Mike Cullen

Mike Cullen



+1 (703) 923 8339

Leave a messagearrowCreated with Sketch.

Mike Cullen, a principal in Baker Tilly’s risk advisory practice, helps clients tackle cybersecurity, data and information technology risks. He works with clients in multiple industries, with a dedicated focus and extensive experience with higher education, research institutions, not-for-profit organizations and government contractors.

Since 2001, he has been executing various cybersecurity, privacy and IT assessments, myriad IT internal audits, risk reviews for large transformation projects and numerous IT compliance projects.

Currently, Mike leads multifaceted practice teams with industry specialization, all with the goal of helping clients protect data and systems and enhance cybersecurity and IT risk management practices.

  • Interfaces with various client personnel from analysts to chief officers (e.g., information, business, financial, executive), as well as boards and trustees to advise and report on cybersecurity and IT areas in the appropriate context and without technical jargon
  • Delivers reports tailoring those cybersecurity and IT concepts into actionable observations and practical recommendations
  • Develops IT strategies, including related guidance, practices and roadmaps, for organizations focused on aligning IT operations with IT strategies that support an organization’s overall mission, strategic plans and goals
  • Empowers clients to address the opportunities and challenges posed by various cybersecurity and IT frameworks, laws, regulations and standards such as: FERPA, HIPAA, HITECH Act, PCI DSS, GLBA, NIST CSF, NIST SP 800, CMMC, ISO 27000, CIS Critical Controls, FAR/DFARS, GDPR
  • Advises on various large transformational projects, including myriad system implementations, by providing project management, risk management, resource management, issues management and strategy guidance before, during and after implementation/go live
  • Provides IT contract and vendor process consulting, in the areas of enhancements to risk assessment, project deliverable, compliance and best practices, to reduce client risk when working with vendors
  • CMMC Accreditation Body Provisional Assessor (PA)
  • Information Systems Audit and Control Association (ISACA)
  • International Association of Privacy Professionals (IAPP)
  • International Information Systems Security Certification Consortium (ISC2)
  • Institute of Internal Auditors (IIA)
  • Fairfax Library Foundation, Treasurer and Board Member


Washington, DC


Bachelor of Science in business information technology

Virginia Polytechnic Institute and State University

Mike's upcoming events


Thumbprint used for increased security

How your NFP can manage cyber risk when cyber insurance costs rise