Skip to the main content.
Government Programs
Integrated technology, solutions, and services that support rapid innovation within the DoD ecosystem.

CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support

Book GP Demo

Professional Services
Expertise in security strategy, incident response readiness, policy development, and risk assessments.

Risk Assessments
vCISO
Penetration Testing

Book ProServ Demo

Digital Forensics & Incident Response
Are You Under Attack?

If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.

CONTACT US

Subscribe-to-NetSec-News-v4Subscribe to NetSec News

Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.

SIGN UP

Ingalls Information Security

At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.

Meet The Leadership Team

2 min read

Why an ISO Is a Critical Need for Any Organization

The role of Information Security Officer at any company, especially Ingalls Information Security, is critical to mitigating risk and security threats. We interviewed our new ISO Brad Schrack to learn about his professional experience and what he likes best about working in cybersecurity.

Information Security is  a critical concern for companies in just about every industry. Threats to the security of data are increasing and data breaches are becoming more common and there is a critical need for someone in a company or organization to be responsible for security. It is also important to have a dedicated role be responsible for making security decisions and educating the management team on risks. However, few companies have a dedicated ISO who is responsible for security within the organization. 

The Information Security Officer (ISO) for any company or organization has the important task of mitigating risk from various security threats and data breaches. The main responsibilities of an ISO is to oversee information security, cybersecurity, and IT risk management programs based on industry-accepted information and risk management frameworks.

At Ingalls Information Security we take security very seriously for not only our clients and customers, but internally for our organization as well. We took a few minutes to chat with our new ISO Brad Schrack about the role, his professional experience, and what he likes best about the cybersecurity industry.

 

Tell us a bit about your professional background. 

Brad Schrack: I am a United States Air Force Veteran, who served as an OPSEC/Intelligence Analyst for 12 years.  I have had a diverse career working  as a consultant and DoD contractor for over 22 years now.  I have filled many roles to include; Corporate Compliance officer of a large Non-profit organization and the Information Security Officer of a large Alaskan Native Corporation.  This has allowed me to gain  experience in multiple frameworks and multiple Laws to include DoD, HIPAA, PCI, NIST and others.

 

What is your role at Ingalls on the Government Programs team?

I fill the Sr. Information Analyst role, primarily working our CMMC program and ATO/RMF consulting support.  I am also the Information System Security Manager (ISSM) for CSAR.

 

The ISO role can look a little different depending on a company’s security needs. At Ingalls, what does an ISO do? 

The ISO at Ingalls is responsible for overseeing and managing the Information Security activities of the organization to include but not limited to:

  • Chairs the Information Security Steering Committee
  • Oversees the Ingalls’ SOC 2 Type 2 compliance
  • Manages Implementation of Cybersecurity Maturity Model 
  • Manages Information security policies
  • Updates and communicates to Senior leadership state of the program

 


What do you like best about the cybersecurity industry?

There are always new challenges and opportunities to improve, you never stop learning in this industry.  Also there is room for both Technical and Management centered people and in fact it takes both to have a successful Cybersecurity program. 

Why Tabletop Exercises Are Critical to Your Business Security Strategy

Why Tabletop Exercises Are Critical to Your Business Security Strategy

Creating and implementing a comprehensive risk management strategy is a critical piece to managing and mitigating cybersecurity threats and breaches...

Read More
Securer Things: Cybersecurity Awareness for IoT

Securer Things: Cybersecurity Awareness for IoT

In honor of Cybersecurity Awareness Month and Halloween, we thought it was a good chance to put together a friendly reminder of how and why you need...

Read More
Ransomware Attack Analysis - RYUK Post-Incident Review

Ransomware Attack Analysis - RYUK Post-Incident Review

The Emotet – TrickBot – Ryuk ransomware killchain is an advanced cybersecurity threat that organizations and Cybersecurity professionals face....

Read More