We ask what is possible, determine what needs to be done, then explore, learn and devise the route to get there.
We know organizations rely on their people, processes, data and technology. Each organization is different and one size never fits all, so we’re here to protect what matters, to listen, assess and deliver end to end information security to each organization’s needs.
Our team is intelligent, and bursting with creative thinkers who love solving problems utilizing expertise from operational roles.
We’ve earned the trust of organizations all over the world, one at a time, year after year, never up-selling or reselling third party products, always tailoring recommendations to your needs, forever learning, and striving for cost effectiveness.
Ultimately, we offer unrivaled technical expertise that does its job, so you can do yours.
LEADERSHIP TEAM
We’ve worked with the large, the small and the extremely complex all over the world. Whoever, wherever you are, we bring the same focus and expertise to every organization.
Mark Stamford
Founder & CEO
Mark started playing around with computers at age 8, eventually growing up and gaining over 20 years of experience in cybersecurity, operations, and more. Prior to founding Occamsec, he worked at UBS and KPMG.
Mark Stamford
Founder & CEO
Mark started in security at age 11, eventually turning it into a career where he now has over 20 years of professional experience in cybersecurity, operations, control assessment, and related fields. He started Occamsec in 2010 to help organizations find, address, and minimize exposure to cybersecurity threats. Prior to founding Occamsec, he worked as director of threat and vulnerability management at UBS, and at KPMG, conducting penetration test and identifying global threats for Fortune 100 clients.
Erin Murtha
Chief Operations Officer
Erin brings over 20 years of experience in ensuring optimal organizational performance, growth, and client success. Her prior experience includes work at Homeland Security managing projects of critical national importance.
Erin Murtha
Chief Operations Officer
Erin has 20 years of experience in operations and risk mitigation. She previously worked at the U.S. Department of Homeland Security, where she evaluated preparedness for nationwide emergencies and responded to inquiries from the National Security Council, Department of Justice, and Congress to improve the country’s security posture. Erin holds a B.A. in international policy studies from Elmira College and an M.A. in international commerce and policy from George Mason University.
Robbie Tyrie
Chief Technical Officer
Robbie leads our technology strategy, ensuring innovative solutions that align with our business goals. He drives our team to deliver cutting-edge, scalable technologies for success.
Robbie Tyrie
Chief Technical Officer
Robbie has over 20 years experience across a range of technology roles. Working in both software development and information security, he’s prior roles included being part of the senior information security leadership team at FNZ, IT Security manager at Aegon, Security consultant at Clydesdale bank, and a number of other roles across the finance and public sectors.
Christian Kimball
Director of Technology
Christian has over 20 years of experience in IT, security, risk management, and implementing security risk programs. He has conducted offensive security engagements, and specializes in physical security and threat intelligence.
Christian Kimball
Director of Technology
Christian has over 20 years of experience in IT, security, risk management/assessment, and implementing security programs within regulatory and compliance governance. He has conducted offensive security engagements to evaluate cyber, physical, and social engineering security protections, and specializes in physical security and threat intelligence.
Gabe LeBlanc
Active Defense Lead
Gabe has over 20 years of experience with the DoD and Federal Government. Starting as Infantry he moved on to work on and create multiple Blue and Red teams within the DoD.
Gabe LeBlanc
Active Defense Lead
Gabe has more than 17 years experience providing defensive IT security and proactive protection within highly regulated, high-threat organizations. Dedicated to developing and leading cutting-edge information security operations that fortify organizations’ IT infrastructures and enhance their security posture. Prior to joining Occamsec he served as the CISO for a large county government in MI where he is also an adjunct professor at the University of Michigan. Gabe holds several cyber security certifications as well as a B.A. in management and an M.B.A. focused on IT management.
Cayce Mahon
Assessment Team Lead
Cayce leads the east-coast assessment team. With over 10 years experience in offensive security operations, her skills cover a wide range of technical areas and she also heads up the research team.
Cayce Mahon
Assessment Team Lead
Cayce’s first computer was an old IBM 486 running MS-DOS. From there, she learned how to code, pick locks, manipulate many OS flavors, and finally learned how to circumvent security controls within cyber, social, and physical environments. One of her favorite projects resulted in her breaching a busy office building and exfiltrating physical and stored company data from simply talking an employee out of their keycard and workstation. She hopes there are many more projects like these in the future.
