Christopher Duvall

Areas of Focus

  • Cybersecurity governance and control maturity
  • CMMC Consulting Services & Pre-assessment Support
  • Converged information and operational technology (IT/OT) security environments
  • Ransomware readiness and resiliency
  • Risk management for family office / high net-worth individuals


Recent Engagements

• Led cyber risk and maturity assessment for Fortune 100 global manufacturer, including evaluation of its information assurance and industrial control system capabilities

• Oversaw development of a comprehensive IT/OT cybersecurity and risk management strategy for a high-speed rail client

• Conducted cybersecurity maturity assessment for global “back office” technology provider, including use of MITRE ATT&CK framework to assess protective and detective security controls

• Led cyber risk assessment of prominent high net-worth family office and provided actionable recommendations and coordination to improve its security capabilities

Prior to joining The Chertoff Group, Chris spent two years as a Federal employee, and ten years as a management consultant at Booz Allen Hamilton, with the U.S. Department of Homeland Security (DHS) in their Offices of Cybersecurity and Communications and Infrastructure Protection.

There he helped lead the coordination and promotion of effective risk management strategies like those found in the NIST Cybersecurity Framework. He also helped establish DHS’ Critical Infrastructure Cyber Community Voluntary Program (C3VP) to help organizations understand and access available cybersecurity resources to improve their overall security postures. He was also the lead Federal official for critical infrastructure protection and cyber risk management activities for the Information Technology and Communications Sectors. He worked with public institutions, private sector, and international representatives, to develop programs related to enhancing IT and communications critical infrastructure resiliency.

Prior to his time with DHS and Booz Allen, Chris was the Special Assistant to the Assistant Secretary for Political-Military Affairs at the U.S. Department of State during the tragedy of September 11, 2001 and supporting the Operation Enduring Freedom campaign.

Certifications

• Certificate of Cloud Security Knowledge (CCSK)
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CeH)

Education

• M.B.A., University of Maryland, Robert H. Smith School of Business
• M.A., American University, School of International Service
• B.A., Dickinson College

Recent Publications and Interviews

• Bloomberg Businessweek, “Private Equity Is a Tantalizing Target for Ransomware Hackers,” March 2020 -https://www.bloomberg.com/news/articles/2020-03-17/private-equity-is-a-big-target-for-ransomware-attacks
• WSJ.com, “Hackers Escalate Impersonation Scams Attacks on taxpayers and tax professionals are getting more sophisticated,” August 2019 - https://www.wsj.com/articles/hackers-escalate-irs-impersonation-scams-11566993601
• Dark Reading, “To Pay or Not To Pay? That is the (Ransomware) Question,” July 2019 - https://www.darkreading.com/edge/theedge/to-pay-or-not-to-pay-that-is-the-(ransomware)-question/b/d-id/1335174#:~:text=That%20Is%20the%20(Ransomware)%20Question,-Businesses%20around%20the&text=New%20strands%20of%20ransomware%20and,bankruptcy%20and%20paying%20the%20ransom
• Infosecurity Magazine, “ASUS Not Alone in ShadowHammer Supply Chain Attack,” April 2019 - https://www.infosecurity-magazine.com/news/asus-not-alone-in-shadowhammer-1/ 
• Dark Reading, “New ‘HOPLIGHT’ Malware Appears in Latest North Korea Attacks, Say DHS, FBI,” April 2019 - https://www.darkreading.com/threat-intelligence/new-hoplight-malware-appears-in-latest-north-korean-attacks-say-dhs-fbi/d/d-id/1334406
• Bloomberg Law, “Device Makers Looking to FDA for Direction on Cybersecurity,” March 2019 - https://news.bloomberglaw.com/pharma-and-life-sciences/device-makers-looking-to-fda-for-direction-on-cybersecurity