Lisa Young

VP of Cyber Risk engineering

Lisa Young is Vice President of Cyber Risk Engineering at Axio. Lisa’s responsibilities center on delivering all facets of Axio’s cyber risk engineering approach to clients, with a specific focus on program design and implementation.

Previous Work

Previously, Lisa was a senior engineer at the Software Engineering Institute (SEI) at Carnegie Mellon University, where she was a member of the Cyber Risk and Resilience Management Team. In this role, Lisa was responsible for teaching courses on risk and resilience management, including CERT- RMM, the OCTAVE® risk-based assessment method, and the Measuring What Matters: Security Metrics Workshop based on the G-Q-I-M methodology.

Industry Influence

Independent of her work at Axio, Lisa is an Adjunct Instructor at the CISO Institute for the Heinz College at Carnegie Mellon University. She is an active member of The Society of Information Risk Analysts and is a frequent speaker at SIRACON. Also an active member of ISACA, Lisa is a regular contributor to the @ISACA publication and presents at various ISACA and CACS events worldwide.


Lisa has a B.A. in Business Administration from the University of South Florida and a M.S. in Cybersecurity Public Policy from the University of Maryland University College. Lisa also maintains the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) certifications.