Troy Rydman

Upon acquisition, Leerink’s cybersecurity/technology controls were misaligned with SVB systems. I was entrusted by the CEO to complete the integration without incident. I investigated Leerink’s strategy/technical goals, determined integration opportunities, retired redundances, granted access permissions, and conducted follow-ups to promote engagement. The integration increased opportunities within HCLS organizations, leading to gains in banking service adoption (7%) and revenue ($250M).

Nearly 10% of engagements experienced incidents due to miscalculated outcomes. I sought to integrate dedicated experts into engagement structuring. I designed a process where all proposal requirements/resources were evaluated by technology/security/data/cloud SMEs and co-founded a business opportunity SOW review board. These implementations reduced customer incidents from 12 to 1 quarterly and lowered augmented business costs to raise customer satisfaction by 9%.

I was selected by the Board to collaborate with JV clients and reduce startup cyber incident risk. Throughout engagements with 6 firms and ~15 newly formed companies, I developed cybersecurity operations and governance controls to protect initial investments through the first round of funding. These actions generated over 80% of customers using company services through IPO, produced 70% of SVB’s annual revenue, and enhanced partnerships with FinTech, HCLS, and technology companies.

The Bank sought to migrate critical applications to the cloud while maintaining regulatory confidence. I designed a cloud adoption framework that automated system security compliance, reduced risk profiles without negative business impacts, and oversaw regulator communications. The federally approved framework improved critical system uptime from 98% to 99.9999% and enforced compliant cybersecurity safeguards, enabling global business expansion into EMEA and APAC.

Internal/federal regulators required PCI compliance to protect credit card process revenue. I constructed a strategy to isolate credit card processing applications, segment processing/issuing group personnel, encrypt sensitive cardholder information, and establish a program to oversee continuous compliance. Then, I trained 250 employees on obligations and organized card issuer town halls. The organization achieved PCI compliance within the 12-month deadline and on budget, preserving $250M in… Show more

Internal/federal regulators required PCI compliance to protect credit card process revenue. I constructed a strategy to isolate credit card processing applications, segment processing/issuing group personnel, encrypt sensitive cardholder information, and establish a program to oversee continuous compliance. Then, I trained 250 employees on obligations and organized card issuer town halls. The organization achieved PCI compliance within the 12-month deadline and on budget, preserving $250M in revenue. Show less

The company needed to double its cybersecurity insurance coverage. I personally audited technology stacks, functions, personnel, physical security, legal agreements, and fraud detection practices. This data demonstrated that multi-layer defenses met insurance expectations and blocked all demonstrated attacks. In 120 days, the company remediated 100% of critical environment vulnerabilities without additional spending, and coverage increased from $100M to $220M while maintaining pre-existing… Show more

The company needed to double its cybersecurity insurance coverage. I personally audited technology stacks, functions, personnel, physical security, legal agreements, and fraud detection practices. This data demonstrated that multi-layer defenses met insurance expectations and blocked all demonstrated attacks. In 120 days, the company remediated 100% of critical environment vulnerabilities without additional spending, and coverage increased from $100M to $220M while maintaining pre-existing premiums. Show less

I was entrusted by internal regulators to launch department-specific cybersecurity functions. Over 120 days, I secured compliance with SOX/GLBA/FDIC/CCPA/GDPR/PCI, transformed cybersecurity into a business enablement function, adopted Agile deployment methodologies, implemented a cloud-first adoption framework, and established a separate 150-employee cybersecurity program. These efforts were declared an SOP/Best Practice, continuously maintained compliance, enabled the business to leverage data… Show more

I was entrusted by internal regulators to launch department-specific cybersecurity functions. Over 120 days, I secured compliance with SOX/GLBA/FDIC/CCPA/GDPR/PCI, transformed cybersecurity into a business enablement function, adopted Agile deployment methodologies, implemented a cloud-first adoption framework, and established a separate 150-employee cybersecurity program. These efforts were declared an SOP/Best Practice, continuously maintained compliance, enabled the business to leverage data for growth, and avoided all significant cybersecurity events for 14 years. Show less

Technology teams experienced high attrition due to significant regulatory requirements and extended work hours. I endeavored to reverse this trend to bolster specialized technology system supports. I developed a cybersecurity program emphasizing employee community/efforts, interviewed teams to gather challenges, and improved work-life balance/compensation. Over 14 years, organizational attrition decreased to under 1%, and employee satisfaction rose to 99%.

The organization faced a 4% revenue fine due to inadequate data controls. I identified opportunities to align with CCPA/GDPR mandates while improving security. In 10 months, I minimized data loss without hindering cross-functional operations, sourced appropriate solutions, enhanced false positive detection for non-sensitive transfers, and defined Board-approved risk thresholds. The strategy was deemed an SOP/Best Practice, and the new controls detected 97% of non-legitimate data transfers… Show more

The organization faced a 4% revenue fine due to inadequate data controls. I identified opportunities to align with CCPA/GDPR mandates while improving security. In 10 months, I minimized data loss without hindering cross-functional operations, sourced appropriate solutions, enhanced false positive detection for non-sensitive transfers, and defined Board-approved risk thresholds. The strategy was deemed an SOP/Best Practice, and the new controls detected 97% of non-legitimate data transfers, reduced accidental data loss events by 99%, and secured CCPA/GDPR requirements to safeguard $290M in revenue. Show less

The startup required SOC 2 Type II certification to demonstrate proper data security but could not validate ISO 27001 compliance. Over 60 days, I conducted an organization-wide investigation to ensure ISO 27001 controls were implemented, established quarterly validation checks, and automated safeguard enforcement. The attestation was certified by SOC 2 Type II examiners, enabling onboarding for over 80% of the customer base.

