Michael Czarnecki

Senior Director of Cyber Security Risk Oversight & AI

American Express · New York, United States

Feb 2025 – Present(1 yr 3 mos)

• Oversaw second-line cybersecurity risk governance, leading the development and enforcement of a unified control taxonomy and mapping framework aligned with NIST 800-53, ISO 27001, and internal enterprise policies. • Delivered quarterly board and committee risk memos supported by automated dashboards and thematic insights covering vulnerability aging, AI usage, and EUC governance, enhancing executive decision-making and regulatory defensibility. • Executed credible challenge reviews across cloud posture, encryption lifecycle, and LLM integration, ensuring adherence to policy and proactive mitigation of risk acceptance gaps. • Led data discovery initiatives to surface control misalignments across SaaS platforms, automating evidence collection and control effectiveness assessments via ServiceNow GRC and Power BI. • Built an AI governance playbook for LLM tools (e.g., Copilot,), embedding prompt injection safeguards, access controls, and classification rules into the policy stack. • Partnered with tech and risk teams to backtest the Risk Acceptance Framework, streamlining exception handling and improving audit readiness across SOX and OCC regulatory expectations. • Co-led the enterprise migration off Archer, ensuring continuity of policy mapping, exception workflows, and validation standards in the target GRC platform.

Fractional CISO | Cybersecurity Advisor

Independent Consultant

Feb 2025 – Present(1 yr 3 mos)

Advising startups and growth-stage companies as a fractional CISO, helping them build and scale cybersecurity programs that align with real business risk—without the need for a full-time executive. Key focus areas: -Executive-level security strategy, board reporting, and risk governance -Threat modeling, incident response, and security architecture design -Cloud security (AWS, GCP), Zero Trust implementation, and vendor risk -Readiness for SOC2, ISO 27001, NIST CSF, and financial compliance -Coaching internal teams and bridging the gap between tech and leadership Helping early-stage orgs go from "we should do security" to “we’ve got this covered.”

Director of Security Engineering and Operations

Capital One · New York

Nov 2020 – Feb 2025(4 yrs 4 mos)

• Pioneered the integration of Splunk SIEM and MITRE ATT&CK within Capital One, driving a 40% increase in technology adoption, ensuring security measures aligned with ISO 27001 and NIST, and reinforcing the organization's commitment to industry-leading security practices. • Transformed application lifecycle management by overseeing the security posture of over 70 global applications, reducing exceptions through rigorous vulnerability management, and implementing advanced security protocols using Tenable.io, Qualys, and CrowdStrike. • Architected a DevSecOps-driven application onboarding process, resulting in $3 million in cost savings, a 25% productivity surge, and enhanced collaboration across security, development, and operations teams. • Delivered strategic cyber threat briefings to executive leadership, offering actionable recommendations that fortified the organization's resilience against emerging threats and aligned security initiatives with business objectives. • Chaired cross-functional security forums, fostering collaboration between business and technology leaders to unify security strategies and promote a culture of shared responsibility in safeguarding critical assets. • Demonstrated a proactive approach to data protection by establishing a dedicated threat modeling team, underscoring a personal commitment to advancing the organization's security posture. • Cultivated a high-performance security team, driving productivity and professional development while instilling a culture of continuous improvement and growth. • Developed and implemented a comprehensive threat modeling framework, ensuring that all Capital One applications and technologies were rigorously evaluated against potential security threats.

Senior Manager of Cyber Security

Norges Bank Investment Management · Greater New York City Area

May 2019 – Oct 2020(1 yr 6 mos)

• Directed the implementation of SOAR solutions with Demisto, achieving a 30% improvement in incident response times and a 60% enhancement in threat detection capabilities. • Enhanced operational efficiency by 15% through the delivery of impactful security metrics, leading to a 20% reduction in SLAs and improved alignment between security operations and business objectives. • Deployed CrowdStrike Falcon EDR and conducted comprehensive risk assessments, developing NIST-aligned playbooks, policies, and procedures that resulted in a 25% improvement in incident response effectiveness. • Introduced a quantitative risk scoring system, improving risk prioritization accuracy by 25% and enabling more informed decision-making in risk mitigation strategies. • Led dynamic threat modeling sessions, ensuring real-time assessments of risks and vulnerabilities, and reducing high-risk exposure by 30%.

Senior Manager of Cyber Security

U.S. Department of Veterans Affairs

Mar 2019 – Oct 2020(1 yr 8 mos)

• Achieved a 100% audit success rate in Governance, Risk, and Compliance (GRC) by implementing RSA Archer, NIST, CIS, FEDRAMP, and PCI-DSS controls, elevating the organization's security compliance to a 95% rating. • Led the deployment of Palo Alto Networks' Next-Gen Firewalls and CrowdStrike Falcon, reducing data loss incidents by 55% and enhancing the organization's security posture through cross-functional collaboration and advanced threat detection. • Implemented agile methodologies in risk management, significantly reducing vulnerabilities with ThreatQ and Qualys, and ensuring a more responsive and adaptive security framework. • Enhanced proactive threat detection and response by incorporating MITRE ATT&CK into the security strategy, positioning the organization to better anticipate and mitigate emerging threats. • Automated regulatory compliance processes, reducing manual workload by 30% and ensuring continuous alignment with evolving regulatory requirements. • Focused on proactive data protection measures, actively monitoring and addressing vulnerabilities and threats to maintain a robust security environment.