Spencer Lindgren
Operations Lead
Spencer has a background in healthcare technology, encryption, security, and compliance. He has held roles at telemedicine provider Vigilint, Patronus Medical, and as assistant adjunct professor at UNC Chapel Hill.
Spencer Lindgren
Operations Lead
Spencer has a background in healthcare technology, encryption, security, and compliance, with expertise in implementing security programs while maintaining HIPAA compliance. Prior to Occamsec, he was an assistant adjunct professor at UNC Chapel Hill, VP of clinical operations at Patronus Medical, and program manager at telemedicine provider Vigilint. Spencer holds a B.S. in geography and a Master of Public Health, both from UNC Chapel Hill.
ADVISORY BOARD
Neil Bryden
Advisor
Neil has over 35 years of experience in IT risk and security, including CISO roles at KPMG and other global enterprises. He has also advised CISOs across various industries, and has experience across governance, architecture, and strategy.
Neil Bryden
Advisor
Neil has over 35 years of experience in IT risk and security, having designed, implemented, and managed security transformation programs. Most recently, he was CISO at Teleperformance, co-chair of Pacific Northwest Cybersecurity Business Leadership Council at University of Washington Bothell, and served as chief cyber security strategist at Hewlett Packard Enterprise. Prior to those roles, he began his career at KPMG, spending nearly 30 years at the firm and rising to principal and CISO. Over his career, Neil has advised CISOs across various industries, and has experience on the security aspects of governance, architecture, outsourcing, business continuity, and strategy. Neil holds a B.Acc. in accountancy from University of Glasgow.
Robert Hayes
Advisor
Robert holds board, director, and advisory roles at public and private organizations, helping mitigate security risks during complex business transformations. He is an acknowledged expert in cybersecurity, and former Microsoft senior fellow.
Robert Hayes
Advisor
Robert holds board, director, and advisory roles at many public and private organizations, helping mitigate security risks during complex organizational transformations. He is an acknowledged expert in cybersecurity, crisis management, and strategic risk assessment, and an international authority on policy and regulatory issues between governments and the technology and communications industries. Robert served as a senior fellow of the Microsoft Institute for Advanced Technology in Governments, and as senior director, strategy and partnerships, in Microsoft’s Enterprise Cybersecurity Group. His prior experience includes hostage negotiation, being appointed inaugural head of the U.K. National Specialist Law Enforcement Centre, developing the U.K. National Hi-Tech Crime Training Centre, and serving as head of the U.K. National Technical Assistance Centre. Currently, Robert is a member of the Scottish Cyber Resilience Advisory Board, a fellow of the British Computer Society, a member of the Expert Advisory Panel at the Global Cyber Security Capacity Centre at the University of Oxford, and advises the U.K. Ministry of Defence on cybersecurity matters while holding the rank of Major (V) in the Engineer and Logistics Staff Corps of the British Army.
Philip Niedermair
Advisor
Philip has over 35 years of experience in helping companies expand their potential through corporate development, strategic alignment, and relationship building. Philip is a Senior Advisor to the Cyberspace Solarium Commission.
Philip Niedermair
Advisor
Global corporate strategy leader, innovator, disruptor, connector. Philip has over 35 years of experience in helping companies expand their potential through corporate development, strategic alignment, and relationship building.
Philip is a Senior Advisor to the Cyberspace Solarium Commission and serves as a company Director to LPFIRSTCAPITAL PE firm focused on building technology and cyber platforms in services and cyber education and a Director of NCG (National Cyber Group), as well as Occamsec, Nsion and Platform Aerospace. Philip also acts as an advisor to and sits on multiple boards and advises organizations like the: Gula Tech Foundation, Squadra Ventures, Army Cyber Institute, Industry Round Table of the Federal Reserve Bank of Richmond, Univ. of Balt. Merrick School of Business, DEA Educ. Foundation, Royal Conservatoire of Scotland and Historic Ships of Balt. Previously he advised the Eisenhower Memorial Presidential Comm. and National Law Enforcement Officers Museum.
