Baker Tilly
Contact us
Mike Cullen

Mike Cullen

CISA, CISSP, CIPP/US

Principal

+1 (703) 923 8339

Leave a messagearrowCreated with Sketch.

Mike is a principal and the higher education cybersecurity and IT risk leader with the firm. He helps clients tackle cybersecurity, data and information technology risks. He works with clients in multiple industries with a dedicated focus and extensive experience with higher education, research institutions, not-for-profit organizations and government contractors.

Since 2001, he has been executing various cybersecurity, privacy and IT assessments, myriad of IT internal audits, risk reviews for large transformation projects and numerous IT compliance projects.

Currently, Mike leads multifaceted practice teams with industry specialization all with the goal of helping clients protect data and systems and enhance cybersecurity and IT risk management practices.

  • Interfaces with various client personnel from analysts to chief officers (e.g., information, business, financial, executive) as well as boards and trustees to advise and report on cybersecurity and IT areas in the appropriate context and without technical jargon
  • Delivers reports tailoring those cybersecurity and IT concepts into actionable observations and practical recommendations
  • Develops IT strategies including related guidance, practices and roadmaps for organizations focused on aligning IT operations with IT strategies that support an organization’s overall mission, strategic plans and goals
  • Empowers clients to address the opportunities and challenges posed by various cybersecurity and IT frameworks, laws, regulations and standards such as: FERPA, HIPAA, HITECH Act, PCI DSS, GLBA, NIST CSF, NIST SP 800, CMMC, ISO 27000, CIS Critical Controls, FAR/DFARS and GDPR
  • Advises on various, large-transformation projects including myriad of system implementations by providing project management, risk management, resource management, issue management and strategy guidance before, during and after implementation/go-to-live
  • Provides IT contract and vendor process consulting in the areas of enhancements to risk assessment, project deliverable, compliance and best practices in order to reduce client risk when working with vendors
  • Information Systems Audit and Control Association (ISACA)
  • International Association of Privacy Professionals (IAPP)
  • International Information Systems Security Certification Consortium (ISC2)
  • Institute of Internal Auditors (IIA)
  • “Compliance Potpourri, IT, Privacy and Data Security,” “Getting Practical about Privacy,” “Cybersecurity threats in higher education,” “Protecting your institution with effective cybersecurity governance,” “Auditing your institution’s cybersecurity incident/breach response plan,” “Conducting a system implementation risk review at higher education institutions,” “Cyber risk emerging trends and regulatory update,” and, “Using IT Audit to Your Advantage,” Association of College and University Auditors (ACUA), presenter
  • “Cyber Risk for Foundations,” “The Board’s Role in Cybersecurity,” and, “Cybersecurity Issues That Keep You Up at Night,” Association of Governing Boards (AGB), presenter
  • “The Cybersecurity Headache,” Association of Healthcare Internal Auditors (AHIA), author
  • “IT Risk Assessment: Learn from Our Work, Leverage at Your Campus,” “Digital Transformation in a Time of Uncertainty,” and, “CMMC Latest Developments and How to Prepare,” EDUCAUSE, presenter
  • “A Framework for Auditing Mobile Devices,” Institute of Internal Auditors (IIA) GRC and All-Star conferences, presenter
  • “More Malware, Less Ransomware in Higher Ed,” Inside Higher Ed, contributor
  • “Cybersecurity Issues in Research,” “CMMC Should Scare You – Latest Developments and How to Prepare,” and, “Research Data Discussion Group,” National Council of University Research Administrators (NCURA), presenter
  • “CMMC and Cybersecurity – Addressing Now and Planning for the Future” and, “CMMC and Cybersecurity for Research Data,” Society of Research Administrators International (SRAI), presenter
  • “CMMC Should Scare You,” Society of Corporate Compliance and Ethics (SCCE), presenter
  • “PCI Compliance Crackdown,” UniversityBusiness.com, contributor

Location

Washington, DC

Education

Bachelor of Science in business information technology

Virginia Polytechnic Institute and State University

Expertise

Mike's latest insights

Article
University campus during the daytime

How higher education and research institutions may benefit from using HITRUST to navigate research data security requirements

Webinar
Thumbprint used for increased security

How your NFP can manage cyber risk when cyber insurance costs rise

Article
Team strategy meeting in conference room overlooking city

How to manage cyber risks when cyber insurance costs rise

Article
Woman interacts with data

Combating the rising costs of cyber insurance: how we got here, and what organizations can do

Webinar
Board members in a conference room

Board oversight of transformational projects: using project risk reviews to gain assurance and support success

Webinar
Data, cybersecurity on laptop

Cybersecurity challenges for non-governmental and not-for-profit organizations

Webinar
Advisor consults client by phone

Cybersecurity challenges for not-for-profits: your questions answered

Article
Risks of artificial intelligence on a laptop

Understanding the business uses, risks and rewards of artificial intelligence

Article
casual work space office

How to build an effective IT audit team during a time of skilled resourcing shortages

Webinar
Professionals collaborate in team meeting

CMMC 2.0: five changes to navigate

Article
Aerial view of a local community

Digital transformation in a time of uncertainty:  Boise State and Baylor CIOs share their tips for success when moving to Oracle Cloud

Article
College graduates with their arms around eachother

Board oversight of transformational projects: using project risk reviews to gain assurance and support success

Webinar
CMMC what to expect during official assessment

CMMC: What to expect during an official assessment

Webinar
CMMC cybersecurity success hands

Ensure CMMC success: seven common scoping mistakes to avoid

Webinar
man working in front of computer

Digital Transformation in Higher Education

Article
Man working on a tablet at night

CMMC: preparation is paramount