‘Christophe Foulon

Principal vCISO & AI Governance Lead | Senior Security Architect

Quisitive · United States

Jul 2024 – Present(1 yr 10 mos)

Principal vCISO & AI Governance Lead | Senior Security Architect I provide executive-level security leadership for organizations in highly regulated industries. As a Senior Advisor at a leading Microsoft partner, I specialize in translating complex security and AI requirements into business-aligned strategies that enable innovation while managing risk. Strategic AI and Data Governance I architect AI Security Governance frameworks that allow enterprise clients to adopt Generative AI safely. These programs reduce IP leakage risk and establish audit-ready LLM policies aligned with NIST AI RMF standards. Data Visibility: Helped organizations gain control over 50% to 75% of previously unmanaged data, significantly reducing exposure risks. Executive Advisory: Translate emerging technology risks (AI, supply chain, and identity) into board-level investment cases for HighTech, Healthcare, FinTech, and Defense sectors. Cloud Posture and Zero Trust Implementation I drive measurable improvements in cloud security and identity management, focusing on reducing the active attack surface for more than 100 client organizations. Azure Security: Led posture assessments driving adherence to CIS Controls and significantly improving cloud security benchmarking scores. Zero Trust: Implemented modern identity and device controls that reduced exposed threat surfaces by approximately 20% through programmatic RBAC and access minimization. GRC Automation and Operational Excellence I transform compliance from a manual burden into an automated business advantage, specifically for sectors like Healthcare, Financial, and Retail. Automated Compliance: Guided healthcare clients in evolving HIPAA and HITRUST programs into automated processes, resulting in a 25% reduction in DevOps time spent on audit tasks. Operational Efficiency: Developed proactive security tools, including a GRC chatbot that reduced the time spent answering vendor security questionnaires by 50%.

Executive Cybersecurity Advisor / Founder/Coach

CPF Coaching · Virtual

Jan 2007 – Present(19 yrs 4 mos)

Fractional CISO practice providing on-demand security leadership to growth-stage organizations. Deployed as a vCISO resource through channel partners (including Nexigen and SideChannel) and directly to clients, building security programs from the ground up and maturing existing frameworks to support enterprise sales, regulatory compliance, and investor due diligence. • Serve as an embedded vCISO resource through Nexigen and SideChannel, providing their clients access to fractional CISO-level security leadership without the full-time overhead. • Recently engaged by Zaun.ai as Forward Deployed CISO, providing hands-on security leadership to support the company's growth, product security posture, and enterprise client requirements. • Designed Compliance as Code frameworks for client organizations, replacing manual audit workflows with automated evidence collection, reducing compliance overhead and accelerating SOC 2 Type II attainment. • Guided multiple organizations through first-time SOC 2, HIPAA, and industry-specific regulatory audits, achieving audit readiness within 6 to 9 months from engagement start. • Built and developed high-performing security teams across client organizations, establishing talent pipelines, training programs, and performance frameworks that outlasted individual engagements. • Founder and co-host of Breaking into Cybersecurity: https://feeds.captivate.fm/breaking-into-cybersecurity/ • Authored: "Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level" https://amzn.to/3LFJjpP • Authored: “Hack the Cybersecurity Interview” https://www.amazon.com/dp/1801816638/ • Contributed to "Understand, Manage, and Measure Cyber Risk" by Ryan Leirvik https://amzn.to/3I55x25 Mastering LLMs - cpf-coaching.com/mastering-llms Website https://cpf-coaching.com

Cybersecurity Adjunct Professor

Bellevue University · Virtual

Aug 2019 – Present(6 yrs 9 mos)

As a seasoned educator in the field of cybersecurity, I have led and inspired up to 50 students per semester through undergraduate and graduate-level courses. My areas of expertise include Introduction to Cyber Threats, Technology and Security, Network Security, Risk Management Studies, and Cybersecurity Governance. Innovative Teaching Approach: Renowned for integrating real-world scenarios into my curriculum, I've equipped students with practical, applicable knowledge. This approach prepares them to deliver services and communicate effectively within various enterprise environments. Leadership in Education: My teaching methods are tailored to impart theoretical knowledge and develop critical thinking and problem-solving skills essential for future cybersecurity professionals. My commitment to education goes beyond traditional teaching, fostering an environment where students can engage, question, and apply their learning to real-world challenges. As an educator, I strive to mold the next generation of cybersecurity experts, ensuring they are well-equipped to navigate and excel in the ever-evolving field of cybersecurity.

