EXPERIENCE
Drawing on more than 30 years of experience as an InfoSec and risk practitioner and trusted advisor, Rockie Brockway performs Chief Information Security Officer (CISO) activities for a multitude of mid-sized to global enterprise organizations, focusing on:

• Program maturity and development
• Measuring organizational effectiveness
• Business risk (likelihood and financial impact)

Rockie is a trusted third-party security advisor who specializes in effectively communicating IT, security, and enterprise risks to leadership and aligning the protection of business-critical data with business needs and requirements to ensure brand protection and continued innovation.

EDUCATION & CERTIFICATIONS
Case Western Reserve University, Bachelor of Arts, Computer Science

PROFESSIONAL AFFILIATIONS

• President, Secure Cleveland
• Governing Board Cleveland CISO Executive Summit
• BSides Cleveland Conference Organizer (2014-2022)
• InfraGard member (since 1998)
• SANS GIAC Security Essentials (GSEC) Mentor (taught 3 times)
• Cisco Partner Technology Advisory Board, Security

INDUSTRY CONTRIBUTIONS
Security Conference Speaker at DerbyCon, GrrCON, CircleCityCon, RVAsec, Converge Detroit, ShowMeCon, Information Security Summit, BSides Boston/Rochester/Cleveland/Detroit/Flood City and Ohio ETech.

PASSION FOR SECURITY
Even before his first computer at the age of 12 (Apple II+), Rockie has been fascinated by and drawn toward figuring out how things work and if they can be made to do unexpected things. Early exposure to a computer quickly led to changing settings on games with sector editors and programming rudimentary programs in BASIC.

While attending Case Western Reserve University to study Computer Science, Rockie was lucky enough to be introduced to Dr. Peter Tippett and interned at his company Certus International in 1992. Certus was one of the first anti-virus companies (later sold to Norton), and once Rockie was exposed to the underground BBS world of computer virus sharing, reverse engineering, and assembly code, there was no turning back.

Rockie's network, systems, and scripting basics were honed in the 1990s when he became the first employee of one of Ohio’s first ISPs. In 2000, Rockie started his own security consulting company where he cultivated higher-level skills of penetration testing, incident response, and forensics while owning and running a business.

Today, Rockie's focus is on helping organizations strengthen their security posture by better aligning security with business needs and requirements. This process ultimately leads to challenging questions: Why is security so hard? Why does the business look at security as an obstacle rather than an enabler? How does this relate to basic human nature?

Risk became an obsession and led to a better understanding of the ties to group theory, natural systems, decentralization, and adaptation. For more than a decade, Rockie has been working out these and other theories and applying them in real-world enterprises as a strategic and tactical advisor. He believes weaving these theories into security programs provides the most value when looking at larger strategic business outcomes.