Matt Laba
Business Technology Security Advisor/CISO
Matt is a seasoned Cybersecurity, Compliance, Risk, and IT professional with over 38 years of experience. In the past eleven years he has specialized in the areas of Cybersecurity and GRC (Governance, Risk, Compliance) and is recognized as a leader in the Cybersecurity domain in western Canada. He has a strong reputation in the industry as a “builder” with 20 years leading and implementing Cybersecurity, Risk, Compliance and IT programs and projects. His background in IT stretches back his entire career. Matt has hands-on experience conducting detailed cybersecurity risk assessments utilizing the NIST CSF, CIS, ISO27001/02 and CCM (Cloud Controls Matrix) frameworks leading to the development of security strategies, architectures, roadmaps, and plans. He has performed complex TRAs (Threat Risk Assessments) for a NextGen 911 environment, a FinTech organization, and a midstream oil and gas company using the NIST SP800-30 risk methodology. Matt is a compliance expert with experience in executing PCI attestations and SOC 2 audits. For PCI, he has migrated two corporations from PCI 3.2.1. to 4.0 and been responsible for level 2 org self-attestations and level 1 org QSA-driven audits. He has also implemented from scratch the SOC 2 Type 1 point-in-time audit for Year 1 followed by the ongoing annual SOC 2 Type 2 audits at a major fintech. Finally, Matt delivers – he has managed and overseen the actual overhaul of numerous security environments and practices (Celero Solutions, Bell Canada (Gov't of Alberta SuperNet), Gibson Energy), successfully delivering multi-million $$ risk-driven security programs for multiple-sized public and private organizations - both for Corporate IT Security and OT/SCADA Security - always aimed at reducing cybersecurity risk and increasing cybersecurity maturity. Matt has strong technical skills and real architecture and implementation experience in multiple security domains such as identity and access management (IAM/PAM), security monitoring and threat protection (SOC/SIEM), cyber risk identification and remediation, vulnerability management, data management/protection (DLP), endpoint protection (MDR), cyber training, email security, and cloud security.