Forward Deployed CISO

Zaun

Feb 2026 – Present(3 mos)

As an AI-enabled security services company, Zaun leans on real human experts with decades of experience to protect the organizations we protect. I advise on security quality control, AI safeguards, and the analysis of threats unique to organizations under Zaun. My goal is to build the utmost trust in the brand and its capabilities through a mix of technical solutions and storytelling initiatives. https://zaun.ai/contact?ref=cpf

Fractional Cybersecurity Engineer

SideChannel

Jan 2024 – Present(2 yrs 4 mos)

Build and Manage Your Cybersecurity Program SideChannel Complete is the easiest way to create and manage a comprehensive cybersecurity program, and we simplify cybersecurity for startups and the mid-market. Let our expert advisors bring safety and peace of mind to your business.

Strategic Cybersecurity Partner

Format Cyber

Jun 2024 – Present(1 yr 11 mos)

Format Cyber is like your friendly neighborhood cybersecurity guide. We specialize in helping organizations stay safe in the digital jungle. Here’s what we do: Cyber Risk Detectives: We sniff out risks and vulnerabilities so you don’t have to worry about them lurking in the shadows. Custom Advice: One size does not fit all - we weave together custom security advice just for you. Security Architects: We design secure fortresses (systems and networks) to protect your data. Business Driven: Our goal? To help align and adapt your security to drive your business goals securely. Whether you need a security makeover or want to build security from scratch, we’ve got your back. Let’s lock down those digital doors!

Expert

LeadrPro · United States

Jul 2024 – Present(1 yr 10 mos)

Fractional CISO

Nexigen

Jan 2024 – Mar 2026(2 yrs 3 mos)

Nexigen, a pioneer in Enterprise Cybersecurity, Cloud, and IT services, continues its mission to lead at the intersection of artificial intelligence and cybersecurity by welcoming Christophe Foulon as a Cyber Advisor and Fractional Chief Information Security Officer (fCISO). This strategic addition reaffirms Nexigen's commitment to delivering cutting-edge cybersecurity expertise and solutions to a diverse clientele. Christophe Foulon brings a distinguished background as an Information Security Manager, Adjunct Professor, and Cybersecurity Strategist, infusing the Nexigen team with a wealth of knowledge and strategic insight. "I am excited to join Nexigen, a company renowned for its innovative approach to IT and cybersecurity. I look forward to contributing my expertise in Cybersecurity, GRC, and Artificial Intelligence (AI) to enhance Nexigen's offerings," said Foulon. Founded in 2003, Nexigen has been a long-standing leader in providing managed IT services, cloud solutions, and advanced cybersecurity support to businesses across various sectors. The addition of Christophe Foulon underscores the company's commitment to proactively addressing the ever-evolving cybersecurity challenges and ensuring the robust protection of clients' digital assets. Jon Salisbury, Nexigen CEO, expressed enthusiasm about the new addition, stating, "We are delighted to welcome Christophe Foulon to our team. His cybersecurity and strategic advisory expertise will be invaluable as we continue our mission to deliver comprehensive and secure IT solutions to our clients." Nexigen's leadership in Enterprise Cybersecurity, Cloud, and IT services has positioned the company as a trusted partner for enterprises of all sizes. The Nexigen AI Cyber Stack makes AI-driven cybersecurity accessible, responsible, and profitable for businesses, further solidifying their commitment to a safer digital future.

