Zero Trust cybersecurity: Never trust, always verify

Mark Nicholson

Mark, a principal at Deloitte & Touche LLP, is the Marketplace Development leader and the Financial Services industry leader for the Cyber & Strategic Risk practice of Deloitte Risk & Financial Advisory. He also serves as a Zero Trust leader for the Cyber Risk Services practice. Mark helps complex organizations more confidently leverage advanced technologies to build cyber risk programs that better align security investments with risk priorities, establish improved threat awareness and visibility, and helps them strengthen their ability to thrive in the face of cyber incidents. Mark was actively involved in designing and building some of the first cybersecurity monitoring solutions for fraud detection and other forms of business loss prevention. He frequently briefs boards and executive committees on the topics of emerging cyber threats and the alignment of traditional risk management governance and cyber risk mitigation techniques. Previously, as co-founder and COO of Vigilant LLC, a market leader in security information and event management (SIEM) solutions, he brought to market the first co-sourcing solution for cybersecurity monitoring and detection, and later, the first threat intelligence solutions designed specifically for security operations center integration. Mark holds a patent for a “Collective Threat Intelligence Gathering System” method. Earlier years of his career were spent at a variety of high-tech companies ranging from product and professional services organizations. Nicholson holds a Bachelor of Arts from Keene State College, where he studied journalism and political science. 

Kieran Norton

Kieran, a principal at Deloitte & Touche LLP, is the Transformation & Emerging Technology Market Offering Leader for the Cyber Risk Services practice of Deloitte Risk & Financial Advisory. With a deep technology background, broad range of experience over a more than 20-year career, and a focus on tackling emerging risks, Kieran provides clients with strategic yet pragmatic perspectives on cybersecurity and technology risk management. Kieran helps clients transform their traditional security approaches to enable digital transformation, supply chain modernization, speed to market, cost reduction, and other business priorities. As clients increasingly adopt modern infrastructure solutions such as hybrid cloud, internet of things (IoT), software-defined networking, etc., our Infrastructure services can assist them in designing and deploying advanced, agile cyber defense capabilities that extend into modernized infrastructure and operations to support a more secure, vigilant, and resilient enterprise.

Andrew Rafla

Andrew, a principal at Deloitte & Touche LLP, is a member of the Cyber & Strategic Risk practice of Deloitte Risk & Financial Advisory. He has a deep technology and operations background spanning his 20+ year career in cybersecurity. Andrew focuses on helping clients enhance operational efficiency while reducing exposure to cyberthreats and managing operational, regulatory, and emerging risks. Andrew is currently Deloitte’s Zero Trust offering leader and has extensive experience in network and infrastructure security, adversarial simulation, security operations, and security logging and monitoring. He primarily focuses on serving some of the world’s largest financial services organizations but also has experience in other industries and verticals such as federal/ department of defense (classified and unclassified), power and utilities, retail, and life sciences. Andrew received a BS in Computer Science from Rutgers University and an MS in Information Assurance from Capitol Technology University. He is also a Certified Information Systems Security Professional (CISSP) and is certified through the SABSA Chartered Foundation.