Carnegie Mellon University

The George Washington University

CEO  -  Founder  -  Dad  -  Professor  -  Cyber Risk Management  -  Product Manager  -  Board Member  -  Advisor

For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision making and articulating risk. We provide experience-based security insights for Chief Information Security Officers and their teams. The core of our value comes from the IANS Faculty, a network of seasoned practitioners. We support client decisions and executive communications with Ask-an-Expert inquiries, our peer community, deployment-focused reports, tools and templates, and consulting.

IANS

Faculty

Energy Capital Vietnam, LLC

Advisor

Abacode Cybersecurity & Compliance

Member Of The Board Of Advisors

Risk Executive:
•	Risk executive-as-a-service and sourcing support leading to a full-time placement
•	Insights as a cybersecurity risk executive for multiple financial institutions, technology firms, and government agencies.
•	Creating innovative cybersecurity products and platforms from concept to market delivery for public and private sector organizations

Strategic Advisor:
•	Providing board-level cybersecurity expertise (NACD)
•	FedRAMP cloud security authorization support and insight, with expertise in Amazon Web Services
•	Trusted advisor to board executives for their Cybersecurity strategy, policy and governance

Cyber Program Execution:
•	Providing deep federal government insights and support, as a director for White House National Security Council and Homeland Security executive
•	Breach response and threat mitigation, having led responses to multiple large-scale incidents and threat management programs
•	Develop and deploy infrastructure for cyber and digital risk operations
•	Risk management, governance and compliance programs with extensive metrics, KRIs, and KPIs, with specialized expertise in banking and government

CISOWise LLC

Managing Director

Adjunct Professor at the University of Texas at Austin School of Law and Cybersecurity Fellow at the Robert S. Strauss Center for International Security and Law. 

Currently teaching Cybersecurity Risk Management for 3L

The University of Texas School of Law

Adjunct Professor

Dr. Crane has taught 100s of cybersecurity executives and masters’ students across a range of issues, from technical cyber intrusion and incident response, to cybersecurity policy, to cyber risk management strategy and governance. His students have ranged from government leaders to fortune 100 cybersecurity executives. Most of his classes are in-person at Carnegie Mellon’s DC or Pittsburgh campus.   

Bio:
https://www.heinz.cmu.edu/faculty-research/profiles/crane-earln

New Course Fall 2018: Advanced Cyber Risk Management

https://www.heinz.cmu.edu/programs/executive-education/chief-information-security-officer-certificate

Prior Courses Taught:
Enterprise Security Governance - Chief Information Security Officer Executive Program (4 courses) Cybersecurity Policy in the Federal Government (6 courses)
Hacking Exposed (12 courses) Incident Response (5 courses)

Skills: Product Management · Consulting · Risk Management · FedRAMP · Federal Government · Amazon Web Services (AWS)

SecurityScorecard

FedRAMP Advisor

RegScale

The fastest way to visualize and evaluate multi-person decisions.

Onebrief

Supported AT&T through its first FedRAMP Authorized product as the federal product manager for AT&T Cybersecurity (Formerly AlienVault) Unified Security Management Anywhere (USM Anywhere for Government). Included the transition of the commercial USMA product operating in Amazon AWS commercial cloud to AWS GovCloud, including engineering, product, and compliance enhancements.

AT&T Cybersecurity

Product Manager

Delivered a capability-building service to establish the information security risk management strategy, process, and program. Interviewed full-time candidates and supported a transition of this capability to a full-time position. 

Roles included Governance, Risk, and Compliance (GRC) leadership and execution using RSA Archer, multiple risk assessments and audits, and outside risk assessment firms. 

Resulted in a fully updated and comprehensive RSA Archer instance, with enhanced analytics and executive risk assessments and reporting. Enhanced the continuous monitoring capabilities designed to measure changes to the organization’s threat environment and the effectiveness of its security controls.

Johnson Financial Group

Risk Consultant

RANE (Risk Assistance Network + Exchange)

Expert

Dr. Earl Crane invented and brought to market the world’s first executive digital risk management platform to continuously monitor the enterprise so security leaders can take protective defensive actions. Emergent’s Instinct Engine™ allows companies to see around the corner and identify digital risks that are most likely to impact them tomorrow. Using advanced machine learning and emergent AI risk algorithms, it explores hundreds of thousands of loss scenarios to identify the cyber intrusions that could create the biggest impacts.
Here is a short four-minute video on what we do: https://end.app.box.com/v/Explainer

Emergynt

CEO, Inventor, Co-Founder

Dr. Crane was a founding member of Promontory's cybersecurity risk management practice.
He led service delivery with highest number of new clients, highest number of repeat clients, highest scoring in client satisfaction, and greatest utilization rates. He also led engagements for multiple Fortune 100 clients to develop strategic solutions to growing cybersecurity challenges.

Promontory Financial Group, an IBM Company

Director

Dr. Crane advised the President of the United States on federal cybersecurity policy to defend federal information systems and networks. He led federal cybersecurity policy and oversight for two White House cybersecurity coordinators, leading the response to mitigate incidents, threats and vulnerabilities throughout the federal executive branch. He was personally recognized by the President for improving the government’s operational security, leading to a more secure Federal Government.

Executive Office of the President

Director for Federal Cybersecurity Policy

In 2009, the DHS IT environment matured beyond its initial stand-up phase, and the department identified the need for a comprehensive defensive security strategy. Mr. Crane established the Cybersecurity Strategy division with experts focusing on knowledge management and cybersecurity risk management. Mr. Crane was also a senior advisor to the Federal CIO on cloud security at the White House for the first NIST Cloud Security guidelines and the initial FedRAMP program.

U.S. Department of Homeland Security

Director, Cybersecurity Strategy, Office of the CIO

Created the architecture to implement the DHS leadership vision of “One DHS” to build a single DHS network, “OneNet”. Created the first Concept of Operations (CONOPS) for the DHS Security Operations Center (SOC), providing the vision, leadership and guidance for the initial operations of a “world-class” Security Operations Center.

Chief Information Security Architect, Office of the CIO

While supporting the Science and Technology Directorate, I discovered the first evidence of APT.

Strategic Analysis Incorporated

Information Security Architect

Led Foundstone’s Risk and Regulatory Compliance consulting services, which accounted for $2M of annual revenues. Services included the Payment Card Industry Data Security Standard (PCI-DSS), HIPAA, ISO27001, FFIEC, Sarbanes-Oxley, FISMA.
Managed multiple engagements, including risk assessments, security architecture review, external and internal penetration testing, wireless assessments, web application review, incident response and computer and network forensic analysis.