Skip to Main Content

Rockie Brockway

Director of Advisory Innovation

EXPERIENCE
Drawing on more than 30 years of experience as an InfoSec and risk practitioner and trusted advisor, Rockie Brockway performs Chief Information Security Officer (CISO) activities for a multitude of mid-sized to global enterprise organizations, focusing on:

  • Program maturity and development
  • Measuring organizational effectiveness
  • Business risk (likelihood and financial impact)

Rockie is a trusted third-party security advisor who specializes in effectively communicating IT, security, and enterprise risks to leadership and aligning the protection of business-critical data with business needs and requirements to ensure brand protection and continued innovation.

EDUCATION & CERTIFICATIONS
Case Western Reserve University, Bachelor of Arts, Computer Science

PROFESSIONAL AFFILIATIONS

  • President, Secure Cleveland
  • Governing Board Cleveland CISO Executive Summit
  • BSides Cleveland Conference Organizer (2014-2022)
  • InfraGard member (since 1998)
  • SANS GIAC Security Essentials (GSEC) Mentor (taught 3 times)
  • Cisco Partner Technology Advisory Board, Security

INDUSTRY CONTRIBUTIONS
Security Conference Speaker at DerbyCon, GrrCON, CircleCityCon, RVAsec, Converge Detroit, ShowMeCon, Information Security Summit, BSides Boston/Rochester/Cleveland/Detroit/Flood City and Ohio ETech.

PASSION FOR SECURITY
Even before his first computer at the age of 12 (Apple II+), Rockie has been fascinated by and drawn toward figuring out how things work and if they can be made to do unexpected things. Early exposure to a computer quickly led to changing settings on games with sector editors and programming rudimentary programs in BASIC.

While attending Case Western Reserve University to study Computer Science, Rockie was lucky enough to be introduced to Dr. Peter Tippett and interned at his company Certus International in 1992. Certus was one of the first anti-virus companies (later sold to Norton), and once Rockie was exposed to the underground BBS world of computer virus sharing, reverse engineering, and assembly code, there was no turning back.

Rockie's network, systems, and scripting basics were honed in the 1990s when he became the first employee of one of Ohio’s first ISPs. In 2000, Rockie started his own security consulting company where he cultivated higher-level skills of penetration testing, incident response, and forensics while owning and running a business.

Today, Rockie's focus is on helping organizations strengthen their security posture by better aligning security with business needs and requirements. This process ultimately leads to challenging questions: Why is security so hard? Why does the business look at security as an obstacle rather than an enabler? How does this relate to basic human nature?

Risk became an obsession and led to a better understanding of the ties to group theory, natural systems, decentralization, and adaptation. For more than a decade, Rockie has been working out these and other theories and applying them in real-world enterprises as a strategic and tactical advisor. He believes weaving these theories into security programs provides the most value when looking at larger strategic business outcomes.

Featured Blogs And Resources

Discover the blogs, analysis, webinars, and podcasts by this team member.

Webinars August 23 2023

A More Efficient Attack Path Effectiveness Assessment

Join Director of Advisory Innovations Rockie Brockway as he discusses the history of this unique offering and learn about how the evolution of this tool has…

Read about this article
Webinars November 16 2022

Measuring Effectiveness With MITRE ATT&CK

Tune in to hear TrustedSec discuss how your organization can better use the MITRE ATT&CK Framework and map it to current frameworks to increase effectiveness!

Read about this article
Blog August 31 2022

Maturity, Effectiveness, and Risk - Security Program Building and Business Resilience

One of the most common questions asked by business leadership is also one of the most challenging to answer: “How secure are we?” Now, some of you reading this…

Read about this article
Webinars May 18 2022

Natural Security Benefits for InfoSec Leadership

Join renowned Information Security expert Rockie Brockway, Director of Advisory Innovation at TrustedSec, and Alex Hamerstone, Advisory Solutions Director, who…

Read about this article
Webinars October 13 2021

The Trouble with TCAPS: Using MITRE ATT&CK™, Threat Intelligence, and FAIR for Better Risk Analysis

Join Office of the CSO Practice Lead Rockie Brockway as he discusses using crucial threat actor motivation and attack complexity variables to better define the…

Read about this article
Blog June 15 2021

The Backup Paradigm Shift: Moving Toward Attack Response Systems

Black Hawk Down I’m guessing a lot of us in the IT and Security space have experienced the gut wrenching feeling of not receiving that ICMP ping reply you were…

Read about this article
Webinars July 15 2020

MITRE ATT&CK™ Solutions Update and Evolution: Exploring Advanced Applications of ATT&CK

Join TrustedSec to discuss how your organization is making better use of the ATT&CK framework, hear from some of the leading experts on incorporating it into…

Read about this article
Blog June 23 2020

Using Effectiveness Assessments to Identify Quick Wins

An organization's overall security posture can be viewed from multiple different angles, such as technical assessments, program assessments, controls…

Read about this article
Blog March 24 2020

Crossover Sec: Breaking Down the Silos

People who know me well, or who saw the Derbycon 6 talk I gave with Adam Hogan, "Adaptation of the Security Sub-Culture," know of my non-InfoSec hobby and…

Read about this article
Webinars March 19 2020

Resilience in the Middle of the Storm—Preparing Security Teams for Disaster

Gain insights from industry leaders Rockie Brockway and Justin Leapline as they discuss the many aspects of this never-before-seen event that is taxing…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.