about

I AM AN IT leader with over two decades of experience building and leading information security, cyber risk, and compliance programs at the enterprise level. I AM a veteran vanguard for protecting sensitive data.

michael castro - virtual ciso cybersecurity.jpg

2018-Present
Founder & CEO, RiskAware

2014-2018
Head of Information Security and Risk Management (CISO), Loblaw Companies Limited

2013-2014
Security Advisory Services, Canadian Tire

2011-2013
Country CISO, Ally Bank (Canada)

2001-2011
Security Leader, Suncor Energy

1999-2001
Security Lead, USC Canada 
(now Knowledge First Financial)

Pre-1999 
Frontline Paramedic and First Responder

MY MANDATE

I am an accomplished Executive leader and Chief Information Security Officer with more than twenty years of experience building and leading Information Security, Cyber Risk, and Compliance at the enterprise level. I have successfully led all aspects of Information Security Programs: policies and procedures, oversight and controls, strategy, architecture development, and training amongst others. My background is a unique blend of technical knowledge, business acumen, and decisive leadership to improve performance and protect data and networking systems.

AREAS OF EXPERTISE

  • Cybersecurity Subject Matter Expert

  • Chief Information Security Officer (CISO)

  • Board of Director Security Consulting

  • Enterprise Information Security

  • Business Continuity Planning

  • Disaster Recovery Planning

  • Security Architecture & Frameworks

  • Perimeter & Network Security

  • Risk Management

  • Privacy & Regulatory Compliance

  • Strategic IT Planning

  • Investigative Cyber Forensics

  • HIPAA, PCI, SOX & ISO 27001/27002 Compliance

  • Security Governance

  • Threat/Risk Mitigation

  • Crisis Management Planning

“My experience with Michael has been nothing but positive. A dedicated IT security practitioner, Michael manages to be both diligent and personable, demonstrating respect for both his craft and his people - he is a pleasure to work with.”

— Carolyn Richardson, Loblaw Companies Ltd.

MEMBERSHIPS

  • NACD: National Association of Corporate Directors

  • ISD: Institute of Corporate Directors

  • ISACA: Information Systems Audit and Control Association

  • (ISC)2: International Information System Security Certification Consortium

  • Siber-X Advisory Board

SPECIALIZED CREDENTIALS

  • Chartered Director (C.DIR)

  • Certified Information Security Auditor (CISA)

  • Certified Information Security Manager (CISM)

  • Certified Information Systems Security Prof. (CISSP)

  • Certified CISO (C|CISO)

  • Security Essentials Certification (GSEC)

  • Certified Data Privacy Solutions Engineer (CDPSE)

  • GIAC Certified Incident Handling Analyst (GCIH)

  • MBA, IT Management

PRESS

New and noteworthy media mentions.

EXPERIENCE

PRESENT

 

RiskAware is a boutique cybersecurity firm based in Toronto, Ontario that caters to clients in both Canada and the United States.

Its purpose is to assist organizations in seeing the possibilities that will reduce risk and help them be more resilient and secure in the cybersecurity realm.

Michael is the founder and CEO, acting as principal. He shares his years of personal experience along with that of his team members.

 

PAST

Michael Castro Paramedic EMS ID.jpg

A LITTLE HISTORY

Before I got my feet wet in the cybersecurity community, I was a trained and practiced paramedic in Toronto, Ontario.

Training as a paramedic taught me about patience, to make tough decisions, and showed me to be versatile and quick on my feet.

I carry the hard lessons I learned as a first responder with me in every aspect of the cyber world I live in now.