Branden Rosenlieb, CISSP, MBA

Security & Tech Director | Fractional Cyber Advisor

United States

About

As an IT Professional with over 12 years in Information Technology, I believe security and GRC should be business enablers. I'm passionate about helping organizations advance their Cyber maturity end-to-end and achieve their business goals while supporting security, privacy, and risk objectives. Also interested in fractionally working with startups for audit readiness and initial building/expansion of security programs!

Experience

  • Founder at enklave Cyber Advisors
    Jan 2024 - Present · 2 yrs 7 mos

    Providing Fractional CISO and Strategic Advisory for cyber and AI-related spaces, with a focus on supporting startups and other agile, high-impact clients.

  • Director of Information Technology at University of North Carolina at Charlotte
    Jul 2023 - Present · 3 yrs 1 mo

    Proud to have supported the University's escalation to R1: Very High Research Activity status, thus joining the highest tier of research universities in the United States. As a Director of IT I provide leadership, strategy, and execution to areas of the University with significant data analytics activity and elevated security requirements. Focused on maintaining strong relationships with stakeholders across departments, and developing high performing engineers and support professionals. Additional work frequently includes managing in-house development, maintaining adherence to security and compliance requirements (particularly for PII & PHI), reviewing and approving SaaS solution purchases, and expanding departmental and enterprise-wide tech adoption.

  • Manager, Cyber Security, Strategy, & Risk at Deloitte
    Mar 2021 - Jul 2023 · 2 yrs 5 mos

    As a cybersecurity Manager, I guided public and private sector clients on a range of cybersecurity topics, assessing their current security posture and identifying gaps within several common control frameworks such as NIST, ISO, FedRAMP, and HIPAA. I prioritized these gaps and recommended remediation strategies, creating detailed roadmaps for both on-premise and cloud based environments and applications to help clients achieve their desired future-state security. I managed and oversaw project teams both domestically and offshore, guided and mentored team members, assessed their performance, and provided feedback on their work products and deliverables. Additionally, I estimated staffing needs and travel requirements to create accurate cost projections. Effective communication is crucial in my role, as I interact with employees at all levels within my organization and with high-level executives at client companies, including CISOs and CIOs. Furthermore, I developed security plans, questionnaires, and control framework playbooks to help clients build robust security programs and execute cybersecurity tasks independently. I also created strategic roadmaps covering short-, medium-, and long-term planning. Additionally, I conducted third-party monitoring activities for clients, logged risks, coordinated event responses, and executed third-party risk management processes to help ensure comprehensive security oversight.

  • Systems Security Engineer at University of North Carolina at Charlotte
    Jul 2018 - Mar 2021 · 2 yrs 9 mos

    An engineering role focused on securing servers, identity systems, and related infrastructure. This included on-premises VMware and AWS-based Windows Servers, Active Directory, Group Policy, DFS, and cloud-related IAM functions. I introduced various automations with tools like PowerShell and Ansible to enhance productivity, improve manageability, and strengthen environment security. Additionally, I participated in the design and buildout of a new on-premise data center, replacing two existing ones and accommodating future growth for over 100,000 students, faculty, and alumni. I implemented Cisco Umbrella (formerly OpenDNS) solutions both on-premises and in the University's public cloud to protect all devices across these environments. Created and maintained HIPAA-compliant server environments, as well as updated, monitored, and hardened existing PCI environments and other systems containing PII. Utilized industry-standard security tools such as Nexpose/Rapid7, Tenable, Splunk, Microsoft ATA, and Cisco AMP. Performed vulnerability scanning, remediation, malware identification, and incident response. Furthermore, I led cross-functional project teams of up to 16 members, overseeing the design, architecture, and implementation of various servers, applications, and upgrades. This involved coordinating efforts across different departments to ensure successful project execution and reliable system performance.

  • Automation Developer at TIAA
    Nov 2017 - May 2018 · 7 mos

    As an software developer focused on automation, I developed and implemented automation solutions for various business teams within the Advocacy, Oversight, and Audit space. My efforts significantly enhanced operational efficiency by creating workflow automation using, among other things, scripting within PowerShell and tools such as Automation Anywhere RPA. Double-digit man-hour reductions were often achieved, even in areas that were previously challenging to automate. Additionally, I served as a Subject Matter Expert (SME) for identifying and analyzing these automation opportunities, achieving effective implementation and utilization. During my tenure, I also gained experience with Actimize AML and other anti-fraud methodologies, contributing to robust security and compliance measures. This experience has helped position me to drive innovation and efficiency in financial services and other high-compliance industries.