Matt Stamper, CISA, CIPP-US, brings a multi-disciplinary understanding to cybersecurity. His diverse domain knowledge spans IT service management (ITSM), cloud services, control design and assessment (Sarbanes-Oxley, HIPAA/HITECH), privacy, governance, enterprise risk management (ERM), as well as international experience in both Latin America and China. His executive-level experience with managed services, cybersecurity, data centers, networks services, and ITSM provides a unique perspective on the fast-changing world of enterprise IT, IoT, and cloud services.

Matt received a Bachelor of Arts from the University of California at San Diego, where he graduated Cum Laude and with Honors and Distinction in Political Science. His graduate studies include a Master of Arts in Pacific International Affairs from the University of California at San Diego and a Master of Science degree in Telecommunications sponsored by AT&T.

Why I chose Cybersecurity as my field: I’m intensely curious. I love learning how things work and how seemingly disconnected ideas can be woven together to create a better understanding of our world. Cybersecurity is the perfect profession – few disciplines span from application development to network and infrastructure security to legal and regulatory compliance. Knowing how these seemingly disparate disciplines connect and impact the organization is fascinating. I love working with organizations to help them become more resilient and effective in their risk treatment by linking seemingly disparate disciplines into more effective enterprise risk management. The role of the CISO requires that we are well-versed on business initiatives, technology, and regulations…there’s never a dull day.

CISO Desk Reference Guide Books

CISO Desk Reference Guide Volume 1

Volume 1 of the CISO Desk Reference Guide® provides a basis for any CISO — experienced, new to the role, or aspiring — to baseline their program and confidently assert strengths, weaknesses and next steps. In this book we pioneered the tri-perspective style to provide three distinct viewpoints on each topic.

CISO Desk Reference Guide Volume 2

Volume 2 of the CISO Desk Reference Guide® again uses the tri-perspective style to deliver a blueprint for CISOs to elevate their program and achieve excellence across all critical information security domains. It concludes with an exercise to assist the CISO in developing their own strategic information security plan.

Executive Primer

The CISO Desk Reference Guide: Executive Primer culls the executive and board relevant material from the two-volume set, and presents it in a concise form designed to educate the senior leadership team. The information is presented as a CISO’s eye view so the board or company executive can better understand the unique challenges the CISO faces and how to best support them.

Data Privacy

The Data Privacy Program Guide offers pragmatic advice to various stakeholders on how to build a privacy program that inspires trust and is aligned to organizational strategy and risk management practices of the firm while also addressing important regulations – both domestic and international – that require privacy practices that reflect and support the data subject’s or the consumer’s rights over their information.


Simplify and Contextualize Your Data Classification Efforts

In the CISO Desk Reference Guide, I noted how critical the concept of “context” is to security programs. The same holds true for our organizations and their respective privacy programs. The foundation for any privacy program is understanding – and critically documenting – the nature and extent of the personal data (PD), personal identifiable information (PII), protected health information (PHI) and other forms of sensitive personal information (SPI) that the organization collects, processes, shares and retains. This is where context is integral to underpinning the critical work associated...

read more

A CISO’s Perspective on Data Governance, the CCPA, and the Future of Privacy

The global health crisis is causing some companies to delay implementing an effective privacy program. But now more than ever, companies must protect data because privacy is as much about customer experience as it is about privacy itself. EVOTEK’s Chief Information Security Officer Matt Stamper weighs in on the most pressing questions regarding California's groundbreaking privacy law. The CCPA is the first major US privacy legislation to be enforced in the wake of the GDPR. Tell us about what the CCPA means for businesses from a high level? The largest challenge for organizations addressing...

read more

Here’s to a more resilient 2020!

Recently I had the opportunity to sync up with two of my colleagues at EVOTEK, Paul Ferraro and Amir Fouladgar. Paul curates an outstanding technology podcast and we had the opportunity to discuss the state of security and some observations as we head into the new year. I wanted to outline what I think are important priorities that will shape not only our security programs, but most importantly, the overall resiliency of our organizations. 1.     We should be passionate about automation and orchestration. Our profession is filled with highly talented individuals doing critical work...

read more

Is there too much choice in cybersecurity?

With Black Hat and DEF CON coming up and this year’s RSA Conference and Gartner's Security & Risk Management Summit completed, I wanted to reflect on an odd dynamic we face in security, one made all the more poignant for CISOs who have walked the exhibit halls of these conferences. We have an abundance of choice in our profession. Security, however, is ultimately about prioritization. Which assets warrant protection? How should these assets be protected? What is the best technology to protect these assets? The image below highlights how crowded the security application and tool space has...

read more

How CISOs Can Utilize the Ransomware Scare

When NotPetya, Petya, Ryuk, SamSam, WannaCry, CryptoLocker, TeslaCrypt, among many other variants of ransomware, are so frequently addressed in popular media and covered on shows like 60 Minutes, you know we’ve got problems. Ransomware is not only in the spotlight of popular media, it also has the attention of executive stakeholders in organizations. This presents an interesting opportunity for CISOs. Recently publicized cases such as those for the cities of Atlanta, Baltimore, and Albany - let alone a number of others incidents across municipalities in Florida - along with the frequently...

read more

More About Matt

Matt Stamper – Trusted Source, Subject Matter Expert

Matt is a well-regarded and trusted expert, called upon by such high-profile outlets:

—  Wall Street Journal

—  USA Today

—  CSO Online 

—  ZDNet

—  Nearshore

—  WSJ Pro Cybersecurity Webinar: Reasonable Security and the CCPA

—  Cybersecurity Panel: 2016 Technology Time Machine (IEEE)

—  TNT – Technology and Things