VP, Cybersecurity
Heath Nieddu CISSP, MBA, GSEC
VP, Cybersecurity
Heath Nieddu
CISSP, MBA, GSEC
About Heath
Over the past 15 years, Heath has developed a reputation for creatively finding new ways to mature information security programs. Although known for his ability to find practical ways of implementing various aspects of GRC programs, Heath also has tactical experience the areas of vulnerability management, threat modeling, and creating effective security metrics programs.
Some of his more notable projects include creating a threat model for a global pharmaceutical company, conducting a security tools rationalization effort for a global financial firm, and integrating Splunk and Tenable for a global streaming media entertainment company. Heath has also been responsible for creating strategic information security roadmaps for a number of firms.
Education includes two business degrees (BS, MBA) and three information security certifications (CISSP, GSEC, and GCIH) as well as a role as an Adjunct Professor at Point Loma Nazarene University.
Services
Cyber Program Monitoring
I provide cyber security program evaluation to several of the world’s largest, complex, and global firms. I provide both point-in-time assessment and on-going implementation for commercial firms, governments, and educational institutions.
I design security program monitoring and metrics programs that are efficient and effective. Efforts to measure security efficiency and effectiveness quickly get bogged down. I leverage my experience to create the right approach for each client.
I provide on-going security consulting and advisory support. In some cases I can also serve over as a temporary security program lead. In conjunction with my evaluations and monitoring program, these services are designed to jumpstart your own security program for long-term success.
My Approach
I approach each client with a fresh mindset and time-tested processes for gathering information, creating a strategy, and generating value as soon as possible. A risk-based approach means every organization will have different priorities, and plans will be adjusted to reach those goals. Generally, I advocate for training enthusiastic security analysts to use native security capabilities already in the environment. There is usually an opportunity to increase capability with current tools before investing in new ones. Early in my engagements, I emphasize properly managing assets, configurations, access, and vulnerabilities. These activities, coupled with a trained incident response team, create the foundation of a mature security program.
Companies I’ve Worked With
Articles
Case Studies
The State of My Corpus – Early 2024
I'm almost halfway done with the pre-requisites for my PhD. It feels good to be making headway. I created a word cloud of all the papers I've reviewed so far in order to see if any themes emerged. I was surprised to see the theme of 'big data' be so much more...
A Cyber Insurance Discussion
This post serves to gather some of the discussion points, questions, and further resources regarding the topic of cyber insurance discussed at the 2023 Planet Cyber Security Conference in San Diego 12/06/2023. Bottom Line Up Front: The majority of the group felt that...
Scenario Planning with both Realism and Novelty
Scenario Planning (SP) exercises can differ depending on the industry and managerial level. Strategic leadership, information system leadership, and academia all view SP differently. Before understanding SP, we need to wade through the sometimes-confusing terms of...
HEATH NIEDDU, CISSP, MBA, GSEC
Please feel free to contact me with any questions or inquiries.