CARD CYBER: SENIOR MANAGER, CYBERSECURITY & TECHNOLOGY RISK OVERSIGHT

Capital One · McLean, Virginia, United States

Oct 2020 – Oct 2023(3 yrs 1 mo)

As a Senior Cybersecurity Advisor, I led strategic cybersecurity initiatives and technology risk management, aligning them with business objectives across various lines of business (LOBs). I provided tactical advice and services and drove the strategic evolution of the organization's cybersecurity and risk management practices. My efforts were instrumental in optimizing cybersecurity operations and elevating the organization's overall security maturity. Strategic Leadership in Cybersecurity: Led developing and implementing a comprehensive cybersecurity strategy, enhancing the understanding of cybersecurity risks among LOB managers. My approach involved delivering tailored recommendations and solutions that addressed immediate concerns and strategically positioned the business for long-term security resilience. Advanced Risk Management and Mitigation: Spearheaded the organization's response to an active exploit vulnerability, demonstrating proactive leadership in risk mitigation. Worked closely with engineering leads and cross-functional teams to reduce vulnerabilities systematically, minimizing exposure to attack surfaces. Project Management and Optimization: Managed the high-stakes Top of House US Card Project, strategically delegating critical tasks to optimize outcomes. I was focused on developing and implementing robust action plans and milestone strategies, ensuring comprehensive protection against evolving security threats and vulnerabilities. Cybersecurity Intelligence and Analysis: Initiated and led a groundbreaking project to develop an integrated cybersecurity intelligence product. This initiative, a first for the business, combined internal and external analysis to provide a holistic view of the organization's risk posture. This strategic move enhanced situational awareness and informed decision-making processes across the business, significantly advancing the organization's approach to cybersecurity intelligence.

CISO & IT Systems Director (Volunteer) (Part-Time Consulting)

AIESEC Alumni International

May 2015 – Feb 2021(5 yrs 10 mos)

Lead Architect in Digital Transformation and Process Improvements for Global Virtual Teams In my role, I spearheaded significant digital transformation initiatives and process improvements for a European-based Nonprofit with a global user base. I focused on optimizing and securing information flow across diverse platforms and teams. Digital Transformation Leadership: Advised on and implemented cutting-edge digital strategies to replace manual processes. This involved critically evaluating existing workflows and introducing technological solutions that enhanced efficiency and productivity. Global Virtual Team Technology Oversight: Played a key role in supporting the technology needs of the Global Virtual Team at AIESEC Alumni International (AAI). I ensured seamless online collaboration across platforms like Office365, SharePoint, Yammer, and Lync, facilitating effective communication and project management. Information Assurance and Data Integration: Provided expert guidance on information assurance and data integration projects, ensuring robust data security and compliance with international standards. My efforts were crucial in safeguarding sensitive information and maintaining the integrity of data systems. Unified Security Policy Development: Strategically developed and unified information security policies for the organization’s web portal, mobile devices, and other digital assets. This initiative ensured a cohesive and secure digital environment, protecting against potential cyber threats. My contributions in this role were not just about technological upgrades but about creating a more interconnected, secure, and efficient digital ecosystem for global teams, enhancing their capacity to collaborate and achieve organizational goals.

[SENIOR SECURITY CONSULTANT (SMF)] HEAD OF COMMERCIAL CYBERSECURITY SECURITY CONSULTING

GRIMM (SMFS, Inc.) · Washington D.C. Metro Area

Dec 2019 – Oct 2020(11 mos)

At a boutique security consulting firm, I led collaborations with federal and commercial clients, providing high-impact cybersecurity and risk advisory solutions. My role was pivotal in enabling organizations to understand, assess, and effectively manage their cybersecurity risks. Executive Cybersecurity Education and Strategy: Conducted workshops and tabletop exercises to enhance executives' and security managers' understanding of cybersecurity risks and their implications on business operations. My approach was translating complex cyber threats into actionable insights for strategic decision-making. Risk Mitigation and Cybersecurity Program Development: Advised on and implemented strategies for tracking and mitigating critical operational risks. This included comprehensive risk assessments, cyber program reviews, and the development of threat models, ensuring a proactive stance against potential security breaches. Advanced Cybersecurity Solutions: Led the design and development of specialized cyber development platforms, tailoring solutions to address specific organizational challenges. This included creating a customized Governance, Risk, and Compliance (GRC) management program using frameworks like NIST CSF, CMMC, and ISO27001. Cybersecurity Maturity Enhancement: Drove the development of a cyber maturity builder program featuring six adversarial and three defensive modules, significantly enhancing the defensive capabilities of client organizations. Business Development and Community Engagement: Collaborated with business development teams to increase engagement and generate new business through social media marketing and hosting in-person and virtual conferences. This not only expanded our client base but also reinforced our firm's position as a thought leader in the cybersecurity field. My contributions in this role were integral to empowering organizations with the tools and knowledge needed to fortify their cybersecurity defenses.

