Baker Tilly
Contact us
Brian Nichols

Brian Nichols

CISSP, CIPP/US

Principal

+1 (972) 748 0496

Leave a messagearrowCreated with Sketch.

Brian Nichols is a principal in Baker Tilly’s risk advisory practice. Brian has more than 10 years of experience in developing cybersecurity strategies and enhancing cybersecurity programs for clients across retail, consumer, airline, railroad, healthcare and financial services industries. He is a proven leader in helping clients align their cybersecurity programs to their business objectives and effectively manage their cybersecurity risk.

Brian leads teams in conducting cybersecurity capability assessments using various industry frameworks (e.g., NIST CSF, ISO 27001/2, CIS CSC, etc.). He has helped many organizations establish their cybersecurity program through developing strategies, policies and procedures, risk management methodologies, governance, controls libraries, and metrics and reporting.

  • Develops cybersecurity strategy and service catalogs aligned to business objectives and risk tolerance levels
  • Builds cybersecurity risk management programs to assess and respond to emerging cybersecurity threats
  • Assesses cybersecurity capabilities against industry frameworks and develops recommendations and roadmaps to enhance capabilities and manage risk
  • Enhanced data protection capabilities through risk-driven data classification and control requirements
  • Develops effective and implementable security policies and standards based on industry best practices
  • Performed incident response and remediation activities for a PCI data breach
  • Performed ISO 27001 ISMS readiness assessment for a global financial services client
  • Developed cybersecurity thought leadership for mobile device security and unified security control frameworks
  • Designed, implemented and operated a Data Loss Prevention (DLP) solution for a retail and pharmaceutical client
  • Assessed security awareness capabilities and developed recommendations for enhancements and computer-based trainings
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Privacy Professional/United States (CIPP/US)
  • Certified ISO Lead Implementer
  • AWS Cloud Practitioner

Location

Frisco, TX

Education

Bachelor’s in accounting and information systems
Master’s in accounting and information systems

Virginia Tech

Expertise

Brian's latest insights

Article
securing your organization vulnerability management

Securing your organization: A practical approach to vulnerability management

Article
penetration testing versus vulnerability scanning

Penetration testing vs. vulnerability scanning: Understanding the key differences

Case Study
healthcare phishing campaign

Healthcare organization tests technical security controls and internal security awareness training with phishing campaign

Article
zero trust security model verify

Never trust, always verify. But how?

Case Study
grocery stores undergo vulnerability scanning

Multilocation grocery store enhances internal IT practices as a result of vulnerability scan

Case Study
private jet company undergoes network scanning’

Network scanning tools test prove private jet charter company's wireless network is secure

Case Study
financial services company confirms security to minimize risk

Financial services company confirms security of web-facing applications and minimizes risk

Case Study
city external penetration test

City identifies weaknesses in security protections after external penetration test

Article
IT professionals working at table together in office on cybersecurity

The missing piece of your network security

Case Study
Data dashboard coming out of laptop

Multinational government contractor updates training after phishing prevention campaign uncovers vulnerabilities

Case Study
software automation data screen

Testing of software company's web portal boosts confidence in security measures

Case Study
Cookies being produced in factory

Food producer improves network security after disabling unused networks

Case Study
Rising interest rates, financial growth

Debt consolidation company closes security vulnerability after successful external penetration testing

Case Study
Cars lined up on display at dealership

Multilocation car dealership updates patching inventory after internal vulnerability scan

Article
Energy plant with abstract data points

Energy and utilities sector faced with cybersecurity risks

Article
Man looking at window of data

Are you overlooking a key component to cybersecurity risk management? 

Article
Consultants review software development code

Cybersecurity risks affecting software and technology companies

Article
Data-driven manufacturing

Top 5 manufacturing and distribution cybersecurity risks

Article
cyber risk manufacturing distribution

Reducing cyber risk and protecting against a ‘perfect storm’

Article
risk_touching_gears

Utilizing penetration testing to enhance internal audit activities

Article
dynamic data and technology visualization

Navigating cyber risks in 2024: Insights, controls and strategies for financial institutions

Multimedia
Team members work together on technology innovation

Tax insights for technology companies and startups

Multimedia
hands working on report

Audit readiness for technology companies and startups

Multimedia
Team working in office

Transaction readiness for technology companies and startups

Multimedia
Cloud technology integration

The power of accounting automation for technology companies and startups

Multimedia
Businessmen close deal with handshake

Startup essentials for the technology market

Article
Closeup of circuitry on computer

Cybersecurity and data privacy: recognizing the risks facing NFP organizations

Webinar
Data server center

Fraud Summit: Managing your risk against a ransomware attack

Webinar
Board meeting at a conference table

Managing NFP cybersecurity risks through board governance

Webinar
People looking at cybersecurity screens

Cybersecurity risk management: mitigating vulnerabilities in the cloud

Article
Doctor reviews patient data on computer

Technology due diligence in healthcare

Webinar
cyber curcuit board

Protecting you and your family business against cyber risks