CISM, ISO 27001 sLI, CC, SC-900
Lucas is a highly experienced cybersecurity professional with a solid base in business, information systems, information security, and cybersecurity policy-making. A former Fulbright scholar with a Master of Science degree in Information Security Policy and Management at Carnegie Mellon University (Highest distinction) and a Master of Science degree in Information Security at the University of Buenos Aires (Class rank 1st).
Trained by FBI, INTERPOL, OAS, CERT, and ISO, he has openly shared his knowledge training +1K professionals across several countries. Lucas has delivered lectures and participated as a speaker in several renowned conferences, seminars, and courses. Lucas has extensive knowledge and experience in performing security audits, cyber maturity assessments, cyber risk assessments, eGRC tools implementation, security awareness training, cyber security research, and cyber ISO standards development.
Lucas has created 4 cyber ISO standards. He is also Argentina and Malta's ISO National expert at ISO's Information Security, Cybersecurity, and Privacy Protection subcommittee (ISO/IEC JTC 1/SC 27) and the former National Secretary of Argentina's ISO mirror subcommittee.
Professionally, he has taught, worked, and contributed to several private, government, and NGOs organizations in the US, Europe, and Latin America for +10 years. Learn more.
5 things you need to know about the new version of ISO 27001
Changes to the standard are significant. Therefore, performing a gap analysis against the new ISO 27001 version will help you understand where you are in your organisation's cyber maturity journey. Creating your Cyber Strategic roadmap is crucial to address this transition.
Still have some questions? Just share them with me - I’ll be happy to address them. Stay tuned for more updates on the ISO 27001 standard series!
Partnering with the Software Engineering Institute at Carnegie Mellon University, we devised a novel Cyber Risk method combining FAIR, MITRE, OCTAVE, CMMC, NIST CSF, and NIST SP 800-53 frameworks.
The main objective is to provide CISOs with a concise and express control impact prioritization strategy for Cyber Risks. CISOs will optimize their security strategy based on their custom main constraints (e.g. budget, risks, compliance requirements, threat environment). CISOs will also be able to quickly justify their budget and investments to executives.
Working with Prof. Alessandro Acquisti we researched how data breaches affect users' and organizations' security and privacy. Our main objective was to verify the existence of the gap and gauge it by analyzing subjects' privacy awareness, behavior, and attitude discrepancies.
The project goal is to improve the usability of well-known information risk frameworks. Focusing on how to build security management systems based on a maturity model that centralizes the requirements and guidelines of risk frameworks. During the 2020 fall semester, I worked with a CMU advisor within an independent study to devise a Unified Cyber Risk Maturity Model.