LEAD CYBER RISK MANAGEMENT CONSULTANT

ConQuest Federal · Washington D.C. Metro Area

Feb 2019 – Dec 2019(11 mos)

In a federal consulting startup, I led a 15-person team of analysts and senior project managers, overseeing risk, security, and cloud security consulting projects with a budget of $5M. My role was crucial in driving significant cybersecurity advancements and cloud adoption for a federal agency. Strategic Management and Leadership: Managed and mentored a diverse team, fostering an environment of innovation and excellence in delivering high-stakes security consulting services. My leadership ensured the effective allocation of a $5M budget, maximizing the impact of our cybersecurity initiatives. Digital Transformation and Cloud Migration Expertise: Guided a federal agency through a critical digital transformation, spearheading the migration to cloud services such as Microsoft Office365 & Azure Gov. I implemented robust security and identity management technologies, significantly enhancing the agency's cybersecurity posture and cloud infrastructure. Cybersecurity Maturity Enhancement: Developed comprehensive governance frameworks, policies, and procedures to boost the agency's compliance with the Federal Information Security Management Act (FISMA). This involved adopting a risk-based approach to vulnerability management, significantly strengthening the agency's overall security posture. Operational Cybersecurity Excellence: Provided expert insights on effective detection, response, and recovery strategies, preparing the agency for the integration and management of security service providers. My approach enhanced the agency's defensive capabilities and ensured readiness for handling sophisticated cyber threats. FISMA Compliance and Risk Management: Played a pivotal role in elevating the agency's FISMA maturity levels, leading the development and implementation of strategic governance and policy measures. This initiative was vital in advancing the agency's cybersecurity operational maturity and managing third-party vendor risks.

MANAGER INFORMATION SECURITY CONSULTING

Avanade · Washington D.C. Metro Area

Aug 2017 – Feb 2019(1 yr 7 mos)

Team Lead, Microsoft Azure Federal Cloud & Managed Services As the Microsoft Azure Federal Cloud Team leader, I orchestrated the strategic direction and operational execution of the Government Cloud Operations. My role was pivotal in driving significant growth and ensuring robust 24/7 incident and problem management across multiple locations. Strategic Team Management and Training: Spearheaded the onboarding and training of new members for Gov Cloud Ops support, enhancing team capabilities and efficiency. My leadership was crucial in coordinating with legacy vendors to drive project growth solutions and optimizing the performance of the Operations Site Reliability Engineering (SRE) team. Program and Project Management Excellence: Managed a portfolio of programs worth $10 million, overseeing the allocation of finances, resources, and strategic planning. My approach was focused on achieving milestones while maintaining operational efficiency and compliance. Operational Security and Compliance Leadership: Led the assessment and enhancement of operations, security, and compliance processes following FEDRAMP standards. I identified vulnerabilities and implemented effective mitigating and remediation measures to safeguard cloud operations. Significant Project Growth and Team Expansion: Successfully facilitated a 50% increase in the Microsoft Azure Government Cloud Operations Site Reliability Engineering team, contributing to $10M in project growth over five years. This expansion was instrumental in maintaining round-the-clock incident and issue management. In this role, I was committed to advancing our cloud capabilities, enhancing team performance, and ensuring the highest security and compliance standards, thereby solidifying our position as a leader in government cloud services.

