully guided several healthcare organizations in effectively handling sensitive patient data. Notably, I orchestrated a full-scale HIPAA compliance overhaul for a 500+ employee healthcare Non-Profit, mitigating potential risks and ensuring continuous adherence to standards.
SOC 2: I have been instrumental in developing and executing successful SOC 2 compliance strategies for SaaS, technology, and healthcare companies. My comprehensive understanding of the Trust Service Criteria has allowed SaaS providers obtain favorable SOC 2 Type II reports.
ISO 27001: Specializing in risk management, I led the ISO 27001 certification process for multiple organizations. My systematic approach to implementing the ISMS framework has ensured ongoing conformity to this international standard, reducing information security risks and promoting a security-aware organizational culture.
CMMC: With a thorough grasp of the Cybersecurity Maturity Model Certification (CMMC), I have assisted defense contractors in preparation to maintain their contracts by helping them achieve and maintain the required CMMC levels. I spearheaded a project to bring a mid-sized defense contractor up to CMMC Level 2, a significant undertaking that involved both technical and policy modifications.
PCI-DSS: I conducted PCI assessments and collaborated with IT Teams for technology companies and payment gateway service providers to ensure a PCI Compliance environment. Additional services included writing policies, conducting risk assessments, managed penetration tests, collect AOCs from vendors, and filled out SAQ forms annually.
Certifications: CISSP, CISM, ISO 27001 LEAD IMPLEMENTER, GCIA, ECSA, CEHv7
My Services:
- vCISO Management
- Policies & Procedures Development
- Privacy Management
- Compliance Implementation
- Security Assessments
- Risk Assessments
- Third-party Security Questionnaires
- SSP Development
- Cybersecurity Strategy
Testimonials:
Imagined Cloud | CEO: "Larry exceeded our expectations with their comprehensive SOC 2 services. They not only helped us navigate complex compliance requirements but also provided valuable insights that improved our overall security posture. Highly recommended!"
Johnson & Johnson | MedTech Product Security Manager: "Larry was instrumental in guiding our medical device company through our HIPAA assessments with his digital health expertise, significantly easing our compliance process. I highly recommend him for his cybersecurity expertise in the medical device sector."
Keywords:
cybersecurity expert, compliance, HIPAA, NIST, SOC 2, ISO 27001, CMMC, ISO 27001, policies and procedures , vCISO, risk assessment, compliance software, security assessments, healthcare