David White

Founder and President

David White is founder and President at Axio, where he works directly with Axio clients and is responsible for Axio’s Risk Action Framework and associated methods, including cybersecurity program evaluation, cyber loss scenario analysis, insurance program analysis, and benchmarking.


David developed Axio’s scenario-based cyber risk quantification process and has delivered that methodology to numerous customers within the energy, manufacturing, and entertainment sectors. Axio’s cybersecurity program evaluation is based on the Cybersecurity Capability Maturity Model (C2M2); David has led more than 35 C2M2 evaluations while at Axio and more than 80% of those have been with energy sector firms.

Axio provides a number of cyber risk services to AIG, the world’s largest insurer. David serves as the technical lead for the relationship with AIG. In that role, he consults on cyber underwriting methods and supports cyber underwriting efforts related to energy sector insurance clients and clients seeking coverage for cyber-predicated property damage and bodily injury.

Previous Work

Previously, David worked in the CERT Program at Carnegie Mellon, a cybersecurity research program primarily funded by the US Department of Defense and Department of Homeland Security. He provided technical leadership for a portfolio of cybersecurity maturity models, diagnostic methods, research, and training.

Industry Influence

David served as chief architect for the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2), and assisted with the oil-and-natural-gas and industry-agnostic versions (ONG-C2M2 and C2M2). David co-authored the CERT Resilience Management Model (CERT- RMM) and was the chief architect for the Smart Grid Maturity Model (SGMM).