Andrew Smeaton

Andrew is a globally-experienced award-winning certified Information Security executive and Board Advisor with a track record of success in complex, multi-stakeholder environments across Europe, North America, and the Middle East. In addition to his corporate experience, Andrew has served on the executive boards and advised government agencies on information security. He is a speaker at major security conferences, thought leader in the industry and often the keynote speaker.

Andrew has over 25 years of experience in banking, financial services, startups, and healthcare. His expertise includes building information security teams from the ground up, enabling sales as a customer-facing CISO, maturing systems to reduce risk, preparing for IPO, and developing streamlined reporting to provide executive insight into data risks. Andrew transitions reactive information security environments into a culture where proactive prevention of information security risk is the norm. He has a track record of developing and implementing security strategies from inception through execution.

His strength is collaboration; his goal is to create risk transparency and align security with business objectives.

Andrew's skill set includes Security Risk Management, Security Program Development, Risk Assessment Methodologies, Application, Board Advisory and Infrastructure reviews, Business Continuity (BC) and Disaster Recovery (DR), Security Training and Awareness, Data Loss Prevention (DLP), Audit and Regulatory Compliance, Mainframe, New Technology Research and Implementation, Application Security, Project Management (PM), Change Management (CM), Cloud Adoption Frameworks, and Cloud Security. Additionally, he comes from an IT background, which allows him to understand business requirements outside of the security environment and collaboratively create solutions that work for the business.

He holds the CISSP, CISA, CGEIT, CCISO, CISM, CRISC credentials.

Andrew's regulatory compliance and privacy experience include FSA, NIST, PRA, FDIC, ISO 27K, COBIT, HIPAA, PCI-DSS, GLBA, HITRUST, FedRAMP, Mass 201 CMR 17.00, SOX 404.SAMA, GDPR, CCPA, and NYDFS.

How to Stop the Third-Party Breach Epidemic Before It Hits You

What’s Hot on Infosecurity Magazine?

Skills Shortages Trump Headcount as Critical Cyber Challenge

New GhostFrame Phishing Framework Hits Over One Million Attacks

Yearn Finance yETH Pool Hit by $9M Exploit

UK Ransomware Payment Ban to Come with Exemptions, Security Minster Say

CISA and International Partners Issue Guidance for Secure AI in Infrastructure

Cyber Agencies Push for Digital Trust Amid AI Era with New Provenance Report

Australian Man Gets Seven Years for Running “Evil Twin” Wi-Fi

#BHUSA: Microsoft and Google Among Most Affected as Zero Day Exploits Jump 46%

Scattered Lapsus$ Hunters Take Aim At Zendesk Users

Preparing for the Quantum Future: Lessons from Singapore

French Football Federation Suffers Data Breach

Gartner: 40% of Firms to Be Hit By Shadow AI Security Incidents

Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

Mastering Identity and Access for Non-Human Cloud Entities

Cyber Defense in the Age of AI: Stay Ahead of Threats Without Compromising Safety

Mastering Emerging Regulations: DORA, NIS2 and AI Act Compliance

Regulating AI: Where Should the Line Be Drawn?

What Is Vibe Coding? Collins’ Word of the Year Spotlights AI’s Role and Risks in Software

Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

Bridging the Divide: Actionable Strategies to Secure Your SaaS Environments

NCSC Set to Retire Web Check and Mail Check Tools

Beyond Bug Bounties: How Private Researchers Are Taking Down Ransomware Operations