Financial Services
Manufacturing
Professional Services
Retail
Technology, Information and Media
Active
Brian Koref
VP, Head of Security / CISO
About Me
I'm a veteran cybersecurity executive and virtual CISO with over 20 years of experience building and leading security and compliance programs from the ground up. My career began in the U.S. Air Force, where I served as a computer crime investigator specializing in cybercrime and digital forensics—an experience that shaped my investigative and risk-driven approach to cybersecurity.
I’ve held senior security leadership roles at companies including KLA-Tencor, Informatica, Sage Intacct, Sisense (VP, CISO), and CaaStle (VP, Head of Security). In each of these roles, I built or scaled security programs to align with business objectives, regulatory requirements, and enterprise risk profiles.
As a vCISO, I help startups and mid-sized organizations design and operationalize right-sized security strategies. I’ve led full lifecycle implementations of ISO 27001, SOC 2, PCI DSS, and HIPAA, developing the policies, controls, and processes necessary for audit success and long-term sustainability.
My work includes threat modeling, security architecture reviews, and developing strategies for emerging risks like generative AI, supply chain vulnerabilities, and cloud-native environments. I bring hands-on leadership, clear communication with stakeholders, and a practical, outcome-driven mindset to every engagement.
Whether you're building a security program from scratch or preparing for your next compliance milestone, I’ll help you get it right—efficiently and effectively.
Experience
Seniority LevelExecutive
Years of Experience20+ years
Current StatusActive
Certification
Total Certifications1
CISSP, ISSMP, ISO 27001:2022 Lead Implementer
Skills
Core skills1
Languages1
Skills
I bring a comprehensive skill set that spans strategic security leadership, hands-on program implementation, and deep compliance expertise. My work as a virtual CISO focuses on helping organizations design and operationalize security programs that are both effective and sustainable.
I have extensive experience with regulatory and industry frameworks including ISO 27001, SOC 2, PCI DSS, and HIPAA—not just preparing for audits, but building the full set of underlying policies, controls, and governance processes needed to meet them. My capabilities include risk assessments, control design, internal audit readiness, and compliance gap remediation.
On the technical side, I provide guidance on cloud security architecture (AWS, GCP, Azure), identity and access management, endpoint and network security, and secure software development practices including DevSecOps integration and threat modeling. I’ve supported both product teams and infrastructure teams in securing environments, services, and applications across the SDLC.
I’m also experienced in managing incident response planning, business continuity, and vendor security assessments, ensuring organizations are not only compliant, but resilient.
With the rapid growth of emerging technologies, I’ve advised on generative AI risk management, AI governance, and supply chain exposures, helping companies adopt innovation securely and responsibly.
Beyond the technical, I excel in executive and board-level communication, translating security risks into business terms. I’ve led cross-functional stakeholder engagements involving engineering, product, legal, HR, and executive leadership.
Whether the need is compliance-driven or risk-driven, I offer strategic leadership with hands-on execution—tailored to your company’s size, industry, and maturity.
Languages
English