Baker Tilly
Contact us
Mike Cullen

Mike Cullen

Director, CISA, CISSP, CIPP/US

+1 (703) 923 8339

Leave a messagearrowCreated with Sketch.

Mike Cullen, a director in Baker Tilly’s risk advisory practice, helps clients tackle cybersecurity, data and information technology risks. He works with clients in multiple industries, with a dedicated focus and extensive experience with higher education, research institutions, not-for-profit organizations and government contractors.

Since 2001, he has been executing various cybersecurity, privacy and IT assessments, myriad IT internal audits, risk reviews for large transformation projects and numerous IT compliance projects.

Currently, Mike leads multifaceted practice teams with industry specialization, all with the goal of helping clients protect data and systems and enhance cybersecurity and IT risk management practices.

  • Interfaces with various client personnel from analysts to chief officers (e.g., information, business, financial, executive), as well as boards and trustees to advise and report on cybersecurity and IT areas in the appropriate context and without technical jargon
  • Delivers reports tailoring those cybersecurity and IT concepts into actionable observations and practical recommendations
  • Develops IT strategies, including related guidance, practices and roadmaps, for organizations focused on aligning IT operations with IT strategies that support an organization’s overall mission, strategic plans and goals
  • Empowers clients to address the opportunities and challenges posed by various cybersecurity and IT frameworks, laws, regulations and standards such as: FERPA, HIPAA, HITECH Act, PCI DSS, GLBA, NIST CSF, NIST SP 800, CMMC, ISO 27000, CIS Critical Controls, FAR/DFARS, GDPR
  • Advises on various large transformational projects, including myriad system implementations, by providing project management, risk management, resource management, issues management and strategy guidance before, during and after implementation/go live
  • Provides IT contract and vendor process consulting, in the areas of enhancements to risk assessment, project deliverable, compliance and best practices, to reduce client risk when working with vendors
  • CMMC Accreditation Body Provisional Assessor (PA)
  • Information Systems Audit and Control Association (ISACA)
  • International Association of Privacy Professionals (IAPP)
  • International Information Systems Security Certification Consortium (ISC2)
  • Institute of Internal Auditors (IIA)
  • Fairfax Library Foundation, Treasurer and Board Member

Location

Washington, DC

Education

Bachelor of Science in business information technology

Virginia Polytechnic Institute and State University

Expertise

Mike's latest insights

Webinar
project risk reviews for board oversight of transformational projects

Board oversight of transformational projects: using project risk reviews to gain assurance and support success

Webinar

Cybersecurity challenges for non-governmental and not-for-profit organizations

Webinar

Cybersecurity challenges for not-for-profits: your questions answered

Webinar
Professionals collaborate in team meeting

CMMC 2.0: five changes to navigate

Article
Aerial view of a local community

Digital transformation in a time of uncertainty:  Boise State and Baylor CIOs share their tips for success when moving to Oracle Cloud

Article
Board oversight of transformational projects in higher education

Board oversight of transformational projects: using project risk reviews to gain assurance and support success

Webinar
CMMC what to expect during official assessment

CMMC: What to expect during an official assessment

Webinar
CMMC cybersecurity success hands

Ensure CMMC success: seven common scoping mistakes to avoid

Article

CMMC: preparation is paramount

Webinar
man working in front of computer

Digital Transformation in Higher Education

Mike's upcoming events

Webinar

Research team discusses software development and data organization

Research security: what auditors must know in 2022