IT MULTI-SITE MANAGER

Cancer Treatment Centers of America · Boca Raton, FL

Aug 2014 – Aug 2017(3 yrs 1 mo)

Information Security Specialist and IT Leader As an Information Security Specialist, I spearheaded comprehensive training and educational initiatives for corporate users in cybersecurity, Protected Health Information (PHI), and Personally Identifiable Information (PII). My focus was weaving security awareness into the fabric of daily operations, cultivating a robust security culture within the organization. Strategic Security Training and Awareness: Developed and delivered a wide-ranging security training program, equipping corporate users with essential knowledge and best practices to safeguard sensitive information. This initiative significantly bolstered our organizational defense against cyber threats. Consultation on Information Security and Assurance: Actively consulted on information security and risk management for new projects, collaborating closely with various business units. My role was pivotal in integrating robust security measures into the early stages of project ideation and development. Implementation of Security Hardening Measures: Enforced stringent security policies and procedures for computers and mobile devices, enhancing the organization's overall security posture. This included regular updates and the application of advanced security protocols to protect against emerging threats. Ad-Hoc Information Security Team Leadership: Played a vital role in an ad-hoc Information Security Team, managing and responding to various security threats and incidents, including virus and malware remediation. My contributions were crucial in maintaining a resilient defense against cyber attacks. Vendor Risk Management and HIPAA Compliance: Led efforts to reduce risks associated with major third-party vendors, initiating and overseeing IT and security projects to ensure compliance with HIPAA regulations. My expertise in identifying and managing vendor-related risks was instrumental in safeguarding sensitive health information.

Technical Support Engineer

Grosvenor Technology · Miami/Fort Lauderdale Area

Jan 2014 – Aug 2014(8 mos)

Leading a dynamic team in a prominent European Security and Time and Attendance service company, with a workforce exceeding 100 employees and generating revenues surpassing $15 million. I played a pivotal role in elevating the company's technical and security stature through various strategic initiatives. Strategic Technical Collaboration: Partnered effectively with the technical engineering team, facilitating seamless integration and deployment of advanced Time and Attendance, Access Control Systems, and CCTV integrations for distributors, enhancing operational efficiency and client satisfaction. Leadership in Technical Pre-Sales Consulting: Directed and energized pre-sales consulting at major trade shows, significantly boosting brand visibility and potential client engagement. Managed end-to-end trade show strategies, from meticulous research to flawless execution, ensuring impactful product presentation and corporate branding. IT Infrastructure Management: Oversaw the branch's IT infrastructure, with a strong focus on the robustness of Access Control and CCTV systems. Led local desktop/server hardening initiatives, substantially strengthening overall security posture. Process Optimization in Hardware Delivery: Orchestrated the build-to-order delivery process for Time and Attendance and Access Control Hardware. This included overseeing assembly, rigorous quality control, and optimizing domestic and international logistics, enhancing efficiency and customer service. Asset and Inventory Management: Administered strict inventory and asset management protocols for assets valued over $500,000, ensuring accountability and optimal resource utilization.

Help Desk Supervisor

Florida Community Bank · Miami/Fort Lauderdale Area

Jan 2013 – Jan 2014(1 yr 1 mo)

In this pivotal role, I oversaw the help desk operations, playing a critical part in maintaining and enhancing our organization's cybersecurity and IT service excellence. My tenure was marked by significant contributions to threat modeling, cybersecurity strategy, and disaster recovery, fostering a secure and efficient IT environment. Leadership in Cybersecurity: Spearheaded threat modeling and cybersecurity initiatives, enhancing the organization's resilience against emerging cyber threats. Implemented robust information security practices, significantly reducing vulnerability to cyber incidents. Disaster Recovery and Risk Management: Developed and executed comprehensive disaster recovery plans, ensuring business continuity and data integrity in emergency situations. Proactively manage security risks, minimizing potential impacts on IT operations. Technical Support and IT Service Management: Excelled in delivering high-quality technical support, elevating the help desk's performance and client satisfaction. Championed IT service management best practices, optimizing IT operations and service delivery. Team Leadership and Help Desk Support: Led and mentored a diverse team, fostering a culture of continuous learning and professional growth. Enhanced help desk support capabilities, streamlining processes and improving response times.

