Cybersecurity executive with hacker roots, enterprise risk leadership, and AI-era security expertise.
I help organizations build security programs that reduce real risk, enable innovation, and turn technical complexity into executive decisions.
U.S.-based cybersecurity executive and advisor. Contributor to the OWASP LLM Top 10. CISSP, CISM, CEH.
About
I've spent my career moving across the full cybersecurity stack: hacker culture, infrastructure engineering, application security, consulting, governance, risk, compliance, and executive security leadership. That range gives me a practical view of security that is technical enough for engineers, credible enough for auditors, and clear enough for executives.
My work focuses on building security programs that scale: aligning controls to real risk, creating operating models that teams can actually execute, and helping leaders make better decisions about cloud, application, data, third-party, and AI security.
I bring a builder's mindset to security leadership. I care about measurable outcomes, clear ownership, strong teams, and controls that enable the business rather than slow it down.
How I Help
CISO Advisory
Security strategy, operating model design, board-level reporting, team maturity, and executive risk decisions.
AI Security & Governance
LLM risk assessments, enterprise AI usage guardrails, vendor/product AI reviews, prompt injection and data leakage risk, and governance models.
Security Program Transformation
Security operations, application security, vulnerability management, cloud security, third-party risk, and measurable program improvement.
Executive Communication
Helping security teams translate technical risk into business language executives, boards, regulators, and product leaders can act on.
AI Security & Governance
AI adoption is moving faster than most security and governance functions can safely absorb. I help organizations evaluate AI-enabled products, define responsible usage boundaries, assess LLM application risks, and build controls that protect sensitive data without blocking innovation.
OWASP LLM Top 10
Credited contributor to the OWASP Top 10 for Large Language Model Applications — a widely referenced standard for LLM application security risks including prompt injection, sensitive data exposure, and insecure integrations.
View OWASP LLM Top 10 Project →Core Expertise
Security Executive Leadership
CISO advisory, security strategy, operating model design, executive reporting, board communication, security organization maturity, and security team development.
Governance, Risk, and Compliance
Technology risk, regulatory alignment, control design, risk assessment, audit readiness, security policy, third-party risk, and enterprise governance.
Security Engineering and Operations
Threat detection, incident response, vulnerability management, infrastructure security, cloud security, endpoint security, email security, data protection, and operational security maturity.
Application, Cloud, and AI Security
Secure SDLC, application security, API security, cloud architecture, container security, AI/LLM security, OWASP LLM Top 10, AI vendor review, and secure AI adoption.
Security Program Transformation
Building teams, creating repeatable processes, developing metrics, improving accountability, maturing security services, automation, platform thinking, and cross-functional execution.
Selected Experience
I have led security, governance, risk, compliance, application security, and infrastructure security programs across financial services, healthcare, technology, and consulting environments.
Global Financial Services
Enterprise security leadership
Led technology governance, risk, and compliance initiatives at a major global financial institution — driving enterprise security strategy, regulatory alignment, and cross-functional risk programs.
Federal Reserve Bank of New York
Software security & risk assessment
Led software security and enterprise risk assessment programs for critical banking infrastructure, including secure development lifecycle practices.
Everyday Health
Healthcare technology
Built and led information security and compliance programs for a digital health platform — from program design through operational security.
Complex Technologies
Founder & consulting
Founded a boutique consulting firm delivering outsourced information security and IT services for small and mid-sized businesses.
Infrastructure & Security Engineering
Technical foundation
Early career across network engineering, infrastructure, firewall engineering, and system administration — building the technical depth that informs executive security leadership. Industry certifications include CCNA, CCNP, CCIE Security, and MCSE.
Credentials & Education
CISSP
CISM
CEH
GWAPT
AWS
Rensselaer Polytechnic Institute — B.E., Electronic & Computer Systems Engineering
Master of Business Administration — Business Leadership & Strategy (ACBSP Accredited)
Media, Speaking & Industry Contributions
Early media coverage from my hacker roots shaped how I think about cybersecurity, public perception, and the gap between technical reality and executive understanding.
Industry Contributions
OWASP LLM Top 10
Credited Contributor
Contributed to the OWASP Top 10 for Large Language Model Applications — the reference standard for LLM application security risks.
View Project →Media Features
MTV
"True Life: I'm a Hacker"
Documentary feature exploring hacker culture and the people behind cybersecurity — where public narrative meets technical reality.
Watch Episode →
Dutch Television (Vara)
"Kika New York: Hackers"
International television feature on cybersecurity and ethical hacking from the early days of public hacker awareness.
View Episode →Published / Quoted
The New York Times
Featured Coverage
Quoted in NYT coverage on hackers, cybersecurity culture, and the evolving relationship between technology and society.
Read Article →
InfoSecurity Professional (ISC2)
"5 Minutes with Eugene Tawiah"
Interview on cybersecurity leadership, career path from hacker roots to executive security, and industry direction.
Read Article →
Channel Pro Magazine
"Focusing on Your Sweet Spot"
Featured article on specialization and strategic focus in IT consulting and security services.
Read Article →
VAR Insights
"From ASCII Chicago: 7 Cybersecurity Tips for Solutions Providers"
Conference-derived guidance on practical cybersecurity for IT service providers and solutions integrators.
Read Article →Outside the Office
Away from work, I'm usually with family, outdoors, training, camping, or around something with an engine. I've also served as a volunteer EMT and auxiliary police officer, experiences that shaped how I think about urgency, judgment, and public service.
Airstream and camping
Home is where we park it.
Outdoors
There's so much to see and do.
Fitness
Calisthenics and more.
Motorized vehicles
Does it have an engine?
Family
Where it all comes together.
Public service
Volunteer EMT and auxiliary police officer.
Contact
I'm open to select executive, consulting, speaking, and advisory opportunities where cybersecurity, business risk, technology strategy, and AI-era security challenges intersect.