Chris has practiced information security for more than 20 years in operations, audit, and consulting roles. He developed Duty of Care Risk Analysis (“DoCRA”) as a method for evaluating whether cybersecurity risks and safeguards are reasonable, and is principal author of CIS RAM, Center for Internet Security’s Risk Assessment Method. Chris’ clients represent a full range of industries and sizes, including Fortune 100 companies, universities, hospitals, professional services firms, technical services, and manufacturers. He also serves as expert witness on breach cases, provides litigation support services, and formulates reasonable security plans for recovering breached organizations. Chris serves as Chair of the DoCRA Council, serves several cybersecurity special interest and policy groups, and serves on the Board of Directors for a performing arts nonprofit.