Philip was a Man. Dir. for over a decade at Whiteford, Taylor & Preston and was the Founder & Managing Partner of The Bridge Alliance, a shared collaborative management platform driving opportunities and cooperation between members. He has worked in almost every State, and in over 40 countries, and managed several significant global programs as a Consultant for his clients like Cresset Capital, CohnReznick, The Cordish Company, ARINC, ServiceMaster, Coca-Cola, MasterCard, UPS and Citibank.
John Quigg
Advisor
John is a senior staff member at the Johns Hopkins University Applied Physics Laboratory, supporting the DoD’s security initiatives in cloud, 5G, and cyber situational awareness. His background is the Airborne Rangers and DoD.
John Quigg
Advisor
John is a senior staff member at the Johns Hopkins University Applied Physics Laboratory, supporting security initiatives in cloud, 5G, and cyber situational awareness. He previously served as futures lead for the Director of White House Information Technology, was awarded patents for applying high-performance computing techniques to cybersecurity, and investigated the 5G/edge computing security risks of smart cities and buildings. John has been technical director for the Department of Defense Joint Task Force for Global Network Operations, and helped establish the U.S. Cyber Command, eventually serving as its technical director. He also established the security practice at Spurrier Capital Partners, was a security consultant for private enterprises and the U.S. Defense Department, worked for Intel McAfee as a cyber strategist, and served in the U.S. Army for nearly 30 years. John holds a B.S. in Physics from the United States Military Academy at West Point, an M.S. in computer science from the Naval Postgraduate School, an M.A. in computer systems management from Webster University, and is a Ph.D. candidate in information security at George Mason University.
Industries we work with
We can’t give you names of course, that would be a security risk, but we can talk about the industries we are already protecting.
Media
We work with traditional and modern media organizations performing security assessments across a wide range of areas: incident response, threat hunting, continuous assessment (Incenter) and intelligence support. The media industry faces a constant evolution in content delivery, including an ever-widening array of technologies bringing new risks. New technology enables reaching greater audiences, increasing revenue, but also awakening adversaries seeking a target.
Industrial
Our activities within this industry include: assessments, secure architecture and design, purple team, red teams, threat hunts, and IOT/ OT / SCADA testing. Information security gains more importance in industrial environments every year. Being connected to a network offers many benefits, so it is important to identify the risks these bring and determine the best way to solve them.
Finance
We have worked with several of the world’s largest commercial and investment banks. Highlights include: determining the risk posed by security advisories via technical analysis, security assessments of multiple trading platforms, physical assessments of facilities and large scale ‘war gaming’.
Finance is the most mature information security industry, because of its attractiveness as a target. This leads to a large investment in defenses, and compliance requirements. Fintech companies’ growth may alter this dynamic as well as the adoption of new technologies by traditional financial service organizations.
Energy
We’ve avoided detection clad in camo, crawling across fields, breaching locations and deploying implants. We’ve social engineered into oil production facilities, performed NIST based gap analysis, tested electrical power grids and helped assess the security of offshore oil rigs. The energy sector is tied to the industrial sector, many of the problems they face are similar.
Disruption to many of these organizations can have wide reaching consequences and considerable amounts of legacy equipment remains in these environments.
Education
2020 saw Education organizations drastically overhaul how they teach. Online learning went from a small part of the sector, to the dominant delivery method. This introduced education organizations to a variety of risks not previously considered. Staff and pupils were working online, suddenly thousands of users were remotely accessing services.
Securing these environments in a cost-effective way is an ongoing area of our work. Activities include: red teaming, penetration tests, purple teams, remote user assessments, incident response, cloud migration and security plus a variety of others.
Technology
While it can be argued that every organization involves
technology, there are clearly those that are more important to the tech sector, which continues innovating new services and imaginative uses for existing programs,”
We have worked across the entire industry, testing new applications and web services, mobile applications and supporting infrastructure. Our range of services has enabled us to help technology companies build, deploy and operate their products in a secure way.
Healthcare and Pharma
Our work involves securing the drug development and production process, plus healthcare delivery in hospitals. In the development and production side, our work has included penetration testing and red teams, mergers and acquisition assessment, purple teams, and SCADA/OT system testing. In healthcare, we’ve provided operational support as well as security testing, network architecture support and incident response.