Enterprise Application Analyst

Florida Community Bank · Miami/Fort Lauderdale Area

Aug 2011 – Jan 2013(1 yr 6 mos)

In this role, I leveraged my expertise in cybersecurity and IT to drive improvements in information security, disaster recovery, and overall IT operations. My focus was on ensuring robust information assurance, efficient data center management, and compliance with OCC audit standards. Cybersecurity and Information Security Leadership: Played a pivotal role in strengthening the organization's cybersecurity posture. Implemented cutting-edge security measures and protocols, significantly enhancing information security. Disaster Recovery Planning and Execution: Developed and executed strategic disaster recovery plans, ensuring the organization's resilience against data loss and system downtime. This involved comprehensive risk analysis and contingency planning. Information Technology and Information Assurance: Oversaw the maintenance and optimization of IT operations, ensuring high standards of information assurance. Managed critical IT systems and infrastructure, ensuring robust performance and reliability. Data Center Management and Analysis: Managed data center operations, focusing on efficiency and scalability. Conducted thorough analysis to identify improvement areas, leading to enhanced system performance and reduced operational costs. OCC Audit and Compliance Oversight: Ensured strict adherence to OCC audit requirements and compliance standards. Led audit preparation and response strategies, maintaining high levels of regulatory compliance. System Administration and Active Directory Expertise: Administered enterprise systems and managed Active Directory services. Streamlined system administration processes, enhancing system security and user management efficiency. Enterprise Software and Office365 Security: Expertly managed a range of enterprise software applications, with a special focus on Office365 security. Implemented best practices in cloud security, safeguarding critical cloud-based assets and data.

DATA CENTER TECHNICIAN III

Terremark N.V. · Miami, Florida, United States

Jan 2011 – Aug 2011(8 mos)

Seasoned Data Center Technician As an experienced Data Center Technician, my core competency lies in maintaining and enhancing the functionality and reliability of vital data center infrastructure. I bring specialized skills in troubleshooting various physical media issues, adeptly identifying and resolving root causes to significantly reduce downtime. Advanced Troubleshooting: Expert in diagnosing and swiftly resolving physical media issues, minimizing operational interruptions. My proactive approach and ability to identify root causes have been pivotal in maintaining continuous data center operations. Custom Equipment Installation and Configuration: Skilled in installing and configuring data center equipment according to specific customer requirements. I ensure seamless integration into existing systems, enhancing overall system functionality and client satisfaction. Circuit Diagnostics and Rectification: Proficient in diagnosing and addressing equipment issues within specific circuits. My expertise ensures consistent connectivity and peak performance, contributing to robust and reliable data center operations. Meticulous Attention to Detail: My dedication to detail and commitment to excellence have consistently resulted in maximum data center uptime. I take pride in delivering unparalleled service, leading to high levels of client satisfaction. Continuous Monitoring and Maintenance: Vigilant in monitoring data center performance and conducting regular maintenance to ensure optimal operation. My approach involves staying ahead of potential issues, thus ensuring a highly reliable and efficient data center environment.

TECHNICAL ANALYST / IT MANAGER

Aramark Correctional Services · Miami, Florida, United States

Oct 2009 – Dec 2010(1 yr 3 mos)

Technical Support Specialist at Aramark Corrections – A Global Leader in Inmate Banking, Shopping, and Inventory Management Revenue: $14+ Billion | Employee Count: 27,000+ In my vital role at Aramark Corrections, I was instrumental in successfully launching and supporting a new commissary banking system, directly impacting over 300 users across Miami Dade County and Commissary Services. Service Level Agreement (SLA) Fulfillment: Demonstrated high proficiency in upholding SLAs by quickly diagnosing and resolving computer issues. This involved in-depth root cause analysis and providing effective on-site and remote solutions, ensuring minimal downtime and enhanced user satisfaction. Infrastructure Change Management: Played a crucial role in documenting, testing, and implementing infrastructure changes. My attention to detail and structured approach ensured seamless transitions and maintained system integrity. Disaster Recovery and Data Protection: Managed backup and recovery protocols for local servers and desktops, effectively integrating these into the broader Disaster Recovery Plan. This initiative significantly bolstered data security and system resilience. Proprietary Banking Application Support: Provided essential support for Aramark’s unique banking application. My efforts spanned comprehensive troubleshooting across hardware, software, and network layers, including the escalation of complex issues to higher levels when necessary. Innovative Technical Solutions: Devised and implemented innovative solutions to tackle hardware and software challenges. This ensured the smooth functioning and maintenance of desktop environments and WISE Kiosk systems, thereby enhancing operational efficiency and reliability.