Archived: CISO Insights: Navigating the GRC Landscape

Steven Fox directs the GRC strategy for Educational Testing Services, the world’s largest private educational testing and assessment organization. He brings a cross-disciplinary, international perspective to the practice of information security; combining his experience as a Deputy CISO, security consultant, an IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges.

I have over 30 (1994) years of Business Continuity and Information Security and Risk Management experience. I have been in an Information Security Officer (CISO) role for several large organizations. I have consulting experience and Management in “Big 4″​ environment as well as large private industry management experience. I have designed general computer controls for SOX and defined a PCI program for level 2 Merchant. I have performed computer forensics for many large and high profile cases. I have helped lead the development of E&Y’s Security Architecture Methodology. I have developed Governance Programs, Identity and Access Management Programs, Risk Management Programs and Vulnerability Management Programs.

I currently volunteer for the American Red Cross BEPA (Business Emergency Planning Association). I previously held the President/Chair Person Position for the Strategic Advisory Board for three years through the program inception. As of June 2006, I remain a board member. I participate in a CSO Roundtable in Cincinnati, and previously held Program Director position for ISSA. I am a member of ISSA, Homeland Security, CSI, Cincinnati Infragard and FBI Citizens Academy Alumni. I am also Vice President on the board for the FBI Citizens Academy Alumni Association of Cincinnati. I am Co-Director for GetWITit for Conference and Events. I am a member of the Site Based Decision Making Council at my child’s high school, an officer in the Band Boosters and assist in coaching Jr. High Volleyball.

Experience includes all aspects of Information Security. Successfully built an Information Security Program for TriHealth. Successfully led TriHealth Inc. PCI remediation and submitted compliant SAQ (Self Assessment Questionnaire). Successfully led TriHealth Security build for Epic. Successfully implemented a risk management and oversight program, including a Security Council consisting of senior leadership for TriHealth for security oversight. This is one of the best attended and high participatory level for senior leadership at TriHealth, Inc.

Specialties: Information Security, Risk Management, Governance and Compliance, Security Program and Strategy, Security Awareness, NIST, ISO 27001 and 27002 Controls, PCI, SOX, Incident Response and Computer Forensics programs.

Dale Hoak is a results-driven cybersecurity leader who has delivered measurable impact across the U.S. Navy, law enforcement, and corporate sectors. As CISO at RegScale, he secured critical certifications—including SOC 2, FedRAMP High, and CSA STAR—enabling expansion into regulated markets. His AI-driven security automation enhanced compliance capabilities and unlocked over $1M in additional revenue. At the NYPD, he established the first fully operational Security Operations Center (SOC), slashing incident response times. Dale excels at aligning security with business growth, ensuring resilience in high-stakes environments.

Dr. Dustin Sachs is the Chief Technologist and Sr. Director of Programs at CyberRisk Collaborative. He is a highly accomplished cybersecurity professional with a proven track record in risk management, compliance, incident response, and threat mitigation. He is CISSP-certified and holds a Doctor of Computer Science (DCS) degree in Cybersecurity and Information Assurance. Dr. Sachs has worked in various industries, including public utilities, food distribution, and oil and gas. He is a respected thought leader in the cybersecurity community.