Mike Cullen, a director in Baker Tilly’s risk advisory practice, helps clients tackle cybersecurity, data and information technology risks. He works with clients in multiple industries, with a dedicated focus and extensive experience with higher education, research institutions, not-for-profit organizations and government contractors.
Since 2001, he has been executing various cybersecurity, privacy and IT assessments, myriad IT internal audits, risk reviews for large transformation projects and numerous IT compliance projects.
Currently, Mike leads multifaceted practice teams with industry specialization, all with the goal of helping clients protect data and systems and enhance cybersecurity and IT risk management practices.
- Interfaces with various client personnel from analysts to chief officers (e.g., information, business, financial, executive), as well as boards and trustees to advise and report on cybersecurity and IT areas in the appropriate context and without technical jargon
- Delivers reports tailoring those cybersecurity and IT concepts into actionable observations and practical recommendations
- Develops IT strategies, including related guidance, practices and roadmaps, for organizations focused on aligning IT operations with IT strategies that support an organization’s overall mission, strategic plans and goals
- Empowers clients to address the opportunities and challenges posed by various cybersecurity and IT frameworks, laws, regulations and standards such as: FERPA, HIPAA, HITECH Act, PCI DSS, GLBA, NIST CSF, NIST SP 800, CMMC, ISO 27000, CIS Critical Controls, FAR/DFARS, GDPR
- Advises on various large transformational projects, including myriad system implementations, by providing project management, risk management, resource management, issues management and strategy guidance before, during and after implementation/go live
- Provides IT contract and vendor process consulting, in the areas of enhancements to risk assessment, project deliverable, compliance and best practices, to reduce client risk when working with vendors
- Information Systems Audit and Control Association (ISACA)
- International Association of Privacy Professionals (IAPP)
- International Information Systems Security Certification Consortium (ISC2)
- Institute of Internal Auditors (IIA)
- Fairfax Library Foundation, Treasurer and Board Member
Location
Washington DC
Education
Bachelor of Science in business information technology
Virginia Polytechnic Institute and State University