SVB sought to expand into China but lacked the local partnerships required for operations. I endeavored to improve international system security postures and enable the joint venture. I created a separate cybersecurity/technology-based platform for all China-based operations, defined access expectations and legal agreements for the JV and government agencies, and segmented critical systems used only in AMER/EMEA. The isolated environment met JV requirements, opening $200M in annual revenue.

I discovered the potential of an administrative assistant and recommended a cybersecurity career roadmap. I connected them with industry leaders for development opportunities, established certification/education goals, defined an action plan, and assigned mentors specializing in compliance/program management. The talent was promoted to an internal data analytics role and now serves as a Cybersecurity Manager for an aerospace company with 4 direct reports.

Obsolete email exchange systems accrued significant technical debt, hindered operations, and lacked security oversight. Over 12 months, I drove the adoption of cloud-based exchange systems via Microsoft O365, optimized third-party tool integration, improved authentication controls, and enabled dynamic storage expansion. This implementation blocked 99% of phishing/malicious emails, increased uptime by 1.5%, reduced annual soft labor maintenance costs by ~$300K, and guaranteed secure customer… Show more

Obsolete email exchange systems accrued significant technical debt, hindered operations, and lacked security oversight. Over 12 months, I drove the adoption of cloud-based exchange systems via Microsoft O365, optimized third-party tool integration, improved authentication controls, and enabled dynamic storage expansion. This implementation blocked 99% of phishing/malicious emails, increased uptime by 1.5%, reduced annual soft labor maintenance costs by ~$300K, and guaranteed secure customer interactions throughout COVID operations. Show less

An HCLS customer lacked the expertise to align their medical record-keeping system with HIPAA. I strategized a consolidated platform leveraging native AWS services and third-party providers. I gathered executive/technology requirements, led framework construction workshops, and oversaw implementation/regulatory compliance. The microservices-based, serverless technology surpassed requirements, enabled third parties, and achieved HIPAA compliance.

I was recruited by the Director of ProServ Delivery to create a cybersecurity delivery practice for a Fortune 200 company’s Strategic Accounts department. In 180 days, I assembled a program of cybersecurity consultants with C-level Fortune 50 experience, determined capabilities/client needs, and developed internal procedures to limit external risk. As a result, the practice grew adoption/sales by 20%, security postures were improved at a 20% cost reduction, and the department maintained the… Show more

I was recruited by the Director of ProServ Delivery to create a cybersecurity delivery practice for a Fortune 200 company’s Strategic Accounts department. In 180 days, I assembled a program of cybersecurity consultants with C-level Fortune 50 experience, determined capabilities/client needs, and developed internal procedures to limit external risk. As a result, the practice grew adoption/sales by 20%, security postures were improved at a 20% cost reduction, and the department maintained the company’s highest customer satisfaction scores (96%). The strategy was deemed an SOP/Best Practice. Show less

As revenues exceeded $250B, the company needed to integrate the regulatory requirements of a “Large Financial Organization” within 12 months. I established a real-time governance framework to test cybersecurity practices, integrated real-time validation procedures, hired/organized a team to execute the framework, and updated the Board quarterly. The program debuted in 9 months, created over 40 mandates with training for ~7K employees, and satisfied internal/federal examiners to safeguard the… Show more

As revenues exceeded $250B, the company needed to integrate the regulatory requirements of a “Large Financial Organization” within 12 months. I established a real-time governance framework to test cybersecurity practices, integrated real-time validation procedures, hired/organized a team to execute the framework, and updated the Board quarterly. The program debuted in 9 months, created over 40 mandates with training for ~7K employees, and satisfied internal/federal examiners to safeguard the organization’s banking license. Such was declared SOP/Best Practice within the Cybersecurity division. Show less

A risk profile was necessary for a potential $1B merger. Collaborating with third-party assessors, I evaluated technology stacks, applications, practices, incident response, cybersecurity, and event visibility within 90 days. Due diligence revealed significant risks, the target resolved all issues, and the acquisition was completed, avoiding $6M in remediations.

The Bank pursued an agile deployment strategy to improve customer service and talent acquisition. I established an application security program to minimize risk and automated static/dynamic code analysis. I trained the development team on security/application best practices and the OWASP Top 10. Then, I developed structured DevOps delivery pods overseen by a trained security practitioner. This significantly increased vulnerability detection timeline/efficiency by 60% with minimal CAPEX spending… Show more

The Bank pursued an agile deployment strategy to improve customer service and talent acquisition. I established an application security program to minimize risk and automated static/dynamic code analysis. I trained the development team on security/application best practices and the OWASP Top 10. Then, I developed structured DevOps delivery pods overseen by a trained security practitioner. This significantly increased vulnerability detection timeline/efficiency by 60% with minimal CAPEX spending and bolstered the CI/CD pipeline, enhancing organizational agility. Show less

I identified an opportunity to foster customer AWS adoption through annual company conferences. I determined key customers, created/led Executive Briefing Center (EBC) and workshop discussions based on business drivers, and integrated other AWS executives to strengthen relationships. These forums were presented to ~60 attendees and educated customers on services, leading to $10M in service adoptions and Preserve engagement.

The company heavily relied on third-party software services, negatively impacting data/system security. I launched an automated discovery platform for external providers, assembled a common management database (CMDB), and identified/consolidated 400+ service providers. These efforts lowered vendor costs by $1.5M, and the total number of vendors with sensitive data permissions decreased by 10%.