David developed Axio’s scenario-based cyber risk quantification process and has delivered that methodology to numerous customers within the energy, manufacturing, and entertainment sectors. Axio’s cybersecurity program evaluation is based on the Cybersecurity Capability Maturity Model (C2M2); David has led more than 35 C2M2 evaluations while at Axio and more than 80% of those have been with energy sector firms.
Axio provides a number of cyber risk services to AIG, the world’s largest insurer. David serves as the technical lead for the relationship with AIG. In that role, he consults on cyber underwriting methods and supports cyber underwriting efforts related to energy sector insurance clients and clients seeking coverage for cyber-predicated property damage and bodily injury.
Previously, David worked in the CERT Program at Carnegie Mellon, a cybersecurity research program primarily funded by the US Department of Defense and Department of Homeland Security. He provided technical leadership for a portfolio of cybersecurity maturity models, diagnostic methods, research, and training.
David served as chief architect for the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2), and assisted with the oil-and-natural-gas and industry-agnostic versions (ONG-C2M2 and C2M2). David co-authored the CERT Resilience Management Model (CERT- RMM) and was the chief architect for the Smart Grid Maturity Model (SGMM).