Cyber Security Threat Intelligence Analyst

Prudential Financial · Roseland, NJ

Nov 2017 – May 2019(1 yr 7 mos)

• Enhanced cloud security by 30% through the deployment of CrowdStrike Falcon and Carbon Black CB Defense, improving real-time threat detection across AWS, Azure, and GCP environments. • Reduced incident response time by 70% by leveraging open-source technologies like Recorded Future, Wireshark, and Bro IDS, and establishing a proactive threat detection and mitigation strategy. • Facilitated strategic threat intelligence exchanges, driving the implementation of advanced mitigation strategies and strengthening the organization’s security posture. • Developed immersive security training programs, incorporating interactive simulation exercises and gamified elements, resulting in a 20% improvement in employee engagement and retention of best practices. • Translated complex cybersecurity concepts into accessible insights for executive leadership, ensuring alignment between security initiatives and broader business goals.

IT Security Analyst

Realogy Holdings Corp. · United States

Oct 2016 – Nov 2017(1 yr 2 mos)

• Utilized DLP tools such as Risk Fabric to monitor and track data exfiltration and protect against insider threats. • Provided security support for end-users using Carbon Black for testing and problem analysis of server, desktop, and IT infrastructure, including penetration testing, Kali Linux security system, device hardening, and deployment. • Monitored network performance and provided both real-time and historical statistical reports, utilizing Splunk for data recording. • Conducted system intrusion detection using Carbon Black and ensured network, system, and data availability and integrity through preventative user endpoint security and monitoring, including NMAP, malware protection, and management maintenance and upgrades. • Coordinated with systems partners to finalize designs and confirm requirements for security development and planning. • Monitored and patched firewall network vulnerabilities for clients, servers, and applications using Qualysguard and Nessus. • Managed incident response, including logging, reporting, and resolving known threats, with a focus on monitoring and threat detection. • Analyzed vulnerabilities, malware, and e-mail and web-based threats to determine impact, write alerts and advisories, and implement remediation measures. • Coordinated change management policy, process, and integration. • Utilized Vectra to identify patterns that characterize malicious behavior within a network and detect lateral movement. • Reviewed and interpreted various system logs, including Windows System, Application, Event logs, Linux, Email, Web server, DNS, DHCP, VPN, Proxy, and IDS logs.

Information Security Analyst

Bayer Pharmaceuticals · United States

Nov 2013 – Sep 2016(2 yrs 11 mos)

• Comprehensive understanding of all phases of the Incident Response Life Cycle and Lockheed Martin “kill chain” methodology. • Provided security maintenance and developed bug fixes and patch sets for existing web applications, including deterrent management and control, and PRTG network monitoring/troubleshooting. • Designed strategic plans for component development practices to support future projects, including the introduction of disaster recovery options and proposals. • Diagnosed and troubleshooted UNIX and Windows processing problems, applying solutions to increase company efficiency. • Built application platform foundation to support migration from client to server, incorporating security concepts, and managed secure backup and data management using NAS devices and software. • Forensics experience with Encase, including reporting and detection. • Understanding and involvement in threat hunting and threat intelligence gathering using Recorded Future.

Security Specialist

Novartis Pharmaceuticals · East Hanover, NJ

Mar 2011 – Sep 2013(2 yrs 7 mos)

• Managed firewall, LAN/WLAN hardware, network monitoring, and server monitoring both on-site and off-site, including security configuration for routers, switches, load balancers, and DNScrypt secure traffic. • Implemented company policies, technical procedures, and standards to preserve the integrity and security of data, reports, and access. • Developed and implemented processes and procedures for monitoring and analyzing website performance. • Managed and supported the integration of McAfee and Systematic solutions. • Managed PC migration across different ecosystems, including Microsoft, Linux, and MAC, as well as PC software/hardware migration. • Conducted wired and wireless network snorting and logging. • Managed internal Active Directory Group Policies and enforced user security protocols. • Managed and set up the implementation of Microsoft Exchange Server, including user configuration, VNC, and OpenVPN configuration and management. • Forensics experience with Encase, including reporting and detection. • Created QualysGuard and Nessus policies for reporting and monitoring.

Technical Support Analyst

Michele Dimaira DMD, MS, PA · Montville, NJ

Jun 2010 – Feb 2011(9 mos)

• System updates and patches • PC migration from one platform or workstation to another • Operating system upgrade and/or Installation • Network troubleshooting, including but not limited to routers, and PC • File and/or system backup to external service or hardware • Data entry and electronic filing of records and documents • Hardware construction for PC • Proper “tune up” operating system • Installation of patches, updates and critical upgrades • Planned, installed, maintained and optimized documentation of all LAN/WAN/VPN network hardware and software systems and communication links. • Managed network LAN/WAN hardware including routers, switches, load balancers and wireless networking equipment. • Troubleshoot both client and employee interaction • Port forwarding security, both closing, opening and stealth • Firewall implementation behind/front of router • SSID broadcast hiding • WPS device connection management and deployment • Monitoring network traffic • Network systems to support confidential operations and eliminate hacking ability • IP configuration including subnet deployment for devices • Virtual troubleshooting cisco routers and switches • Virtual configuration of cisco routers and switches • Routing (CISCO CCNA) • CCNA Routing and Switching validates the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks • Website Redirect Managing